 |  |  |  |  |  |  |  |
Social issues relating to admin policies.
 |
Hi all.
I am having some problems convincing users that they should not be local administrators on the machine they work when they are part of the domain.
My main concern was that they install so much crap anbd my workers has to spend a lot of time cleaing up the machines (they don't even understand that all the crap they install causes problems, that admins are not responsible for problmes relating to those products. In addition I am responsible if there are illegal software on the machines...which ofcourse the users does not care 5 cents about.
What I am asking is, what arguments should I use while presenting policies releaving them on admin right on local machines.
The domain they connect to has backup of sensitive data. I am wondering if admins on local machines has a better chance of hacking the domain server / file server?
I believe it is better for all users to participate in a debate, but I have to give them complete information.
Feedback appreciated.
Best regards
Aldo
I am having some problems convincing users that they should not be local administrators on the machine they work when they are part of the domain.
My main concern was that they install so much crap anbd my workers has to spend a lot of time cleaing up the machines (they don't even understand that all the crap they install causes problems, that admins are not responsible for problmes relating to those products. In addition I am responsible if there are illegal software on the machines...which ofcourse the users does not care 5 cents about.
What I am asking is, what arguments should I use while presenting policies releaving them on admin right on local machines.
The domain they connect to has backup of sensitive data. I am wondering if admins on local machines has a better chance of hacking the domain server / file server?
I believe it is better for all users to participate in a debate, but I have to give them complete information.
Feedback appreciated.
Best regards
Aldo
•
•
Join Date: Nov 2004
Posts: 638
Reputation: 
Solved Threads: 18
Practically a Master Poster
They should NOT have that access...
They should NOT even be part of the process that determines that...
You need to define a company policy and they adhere to that policy or leave...
It may sound harsh but that is how it must be...
Someone MUST make the rules and be responsible for the network
Employees MUST NOT install ANYTHING without approval...
All of that junk is just fluff and a potential problem and has nothing to do with productivity..
I handled IT for a Fortune 500 company for years...
Get the boss, tell him what must be done to protect his business...
Create a CD or DVD image of your standard install, make one for each level of user within your company...
Managers have one set of tools, sales has another etc...
In a small company you might even have an image for each user and hardware configuration...
Lockable cases or case opened support in bios
You should have a written policy on how users are to backup their work...
(and when)
You should be able to walk up to any machine, drop in your image and configure it for any particular user level...
Employees need to understand that at any time, even in the middle of the night that you may walk up to a machine and refresh it back to original image.
I routinely worked at 4am and restored systems...
With up to 200 users at each location and hundreds of locations we had to have structure.. Anything else would be KAOS...
You decide what extras or changes your users should have...
All will want their own wallpaper etc...
But NO EMPLOYEE should be installing software except you or someone under your direction.
They should NOT even be part of the process that determines that...
You need to define a company policy and they adhere to that policy or leave...
It may sound harsh but that is how it must be...
Someone MUST make the rules and be responsible for the network
Employees MUST NOT install ANYTHING without approval...
All of that junk is just fluff and a potential problem and has nothing to do with productivity..
I handled IT for a Fortune 500 company for years...
Get the boss, tell him what must be done to protect his business...
Create a CD or DVD image of your standard install, make one for each level of user within your company...
Managers have one set of tools, sales has another etc...
In a small company you might even have an image for each user and hardware configuration...
Lockable cases or case opened support in bios
You should have a written policy on how users are to backup their work...
(and when)
You should be able to walk up to any machine, drop in your image and configure it for any particular user level...
Employees need to understand that at any time, even in the middle of the night that you may walk up to a machine and refresh it back to original image.
I routinely worked at 4am and restored systems...
With up to 200 users at each location and hundreds of locations we had to have structure.. Anything else would be KAOS...
You decide what extras or changes your users should have...
All will want their own wallpaper etc...
But NO EMPLOYEE should be installing software except you or someone under your direction.
Thx, Crunchie, great resource.
Thong_ispector...nice nick. Okay, I do completely agree, but the environment I work within is a University. The employees (faculty) are used to GREAT flexibility, and the changes I already implemented are hard for them to swallow. Actually, I have had a very hard line. In this environment there are a lot of politics going on. So that is the reason. However I completely agree with you.
In anycase, my thing is not whether or not to give the rights, I know they shouldn't have the rigts, however I need arguments that computer illiterates can understand. My first is the fact that by giving someone on the domain admin puts everones sensitive information on risk.
Thx for the feedback guys.
best regards
Aldo
Thong_ispector...nice nick. Okay, I do completely agree, but the environment I work within is a University. The employees (faculty) are used to GREAT flexibility, and the changes I already implemented are hard for them to swallow. Actually, I have had a very hard line. In this environment there are a lot of politics going on. So that is the reason. However I completely agree with you.
In anycase, my thing is not whether or not to give the rights, I know they shouldn't have the rigts, however I need arguments that computer illiterates can understand. My first is the fact that by giving someone on the domain admin puts everones sensitive information on risk.
Thx for the feedback guys.
best regards
Aldo
|
Similar Threads
- Issues with final year IS project (Computer Science)
- What's better? Windows 2000 Server or Linux Server? (Windows Servers and IIS)
- News Story: Mouse Rage (Web Development Job Offers)
- Need help reigning in my roommate's downloading (Networking Hardware Configuration)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: CoolWWW/
- Next Thread: Adware 6 & Hijack Log help please
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday