1
I work as an IT and every employee in my company has a domain account (Windows server 2003). Many people want to install new software for their professional needs and I have to be there just to write the Administrator's password.
It is very annoying and I decided that I would give some users the privilege to install new software (only to people whom I trust and whose computer abilities are above average, so I know they won't install stupid things or viruses).
I discovered that the only way I can do that, is to add their domain user account to their PC's local administrators group. I am a bit reluctant, because I don't know what the downfalls of this strategy might be.
Can you provide me with a few scenarios where this move would be a bad idea? I repeat that I will give this privilege only to people which I know that will not install harmful software.
Would it be a better idea to put the user in the "Power Users" group? – redi – 2016-08-21T17:37:39.240
@redi By default on Windows 7 members of the Power Users group have no more user rights or permissions than a standard user account. If you want to give your users even some administrative rights, then all the drawbacks I mentioned above still apply for the rights they are granted.
– I say Reinstate Monica – 2016-08-21T17:43:51.987Are you sure? I have read that Power users have rights to install new software but have a few other restrictions (such as installing drivers). Does that apply only to windows 7? – redi – 2016-08-21T17:48:15.880
@redi I'm sure. The link I provided above is based on this documentation directly from Microsoft.
– I say Reinstate Monica – 2016-08-21T17:50:08.233