Compare scans

[zencoder]

Originally posted here by securlynn
why do you allow users to be admins of their own box?

I have to work within the system here. If I was an executive, maybe I could pound my fist and demand it. I've told everyone within earshot and all I get is lip service. It's a cultural change and not a technolocy change; the hardest kind!

Unfortunately, securlynn is in a situation all too common in our industry. She has no real control over policy, or not a lot. Suggestions, statements of best practice, etc. But at the end of the day, if a manager says 'do it this way', you can argue, and disagree, and not do it...but you'll probably be disciplined and could even lose your job.

It's easy to sit in a perch of academia and say "That violates the principles of least priviledge and best practice. You are condemned as a moron until your environment complies with our ideals." Hehe, I'm not accusing you guys of this, just having a little fun. But the point is there is only so much one can do, sometimes. That's when you get to be very good at CYA. Document everything, make recommendations (via email, and save your .PST files if your an outlook user), and acknowledge the denials for your requests...and SAVE THEM.

It's saved my @ss more than once.

[Tiger Shark]

OK... Let's try to be"proactive" here....

Unless there is a program that _can't_ be run without admin rights remove the admin rights slowly.... If they don't know they don't have admin then they'll never know they don't have admin.... That's one solution.

Another one, (one I use on my sweeties laptop), is to set her up logged into my home domain... Thus all her stuff, email, desktop etc. are there in the context of the domain user but she is only a normal user on her laptop. If she needs admin rights for something she logs in using the local account with the same name and password... But then she is denied access to all her stuff because the context is wrong. This allows her to be admin to install something but forces her to go back to the limited user to get to all her stuff.... She has no problem with it.

[zencoder]

Wow...combining security practices and interpersonal relations. You're a brave man, Tiger. My wife asks me 'how much does it pay?' That's the extent of her interest. :P

[Tiger Shark]

LOL... I'm a pretty talented chap you know....

It only works if your sweetie understands that there is a possibility that you know more about that grey boxy thing that hums away on her desk while she reads her email from her friends than she does and that you only have her best interest in mind..... She wouldn't want to lose all those jokes and cutsie inspirational crap now would she......

[zencoder]

BWUAHAHAHAHAHAHAHA!

It only works if your sweetie understands that there is a possibility that you know more about that grey boxy thing that hums away on her desk while she reads her email...

No, really, how do you do it? Don't tease, be truthful!