[wpkg-users] Using several profiles
Brian May
brian at vpac.org
Fri Apr 18 01:21:30 CEST 2008
Tomasz Chmielewski wrote:
> Allowing your users to logon with administrative powers is a very, very
> bad security practice.
This may be the case, but unfortunately users tend to get very upset
when they don't have administrative access, sometimes for bad reasons (I
want to be able to install software on my own), sometimes for good
reasons (I want to be able to take my laptop home and configure it to
work on my home network).
There is still some broken Windows software applications that will not
run without administrative access (e.g. fax/scanner software for HP7410
fax/scanner/printer from memory).
In fact, last year we got a brand new Windows Vista machine from Sony,
and on logging in a program required for video conferencing requests
administration access. I am not sure exactly what this process does, but
the on board camera didn't seem to work without it. Or the automatic
updates program from HP which runs apparently on random even when the
user doesn't have administration access and then complains loudly that
the user isn't using it correctly.
This is the debate that continues throughout my work place. If we make
one exception, we can others demand it too.
We have considered giving users a special account which they rarely use
for administration tasks, but in practise we would expect many people
just to use that account on a regular basis.
Brian May
More information about the wpkg-users
mailing list