|
-
February 16th, 2004, 09:02 PM
#11
Senior Member
Great ideas.... I would love to do them all, but the problem is... The company I work for is cheap. The boxes are all out of date machines, that have box security at all. They only noticed the problem when someone messed around with the head guys PC and changed all of his stuff around.... Other than that, they could care less I guess. Thanks for the ideas, I sincerly vote on cleaning house and implementing the changes, but they will never agree, just clean me.
-
February 16th, 2004, 10:40 PM
#12
There are other ways of gaining unauthorised access to a NT box with physical access, besides changing the local admin password. Therefore any attempt to block this method, is futile, as even if you're successful many other options remain for someone who wants to get local admin access.
Slarty
-
February 17th, 2004, 02:07 PM
#13
If the IT department is the primary culprit, then I agree that the firing and hiring process should begin. Heck, I've been looking for a change and will relocate!
Seriously, if these are the caliber of people being trusted to insure the integrity and security of the company's IT assets, your company's management should seriously re-evaluate. I'm sure that the company couldn't afford catastrophic losses of data, and if the company is in the healthcare industry, it's a lawsuit waiting to happen! If these folks will circumvent the local security on the machines, it is only a matter of time before they graduate to circumventing other things, such as penetrating the firewall or servers, etc.
I feel for you.....If I were in your shoes I'd probably be looking for employment elseware. 
Also, your disable network and remote logon is only a temporary solution....They could still use the same methods they are using now to compromise any account that has administrator privelages. Personally, I would lock down the registry and deny access to removeable media from the BIOS, and put a no tolerance policy in place.
In my company, you get 1 chance to circumvent any of my security measures. 1st offense = suspension (minimum) could be terminated based on offense, 2nd offense = termination on the spot, no questions asked. We enforce this policy, and don't make exceptins for anyone...fired a friend of mine for this just yesterday. If you don't enforce the policy, you might as well not even have one.
Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition. 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
