1. The users on most of the desktops use administrative accounts to work on their PCs. This is usually done so as to enable to users to do all the common tasks on their PCs themselves, but this may pose problems like:
a. Users can install software themselves. Once installed, software can compromise the overall health and control of the PC, as well as introduce security and data compliance issues. With every new piece of unknown software installed, desktop performance, security, and supportability is gradually compromised.
b. No asset inventory control or license management. This can leave you in a position where you don’t know what has been installed and whether or not you have a license for the software.
c. Important data files are often changed or deleted. With administrator accounts, users have full access to the system and can often delete files that are required for system stability and reliability or even booting into the operating system, running applications or performing other day-to-day tasks
d. End users are able to change core system configurations. Users with admin rights can install drivers, change firewall settings, deactivate services, or deactivate anti-malware software, and add additional user accounts.
e. Users are not restricted from attaching devices to their PCs. With unauthorized storage devices connected (such as USB drives and MP3 players), users can easily lose or steal important data, load malware onto PCs, or misuse company assets with personal devices.
f. Systems cannot be centrally managed. In many cases software is not centrally distributed or tracked. If that is the case, computers will require manual setup and configuration.
2. Many applications are written to require admin privileges. This is often because software developers tend to develop as local administrators. Many applications are designed to assume that administrative privileges are present.
3. Applications can save their data (installation files, registry keys, and runtime data) to random locations. Applications written this way are difficult to support, because each application functions in a different way. If something breaks, it is difficult to troubleshoot the problem. For example- applications may store unknown file formats in “Program Files’ folder during installation.
So what is the ideal way in which the Windows systems must be managed and how can that state be achieved?
Read my next blog on what should be done to tackle these problems proactively, and the third one in the series on how can it be done.