Hi,
I am implementing the principle of least privilege in my organisation by making sure users active directory accounts are a member of the users group on their PCs.
I have a group of users that work out of hours, they have a nightshift plus weekend shifts. Traditionally they have had admin privilege so they have a better change of resolving any issues themselves.
Do I enforce the policy for these users or make a compromise? If I make a compromise (e.g. let them know the local administrator password for the PCs) then I’d like to know when the elevated permissions are being used, possibly by being alerted to when the local admin account is used, or being alerted whenever software is installed, does anyone know of software to do this?
Thanks
N
