Re: local admin rights
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Apr 2008 09:32:11 -0400
Leonard <Leonard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
the new software is Sage CRM and local admin rights need to be on for
the software to run, not just install.
No, that's just what the developer is telling you, and I'm telling you
they're full of it. Don't let software vendors drive decisions like this.
The users don't *need* local admin rights. Simply put, the user evidently
needs to access something that ordinarily an end user can't access. The user
does *not* need all the permissions granted to an administrator- meaning, to
run this software they do *not* need permissions to add/remove software,
device drivers, edit network configurations, create user accounts, etc. -
and that's what an administrator account can do.
I have not idea why this is but we are trying to find out why
Because they're lazy or crappy software developers? Seriously, this is
something you should complain loudly about. My advice still applies - you
can work around this if you get a list of file system & registry keys to
edit - or find this out yourself as I've advised.
any further advice would be greatfull
if we do have to have admin rights can we monitor what users try and
install etc
Nope. Do not give them admin rights, if you want to maintain your
environment properly. Get a test box & the Sysinternals tool.
"Lanwench [MVP - Exchange]" wrote:
Leonard <Leonard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
We are having some new software installed which requires local admin
rights.
I presurem if this happens do I take it the domain users will be
then able to install software when they want it
we have a 2003 std server as a domain controller
Lookforware to your replys
Don't grant local admin rights. Users will definitely be able to
install anything (or uninstall anything) change network settings,
and so on. Power Users is not much better.
First, speak to the software developer and complain loudly - there
is NO reason the users should need admin rights to run their
software. It should require admin rights only to *install*. Ask for
a list of file system locations & registry entries to which the end
user will need to have permissions modified (read, or read/write) to
run the app. If they don't have this, complain louder. This is just
plain sloppy code.
If all else fails, check out Sysinternals Process Monitor (free
download from MS) - you can run it to determine what the app expects
to access and make changes manually. Test thoroughly - do not deploy
the app on any computer before you've determined how you can make it
work & behave properly.
.
- References:
- local admin rights
- From: Leonard
- Re: local admin rights
- From: Lanwench [MVP - Exchange]
- Re: local admin rights
- From: Leonard
- local admin rights
- Prev by Date: Group Policy Question
- Next by Date: Re: Connect to Multiple Networks (Simultaneously) From Same Comput
- Previous by thread: Re: local admin rights
- Next by thread: Re: local admin rights
- Index(es):
Relevant Pages
|
