Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Employees May Lose Admin Rights

Posted by ryuzaki0 on from the root-to-moot dept.

daria42 writes "As Microsoft moves its internal desktop systems to Windows Vista, the company is contemplating whether to change a long running tradition and take away admin rights from its employees in order to improve security." From the article: "'We haven't made that final determination yet. We would like to absolutely look at scenarios where we can look at elements of User Access Control -- that is the feature in Vista -- so that we can start moving in that direction ... It is a tough balance and every company has to decide what is right for them,' said Estberg. However, Estberg said that for the moment, the company will continue to leave the responsibility of installing software with its employees."

9 of 502 comments (clear)

  1. Let's hope they do by creepynut · · Score: 5, Interesting

    Who better to test and actually use the "User Access Control" than Microsoft's own employees?

    Clearly, they weren't "trying out" the Limited User accounts when Windows XP was in its infancy. Otherwise, it might actually be useful to us today.

  2. Eat your own dog food by mwvdlee · · Score: 5, Insightful

    "Eat your own dog food".

    If Microsoft's access rights model isn't good enough for their own purposes, it isn't good enough for the rest of the world either.

    If they were truely confident that it works as they claim it does, they should have had their employees in a more secure and restricted environment years ago.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  3. Excellent Idea by Whatsisname · · Score: 5, Insightful

    Yes, having the employees run as 'regular' users would be a terrific idea. All the problems that limited user accounts have now would be encountered by those with the most ability to fix them.

  4. su got you a vist from security by DrDitto · · Score: 5, Funny
    I used to work for a Fortune-50 company and we had Unix workstations for software development. The system was configured such that if you tried or accidently entered "su", you got a visit from security within 5-10 minutes.

    It happened to me when I mistakenly typed "su" instead of "du".

  5. Won't fly by Utopia · · Score: 5, Insightful

    With a huge percentage of the people being developers, these people need full control over their system.
    I don't see how they can even implement this scheme.

    May be they can take the admin rights from their Managers computers.

  6. Give them average-sized monitors too, dammit! by Anonymous Coward · · Score: 5, Insightful

    Hell, make them work in monitors the size the average office supplies -- 15" or 17" where I work.

    I'm so damn tired of apps that open big windows needlessly in the middle of the screen (MSWord's 'find' for example) covering whatever it is you wanted to actually operate on -- because some programmer had a 29" monitor -- or two -- to work in and never thought about fitting stuff into a real user's working screen.

    Open find. Drag stupid window off the text area. Find. Damn, window moved back to the middle. Lather, rinse, repeat.

    Sure, the IT department could supply larger monitors. But those are commodities and they're saving their budget for bells and whistles to impress top management.

  7. Re:"Unusual practice" ... wtf. by EvilSS · · Score: 5, Insightful

    Are they Microsoft Applications or third party apps? Everyone is quick to blame MS for this but in reality it's usually the fault of the application developers that can't follow Microsoft's guidelines for writing software. 99.9% of the time it is the result of one of the following:

    1. Storing user information in HKEY_LOCAL_MACHINE instead of HKEY_CURRENT_USER (even MS is guilty of this with their TS licenses)
    2. Writing files to the program directory instead of to the user profile, temp, home drive or other user writable location
    3. Writing files to C:\ (this is just inexcusable and lazy)
    4. Some other bonehead move by the developers (such as registering components on run instead of during the install, trying to store files in winnt, using freaking INI files!)

    [insert rant about under-trained programmers and lack of proper software engineers here]

    If the programmers would actually learn how Windows works most of the "x software package requires admin rights" could be avoided.

    --
    I browse on +1 so AC's need not respond, I won't see it.
  8. Re:"Unusual practice" ... wtf. by arodland · · Score: 5, Funny

    Think I'm exaggerating? Why do you think I don't have those jobs anymore?

    Maybe it was because you're prone to exaggeration and it was interfering with your job performance ;)

  9. Re:Reminds me of where I used to work by haleyeah · · Score: 5, Funny

    I got hired at a 'mom & pop' to be the general IT jack of all trades. They had a peer to peer network running with some wierd ip scheme some consultant setup. Of course I setup a file server as well as upgraded the PCs from win 98/95 to XP. I took away local machine admin rights. Well in a couple of days I got support calls from all the old ladies who worked there. Their webshots no longer worked plus they couldn't install those damn web games. I was able to hold out by throwing around some technobabble and scaring the boss about all those security risks on the internet. Well after a few weeks serious support calls dropped to nothing. After setting up a linux box to run mysql and developing some applications in VB to replace the myriad of excel files they use,I had run out of projects. Between boredom and the boss eyeing me everytime he passed my office, I enabled local admin rights again. Lets just say between cleaning spyware and adware I've been staying busy.