Ideally, you have a patch management product that will take care of them for you. If your users are also responsible for their own patch and AV updates, rest assured, they aren't happening. (Java's the only odd one, since it doesn't update so much as install a new version side-by-side with the old.)
-----Original Message----- From: Anthony [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2008 8:52 AM To: NT System Admin Issues Subject: Re: Local admins? This getting rid of local admin track sounds great from all the feedback. Doesn't updates need local admin, like: Windows Updates? Java Updates? Antivirus Updates (say stand alone version of AVG or Norton)? Those seem to be the main 3 I can think of offhand. Do most of you figure out ways around these with permissions and such, or just periodically do these updates with an admin account? Anthony ----- Original Message ----- From: "Phil Brutsche" <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2008 4:56 PM Subject: Re: Local admins? In my environments NO ONE EVER gets local admin, politics be damned - a common saying is "I don't care who you are, how much you make or who you know. You're NOT getting local admin." Sure there's some nuclear fallout once in a while, but everything runs much much smoother in the long run. By myself I'm ultimately responsible for 300+ machines and that many stations is *not* a big deal. It helps that the most complicated program 80% of those stations run is MS Office. Based on what I've seen, if you don't have local admin you're bordering on not needing AV & AS packages. Yes, it's a bold statement, but true in some of my environments - I've validated it over the years with a laptop running a commercial AV package (currently Kaspersky). The only things it catches are cookies and malware installers in home folders. Salvador Manzo wrote: > Local Admin is the exception, and generally only occurs for political > reasons. Apps which "require" local admin get run through FileMon and > RegMon to tear down minimum rights, and GPOs set any required > permissions based on group membership. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~