Many organizations look at the migration to Windows 7 as an opportune time to re-evaluate polices associated with granting local administrator rights to users on Windows system. There are a number of advantages when end users do not have local administrative rights on their Windows desktops. These include:
- Less chance for malware to successfully attack the system. When the end user doesn’t have local administrator rights, the malware that tries to exploit vulnerabilities in software such as media players, mail clients, and internet browsers is much less likely to succeed. A locked down desktop doesn’t eliminate the need for firewall, AV, and other security software, however it certainly does provide another layer of defense against malware.
- Reduce chance for the end user to make unauthorized changes to the system. When users are not able to make unauthorized changes to their system there is less chance for something to break that will lead to a support call from the user. The more changes that are made to a system the more chance that there will be system or application errors introduced. Locking down the desktop results in a more stable and predictable computing environment for the end users.
- Better control on which applications are installed and used on the system. When end users do not have local administrator rights there are many applications that they can no longer install. This helps organizations better ensure compliance with software license counts. Controlling which applications are installed and run on the desktop also limits the chances for application incompatibility issues.
- Fewer support calls to the IT helpdesk. When end users are running in an environment that is more stable from a perspective of system changes and applications that are installed, there are problems that the end user encounters. This results in fewer calls to the IT helpdesk.
Privilege Management allows IT professionals to reach these objectives, without sacrificing user productivity or increasing support call volume, by providing granular, multi-level user permissions control. Ideally, endpoints can be supported regardless of worker location and the Privilege Management software should not require laptops or desktops to be part of the Active Directory domain or to be directly connected to the corporate network in order to activate policies.
As you migrate to Windows 7, be prepared! Get a step ahead on managing and controling administrative privileges by incorporating Privilege Management software as part of the standard operating system image. This way you avoid having to separately deploy the agent after provisioning a new desktop or performing a migration.