I want the account to be able to use one app that requires administrative privileges. I have contacted the support team of the app to find out why it needs these privileges, but I didn’t receive any helpful information.
The app is for viewing surveillance footage, but it requires admin privileges to open. I don’t want to make every employee an administrator just for this one use case. It might be better to switch to a FOSS app that doesn’t require administrative privileges by default.
The cameras we currently use are made by the vendor of the app, so maybe we’re locked in somehow? The NVR is also made by them, so it might be possible, but I don’t know for sure. I need to look into it more.
We have an app like that that has a lot of our clients pii in it and in order to keep it safe we host the app itself on a remote machine and when people need to use it they RDC into the machine with a shortcut.
They have local admin permissions on that machine but the only thing that that device can do is run that application and the firewall outside of it prevents it from going out to the internet or other places.
Maybe it’s overkill, but doing things like that help prevent and protect our clients which is the most important thing for the company I work for other than making money.