Re: Sales guys that need to run Server OS - Impact on Domain?

From: Scott Townsend (scott@-NO-SPAM.serra.com)
Date: 10/07/02


From: "Scott Townsend" <scott@-NO-SPAM.serra.com>
Date: Mon, 7 Oct 2002 07:27:36 -0700


Thank you all for your ideas. I'll bring them up with my team and see what
we can come up with...

thanks again!
  Scott<-
"Robert Moir" <robert.moir@ntlworld.com> wrote in message
news:es3i#klaCHA.3928@tkmsftngp08...
>
> "Scott Townsend" <scott@-NO-SPAM.serra.com> wrote in message
> news:u4VpsLWaCHA.1308@tkmsftngp12...
> > How do you prevent them from installing other Server Services (WINS,
DNS,
> > DHCP, etc) while still allowing them to install the software they are
> > demoing?
> >
> > They would still need the ability to install software and patches on the
> > machine, though I dont want them to beable to install other Windows
> > services. We usaully put the i386 Directory on the C-Drive incase they
> > need something when they install their software, or when we do updates.
We
> > could take it off, but I wouldn't put it past some of them to get a copy
> of
> > a Server disk somewhere...
>
> Well as Keith alluded to, if you honestly can not or do not trust these
> people at all but have to give them servers with admin rights then you've
> got a serious problem. And while we're happy to bat ideas and solutions
> around in here all day cos that's what we do here, technological solutions
> are not always a good fit for non technological problems.
>
> Again, having a server on one's desktop doesn't have to compromise the
> network itself in the least. I'm repeating Keith again, sorry, but from
the
> "locking down users on the domain" point of view it's not much different
> from a workstation. If your concern is that you need to let them
effectively
> admin the local server, but you can't trust them with the ability to trash
> the systems then you've got two opposite goals that you need to balance
here
> imho and that's a strategic problem as much as it is a technological one.
>
> Rob Moir
>
>