Had a run in with a teacher who needed to know why I’d removed the ability for users to log into the network without their Novell logins. In essense, why’d I get rid of the Workstation Only button?
#1 – I don’t work for you. I don’t owe you any answers. Take your questions to the Principal and you can explain to him why you need to access the network without being logged in.
#2 – WSO allows people to utilize the school network unmonitored and insecurely.
For those of you squaring off with angry users in the future, check out this rant I found at lifehacker.
With administrator (or power user) rights you can install anything you like, and without them you can’t. You have to ask for it to be installed. Okay, that kind of sucks for most people, true. But the important thing to bare in mind is that it isn’t directly you, as an individual, that is being given those rights. It’s your network account that is being given those right.
When your network account has elevated rights, any program running on your computer, whether you are aware of it or not, also has those rights. And that means, when you innocently click a malicious flash advert and it pokes a trojan onto your computer, that trojan can also do whatever it likes…without you being the slightest bit aware of it.
You see, irrespective of the occasional ‘elitism’ that pervades the sysadmin community, it basically comes down to this; those individuals that write malware, trojans, etc, are technically more savvy and capable that the average employee in a work environment. And they are well aware of all the psychological tricks that can be employed to get you to unintentionally install their software. It might masquerade as a nifty chat client or a funny animated desktop character, etc. It could be anything at all.
Want to see a bunch of happy singing gerbils dancing on your screen? Just click here…
Pow! Trojan…
Restricting people from installing their own applications or running ActiveX controls might seem like it’s unnecessary, but there is always one person that wants to see dancing gerbils…and they will click the install button.
If everyone who used a computer at work was technically savvy and took network security seriously and made a point of keeping up with all the latest threats and potential security issues then sysadmins, and companies, could relax a bit. But the simple fact is, they’re not.
And because of those individuals who just don’t get it, all user accounts have to be tied down tight. Besides, on the basis of corporate policy we are contractually obliged to implement these policies and keep the network running safely. And if a corporate network gets rolled by malicious software, we are the ones that have to explain why it happened.
If you have legitimate software to install that you need to do your job, we vet it and install it for you. If it doesn’t meet those requirements, it doesn’t. Simple as that. You do your job. We do ours. And that policy keep you, us, the company and the network as safe and secure as possible…
You might not like that policy, but just stop and ask yourself how you would feel if you owned a company and had invested thousands into your IT infrastructure and support. Would you really want your employees doing what they liked, when they liked, on that network…?
Wel sai, brother. Well said!
Popularity: -2% [?]
