Yeah, I wasn't too clear from David's post though if it hat was the intention or if it was to try and stop people throwing on whatever they want.
I'd either go with UAC or have a local account on each machine and use it for "Run As" when needed - I've not played too much with restricted groups but AFAIK it overwrites the local admins group rather than appending it which I'd find a little (pardon the pun) restrictive. Paul From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: 20 July 2011 01:08 To: NT System Admin Issues Subject: Re: non-local admin revisited Reduce risks related to system infection... ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market... On Tue, Jul 19, 2011 at 4:15 PM, Paul Hutchings <paul.hutchi...@mira.co.uk<mailto:paul.hutchi...@mira.co.uk>> wrote: What's your reason for wanting to do it? ________________________________ From: David Lum [david....@nwea.org<mailto:david....@nwea.org>] Sent: 19 July 2011 6:10 PM To: NT System Admin Issues Subject: non-local admin revisited How do you bigger org's handle IT staff (DBA's and the like) not being local admins on their systems? Invariably they are used to throwing on whatever they want and in some ways this helps the Help desk so they're not called to install stuff the user can install. As we move to Windows 7 my recommendation is to yank local admin perms at the same time (yes everyone is local admin on their XP systems currently), but I foresee pushback from Service Desk and IT folks... David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin