I am having some problems convincing users that they should not be local administrators on the machine they work when they are part of the domain.
My main concern was that they install so much crap anbd my workers has to spend a lot of time cleaing up the machines (they don't even understand that all the crap they install causes problems, that admins are not responsible for problmes relating to those products. In addition I am responsible if there are illegal software on the machines...which ofcourse the users does not care 5 cents about.
What I am asking is, what arguments should I use while presenting policies releaving them on admin right on local machines.
The domain they connect to has backup of sensitive data. I am wondering if admins on local machines has a better chance of hacking the domain server / file server?
I believe it is better for all users to participate in a debate, but I have to give them complete information.