- Domain users member of local administrators group
- Posted by Ziguana on March 14th, 2006
I have a rather large network and seem to have a few issues with users
permissions, I have read a few articals mentioning that domain users (i
think) should be made a member of the local administrators group on client
machines. Is this normal practise?
Does this not weaken security?
Any advice would be appreciated.
Thanks
- Posted by Steven Umbach on March 14th, 2006
You want to avoid that if at all possible as that can significantly increase
support costs as users install unauthorized software, disable settings and
applications they do not like [firewall and antivirus for instance] , create
local user accounts to logon to in order to bypass Group Policy user settings,
etc. While a user that is a local administrator has not special powers in the
domain it can weaken security by increasing the possibility of worms, Trojans,
back doors, etc on your network If you have specific problem such as a legacy
application that will not work correctly then there may be a workaround with
modifying NTFS/registry permissions for the application. --- Steve
"Ziguana" <Ziguana@discussions.microsoft.com> wrote in message
news:626410C3-C934-457F-B742-7DE795195C80@microsoft.com...
- Posted by Shenan Stanley on March 14th, 2006
Ziguana wrote:
If these articles were printed on paper - throw them away.
Forget you ever read them.
They are incorrect.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
- problems adding domain users to local admin group (Microsoft Windows) by Chris Reynolds
- Local Group added to local Administrators group (Security & Administration) by Jonas Edholm
- Local Group added to local Administrators group (Microsoft Windows) by Jonas Edholm
- Local Administrators Group (Security & Administration) by Newsgroup
- Power Users group and Administrators group i (Security & Administration) by Sudhakar Govindavajhala
