Comments on: Windows Without Admin Rights http://www.howinthetech.com/windows-without-admin-rights/ Daily Tech Tips and News Wed, 10 Mar 2010 16:07:43 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: Adam http://www.howinthetech.com/windows-without-admin-rights/#comment-22 Adam Fri, 23 Jun 2006 15:11:38 +0000 http://www.evileyez.org/windows-without-admin-rights/#comment-22 You're spot on Raemann, and i've never really thought of it that way before - I'm referring to the entitlement or ownership that users in the workplace feel towards their PC. Generally, a mindset change can happen if a psuedo cause & effect situation occurs. User does not comply with procedure or standards put forth by the company, resulting in said problems with the PC - leaving the user without the tool to do his job. The catch22 is, as the person who must support my users, its in my job's best interest to get them back up and running ASAP - so that they can continue doing their job and in turn, bring money into the company. However, should the users start seeing their tools disappear for longer stints of time - directly by their own mis-doing - then perhaps the attitudes would start to change? It's a pretty cynical approach (the stalling of problem solving), but you are 100% correct that the change has to occur in carbon. You’re spot on Raemann, and i’ve never really thought of it that way before – I’m referring to the entitlement or ownership that users in the workplace feel towards their PC.

Generally, a mindset change can happen if a psuedo cause & effect situation occurs. User does not comply with procedure or standards put forth by the company, resulting in said problems with the PC – leaving the user without the tool to do his job. The catch22 is, as the person who must support my users, its in my job’s best interest to get them back up and running ASAP – so that they can continue doing their job and in turn, bring money into the company. However, should the users start seeing their tools disappear for longer stints of time – directly by their own mis-doing – then perhaps the attitudes would start to change? It’s a pretty cynical approach (the stalling of problem solving), but you are 100% correct that the change has to occur in carbon.

]]> By: Raemann http://www.howinthetech.com/windows-without-admin-rights/#comment-21 Raemann Fri, 23 Jun 2006 13:44:46 +0000 http://www.evileyez.org/windows-without-admin-rights/#comment-21 More rant : The landscape is changing. We in security and IT oversight have long noted that "home PCs" in the workplace were a security risk. Primarily because of the familiarity to practices which their users had grown accustomed. More specifically the notion that since this is the same OS, look and feel of what people have at home they are not "on their toes" and awake when it comes to business practices. What we found to be a common tendency involved users overlooking physical security practices on their PCs. Among the myriad of additional weakness is the precursor to all failings in the notion that "This is MY computer". Until we convince users that they are using a tool - much akin to a mechanic going to a tool crib for a wrench - we deal with a mentality that refuses to believe that they must conform to standards, practices or principles involving common use. I fear that the security fix may involve a great deal more work in carbon than silicon. More rant :

The landscape is changing. We in security and IT oversight have long noted that “home PCs” in the workplace were a security risk. Primarily because of the familiarity to practices which their users had grown accustomed. More specifically the notion that since this is the same OS, look and feel of what people have at home they are not “on their toes” and awake when it comes to business practices. What we found to be a common tendency involved users overlooking physical security practices on their PCs.
Among the myriad of additional weakness is the precursor to all failings in the notion that “This is MY computer”. Until we convince users that they are using a tool – much akin to a mechanic going to a tool crib for a wrench – we deal with a mentality that refuses to believe that they must conform to standards, practices or principles involving common use. I fear that the security fix may involve a great deal more work in carbon than silicon.

]]> By: Raemann http://www.howinthetech.com/windows-without-admin-rights/#comment-20 Raemann Thu, 22 Jun 2006 21:30:32 +0000 http://www.evileyez.org/windows-without-admin-rights/#comment-20 I hope to not come off as a "windows flag waver". Many of the problems can be centered around the familiarity to windows by common users, the tendency of users to own software that they have on home PCs and invariably install at work, and the number of windows PCs in the market compared to other computers make them a "hack target". None of these are issues noticed in the Unix market. I will admit that there are grave issues with running the PC as a user rather than as an administrator, but the benefits outweigh the challenges in many situations and if they do not - DUMP the application for one that is written to work in a networked environment. Until vendors realize a pinch in the pocket they seem unable to update/configure for non admin operation. We find that vendors we are calling as we add 3000 PCs to a MS Windows 2000 domain are saying, "Well, I don't know where the registry hack to fix (you choose the problem) is but - if you find out LET US KNOW!" then you hear nervous laughter in the background. We can change this attitude but, it won't be easy. I just hope that we can do so sooner than later. I hope to not come off as a “windows flag waver”. Many of the problems can be centered around the familiarity to windows by common users, the tendency of users to own software that they have on home PCs and invariably install at work, and the number of windows PCs in the market compared to other computers make them a “hack target”. None of these are issues noticed in the Unix market. I will admit that there are grave issues with running the PC as a user rather than as an administrator, but the benefits outweigh the challenges in many situations and if they do not – DUMP the application for one that is written to work in a networked environment.
Until vendors realize a pinch in the pocket they seem unable to update/configure for non admin operation. We find that vendors we are calling as we add 3000 PCs to a MS Windows 2000 domain are saying, “Well, I don’t know where the registry hack to fix (you choose the problem) is but – if you find out LET US KNOW!” then you hear nervous laughter in the background. We can change this attitude but, it won’t be easy. I just hope that we can do so sooner than later.

]]> By: Kirk http://www.howinthetech.com/windows-without-admin-rights/#comment-15 Kirk Fri, 16 Jun 2006 19:56:35 +0000 http://www.evileyez.org/windows-without-admin-rights/#comment-15 Very interesting article and something I hear all the time from people who eventually purchase our product. Bit9 provides the logical ability to allow Admin rights to all users, while still transparently creating a locked-down environment, including the ability to create different policies based on user or departmental level. For the enterprise that must be secure yet Open and Available, Parity makes perfect sense. How we would work under the situation you illustrated so perfectly above... 1. user needs new software has admin rights but machine is locked down via Bit9 Parity 2. IT receives the request and centrally approves new software via Parity console 3. IT notifies user software is approved 4. User is running new software in minutes with no technicians dispatched. Just a streamlined approach to IT responsiveness and a dramatic increase in both IT and end user productivity check us out at www.bit9.com Very interesting article and something I hear all the time from people who eventually purchase our product. Bit9 provides the logical ability to allow Admin rights to all users, while still transparently creating a locked-down environment, including the ability to create different policies based on user or departmental level. For the enterprise that must be secure yet Open and Available, Parity makes perfect sense.
How we would work under the situation you illustrated so perfectly above…
1. user needs new software has admin rights but
machine is locked down via Bit9 Parity
2. IT receives the request and centrally approves
new software via Parity console
3. IT notifies user software is approved
4. User is running new software in minutes with
no technicians dispatched. Just a streamlined
approach to IT responsiveness and a dramatic
increase in both IT and end user productivity

check us out at http://www.bit9.com

]]>