RETIRED CONTENTPlease note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.
If end users are being granted local administrative rights to enterprise end-user devices, stop this practice right now. The security holes and support nightmares created when users are allowed to download software and modify configurations are reason enough to ban this practice outright.
Admin Rights Will Hurt You
Excuses abound for granting end users local administrative rights on PCs and other end-user devices. The leading reason cited is that administrative rights bring increased flexibility in meeting business needs. In a managed enterprise environment, this so-called “need” is rarely, if ever, justifiable when weighed against the potential costs:
- Compromised network security caused by increased vulnerability to malware and intrusion, and overall decentralization of security control.
- Violation of legal or regulatory mandates (including copyright law), which can result in fines and imprisonment.
- Support of different, non-standardized desktop images and applications, which greatly complicates IT support and maintenance efforts.