Our Mac users are admins. But my feeling is that actually very few are using it.
So my question is, if it Is possible somehow to see in logs etc, when a user have been prompted for admin password when they are logged in
If there are users that have not been using their admin preveliges it for long time, why then not just block admin access for those, to minimize risk on clients
+9Would it not be simpler to set all users to standard and use a script in Self Service to promote them to admin temporarily when the access is needed? If you've got a large population of users who do not need constant admin permissions, this seems more secure.
Sorry - then there Will have to be a lot of decision made and lots of talk, communications to users - which I would like not to start with until I know how big the need is.
+31You could use a loginhook policy to test if that user is in the admin group and then log it if that is what your Org is requiring you to do
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
