Are you tired of asking for permission to download an app to your work computer? Do you feel as if "they" are trying to control what you can and can't do on your computer? Well, sometimes they are, but most of the time there are very compelling reasons for why all the company employees do not hold administrator status.
To maintain a healthy computer system (and those are the ones we want to work with), it is necessary to protect what data comes into that environment. Whether it is your personal computer or company computer systems, there is a growing number of people who want to wreak havoc in one form or another on the cyber community. One sure way for this to happen is if your company is running an open environment where all of the users are set up as administrators.
Running your computer as a member of the Administrators group makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site or opening an e-mail attachment may have Trojan horse code that can be downloaded to the system and executed.
If you are logged on as an administrator of a local computer, a Trojan horse could reformat your hard drive, delete your files, and create a new user account with administrative access. If you are logged on as a member of the Domain Admins group, Enterprise Admins group, or Schema Admins group in Active Directory, a Trojan horse could create a new domain user account with administrative access and put schema, configuration, or domain data at risk.
On a local computer, it is recommended that you add your domain user account only to the Users group (and not to the Administrators group) to perform routine tasks, including running programs and visiting Internet sites. When it becomes necessary to perform administrative tasks on the local computer or in Active Directory, use Run as to start a program using administrative credentials.
So the next time you get frustrated because you have to wait for someone to download something for you, think about how much time you would waste each week while a virus or some other malice code is being removed from the server that was accidentally invited from a "trustworthy" site.
