Have a separate admin account on ALL machines. Users should have a
maximum "Power User" access level. Never allow root access to the
user...even on their own machine. As admin change all permisions back
>
> >This can be done fairly simply from an administrative workstation,
> >across the network. Every NT machine automatically shares all of it's
> >drives under \\computername\c$ or d$ etc. These shares can only be
> >accessed by an administrator (possibly a backup operator). This will
> >allow you to scan the machine across the network without the users
> >knowledge.
>
> This is true if the user hasn't taken ownership of certain directories and
> set the permissions such that only the user has access. For even an
> administrator to look at these files, the admin has to take ownership and
> set appropriate permissions (unless I missed something somewhere). This, of
> course, throws a spanner in the works. Any suggestions?
>
> --
> Frank De Hert
> System/Security Manager
> NATO Programming Centre.
>
>
,'~``. \|/ ,'``~.
(-o=o-) (@ @) ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
| |
| Soon, we may all be staring at our computers, wondering |
| whether they're staring back. |
| |
| [Network Admin For WPA Business Products. aka doshai >;-) ] |
| .oooO http://pip.com.au/~doshai/ Oooo. |
| ( ) Oooo. .oooO ( ) |
+-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+
\_) ) / \ ( (_/
(_/ \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)
|
|
