But is it worth the extra effort? Something I've noticed many people ignore is the cost to standardization these kinds of "security" upgrades place. When training a junior/new/contract IT person all these little gotchas need to be mentioned and will slow down workflows regardless. Pile on enough of these tweaks and the infrastructure starts to become less manageable.