Keys to the Kingdom

Is giving a local user admin rights any way to run a network?

In response to my column, "Local Control" (click here to read it), where I described how to use Restricted Groups to give users local admin rights, I got some thoughtful responses chiding me for describing this type of operation. Here's an example from Peter:

Bill: While your answer is accurate, it also does everyone on the mailer a disservice. The question starts out with a statement that I have heard all too often..."We set ALL USERS to have local admin access to their PC." As you well know, this is no way to run a network. It's like handing a loaded weapon to a toddler and sending him off to the local playground. It is only a matter of time before he hurts himself or someone else.

A Microsoft Certified System Engineer should never tell you that you have to give local admin rights for a PC to a general user. Applications can be enabled by setting registry and file permissions via Group Policy. Debugging rights can be granted to a developers group via policy. There are a number of ways of dealing with problem issues without just handing every user the keys to the kingdom.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Now, I think Peter makes an excellent point that I should have pointed out the problems with giving local admin rights to users. But I also know that quite a few system administrators routinely give users local admin rights and are none the worse for it.

So, I'd like to hear how you do business:

  • Do you give users local admin rights or not?
  • What was the critical item that caused you to make your decision?
  • Do you have any cause to regret your decision, one way or the other?

Write me at boswell@mcpmag.com with your answers to these questions; be sure to put "User Rights" on the subject line of your message. I'll bundle up the best answers in a future column.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.