Balancing Bad Applications vs. Network Security?

Darlok asks: "One of our clients recently purchased a new financial software package from a major vendor for their industry. This is not a small mom-and-pop software house. The problem is, like a lot of industry-specific software, there are a considerable number of bugs. What's shocking is that to work around a problem preventing users from logging on, the manufacturer's recommended solution is to grant -Domain Administrator- privileges to all users, and they refuse (or are is unable) to explain that need further (it's bad enough that an increasing amount software seems to require local administrator privileges). Considering the enormous costs involved, how do you explain to Management that they shouldn't run this software until the problem is resolved -- which could be a long time, costing even more money? How do you balance productivity versus security when ANY productivity would give away the keys to the city? What can make an industry-specific software manufacturer pay attention to larger issues when they already have something of a captive audience?"

Sounds familiar

[karlto]

We were told something similar with a new software package... turns out that a single registry key needed slightly different permissions. I wasn't too impressed with their suggestion that all users need to be administrators either!

Re:sudo

[wolverine1999]

Try RunAs instead.
What do you think?
http://www.microsoft.com/resources/documentation/w indows/xp/all/proddocs/en-us/runas.mspx

Re:Simple terms.

[mork]

You need simple analogies to explain this to management.
In the next meeting ask the boss for his house keys, then proceed to explain that you will now make copies of his house keys and along with directions to his house pass out the key copies to all employees.
When he freaks out explain this is the same as granting domain admin access to the systems.

That should help explain the importance of security :)