User validation

[Tiger Shark]

Asp Old Man....

You're thinking a little too deeply maybe....

It really doesn't matter why X wouldn't give Z his password. It matters somewhat that Z tried to socially engineer your system and that X abetted in that act but you are trotting off down a series of complex and time consuming "alleyways" when the answer may quite well be relatively simple.

If you are a Windows domain you can create OU's for the different locations and delegate a person in each location as a "local admin" - (They only have admin rights in their own OU). Then, if a user needs this kind of thing in the future they simply go to the delegate and request permission be granted to that file or that the file be moved/copied to an accessible location. The delegate can also reset passwords etc. if necessary.

Does that work? Small amount of training and you have beaten this issue...

[bAgZ]

I know i will get flamed for this but i can not resist. I recently read the book written
by Kevin Mitnick called Art of Deception. And he has some really good
ideas on preventing Social Engineering attacks. It was a fascinating read
i think it would give you a few good ides on how try an prevent these type
of attacks from happening.

[Aspman]

Thanks TS. I think the only thing against your suggestion is a lack of an audit trail on those remote admins. We have something that will be in place soon to do just that. We're having Quest InTrust installed which provides a lot of simplified reports from the servers and would allow the auditing the activites of any remote admins.

I don't know how my boss and the Infrastructure Manager would feel about giving out delegate admin priviledges even though it would be restricted to an OU. But with adequate controls in place to keep everyone happy it would most likely do the trick.

Please feel free to be smug


bAgZ - I know of the book but it's not one I've read yet, worth a mention though ta.

[Tiger Shark]

Er... I think you know I'm a smug old bastige at the best of times....