When users don't have local administrator rights, they can't make changes that destabilize the system or require extra support to correct the problems they accidentally create. Additionally, a locked-down system is less susceptible to malware.
But by its very name, a “personal computer” is generally seen by a user as “my device.” Many organizations allow users to run with local admin rights simply because it's too difficult to keep the system locked down.
But removing admin rights is only a part of the fix. There are legitimate situations that require elevated privileges for users to accomplish their jobs. What companies really need is a way for users who need those rights to gain those privileges smoothly.
How do you accomplish that? A strong privilege management solution needs to take individual and collective user needs into consideration. Users have a set of things they do to get their jobs done, and they expect to be able to perform their necessary work without IT intervention. If users have been able to perform certain tasks on their own in the past, they are naturally going to expect that right to still be in place after a desktop lockdown happens.
As a company moves to a locked-down environment, it should do so in conjunction with an effective privilege management solution to make the transition as transparent as possible. This will help to ensure the enterprise users' ease and cooperation, which is the optimal objective of every major IT or operational change.
From the - February 2012 Issue of SCMagazine »