Re: local windows accounts

[Brian Erdelyi <brian_erdelyi () yahoo com>]

It's likely because the user wants to install their own apps and they need local admin privileges.  Confirm exactly 
what the user is trying to do.

As for risks...
1.  Malicious software.  Whatever permissions a user has so does malicious software.
2.  Change management.  If you have standard desktops and configurations this means the desktop will be much more 
difficult to support and maintain.
3,  Unauthorized software.

I think DHS or NSA recently released a guide on security for home users.  It actually covers this issue of having local 
admin.  You can also google concept of "least privilege" for best practices.  Even Microsoft's guide for home users 
recommends a non-admin account day-to-day use.

.b

On May 20, 2011, at 2:24 PM, Matthew Perry <mlperry () gmail com> wrote:

> I have a few users who insist that they need a local account on their domain laptops.  I am trying to explain to them 
> that their password will cache and allow them to login while not on the network.  It also looks like local accounts 
> bypass a lot of our group policy rules that we have put in place and I do not want to have to manage local policies 
> as well.  Can anyone give me some more good reasons why it is bad to use a local account instead of a domain account.
>
> Thanks!
>
> -- 
> Matthew Perry
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com