In a recent in-house audit, we found that many of our admins were using the same laptop for everyday email and for managing the domain, and that they had many applications installed on these laptops, including I believe numerous free unsupported tools network, securiity and AD tools, that they seemed to have downloaded off the web (from who knows where.)

During a recent meeting, someone raised a question about the security of these laptops and the impact of their compromise on our domain. It was suggested that we ought to consider providing seperate laptops with more stringent host policies to our domain admins for the purposes of domain management.

While the cost of laptops is trivial and a non-issue, the management of additional machines, and more so, asking our admins to use two different laptops/workstations at all times, seems a little cumbersome.

Should our Domain Admins be using dedicated administrative workstations? Or is it okay to let them keep using the same laptop for email web browsing and domain management? 

Appreciate your thoughts and suggestions.

Kind Regards,
John