At the office where I work, three of the other members of the IT staff are logged into their computers all the time with accounts that are members of the domain administrators group.
I have serious concerns about being logged in with admin rights (either local or for the domain). As such, for everyday computer use, I use an account that just has regular user privelages. I also have an different account that is part of the domain admins group. I use this account when I need to do something that requires elevated privilages on my computer, one of the servers, or on another user's computer.
What is the best practice here? Should network admins be logged in with rights to the entire network all the time (or even their local computer for that matter)?
Best Answer
Absolute best-practice is to Live User, Work Root. The user you're logged in as when you hit refresh on Server Fault every 5 minutes should be a normal user. The one you use to diagnose Exchange routing problems should be Admin. Getting this separation can be hard, since in Windows at least it requires dual login-sessions and that means two computers in some way.
Why is this a best-practice? In part it's because I said so, and so do a lot of others. SysAdminning doesn't have a central body that sets best-practices in any kind of definitive way. In the last decade we've had some IT Security best-practices published suggesting that you only use elevated privs when you actually need them. some of the best-practice is set through the gestalt of experience by sysadmins over the last 40+ years. A paper from LISA 1993 (link), an example paper from SANS (link, a PDF), a section from SANS 'critical security controls' touches on this (link).