Re: admin privileges and trojans

[souledoutuk () gmail com]

Hi there, 

One good argument for not giving users admin rights is that they install ANYTHING that asks regardless of what it is. 
It also means when they use their company equipment to surf pr0n or download mobile phone ringtones, all the driveby 
spyware downloads get unlimited access to everything on the PC.

If the user is a domain admin, the entire company network is compromised. This can result in legal quagmire for the 
company and potential losses aren't just limited to financial... reputations, customers and staff will all be affected 
too.

Any security companies you use will probably have whitepapers on this subject. Penentration testing is also a good way 
to go as admin rights is part of that.

I often dumb down the examples for management and say things like "why give everyone keys to the office safe when the 
company Secretary is responsible for it".

Hope this helps. I can babble about IT security and management until the cows come home so feel free to drop me a mail 
if you want a few more ideas.

cya,
SouledOut