anti online

[XTC46]

block the ports for the instant messanger. Im sure productivity will pick up for all those nice folks who havent yet been caught with IM programs also. lol. Or do as nihil suggested and lock her account down so she cant access the web.

[catch]

recently, a head of one of the departments here in the office came over and wants the internet connection on one of her employee's computer to be disconected. she wanted it to be disconnected from the internet bcoz all she do is chat on the YM, or any other chit chat programs and cant do more on office works.

This is the work of a bad manager.

They should alter the security policy to reflect the objection to instant messaging software (and installing unauthorized software) as well as a notification about management's ability to monitor system usage to enforce the policy and have all the employees sign it.

To just kill her connection without discussing it with her will merely breed mistrust and resentment, which will eventually result in additional symptomology.

If the employee violates the policy, give her a written warning (as should be identified as an option in the security policy) and if she does it again, fire her.

Treat employees like children and they will respond immaturely, plain and simple. Treat them like adults, inform them of the consequences of their actions and hold them accountable and everyone will be much happier.

Keep in mind, most people here are techies and their responses reflect that BOFH attitude.

cheers,

catch

[gore]

Pfft, I haven't seen anyone say much BOFH lovin's here. If she was on MY network and wasn't supposed to be using IM software, well for one, any drooling half wit knows you shouldn't be giving users that much access. What idiot set up her account where she could install that in the first place? You should lock them and her in a room with two bricks, last one standing keeps their network access.

If that doesn't seem to be a show stopper for some reason, just set up mail access on her box so everytime she loads Yahoo, it sends an email to her boss telling them how stupid they are.

Lastly, a sack of thinwire terminators is great for beating sense into a senseless user.... Or beating them senseless, either way works well.

And of course Cat5 cable can make a great choking device.

In other words, when you give users choice / power, you're already in two places:

the wrong damn job

and asking for it.

[Black Cluster]

If you don't know how to use firewalls and set proper rules for them, and if you don't know how to block ports. Why not setting a less power {Privileges) account, like a Guest account. This offers hitherto a great way to prevent her from accessing unwanted applications like YA or MSNM, talking after uninstalling all the unwanted applications.

Again the best piece of advice is to have a less power account.

And if you don't know how to set up a less privileges for accounts, then you shouldn't have been there as an admin anyways.

If you are seeking more control over the accounts that you have just created, there are many free and commercial tools offer this service. Look around and am pretty sure that you will find many.

catch,
To some extentions you are right. But the corporation should not let any of its employees go past the red limits. Not at any cost, and why breaching law would lead to resentment????
We should do our best to prevent {Police} users from acting freely, the have to access what they need to fulfill thier tasks, otherwise it would be bad ao assign them privileges more than they need.
If we are going to give everybody full rights and complete freedom, anarchy would be the first side effect of this practice.

/me I would be very mad and resentment employee as my company won't give me a full access to the main server, Why they don't? I won't harm them!

Cheers

[catch]

catch, To some extentions you are right. But the corporation should not let any of its employees go past the red limits. Not at any cost, and why breaching law would lead to resentment????

Well, in this case the user has not breached any laws. There is no law that states users cannot use instant messaging service, and if the organization in question had a policy against it, then it would stand to reason that the same policy would define a response for breach of policy. This original post clearly indicates this is not the case.

You cannot punish users for something that you didn't inform them was forbidden.

Another point is that IM applications can be run as guest. YIM and AIM both can operate via the web browser utilizing HTTP protocol (I believe they can also be configured to run over port 80). Reducing the users privileges, blocking ports... lots of administrative hoopla for what? You'll just make the user feel like they are not trusted, and ultimately not valued.

Although I don't argue that technical solutions should be used to enforce least privilege and non-compliance discovery... you first need a policy to determine what privileges and required and what constitutes non-compliance. Additionally the policy will outline consequences for breach.

cheers,

catch

[Und3ertak3r]

so its a gutless manager.. passes the buck onto the Sys-admin.. so when the worker realises that they are being blocked..what then.. blame the Sys-admin.. or then tell them take it up with their manager.. but the manager is gutless wonder.. you know where the buck will land..don't you..

get some balls ..follow through with what catch advised.. read a tut or two from tigershark.. he has a couple on this matter..

The manager is a gutless wonder.. if they dont have balls ..you had better or your users will get big steel ones and then your screwed..

(gore.. that bag of terminators.. I usually keep a steel crimping tool in the same bag. 300g of added impact)

[Black Cluster]

Another point is that IM applications can be run as guest. YIM and AIM both can operate via the web browser utilizing HTTP protocol (I believe they can also be configured to run over port 80). Reducing the users privileges, blocking ports... lots of administrative hoopla for what? You'll just make the user feel like they are not trusted, and ultimately not valued.

Yeah that's correct, they can use them still. But not installing them though. I assumed that there is law to prevent them from useing any not-related business applications. I think most companies have this in place already.

Why a good employee will resent or feel bad if the company blocked something that he/she is pretty sure that they would not do even if they were not blocked???? Me myself, I am happy that the company is blocking such things. Because I know that I won't use them even if they were unblocked. They let no chances for bad employees to play around. I still find it of importance to do everything to make a possible sabotage away.

An admin is just like the police, do you feel bad for knowing that the police is around? I think not. They are there for tha bad folks, i think you are not bad!...

Cheers

[MrLinus]

I assumed that there is law to prevent them from useing any not-related business applications. I think most companies have this in place already.

There is no law against this (at least none that I know of). There may be a POLICY that prevents this. There is a difference. A violation against the policy would mean a violation against what the company considers acceptable behaviour within the firm. A violation against a law means that you are violating what society considers acceptable behaviour within the nation (province/state/city). Big difference.

[catch]

Yeah that's correct, they can use them still. But not installing them though.

Those services use java applets which require no installation.

I assumed that there is law to prevent them from useing any not-related business applications. I think most companies have this in place already.

The fact that the company is now seeking a way to handle the situation indicates no policy is in place. As Ms. Mittens said, there is no law against this. Many companies in fact explicitly allow IM applications.

Why a good employee will resent or feel bad if the company blocked something that he/she is pretty sure that they would not do even if they were not blocked????

Any reasonable person will be a little put off by having their work environment changed without their prior knowledge in response to something that they didn't know was wrong.

cheers,

catch

[nihil]

Well Now,

Is anyone else getting a strange feeling about this thread?

Having re-read it, I have a sneaking suspicion that they are all at it, but one particular employee is "taking the p1$$"

The fact that the company is now seeking a way to handle the situation indicates no policy is in place. As Ms. Mittens said, there is no law against this. Many companies in fact explicitly allow IM applications.

Yes, see my comment above...............it seems to fit the bill?.............mind you, this could be something as simple as a personality clash. But the requirement seems to specifically deny one individual, whilst allowing the functionality to remain? I think the "policy" is something like "use it, but don't abuse it"?

Any reasonable person will be a little put off by having their work environment changed without their prior knowledge in response to something that they didn't know was wrong.

No, that is naive..............even the most moronic employee knows that you pay them to work, not spend your time in idle P2P chit-chat. If they are not aware that it is wrong, they should be doing nothing more complex than cleaning latrines, for which a PC and P2P applications are not required.

Sounds like "typhoid mary" or whatever she calls herself these days has found a new job