Discussions

Who has local admin rights?

+
0 Votes
Locked

Who has local admin rights?

noxigen
Do you know how many people have local admin rights in your organization? Not just directly, but via nested groups too (gasp). I usually see a lot more access given than is actually needed on Windows servers because it's difficult to delegate granular server permissions.
  • +
    0 Votes
    Tony Hopkinson

    as a dev I have them to my machine mostly. Firewall and AV policies are managed through active directory.

    I certainly don't have them to any servers. You couldn't give them to me, I'd just throw my toys out of pram and make you take them back.

    +
    0 Votes
    noxigen

    I'm speaking specifically about access to servers. Even just connecting to them via Remote Desktop to perform work.

    +
    0 Votes
    CharlieSpencer

    Our field service techs have it, since they often have to install or update diagnostic programs. Some abuse it, most don't.

    A limited number of software developers have it.

    Those are the only user groups that routinely get local admin. Level 1 service desk technicians have it on client systems but not servers. Level 2 has it on clients and servers. We use groups for Level 1 and 2, but we don't nest within those groups.

  • +
    0 Votes
    Tony Hopkinson

    as a dev I have them to my machine mostly. Firewall and AV policies are managed through active directory.

    I certainly don't have them to any servers. You couldn't give them to me, I'd just throw my toys out of pram and make you take them back.

    +
    0 Votes
    noxigen

    I'm speaking specifically about access to servers. Even just connecting to them via Remote Desktop to perform work.

    +
    0 Votes
    CharlieSpencer

    Our field service techs have it, since they often have to install or update diagnostic programs. Some abuse it, most don't.

    A limited number of software developers have it.

    Those are the only user groups that routinely get local admin. Level 1 service desk technicians have it on client systems but not servers. Level 2 has it on clients and servers. We use groups for Level 1 and 2, but we don't nest within those groups.