-
January 31st, 2005, 05:07 PM
#11
Originally posted here by securlynn
why do you allow users to be admins of their own box?
I have to work within the system here. If I was an executive, maybe I could pound my fist and demand it. I've told everyone within earshot and all I get is lip service. It's a cultural change and not a technolocy change; the hardest kind!
Unfortunately, securlynn is in a situation all too common in our industry. She has no real control over policy, or not a lot. Suggestions, statements of best practice, etc. But at the end of the day, if a manager says 'do it this way', you can argue, and disagree, and not do it...but you'll probably be disciplined and could even lose your job.
It's easy to sit in a perch of academia and say "That violates the principles of least priviledge and best practice. You are condemned as a moron until your environment complies with our ideals." Hehe, I'm not accusing you guys of this, just having a little fun. But the point is there is only so much one can do, sometimes. That's when you get to be very good at CYA. Document everything, make recommendations (via email, and save your .PST files if your an outlook user), and acknowledge the denials for your requests...and SAVE THEM.
It's saved my @ss more than once.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
January 31st, 2005, 05:09 PM
#12
OK... Let's try to be"proactive" here....
Unless there is a program that _can't_ be run without admin rights remove the admin rights slowly.... If they don't know they don't have admin then they'll never know they don't have admin.... That's one solution.
Another one, (one I use on my sweeties laptop), is to set her up logged into my home domain... Thus all her stuff, email, desktop etc. are there in the context of the domain user but she is only a normal user on her laptop. If she needs admin rights for something she logs in using the local account with the same name and password... But then she is denied access to all her stuff because the context is wrong. This allows her to be admin to install something but forces her to go back to the limited user to get to all her stuff.... She has no problem with it.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 31st, 2005, 05:13 PM
#13
Wow...combining security practices and interpersonal relations. You're a brave man, Tiger. My wife asks me 'how much does it pay?' That's the extent of her interest. :P
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
January 31st, 2005, 05:17 PM
#14
LOL... I'm a pretty talented chap you know....
It only works if your sweetie understands that there is a possibility that you know more about that grey boxy thing that hums away on her desk while she reads her email from her friends than she does and that you only have her best interest in mind..... She wouldn't want to lose all those jokes and cutsie inspirational crap now would she......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 31st, 2005, 05:56 PM
#15
BWUAHAHAHAHAHAHAHA!
It only works if your sweetie understands that there is a possibility that you know more about that grey boxy thing that hums away on her desk while she reads her email...
No, really, how do you do it? Don't tease, be truthful!
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|