So we hired a new IT Director in the last month or so.
He's didn't come from a large enterprise before, and is now having us give out local admin rights to many people. We've never given it to anyone outside of IT before. We've brought it up to him as a security concern, and not even sure how this will go with our auditing stuff. He says that's the way he's done it where he comes from, and it works much better. How should you address this?