Yeah, I was afraid of that. I make my users find a connection and VPN in these cases. Sam
________________________________ From: Bill Songstad [mailto:[email protected]] Sent: Monday, October 19, 2009 1:20 PM To: NT System Admin Issues Subject: Re: temporarily allow remote users install perms That's kind of the path I would like to use too, but that solution wouldn't work for laptops that aren't connected to the domain. No domain connectivity, and there's no temporary user. Bill On Mon, Oct 19, 2009 at 11:05 AM, Sam Cayze <[email protected]> wrote: +1. But, there are circumstances where I still leave a admin account on the machine for the OPs purpose. It's a domain account, added to the PC local admin group. It's called 'Install' and it's normally left deactivated. IF the rare occasion where a user needs a admin privileges, I will enable the 'Install' user, change the password, and allow the user to do something. Then deactivate the account and change the password afterwards. Sam ________________________________ From: Maglinger, Paul [mailto:[email protected]] Sent: Monday, October 19, 2009 1:02 PM To: NT System Admin Issues Subject: RE: temporarily allow remote users install perms We don't give admin rights to users. If they need something installed we remote in and install it for them (if there is a business need for the software). -Paul From: Steven M. Caesare [mailto:[email protected]] Sent: Monday, October 19, 2009 12:45 PM To: NT System Admin Issues Subject: RE: temporarily allow remote users install perms We just consign ourselves to allowing local admin on laptops. -sc From: Bill Songstad [mailto:[email protected]] Sent: Monday, October 19, 2009 1:40 PM To: NT System Admin Issues Subject: temporarily allow remote users install perms I've had pretty good luck stripping the local admin rights from my users and myself, but the one that is sticking me in the foot is remote laptops. I have users that take their laptops away from the domain for several days. Occaisionally these users need to install something and I don't want to hand them a domain admin password. I could create a local admin account for them, but I don't want them using that account without contacting me. And I don't want to round up all the laptops every time they are in the office to change a local admin password. How do you all handle instances like this? Thanks, -Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
