fatmanskinny
Premium
join:2004-01-04
Wandering
 ·Comcast Digital Vo..
 ·Comcast
| I can attest to that!
I worked in a huge company where machines were compromised at least once a month.
I think giving all end users admin rights on their machines is not a good idea. My new company does not allow admin rights for end users. It creates additional work for IS but the payoff is that you assist the end user in not being a danger to themselves or anyone else.
--
The only place where Success comes before Work is in the dictionary. |
|
N10Cities
SILENCE I Keel You
Premium
join:2002-05-07
Roland, OK
clubs: | Here is one possible solution......all users running Citrix desktop sessions, locked down, no admin rights..... user doesn't like it, tough.... company policy... |
|
openbox9
join:2004-01-26
Alexandria, VA | Riiiight. That's a great policy if you have top-down support. In my experience, the top are often the first ones to violate (or direct violation of) policy. |
|
fatmanskinny
Premium
join:2004-01-04
Wandering
·Comcast Digital Vo..
·Comcast
| said by openbox9  :Riiiight. That's a great policy if you have top-down support. In my experience, the top are often the first ones to violate (or direct violation of) policy. In my new company, not even the CEO has admin rights. Lol! It is a top-down policy. Some people have it (very, very, very (did I say very?) few).
For the most part, the ones who are dangers to themselves don't have it. Also, Corp IS has two separate accounts:
One User account
One Account Operator or another type of Admin account.
We work using mostly Citrix or Remote Desktop connections to ticketing system, remote control tools, etc. That way, we can still work on issues and log tickets but still locally logged in using a User account.
--
The only place where Success comes before Work is in the dictionary. |
|
openbox9
join:2004-01-26
Alexandria, VA | It's great that you have support from the top. That hasn't been my experience. Granted, I do think the situation is changing, just not as fast as us geeky types would like. |
|
N10Cities
SILENCE I Keel You
Premium
join:2002-05-07
Roland, OK
clubs:
·Cox HSI
 ·World Lynx
1 edit | reply to openbox9
said by openbox9 :Riiiight. That's a great policy if you have top-down support. In my experience, the top are often the first ones to violate (or direct violation of) policy. If that is the case, then they get what they deserve.... the bad thing about that is, they come down on your head for their ignorance..... 
In our line of work (elder healthcare), even upper management HAS to toe the line as far as IT policies, if HIPAA compliance is to be met. Too much at stake!! |
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL
1 edit | reply to fatmanskinny
said by fatmanskinny :I worked in a huge company where machines were compromised at least once a month. I think giving all end users admin rights on their machines is not a good idea. My new company does not allow admin rights for end users. It creates additional work for IS but the payoff is that you assist the end user in not being a danger to themselves or anyone else. What about crackers?
It takes me less than 5min. to get Admin rights on any Windows based PC. |
|
openbox9
join:2004-01-26
Alexandria, VA | reply to N10Cities
I made the comment below that until corporations experience financial implications, network/computer security simply aren't a concern. HIPAA provides that financial implication and therefor you will have positive response from the top. |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA | reply to Oleg
With physical access, right? |
|
Oleg
Bellsouth Fastaccess
Premium
join:2003-12-08
Birmingham, AL | said by toadlife :With physical access, right? Yes. |
|
