As every IT manager knows, security is a trade-off between usability and the level of protection required. For example, to prevent users making unauthorised configuration changes to their system, users are normally given only basic security rights to their system. This is fine until the user has a legitimate reasons to make changes to their system. Perhaps to install a software update, or make a small configuration change. This situation normally results in a Support Staff member visiting the user, logging on with an account with increased users rights and then carrying out the task before logging off and allowing the user to continue. This approach also has unwelcome side effects as a considerable amount of modern software requires that the user who is going to use the software actually installs it. Let alone the lost productivity of the user and the increased workload for the support staff. The problems become even more compounded when the user is physically away from support staff and not connected to the |
