Yeah - it's always the CIO or CEO that doesn't follow the rules, even when they hire us to define and enforce them.. "everyone except us" is their idea. They think they are too important/powerful to follow basic security rules, and are dumbfounded when their laptop gets infected. \:D When that happens, the only solution we offer is to reimage their laptop with a standard, secure image.

Ron - I've seen several, but only that one at sites where we implement environmental security controls. One client that we aquired had a terminal server where everyone was both a local and domain admin because their prior 3 IT companies could not figure out how to apply TS permissions.. they were riddled with viruses despite having Symantec AV installed. They actually had a virus that disabled the AV and allowed other viruses and malware to infect the system.

Yes, it's a pain to figure out what permissions are needed when a developer is too lazy to learn how to write code without requiring admin rights. Adobe - are you listening? You can't run Photoshop without major security hacking of the file and registry permissions, and that's for the licensing, not the actual app.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D