<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
Sharing
27 posts, Page 1 of 3
1
2
3
»
»»
Sharing
Rate Topic
Display Mode
Topic Options
Author
Message
Steve Jones - SSC Editor
Steve Jones - SSC Editor
Posted Thursday, March 20, 2008 11:51 PM
SSC-Dedicated
Group: Administrators
Last Login: Today @ 3:30 PM
Points: 31,436,
Visits: 13,751
Comments posted to this topic are about the item
Sharing
Follow me on Twitter:
@way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
Post #472682
Zarko Jovanovic
Zarko Jovanovic
Posted Friday, March 21, 2008 1:38 AM
SSC-Addicted
Group: General Forum Members
Last Login: Friday, March 30, 2012 2:35 AM
Points: 460,
Visits: 190
My friend uses some open source tool that locks the workstation if your bluetooth enabled cell phone moves out of (bluetooth) range!
I found some software that does the same thing for 15 US$
I can see this as mandatory practice in some companies
Of course, bluetooth devices are not found in most workstation computer, but USB bluetooth "dongle" is about 25 US$.
Post #472701
Andy sql
Andy sql
Posted Friday, March 21, 2008 2:47 AM
SSC Eights!
Group: General Forum Members
Last Login: Tuesday, May 21, 2013 6:21 AM
Points: 893,
Visits: 872
At my last work place, the Sys Admins implemented a new policy such that any workstation left unattended for 5 minutes would automatically lock, and then show the screensaver.
That REALLY annoyed some people! For example, you could be reading a document on-screen, and if you didn't move the mouse or hit a key for 5 minutes, your workstation would lock.
It was a real pain for the reception staff, who generally had to unlock their workstation whenever a customer walked in.
However, the reasons behind the move were sound, and people fairly quickly adapted to the change.
As for shared accounts, generally a big no-no.
My view is that the sooner we start using Smart Cards (or some other 2-factor authentication) the better. Take your card with you when you leave your workstation, and it automatically locks. I like the idea of using bluetooth on the mobile phone, that is clever.
I will admit to still running my workstation as a member of the local Administrators group though.
Andy
Post #472708
gwardell
gwardell
Posted Friday, March 21, 2008 3:17 AM
Forum Newbie
Group: General Forum Members
Last Login: Monday, September 17, 2012 7:34 AM
Points: 7,
Visits: 30
Hi,
I found it just plain stupid that a company would release software that would not run as a regular user, requiring it to be an administrator account just to print. And I wouldn't have believed it if it hadn't happened to one of my clients, and it was software from a big name company to boot.
So what's a sys admin to do? Make everyone that used that software an administrator of course.
Then, later on, somehow a virus got in and spread through the network because of those demonstrator accounts.
Sheesh.
Post #472715
Lou Ortega
Lou Ortega
Posted Friday, March 21, 2008 7:36 AM
Grasshopper
Group: General Forum Members
Last Login: Friday, November 07, 2008 8:15 AM
Points: 14,
Visits: 34
The last two software companies I've worked for have had programs that required local Administrative access.
This was obviously a problem to any client that had any form of Network security policy in place. The work around in both cases was:
1) Install the application under the Admin account
2) Give the limited user(s) permissions to specific folders and registry keys needed to run the program
Not sure if there is a better way -
Lou
Post #472791
gwardell
gwardell
Posted Friday, March 21, 2008 8:15 AM
Forum Newbie
Group: General Forum Members
Last Login: Monday, September 17, 2012 7:34 AM
Points: 7,
Visits: 30
lortega (3/21/2008)
1) Install the application under the Admin account
2) Give the limited user(s) permissions to specific folders and registry keys needed to run the program
I thought about this; it wasn't folders, the problem was registry keys. In my case the software vendor refused to tell me which keys and what access was needed. All they would say was an administrative account.
Not helpful at all.
Post #472827
Lou Ortega
Lou Ortega
Posted Friday, March 21, 2008 8:18 AM
Grasshopper
Group: General Forum Members
Last Login: Friday, November 07, 2008 8:15 AM
Points: 14,
Visits: 34
Unbelievable. Talk about being irresponsible and negligent.
Post #472830
Steve Jones - SSC Editor
Steve Jones - SSC Editor
Posted Friday, March 21, 2008 8:47 AM
SSC-Dedicated
Group: Administrators
Last Login: Today @ 3:30 PM
Points: 31,436,
Visits: 13,751
I wish someone would sue over this, not necessarily requiring admin rights, but not disclosing them. It would be a good way to force some disclosure.
I got told this by Dynamics (before they were MS), saying they needed "sa" rights. When I queried further, I realized the guy on the phone had no idea what was needed. He was a tech support guy, not a developer.
So I did some testing and discovered they needed SA rights (SQL 7) to add a new user to the system. We decided DBAs would add the login and the application would then see it. So they had to send an email for new accounting people. Worked great.
There are some trace tools, used to be some at sysinternals, that might help you figure out what rights are needed.
Follow me on Twitter:
@way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
Post #472856
Andy sql
Andy sql
Posted Friday, March 21, 2008 9:06 AM
SSC Eights!
Group: General Forum Members
Last Login: Tuesday, May 21, 2013 6:21 AM
Points: 893,
Visits: 872
Absolutely, ProcessMonitor from SysInternals (now part of the Microsoft, err, family) will help you figure out what permissions are required. The vast majority of problems are permissions to one or two specific keys in the registry.
Post #472879
Jack Corbett
Jack Corbett
Posted Friday, March 21, 2008 9:10 AM
SSChampion
Group: General Forum Members
Last Login: Friday, May 17, 2013 12:22 PM
Points: 10,571,
Visits: 11,871
I worked at a paper mill and we used shared accounts for the production floor personnel. They were using thin-clients and citrix published apps with restricted permissions. For any other position in the company you had a personal login. As far as locking the workstation, too many places I have been have not put that in a policy and admins were leaving their PC's open.
Jack Corbett
Applications Developer
Don't let the good be the enemy of the best. --
Paul Fleming
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #472882
« Prev Topic
|
Next Topic »
27 posts, Page 1 of 3
1
2
3
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
