Re: Permissions (EVERYONE POST TO THIS)

From: Brian Haggerty (bhaggerty@newportlaw.com)
Date: 01/13/03 

From: "Brian Haggerty" <bhaggerty@newportlaw.com>
Date: Mon, 13 Jan 2003 00:09:25 -0800

I'm just a home user trying to run a peer-to-peer network
for two machines. Early on in this thread somebody posted
that users would make you crazy by dl'ing and installing
all sorts of crap -- too true.
So, I got cute and decided to set up an administrator and
restricted users, so they couldn't do that to me. What I
find is that very little software seems to work for
restricted users. And when I read this thread, it looks
to me like this is deliberate.
So, what is the point? Security concerns aside, why
create a class of users who can't get anything at all done
on the computer, because software doesn't work?
And having created this situation, I have to step lively
and log somebody in as administrator every time they want
to, for example, burn a CD-Rom, because the software
can't "see" the CD-Rom burner when we log in as restricted
users. So we're always logged on as administrator,
defeating the whole security purpose of the admin/users
set up.
Are there, in fact, levels of permissions that will let my
users use the software they want to use, without letting
them install every pile of crap the Internet tries to feed
them? Or am I just wasting my time?

Thanks,
bH

>-----Original Message-----
>There aren't any so-called "security experts" who run
*my* network. I
>run it. And for *my* network, I *am* the security
expert. Security
>doesn't operate in a vacuum, if it did, I'd handcuff all
users and
>disassemble all computer systems and bury them in the
empty lot next
>door. No trojans could ever get to them.
>
>I'll repeat exactly what I said before: The key is to do
what works
>and is required in *your* organization.
>
>When you take over my job, you're welcome to choose the
methods used.
>If the methods I choose for my organization don't work
for yours,
>don't use them. And arguments that the sky is falling
and evil shall
>reign don't really cut it for me.
>
>Jeff
>
>>The day will come when someone will DL a trojan and have
rights that are
>>unnecessary and you will see the evil it will wreak. It
amazes me that
>>admins never learn from what is spoken by every Security
expert. There isn't
>>one out there who advocates admin rights for normal
users. In fact, if your
>>users are so educated, you can teach them the RunAs
service (which should
>>also be disabled by the way...).
>>
>>Paul A. Mancuso
>>
>>"Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in
message
>>news:3e259965.514424272@news.easynews.com...
>>> >I am involved with a user group for a market specific
>>> >application and we are currently discussing why not
to set
>>> >up users with administrative rights. Can you beleive
how
>>> >many people find this an acceptable practice?
>>>
>>> Totally opposite opinion here. We have several
hundred desktops and
>>> every single user is a local admin. We have zero
issues with this.
>>> We would rather educate the user than lock them out of
anything, and
>>> if anything, it's reduced support calls, not increased
them. It's
>>> also increased productivity, and users are always
creating new ways to
>>> get their jobs done better.
>>>
>>> But the key is to do what works and is required in
*your*
>>> organization. I don't allow other admins to dictate
what we do,
>>> nobody should. Our organization's circumstances
determine our needs
>>> and abilities.
>>>
>>> >I am a Network administrator and would never consider
this
>>> >an option.
>>>
>>> Perhaps because you see your job as being a network
administrator, not
>>> an overall part of your organization. Would you have
this same
>>> attitude if you looked at your network from all the
other viewpoints?
>>>
>>> >REPLY AND REPLY OFTEN.
>>>
>>> And forward this to every one in your contact list...
>>>
>>> These four words tell me everything about your
reasoning and your
>>> outlook. When you lose the attitude that it's you
against them,
>>> you'll find you've won.
>>>
>>> Jeff
>>
>
>.
>

Relevant Pages

  • Re: Least User Priviledges for Network Administrators
    ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Removing ping/icmp from a network
    ... vendors / admins / whatever. ... A ping sweep isn't the only way to do network exploration. ... which won't gain you any security. ...
    (Security-Basics)
  • Re: Basic Security Help
    ... for XP Home you "might" be able to access the built in administrator account ... friend or family member that knows a bit about computers to help you. ... >> a network is weak or no passwords followed by malicious user on your ... >> Antivirus in Depth Guide available at the TechNet Security Center can ...
    (microsoft.public.security)
  • Re: Re[6]: [Full-Disclosure] Response to comments on Security and Obscurity
    ... > Security policy is never our of date because it's reviewed on regular ... > your internal network) and filter some junk mail on your mail server, ... administrator could filter all that data by hand. ... > port. ...
    (Full-Disclosure)
  • Re: /etc/permissions
    ... > me that's just security by obscurity, ... some measures could create an additional difficulty for a malicious user. ... from a particular network, etc..). ... This way all admins who can read those files anyway by su-ing into root ...
    (FreeBSD-Security)