Consider these questions before making a decision: How many and what kinds of users will need access to your system? Are they non-technical people in finance and marketing that only need limited access to certain applications, files, spreadsheets or databases? Do they have access to customer information, company trade secrets or other high-risk data?
As the number of users grows, and the risk level increases, there is less reason to grant admin rights.
Using admin rights to open up your desktops, even if only for logging on to the domain, gives your users rights that you might not want them to have. With these privileges, users can change system resources to add unauthorized software and hardware, open USB ports to allow unauthorized uploading or downloading of data and make changes generally incompatible with the consistency of your enterprise system.
Enterprise desktop use should be based on standards agreed upon for the whole company. Once the setup policy is determined, it should be locked down and kept consistent.
However, it is sometimes necessary to grant admin rights. For example, today many commonly used Windows applications can only be run by those with administrator privileges. Fortunately, Microsoft plans to fix this with the release of the Windows Vista operating system.
Dig Deeper on Web authentication and access control
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ... Continue Reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.