Re: Permissions (EVERYONE POST TO THIS)

From: Paul A. Mancuso (pm@intenseschool.com)
Date: 01/07/03 

From: "Paul A. Mancuso" <pm@intenseschool.com>
Date: Tue, 7 Jan 2003 00:13:45 -0500

The day will come when someone will DL a trojan and have rights that are
unnecessary and you will see the evil it will wreak. It amazes me that
admins never learn from what is spoken by every Security expert. There isn't
one out there who advocates admin rights for normal users. In fact, if your
users are so educated, you can teach them the RunAs service (which should
also be disabled by the way...).

Paul A. Mancuso

"Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
news:3e259965.514424272@news.easynews.com...
> >I am involved with a user group for a market specific
> >application and we are currently discussing why not to set
> >up users with administrative rights. Can you beleive how
> >many people find this an acceptable practice?
>
> Totally opposite opinion here. We have several hundred desktops and
> every single user is a local admin. We have zero issues with this.
> We would rather educate the user than lock them out of anything, and
> if anything, it's reduced support calls, not increased them. It's
> also increased productivity, and users are always creating new ways to
> get their jobs done better.
>
> But the key is to do what works and is required in *your*
> organization. I don't allow other admins to dictate what we do,
> nobody should. Our organization's circumstances determine our needs
> and abilities.
>
> >I am a Network administrator and would never consider this
> >an option.
>
> Perhaps because you see your job as being a network administrator, not
> an overall part of your organization. Would you have this same
> attitude if you looked at your network from all the other viewpoints?
>
> >REPLY AND REPLY OFTEN.
>
> And forward this to every one in your contact list...
>
> These four words tell me everything about your reasoning and your
> outlook. When you lose the attitude that it's you against them,
> you'll find you've won.
>
> Jeff

Relevant Pages

  • Re: Prevent changes to Administrator password
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... Restricted Admins group to mitigate against what you propose Deji. ... you need to understand that permissions on the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Prevent changes to Administrator password
    ... Restricted Admins group to mitigate against what you propose Deji. ... This posting is provided "AS IS" with no warranties and confers no rights! ... you need to understand that permissions on the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win2K / Netware networking question
    ... > blocking the access to the other admins. ... > rights in NDS to do it, and if I was ever asked to do that (and I ... the Remote Control app to be exclusively user-initiated? ... are we talking Win2k servers or workstations? ...
    (comp.security.misc)
  • Re: tar or zipping files to which you have no explicit access?
    ... One thing you have to remember about NT and NTFS, deny rights take ... The admins are responsible or the users are responsible. ... After archiving the objects into to a single ... perhaps they need to have very strict permissions for code ...
    (microsoft.public.win2000.security)
  • Re: Strange problem in Active Directory
    ... Check the Everyone and Domain Users groups to see if they are members of ... Domain Admins or Enterprise Admins security groups. ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.windows.server.active_directory)