Home page logo

basics logo Security Basics mailing list archives

Re: Re: Securing workstations from IT guys
From: bert.knabe () lubbockonline com
Date: 27 Nov 2007 15:49:18 -0000

#2 If IT does not know the local admin password, how can they do their job, patching & maintaining the PC. 
Realistically, there shouldn't be any HR related applications that absolutely require end users to use the Admin ID to 
do their job. And there is no other reason for user to know admin password.</snip>

Where I work we use images from our corporate parent. We install them over the network, leaving the "admin" account 
password as it was set by corporate, which allows them to push updates they have tested for conflicts. AFAIK only the 
people who make the images and the Landesk software know that password. The local techs have two accounts, a "normal" 
account and a "shortname" account with full admin privileges. Normally the tech will login with the normal account, but 
when there is a need to install software or do anything else requiring admin rights the shortname is used. The 
shortname accounts are monitored more closely than the normal accounts, and any tech abusing his position will be dealt 
with appropriately.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]