June 13, 2012, 12:00 PM — If you're a typical small-business owner, you don't have a centralized provisioning system that can easily and automatically deploy each desktop or laptop system. You might not even have a dedicated employee, let alone a whole department, to manage your IT resources. And you probably give each user their own local login, instead of using a centralized authentication server. In other words, your employees have the keys to their local computer kingdoms. And that means they can do just about anything on their machines: Install new applications, install undesirable applications, change settings, and perhaps even unintentionally corrupt the Registry or download malware.
Giving your employees the freedom to try new tools, listen to music while they work, or visit social media sites in their off time will improve their morale and enhance their productivity. But that flexibility can quickly lead to disaster if they wind up ruining their computers, bogging them down with garbage apps, or worse.
So how do you balance keeping your employees happy with maintaining control of your company's assets?
One strategy is to deny your employees all administrative control over their computers. Such a restriction would reduce the risk of your computers being waylaid by buggy apps and malware, because no one would be able to install anything. The drawback is that you--or your designee--would have to do all of the installing for them. That can be a time-consuming process, especially if you're deploying a new application to your entire workforce--even if it's just a handful of employees. Then you have to consider periodic security patches, bug fixes, driver updates, and upgrades. And don't forget the need to install drivers and software for new peripherals, such as printers and scanners.
Granting Administrator Access
Instead of managing everything yourself, you can take a number of steps to bestow administrative rights to your employees without losing complete control over the computers you've provided.