Re: Local security getting overwritten

You're jumping to conclusions &/or didn't read my entire post.

I was an network admin for a number of years, I completely understand all
those issues, and I provide a documented set of manual installation steps for
anyone who cares to use them. But as I stated, our typical installation site
is a small business with no, nada, zero MIS staff.

I also explained this is NOT the installation program, it is a configuration
tool used after installation. It does do ANYTHING, without explaining in
detail what it would like done, why it needs it, where to look up the manual
steps it the user desires to understand exactly what is going to happen, and
finally the rights you need to have if you choose to have the config tool
make the change. It then offers a "check" button to detect the current
settings to see if it is already set, then if not, it offers a "set" button
to make the change.

So since only a Domain Admin can make this change, that account has to be
logged in. In a small business, I might get lucky and have an employee that
will understand the process, but typically they will go the automated route.
In an environment where there is MIS, they can read and do it anyway they
like. They might even have an account already setup they use for such
purposes and can just pick that as the identity account. But in the end
they'll end up with the configuration I need or the application won't run.

"Alun Jones" wrote:

Scott S. wrote:
When someone is asking for help, I've never quite understood why many
people refuse to answer the questions asked, but instead try to tell
them they don't need to do that, or ask detailed reasons for their
need before giving them help ... I can tell from reading these forums
for years that it can be quite frustrating to them ... and now for me
too. Here are the answers your questions so hopefully you or someone
else might actually try to answer my questions:

When someone is asking for help, I've never quite understood why they refuse
to accept that their lack of understanding of the nature of the solution
space frequently leads them to asking the wrong questions.

Here's an example:
"Doctor, I want to be able to scratch my left elbow with my left hand - how
do I do that?"
"Why don't you just use your right hand?"
"Oh. I never thought of that."

Now, granted, occasionally the patient has no right hand, but for the most
part the questioner being redirected is a genuine attempt to solve the
problem at hand, rather than answer the direct question, and this is a
valuable technique for resolving people's problems.

Our experience has been that many of them hired a company to come in
and get them setup and then they take care of their own systems after
that, except when things they can't handle come up. They know their
Domain Admin passwords to do simplae things like adding users,
installings applications, backing up, etc., but they don't know how
to do the thousands of more unusual things.

I don't want the installation of our application to be a trial for our
customers requiring them to bring in outside assistance at an extra
cost, and we are also a small company and can afford to send someone
onsite for installation.

You play a dangerous game, here.

The domain administrators have declared a group policy for a reason.

It may be the wrong reason, but if your application requires that the group
policy be over-ridden, you are essentially saying that you, the application
installer, have more knowledge of what is right for that network than does
the domain administrator. This is, to put it mildly, an arrogant
assumption.

When I, as a domain administrator, set a group policy object, I'm going to
be mad as hell to find out that an application is routinely side-stepping
it, even if my group policy is wrong.

Unsophisticated users are no excuse to ignre the regards of sophisticated
users.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.



.