Yes .Logging in as local admin does not cache credentials, logging in as domain admin does pose this risk and is why we have set the GPO to 0 cached logins for desktops, 2 for laptops (McAfee eats one of the two at boot time).
Dave From: David Mazzaccaro [mailto:[email protected]] Sent: Wednesday, April 28, 2010 8:30 AM To: NT System Admin Issues Subject: RE: Software installs on new PCs The question came up about cached credentials. If you have logged into a workstation as an admin, could that potentially be a security risk, as those credentials are stored locally on that machine? ________________________________ From: Carl Houseman [mailto:[email protected]] Sent: Wednesday, April 28, 2010 11:26 AM To: NT System Admin Issues Subject: RE: Software installs on new PCs Shouldn't really matter. Why do you think it would make a difference? Carl From: David Mazzaccaro [mailto:[email protected]] Sent: Wednesday, April 28, 2010 11:19 AM To: NT System Admin Issues Subject: Software installs on new PCs For those that don't use images/GPOs to deploy software to new PCs... When a new computer is going out to a user, how do you install the software + hardware they need? As a local administrator? Domain administrator? Or give the end user's account local admin rights and log in as them, install the stuff they need, then take away admin rights when you hand the machine over? TIA . . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
