You truly need to trust your users for this approach to work - and they need to be very savvy and educated in regards to information security and best practices. This way, users are better able to troubleshoot and fix any problems on their own, in addition to performing desktop updates that your techs would otherwise have to do for them.
If you don’t have enough IT staff to go around, it may be simplest to have local admin rights as well.
Allowing users to update their OS and applications can help keep the overall workstation more secure, unless you have a method to easily push out updates system-wide. Outside of employee happiness and productivity, software and system updates also require administrative rights. The answer is probably not.with some caveats. But with shutting down admin rights proving to be a relatively easy and strong method of eliminating vulnerabilities, should you risk enabling them? Many modern workplaces allow users more leeway over the configuration of their workstations, as computer-savvy employees are often more productive when they have applications set up the way they want. In most cases, they can be leveraged to remotely execute code and take control of the PC, potentially accessing sensitive data and applications deeper within the network. These vulnerabilities range from phishing attacks that can hijack the system via applications like Microsoft Word to packets that are specially crafted to hit Windows Server. Allowing your users administrative rights under their Windows desktop certainly makes their life easier, but it can cause significant headaches for your sysadmins - and it also opens up a wide variety of vulnerabilities.Ī recent study from security vendor Avecto found that 94% of critical vulnerabilities announced by Microsoft could be mitigated by simply removing administrative rights.
0 kommentar(er)
