What privileges do your users have?

What Privilege level do your users have?

  • Domain Administrators

    Votes: 0 0.0%

  • Local Administrators

    Votes: 10 27.0%

  • Power Users

    Votes: 5 13.5%

  • Users and nothing more

    Votes: 22 59.5%
  • Total voters
    37
S

SJConsultant

2[H]4U
Joined
Jan 14, 2004
Messages
3,599
I've uncovered yet another client site whose IT predecessors decided to setup the workstations so when users log in they have local admin privileges.

I would like to know how many *business* environments out there run there everyday users with administrative privileges on their respective workstations.

If possible, please provide an explanation as to why it is done that way.
 
Lets see here:
1. Where I'm at now, software development company - everyone has local admin. It's a big IT shop so it just makes sense

2. Last place was power users at a bank

3. Prior to that was Local Admin because we used to run Netscape Email and it didn't like not being a local admin. BUT migrating to Citrix environment obviously no one had admin rights at that point.

So 2 out of 3 was local admin so that's what I voted.
 
At my main job, most users are just users, but I and other Tier IT teams have admin rights.
At my parent's small business everyone is just a user except the General Manager and the President (my dad) who have power user access. I am the only one with admin rights anywhere.
 
It varies by user population, but our priciple in effect is that someone is granted the least level of privilege that allows them to perform their duties.

Most people are regular users. Some people based on job function are administrators of their own PC's. Some lines of business have few or no admins. Users from our Technology Risk Consulting business (for example) are admins of their own laptops by default.

Domain Admins and Enterprise Admins are very few and far between relative to the size of the company. Those groups are monitored by Microsoft Operations Manager, and I along with a few others get email alerts whenever anyone is added to or deleted from these groups. In total we usually have about 15 domain admins and 3 Enterprise admins in North America, plus one DA/EA per major region (Europe/Asia/Australia). We have a few more domain admins than normal right now because we're in the middle of a major laptop swap/rollout that requires a few key rollout people in the field be domain admins to perform various tasks related to user account migration, EFS management, etc.
 
At the moment, its mixed. I just did the SP2 rollout and removed mostly everyone from local admin and made the restricted users (user). There are a few who are still local admin due to some undetermined errors at the moment. The 4 people in our IT team are domain admins.

Our users who are using *cough* NT *cough* are still local admin but there's only about < 5 people who are still on NT.

Gah.
 
Heavily restricted users, only have the permissions needed to complete their job.
 
My users are set to 'User'. Local administrative rights are only for IT and certain Directors. I have a the majority of the Directors with just user rights while a few have local admin rights. I have two workstations set to 'Power users'. The owners.. they obviously have local admin rights.
 
Local admin...and it makes me insane.

There is no dire business need that would require this with the exception of probably 3 people. I am not allowed to change it even after having to completely reformat our CFO's PC due to all the garbage he managed to cram onto the harddrives.

It makes my job 10x more time consuming then needed.

did I mention im looking for a new job?
 
Most of my staff have local admin because of a piece of software we use. Ofcourse, the 2,500 kids have basically no access. They've learned to say "Right-Click? What's that!?" and many other things. They can only do what they need to do, everything else is restricted.
 
We have just a couple users that run as local admins because of software that doesnt like running as anything other than an admin user. Everyone else is a plain user.

When I first got there, everyone was a local admin. The day that they became users basically became known to them as Black Monday. :D
 
Our users are restricted users and the systems are locked down with GPEDIT. They are restricted as to what applications they can run, their desktop is locked so they cannot save anything to it, nor can they change the wallpaper. The only thing they can do on their workstation is their job.
 
Local Admins.

You can imagine my happiness...


i'm in the midst of changing that shit up, you better believe.
 
Users. With 30K employees there are some local admins but typically IT folk and very few of them. You can generally get past picky software with folder and/or registry permission changes. Not all of course but most. Giving John Q Dumbass admin rights is ridiculous. Hello malware, not so glad to see you.
 
having answered and then deleted my answer once based on the business qualification

I'll add this observation
the larger the network the more difficult it is to defend and the more restrictive permissions at all levels tend to be

I did vote unfortunately before the full qualifications of the question managed to work their way through the swiss cheeze I call a brain (a danger of polls in here) so I account for one power user, and its the account I setup for the day to day admin to use for mom & pop shops or end users, heavily discouraging logon to the real admin account unless absolutely necessary
 
For our clients, I keep them at Local Admin. We simply don't have the time to set up small little companies with restrictive rights and permissions is crap, its overkill.
 
I work for a school district with some 3000 or so users and with 1600 computers. 400 of those are teachers or administrators who are set up as local admins. Students and the rest are set up with the most restricted basic user account we can give them. We simply dont have the resources to manage the staff. Although in a perfect world we would cause there is nothing i hate more then working on a computer that is crawling with its 5 different IE tool bars and 20 popus. :mad: Teachers are the number one offenders ... and its sad.
 
You must log in or register to reply here.
Back
Top