+1000 One place I used to work had all 15 or so in the IT department set with domain admin privledge, and I was unable politically to change that... so even the developers had domain admin, and occaisionally didn't understand why the app didn't work on a non-admin user system as they weren't schooled on OS permissions ( especially when NT changed to XP ) argggggh !
Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' _____ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Friday, January 15, 2010 9:33 AM To: NT System Admin Issues Subject: RE: Local Admin Permissions WAS: RE: Internet Policy Ditto. Our top dog-the Superintendent of Schools-runs as a standard user just like every single other employee. I've missed much of this thread, so I'm sure this has been said already. But I cannot stress enough how horrible an idea it is to have users run with elevated privileges. You'd be hard-pressed to find a single person knowledgeable about IT security who would say otherwise. Most governmental entities would face an audit criticism if they failed to follow best practices in this regard (I'm sure WE would). But even if I were in the private sector, I'd operate the same way. I remember when we moved to this model here a number of years back. There was a somewhat painful adjustment period, but it soon passed and we adapted to it. And I can say with certainty that our IT operations run MUCH more smoothly since doing it. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us From: James Kerr [mailto:cluster...@gmail.com] Sent: Friday, 15 January 2010 8:02 AM To: NT System Admin Issues Subject: Re: Internet Policy +1000 Even the top dog at our company is a standard user. My boss is a standard user. Only admins are me and my minion. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
