Member Avatar for tautologies

Hi all.
I am having some problems convincing users that they should not be local administrators on the machine they work when they are part of the domain.

My main concern was that they install so much crap anbd my workers has to spend a lot of time cleaing up the machines (they don't even understand that all the crap they install causes problems, that admins are not responsible for problmes relating to those products. In addition I am responsible if there are illegal software on the machines...which ofcourse the users does not care 5 cents about.

What I am asking is, what arguments should I use while presenting policies releaving them on admin right on local machines.
The domain they connect to has backup of sensitive data. I am wondering if admins on local machines has a better chance of hacking the domain server / file server?
I believe it is better for all users to participate in a debate, but I have to give them complete information.

Feedback appreciated.
Best regards
Aldo

  • 3 Contributors
  • 4 Replies
  • 95 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by tautologies

Recommended Answers

All 4 Replies

Member Avatar for Thong_Ispector

They should NOT have that access...

They should NOT even be part of the process that determines that...

You need to define a company policy and they adhere to that policy or leave...

It may sound harsh but that is how it must be...

Someone MUST make the rules and be responsible for the network

Employees MUST NOT install ANYTHING without approval...

All of that junk is just fluff and a potential problem and has nothing to do with productivity..

I handled IT for a Fortune 500 company for years...

Get the boss, tell him what must be done to protect his business...

Create a CD or DVD image of your standard install, make one for each level of user within your company...

Managers have one set of tools, sales has another etc...
In a small company you might even have an image for each user and hardware configuration...

Lockable cases or case opened support in bios

You should have a written policy on how users are to backup their work...
(and when)

You should be able to walk up to any machine, drop in your image and configure it for any particular user level...

Employees need to understand that at any time, even in the middle of the night that you may walk up to a machine and refresh it back to original image.

I routinely worked at 4am and restored systems...
With up to 200 users at each location and hundreds of locations we had to have structure.. Anything else would be KAOS...

You decide what extras or changes your users should have...
All will want their own wallpaper etc...

But NO EMPLOYEE should be installing software except you or someone under your direction.

Member Avatar for tautologies

Thx, Crunchie, great resource.

Thong_ispector...nice nick. Okay, I do completely agree, but the environment I work within is a University. The employees (faculty) are used to GREAT flexibility, and the changes I already implemented are hard for them to swallow. Actually, I have had a very hard line. In this environment there are a lot of politics going on. So that is the reason. However I completely agree with you.

In anycase, my thing is not whether or not to give the rights, I know they shouldn't have the rigts, however I need arguments that computer illiterates can understand. My first is the fact that by giving someone on the domain admin puts everones sensitive information on risk.

Thx for the feedback guys.

best regards
Aldo

Member Avatar for tautologies

sorry double posting

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.