News spread quickly that the director of Microsoft’s internal security told a reporter at the AusCERT conference May 23 that Microsoft is considering limiting employees’ full admin rights to their desktop PCs.
Microsoft has always given the majority of its employees full admin rights on their desktop PCs, though this is unusual; most companies’ IT departments limit access in order to more easily manage the workstations under their jurisdiction.
“We’re looking at what sort of permissions you have when doing certain things on computers,” a Microsoft spokesperson told eWEEK. “You don’t need full permissions to use the Web or to check your Hotmail.”
The access standard the company is considering for its employees is related to one Microsoft is already planning to apply to its customers.
Expected to come as a built-in security advance in Vista, a feature called UAC (User Account Control) ensures that dangerous software cannot be involuntarily installed onto a system when a user runs the computer under a lesser privileged account.
“User Account Control makes it possible for organizations to deploy a more manageable and secure desktop in which end users can run as standard users (not administrators) and still be productive. The reality is most end users won’t notice a difference when doing everyday tasks,” a Microsoft spokesperson told eWEEK.
Read the full story on eWEEK.com: Microsoft Debates Reducing Employee Admin Rights