Im working for a software development company. My users are computer graduates (BCS/ MCS).
Well.. I don’t support the idea of giving local admin rights.
Disadvantages of local Admin Rights:
1) User can install / uninstall any thing on their system
2) User can change system settings & can lower the security level
3) Malicious packages / applications are executed more easily. & that virus/malicious code can propagate to others on the network .
4) You get a large number of support calls from those desks.
5) The time spent in rebuilding the system is a waste. With proper control that time could be utilized for some constructive work.
6) You wouldn’t have full control on your network.
Advantages:
1) User can install applications if they require any.
2) Some applications which don’t run with normal user cab run easily with local admin rights. (Although some suggests that you can set registry & file permission to run that application with normal user. But finding those settings is a hell of work.)
3) Adminstrator can free himself from installation work & can do some thing constructive for the company.
Suggestion:
1) Make sure to have your corporate policies straight. Have a meeting with your boss (or big boss) include development manager as well. The lay out what you company wants. then act accordingly.
2) With admin rights any application can run. It is the duty of software developing companies that they make sure that their applciation run with normal users as well. Or at least they should document the procedure where network administrators can run the application with normal user if they want.
