As an InfoSec consultant I had confronted and I am sure that many of you might have faced the question from your clients or within your organization that “‘to provide’ or ‘not to provide’ Local Admin privileges to users”.
Indeed, it is a tough question to answer and even tougher to convince anyone to take a certain approach in this regard. Reason being, I feel, it is impossible to get away with any one approach. Again in my view, if given a chance, I would prefer to go with the approach of not providing administrative privileges, unless I have been provided with enough personnel, technology and time to handle the mess created by this action.
