You also mention that "all" users are local administrators while developers represent only 50% of this number....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
You need to evaluate your organization's security policy. There is no reason to be making all users administrators. At least 50% of your users have no need at all, yet you are giving them privileges way beyond their wildest dreams. They have the ability to not only annoy you with the configuration issues above, but also put your company in a severe risk situation. Think about the spread of malicious code (run a malicious executable as an ordinary user and its damage is limited; run it as administrator and it can be devastating); think of the elevation of privilege attacks that might provide them with elevated privileges on other machines (including servers and domain controllers); think of the increased support costs as they do things they shouldn't do and go places they don't need to go; and think of their ability to subvert and ignore security policies on the local level. I could go on.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.