INFO: Another reason why your users should never be Local Admins on their wkstns

Posted by: kurtsh | April 2, 2006

INFO: Another reason why your users should never be Local Admins on their wkstns

Here’s reason #142 for "why your users should never be Local Administrators of their workstations":

How to bypass corporate Group Policy as the Local Administrator of your workstation:

http://www.sysinternals.com/blog/2005/04/circumventing-group-policy-settings.html

This is well known to many however now that Mark’s published an article detailing exactly how to do it, it might behoove folks to get a move on and start locking down people’s accounts to at least Power Users.

This underscores the point that anyone that has Local Admin privileges of their workstations can literally do anything they want on their machines with a little creative thinking. Companies that place their users in the Local Admin group are simply cutting corners for their own ease-of-administration to the detriment of their corporate security policies.

Posted in Info

Kurt Shintaku's Blog