This way you avoid the error at least. Reboot a machine, log in with a user who isn't explicitly a local admin and try to do some admin stuff. Notice how it works. This also makes it possible to take advantage of the application I made that can set a custom lockscreen for your organization in the correct resolution - something Windows natively cannot.
Every situation is unique. While I personally can't think of any reason to do this, perhaps Nick has one? Well, first of all it takes a lot of stress of our IT department that people can install whatever they want on their own machines. People do that on their own if they need it.
And then there's the thing with some programs that just don't work if you're not an administrator. I don't see any reason not to add people as local admins, unless of course you're managing public computers where people deliberately mess up things - but at your workplace, why would you mess up your own computer on purpose?
It may be a pain and it may increase the work for an IT Dept in the short term, but giving the users local admin rights when not needed is asking for trouble.
A program is installed for a user once. Some, like Java and Adobe products, are always asking for admin rights to update. Beyond this you will not be overloaded with work. The average user will treat their machine as if it is their own. They will install anything they feel like from any location they feel like. When you run across a few users who infect their machine with spyware and viruses, you will not be so trusting.
Or you may get iTunes on every machine sucking up you bandwidth. Maybe you will have that call, "My internet is really slow and I barely have any viewing space to see web pages". As I mentioned, this generates no issues for our corporation whatsoever. And people are allowed to do whatever they want with our machines within the ruleset we define, which they cannot alter, local admin or not. Everything is locked down with GPO and our antivirus cannot be uninstalled or deactivated, so we never have issues with malware either.
I think I reinstalled a machine only once in like 4 years because of malware - and who is to say that that would have been different if not admin.
The advantages just outweigh the for us none at all disadvantages, and this is a how-to, not a debate about whether it's right or not to do. As mentioned, every situation is unique. SpiceWorks tells me if someone installs unwanted software, and I just uninstall it remotely and tell people to stay away from it in the future.
No big deal compared to having to monitor and evaluate every single thing people want to install. Users would also be frustrated if they couldn't do what they want with their computers like they have been able to for years.
Now if there is NOT an identically named local account, then you can add a group policy entry that will specify the default domain to use, but a local account will still be defaulted if it exists. If you want to login as local admin then go with ". To continue this discussion, please ask a new question.
Laplink Software, Inc. Neil Laplink. Get answers from your peers along with millions of IT pros who visit Spiceworks. Best Answer. Grit May 4, at UTC. View this "Best Answer" in the replies below ». Popular Topics in Windows 7. Spiceworks Help Desk.
The help desk software for IT. The first step is to gain access to the local Administrator account, which should be disabled. When logged in to the Windows PC as the juser company. As you can see, our juser company. You should see your Windows volume in right pane of File Manager. If you ever want to restore the administrator password to what it was set by the company, as well as set the account to disabled, and to remove your domain user account from the local Administrators group, restoring this file from a backup is the fastest way.
We will be blanking out whatever password may be assigned to the local Administrator account, so take this in to consideration. All of the commands in this tutorial are case sensitive. This is because even locally cached domain accounts are not located in the SAM file.
Issue the command chntpw -u Administrator. Here we can see that the account is disabled, and the password is set to never expire. At this point the Administrator account is enabled with a blank password. Reboot the PC to log in to Windows. Double click the Administrators group to show its properties. In the object name box, type the name of the domain user account, in this case juser company.
Fortunately for us, we have them. Log in using juser company. As you can see, juser company. Click Ok to close this dialog, log out of Windows, and log back in as juser company.
0コメント