Moving To A Least Privileges Environment: A Step By Step Project Plan - Chapter 3: Discover What Policies Are Needed Prior To Locking Down
Before removing local administrator rights from an end user as part of a least privilege project, it is critical that the system administrator understand what programs and processes are currently being used in the environment that require local administrator rights. In almost all organizations there are processes and applications that users are using that are not managed in the PC Lifecycle management tool configuration database. There are usually sets of applications that users have installed outside of the control of IT. Even if an application is part of the base operating system image or part of a managed piece of software, the PCLM database does not show if the application needs elevated rights to be able to run.