It's likely because the user wants to install their own apps and they need local admin privileges. Confirm exactly what the user is trying to do.
As for risks... 1. Malicious software. Whatever permissions a user has so does malicious software. 2. Change management. If you have standard desktops and configurations this means the desktop will be much more difficult to support and maintain. 3, Unauthorized software. I think DHS or NSA recently released a guide on security for home users. It actually covers this issue of having local admin. You can also google concept of "least privilege" for best practices. Even Microsoft's guide for home users recommends a non-admin account day-to-day use. .b On May 20, 2011, at 2:24 PM, Matthew Perry <[email protected]> wrote: > I have a few users who insist that they need a local account on their domain > laptops. I am trying to explain to them that their password will cache and > allow them to login while not on the network. It also looks like local > accounts bypass a lot of our group policy rules that we have put in place and > I do not want to have to manage local policies as well. Can anyone give me > some more good reasons why it is bad to use a local account instead of a > domain account. > > Thanks! > > -- > Matthew Perry > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
