1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Users being memebers of Local Administrators Group

Discussion in 'Windows Security' started by Eugen, Jun 10, 2009.

  1. Eugen

    Eugen Guest

    Hello,
    We have a developers Team and each of these developers is part of the local
    administrators group.
    We want to remove them but their manager is asking for a clear explanation
    for this action. I;ve found "The 10 Immutable Laws of Security" on Technet
    but is not enough.
    So, my question is: is there any article from Microsoft or Technet or other
    recognized organsation which defines more clearely reasosn why they dont need
    to be in the Local Administrators Group?
    Many thanks for your answers,
     
    Eugen, Jun 10, 2009
    #1
  3. Shenan Stanley

    Shenan Stanley Guest

    Eugen wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > We have a developers Team and each of these developers is part of
    > the local administrators group.
    > We want to remove them but their manager is asking for a clear
    > explanation for this action. I;ve found "The 10 Immutable Laws of
    > Security" on Technet but is not enough.
    > So, my question is: is there any article from Microsoft or Technet
    > or other recognized organsation which defines more clearely reasosn
    > why they dont need to be in the Local Administrators Group?
    > Many thanks for your answers,<!--colorc--><!--/colorc-->

    No one here can definitively tell you why these certain people do not *need*
    to be in the local administrators group. Many can tell you best practices
    and reasons they likely *should* not be in the local administrators group -
    but there is no 'line in the sand'.

    Not knowing what these people do - all one can say is that generally - it is
    unwise to have anyone in the local administrators group and utilizing the
    computer like that day-in and day-out. They can cause all sorts of havok
    and issues that a user not in this group cannot. Depending on your setup,
    they could easily spread these problems across the entire scope of your
    control in sort order (and not on purpose.)

    The best response is to ask for the clear-cut explanation why they need to
    be in the administrators group - and meet them point-for-point if possible.
    If they refuse - then they have no case and policy wins.

    --
    Shenan Stanley
    MS-MVP
    --
    How To Ask Questions The Smart Way
     
    Shenan Stanley, Jun 10, 2009
    #2
  4. Nobody

    Nobody Guest

    Just my personal experience as someone that does development I can say I run
    into issues when I was not part of the local admin group on my computer.

    Really depends on what the person needs to do, and what version of Windows
    you are using.

    "Eugen" <meugen@mymail.ro> wrote in message
    news:DD54871A-DD58-485B-8F4B-D1BB4D952543@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello,
    > We have a developers Team and each of these developers is part of the
    > local
    > administrators group.
    > We want to remove them but their manager is asking for a clear explanation
    > for this action. I;ve found "The 10 Immutable Laws of Security" on Technet
    > but is not enough.
    > So, my question is: is there any article from Microsoft or Technet or
    > other
    > recognized organsation which defines more clearely reasosn why they dont
    > need
    > to be in the Local Administrators Group?
    > Many thanks for your answers,
    > <!--colorc--><!--/colorc-->
     
    Nobody, Jun 10, 2009
    #3

Share This Page