Keys to the Kingdom

Is giving a local user admin rights any way to run a network?

In response to my column, "Local Control" (click here to read it), where I described how to use Restricted Groups to give users local admin rights, I got some thoughtful responses chiding me for describing this type of operation. Here's an example from Peter:

Bill: While your answer is accurate, it also does everyone on the mailer a disservice. The question starts out with a statement that I have heard all too often..."We set ALL USERS to have local admin access to their PC." As you well know, this is no way to run a network. It's like handing a loaded weapon to a toddler and sending him off to the local playground. It is only a matter of time before he hurts himself or someone else.

A Microsoft Certified System Engineer should never tell you that you have to give local admin rights for a PC to a general user. Applications can be enabled by setting registry and file permissions via Group Policy. Debugging rights can be granted to a developers group via policy. There are a number of ways of dealing with problem issues without just handing every user the keys to the kingdom.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Now, I think Peter makes an excellent point that I should have pointed out the problems with giving local admin rights to users. But I also know that quite a few system administrators routinely give users local admin rights and are none the worse for it.

So, I'd like to hear how you do business:

  • Do you give users local admin rights or not?
  • What was the critical item that caused you to make your decision?
  • Do you have any cause to regret your decision, one way or the other?

Write me at [email protected] with your answers to these questions; be sure to put "User Rights" on the subject line of your message. I'll bundle up the best answers in a future column.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.