Users always want to install more Windows applications, but if administrators really give users local administrative rights, then the network may face serious threats, and the more dangerous the user installs the application, the more complex the network security effort is. Therefore, when the administrator gives the user local authority, should adopt some tactics, lest to cause the security risk to the network.
Network security expert Brad Casey has made some suggestions, for example, if you want to give the end user the option of installing and running which applications, it is best for the administrator to list an application's blacklist and tell the user which applications are not available. And the blacklist should also be an expandable public blacklist that can be found by simple Google search.
Alternatively, you can use the application whitelist or related policies to list specific applications that are only allowed for use by Windows clients, which minimizes the risk. But this approach has put a lot of pressure on administrators and it is hard for users to accept this form.
Of course, administrators should also deploy intrusion detection systems to detect malicious application activity so that they can be remedied in a timely manner after a risk occurs.
The author thinks these methods are simple and effective, and hope to provide some help to the managers.