Re: Windows Security
From: Charlie Tame (charlie_at_tames.net)
Date: 01/23/05
- Next message: voicescarry: "group policy"
- Previous message: g: "Norton Permissions in Win2k"
- In reply to: Freddy: "Windows Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 22 Jan 2005 17:42:47 -0600
"Freddy" <Freddy@discussions.microsoft.com> wrote in message
news:2D31106B-9E9B-4211-B26D-514EE6E467E9@microsoft.com...
> Hello,
>
> My name is Freddy Bhagalia. I am working as a System Administrator in an
> Organisation. We are into Freight Forwarding business. We have 300 plus
> Computers in our Organisation and I am the Administrator of these
> Computers.
>
> I was having a technical discussion with my boss (CIO of the Company). The
> discussion was on "Should we give Administrator rights of the local
> Computer,
> to the User who is the owner of that Computer.
>
> He thinks that we should give all the Users, Administrator rights.
Freddy
I am not a pro nowadays by any means but I do follow the subject and common
trends.
Your Boss needs to consider something very important. If you join the IE
newsgroups you will find that literally thousands of problems are cause by
"Spyware" and "Adware", that is stuff installed by other programs in order
to raise revenue for the authors / distributors.
This if fine until each PC has 3 or 4 such systems installed and then things
"Seem" to stop working. It's common to say "My IE has quit" but the reality
is that something has damaged it.
If you consider 3 ad downloads per hour per machine or whatever there IS an
impact on network traffic, but the biggest impact will be the fact that
users with their personal little "Favorites" will have you running around
like a madman trying to fight "Fires" all over the place.
Some of these systems are a real pain in the neck to remove, and often
removal risks loss of connectivity and information.
Give your boss this link and invite him to see the problems, day in, day
out.
news://news.microsoft.com/microsoft.public.windows.inetexplorer.ie6.browser
I have no problem with users running things for use at breaktimes etc, such
as Yahoo, or ICQ messengers etc, but even these need to be installed with
your approval else how can you fix problems if you don't know anything about
the software. Encourage a friendly rapport with users so they don't mind
asking you, then you can explain pleasantly any objections you might have.
You also need to restrict the ability to run unsigned activex controls and
stuff. I've had very few problems with 2k server or XP yet to some here I
run "Carelessly" because I allow signed stuff. If you study the IEAK
(Explorer deployment kit) that can help you set up a consistent network with
safety restrictions yet still remain flexible if not 100% secure. Of course
if users have full admin rights they simply undo you precautions and never
ask if it's safe because they don't have to ask. This is an important
educational factor because if it won't work and they have to ask you, you
can explain the risks :)
There is no "Right or Wrong" here in my humble opinion, it may be good to
give sensible users admin rights, but there are a lot of problems waiting
for the unwary.
Right now I think the biggest single hazard is actually spyware and adware,
not because it's inherently malicious but because it's bundled with so many
things and not very well written, it also uses "Exploits" which is not a
responsible business method.
Feel free to print this out and invite your boss to visit the IE groups.
Charlie Tame
MVP IE/OE (When I can find time)
- Next message: voicescarry: "group policy"
- Previous message: g: "Norton Permissions in Win2k"
- In reply to: Freddy: "Windows Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
