I watched this subject kind of just go on and on and on. But this statement
caught my attention. A while back someone made a point of the security issue
of loading computers which come pre-loaded from OEMs. It never fails that
the Administrator accounts on HP/Compaq pre-loads are never seen, there just
there. And the "user" is made administrator. The only time I have seen a
user start out with "limited" access is after joining it to a network and
then log on as a user of a domain and not of the computer.
The question above is answered IMHO as yes. Any one who admins or is a PC
support person would have to agree. Come'on, if you change their monitor
they freak out that there folders are now gone! What I've always wondered
was why not at the beginning of a load do they not give a little more
explanation of the accounts or make the first account as admin and require
password for loading initial load and then require a "user" at reboot. I
feel there is not enough education in this area to the user. And it is the
"user" and their computer that ends up as our Zombie machines.
I have to admin that users are becoming more aware of viruses, adware,
mailware and trojans a lot more then in the past. Heck, that stuff is even
on the evening news now. I think that education should be elevated more then
ever. I have begun just such where I work not only to protect our network
but to make my job easier. I got tired of spending a quarter of my day
unlocking a computer from mailware and spyware. For my remote users I began
a weekly "Laptop Tips" and for office users I send out messages explaining
the dangers of such. I have seen the difference in problems. They NOW report
to me about pop-up message and ask me what they should do. Before they just
hit the yes button or ignored them. To me the old statement of "teach this
generation what you want the next generation to know" works.
Wow...I like coffee!!! It gives me a buzz!! And makes me talk a lot!!!
Full-Disclosure - We believe in it.