Re: W2k Default User and Administrator

Discussion in 'NZ Computing' started by T.N.O., Jul 8, 2003.

  1. T.N.O.

    T.N.O. Guest

    T-Boy wrote
    > This isn't "your" network"


    yeah ok I'll give you that. :)

    > - as said, *most* small business
    > networks are setup so that each local user "owns" their PC -
    > and can install s/w onto them without having to see an
    > administrator (most small business setups don't *have* a
    > dedicated network administrator).


    I realise that there would not be a dedicated administrator, but
    still, I would hardly rate a school as a small business(in network
    terms) as kids will destroy anything, all they would need is a logged
    in machine, and they could trash it if that user had admin rights on
    that machine.

    Also, as they are running AD they have a domain controller, so are
    running a server OS, which I would assume they would have some "sort
    of administrator" that does tech work for them(most likely Matthew
    Strickland?)

    > The PC is totally safe as setup like this, the local user has a
    > machine that only they can change (no other user will have
    > local rights).


    The PC is entirely not safe like this.
    If anyone has admin rights, they can essencially destroy the PC.

    > On large networks, sure; roaming profiles, lockdown desktops
    > and workstations are the way to go.


    yeah sure...

    > And sure this may well
    > apply to small networks too, operating in a corporate
    > environment under a larger business umbrella where the setup is
    > dictated.


    Well dictated is rather strong language, but I guess it is true :)

    > But it'll be a fair bit dearer to admin...


    yes and no.
    Dearer for some things, but if users cant break things, there is less
    admin work.

    > user
    > wants something, phone the helpdesk


    Doesn't need to be a helpdesk, this is only a school... maybe user
    emails "sudo admin"

    > fill in a request for
    > change


    no need, email is all that is required. maybe add something like a
    cost code to each teacher so that requests have some sort of ID on
    them - digital signature - you can get them free now for non
    commercial use(I assume that schools are non-commercial)

    > goes through change management process (might take a
    > week - chit, might only have change management meetings once a
    > week), decision is made, change is implemented or isn't.


    no need, all that is required is the above method.
    I know it works as I have seen it running.

    > Most small busines's do *not* operate like that - nor do they
    > wish to. Local PC autonomy is typical and recommended even by
    > operating system makers such as Microsoft.


    yeah, but running an smtp server that accepts any requests was also
    recommended by MS until a couple of years back.

    > (Check out an SBS
    > workstation setup - as recommended by Microsoft). This does
    > not mean (BTW) that desktops can not be further locked down,
    > nor does it stop group policy implemnented workstation
    > lockdown.


    Dont have the time or inclination to check it out.
     
    T.N.O., Jul 8, 2003
    #1
    1. Advertising

  2. T.N.O.

    T.N.O. Guest

    Matthew Strickland wrote:
    > NTFS, and you use a complex local admin password. (I have had cases of users
    > hacking NTFS partitions, deleting sam or decoding sam files and gaining
    > local admin access)...


    you could always rename the local admin account to something stupid that
    no-one would guess, then make another account with the username
    "administrator" and only having guest rights... that would do it
    wouldn't it?
     
    T.N.O., Jul 9, 2003
    #2
    1. Advertising

  3. Yes it sure would, its been a suggestion before :)

    Thanks anyway guys, ill tackle it all next week. At least its holidays!

    Matt

    "T.N.O." <> wrote in message
    news:...
    > Matthew Strickland wrote:
    > > NTFS, and you use a complex local admin password. (I have had cases of

    users
    > > hacking NTFS partitions, deleting sam or decoding sam files and gaining
    > > local admin access)...

    >
    > you could always rename the local admin account to something stupid that
    > no-one would guess, then make another account with the username
    > "administrator" and only having guest rights... that would do it
    > wouldn't it?
    >
     
    Matthew Strickland, Jul 10, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Qm9i?=

    W2K Prof. to W2K Prof. File & Printer Sharing Not Working

    =?Utf-8?B?Qm9i?=, Dec 12, 2004, in forum: Wireless Networking
    Replies:
    14
    Views:
    2,299
    Malke
    Dec 17, 2004
  2. Gert

    Wireless connection with non-administrator user

    Gert, Jan 11, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    555
    Pavel A.
    Jan 11, 2006
  3. cc

    User/Administrator Accounts

    cc, Feb 13, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    436
  4. Patrick Cleburne

    Transfer administrator settings to another user

    Patrick Cleburne, Mar 21, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    13,014
    Gene45
    Jun 1, 2010
  5. century.dave

    need administrator...but no administrator

    century.dave, Dec 8, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    519
    Carlos
    Dec 9, 2007
Loading...

Share This Page