04-07-2010, 10:43 PM
Lew Zealand's post is technically accurate, but in my experience, not practical. It depends upon the situation a bit and which applications are being used. In my environment, most all of the users need access to software that won't run unless the user is logged in as an administrator. I've complained to the vendors, but they don't care. They know that I'm at their mercy. I used to try to modify the installations so that un-privileged uses could use the software, but every update undid my efforts.
If you can get away with running the users in a 'Standard User' role then definitely do so. It just wouldn't work for me though. Microsoft actually recommends that all users run as admin users, but that you control security settings via GPOs from the domain controller to prevent the installation of software.
If you can get away with running the users in a 'Standard User' role then definitely do so. It just wouldn't work for me though. Microsoft actually recommends that all users run as admin users, but that you control security settings via GPOs from the domain controller to prevent the installation of software.