Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 123»»»

Sharing Expand / Collapse
Author
Message
Posted Thursday, March 20, 2008 11:51 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:05 PM
Points: 31,284, Visits: 15,750
Comments posted to this topic are about the item Sharing






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #472682
Posted Friday, March 21, 2008 1:38 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Friday, March 30, 2012 2:35 AM
Points: 460, Visits: 190
My friend uses some open source tool that locks the workstation if your bluetooth enabled cell phone moves out of (bluetooth) range!

I found some software that does the same thing for 15 US$

I can see this as mandatory practice in some companies

Of course, bluetooth devices are not found in most workstation computer, but USB bluetooth "dongle" is about 25 US$.

Post #472701
Posted Friday, March 21, 2008 2:47 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, November 11, 2014 2:16 AM
Points: 1,066, Visits: 1,142
At my last work place, the Sys Admins implemented a new policy such that any workstation left unattended for 5 minutes would automatically lock, and then show the screensaver.

That REALLY annoyed some people! For example, you could be reading a document on-screen, and if you didn't move the mouse or hit a key for 5 minutes, your workstation would lock.

It was a real pain for the reception staff, who generally had to unlock their workstation whenever a customer walked in.

However, the reasons behind the move were sound, and people fairly quickly adapted to the change.

As for shared accounts, generally a big no-no.

My view is that the sooner we start using Smart Cards (or some other 2-factor authentication) the better. Take your card with you when you leave your workstation, and it automatically locks. I like the idea of using bluetooth on the mobile phone, that is clever.

I will admit to still running my workstation as a member of the local Administrators group though.

Andy
Post #472708
Posted Friday, March 21, 2008 3:17 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, September 17, 2012 7:34 AM
Points: 7, Visits: 30
Hi,

I found it just plain stupid that a company would release software that would not run as a regular user, requiring it to be an administrator account just to print. And I wouldn't have believed it if it hadn't happened to one of my clients, and it was software from a big name company to boot.

So what's a sys admin to do? Make everyone that used that software an administrator of course.

Then, later on, somehow a virus got in and spread through the network because of those demonstrator accounts.

Sheesh.
Post #472715
Posted Friday, March 21, 2008 7:36 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, November 7, 2008 8:15 AM
Points: 14, Visits: 34
The last two software companies I've worked for have had programs that required local Administrative access.

This was obviously a problem to any client that had any form of Network security policy in place. The work around in both cases was:

1) Install the application under the Admin account
2) Give the limited user(s) permissions to specific folders and registry keys needed to run the program

Not sure if there is a better way -

Lou
Post #472791
Posted Friday, March 21, 2008 8:15 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, September 17, 2012 7:34 AM
Points: 7, Visits: 30
lortega (3/21/2008)


1) Install the application under the Admin account
2) Give the limited user(s) permissions to specific folders and registry keys needed to run the program


I thought about this; it wasn't folders, the problem was registry keys. In my case the software vendor refused to tell me which keys and what access was needed. All they would say was an administrative account.

Not helpful at all.
Post #472827
Posted Friday, March 21, 2008 8:18 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, November 7, 2008 8:15 AM
Points: 14, Visits: 34
Unbelievable. Talk about being irresponsible and negligent.
Post #472830
Posted Friday, March 21, 2008 8:47 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:05 PM
Points: 31,284, Visits: 15,750
I wish someone would sue over this, not necessarily requiring admin rights, but not disclosing them. It would be a good way to force some disclosure.

I got told this by Dynamics (before they were MS), saying they needed "sa" rights. When I queried further, I realized the guy on the phone had no idea what was needed. He was a tech support guy, not a developer.

So I did some testing and discovered they needed SA rights (SQL 7) to add a new user to the system. We decided DBAs would add the login and the application would then see it. So they had to send an email for new accounting people. Worked great.

There are some trace tools, used to be some at sysinternals, that might help you figure out what rights are needed.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #472856
Posted Friday, March 21, 2008 9:06 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, November 11, 2014 2:16 AM
Points: 1,066, Visits: 1,142
Absolutely, ProcessMonitor from SysInternals (now part of the Microsoft, err, family) will help you figure out what permissions are required. The vast majority of problems are permissions to one or two specific keys in the registry.
Post #472879
Posted Friday, March 21, 2008 9:10 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 9:09 AM
Points: 10,342, Visits: 13,352
I worked at a paper mill and we used shared accounts for the production floor personnel. They were using thin-clients and citrix published apps with restricted permissions. For any other position in the company you had a personal login. As far as locking the workstation, too many places I have been have not put that in a policy and admins were leaving their PC's open.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #472882
« Prev Topic | Next Topic »

Add to briefcase 123»»»

Permissions Expand / Collapse