Local Administrator request form?

Grimmda

2[H]4U
Joined
Jul 1, 2003
Messages
3,130
I've been tasked with creating a form to have people fill out requesting local admin rights on the XP pc's. I'm curious if anyone out there has one at their place I could template from? Any of you Desktop Support/Data Security guys and gals have anything?
 

MorfiusX

2[H]4U
Joined
Feb 13, 2004
Messages
3,007
My first answer would be no. As part of our enterprise security policy, users are not allowed to have local admin rights. It takes some time to make sure everything works, but saves you trouble in the long run (viruses etc.).
 

figgie

Supreme [H]ardness
Joined
Feb 11, 2002
Messages
7,820
MorfiusX said:
My first answer would be no. As part of our enterprise security policy, users are not allowed to have local admin rights. It takes some time to make sure everything works, but saves you trouble in the long run (viruses etc.).


agredd 100%

there is ZERO reason for a user to have admin rights on a local pc. All applications that are approved by the business is all they need. they do not need to install MSN, AIM, Winamp, Google bar, yahoo bar etc.
 

Grimmda

2[H]4U
Joined
Jul 1, 2003
Messages
3,130
Hey if it were up to me there would be no local admin rights... but I don't have that sort of power here (yet) heh.

So I'm stuck will still having to write up the document... BLECH! :mad:
 

figgie

Supreme [H]ardness
Joined
Feb 11, 2002
Messages
7,820
Grimmda said:
Hey if it were up to me there would be no local admin rights... but I don't have that sort of power here (yet) heh.

So I'm stuck will still having to write up the document... BLECH! :mad:


understandable

BUT

have you voiced your concerns of giving admin rights to the users to your boss (more things can and do go wrong)? Hell power users should be more than enough for 98% of the users.
 

XOR != OR

[H]F Junkie
Joined
Jun 17, 2003
Messages
11,549
Personally, were this me, I'd make the form so damn complex that it'd scare people away from filling it out. And I'd only accept fully filled out, valid forms.

Then I'd set them up, then take it away a week later. I bet you they don't even notice.
 

Haven

Supreme [H]ardness
Joined
Oct 11, 2002
Messages
6,350
One minor problem with this approach is badly written windows software. We have an application that everyone in the company uses. It requires Admin rights on the local machine.

I have tried the Run As thing too. It works, around 50% of the time.


Stupid Windows.
 

Grimmda

2[H]4U
Joined
Jul 1, 2003
Messages
3,130
MooseWizard said:

Thanks for the link...

Rockin.

And as far as arguing the point my personal believe of the "powers of local admin" are basically useless. Users log in via their Domain account and the rights on the network stem from there. As far as the local PC is involved I create the core image and 80% of our 4,000 PC's here don't even have a vaild XP/SP2 image on them yet (tsk tsk to my group in never deploying it).

I just look at the PC as a "thin client" of sorts, if it's broke, re-image it as all their files should be on the network :)
 
Joined
Nov 22, 2005
Messages
11
ianshot said:
...We have an application that everyone in the company uses. It requires Admin rights on the local machine. ...

Not to hijack (or aid in your hijack) but that can usually be fixed by changing the permissions of the specific program's registry keys using Regedt32. I have that problem with Pagemaker, and have to change the permissions on the Pagemaker registry key to allow regular users to make changes. However, once it is done, it works under a restricted account with no problem.
 
Top