Ahhh the same old user rights....
About XP @work, i can't comment i have not deployed it anything larger than 10 clients...
 
About the user rights, well since i am not a resident admin and we manage a number of medium sized networks here is what happens if you don't restrict the users.
 
First and with upmost urgency they have a tendency to install ICQ/ Gnutella and any other crap they can get their hands on and then complain their computer does not work properly (they can't say icq etc because that will get them fired) when we look at it they say this or that does not work of course it doesn't the ports are blocked.
Then we get into how dare we restrict mr or mss blah blah...
 
All those software which can vary from dictionarys to games or divx players just mess the system up. If a customer says, they don't want/need any restrictions or security the service agreement price immediately goes up %100. We explain what it is to the boss etc. And they agree. But they don't want to be restricted themselves, so we just keep a monthly ghost image of his system on the server for the next time he is going to screw up his machine...
 
Another thing is, the users who say they don't know nothing does not scare me, the ones that had some how to use windows course and claim to be an advanced users does. Those are the doddgy ones since they cause the problem on the networks with putting their goddamn nose where it does not belong.
 
Last week one of my techs forgot to log off the server while leaving the site. guess what a wise *** got in, and tryed to change the firewall/router config so he can surf **** sites.
 
I can give you many more examples like this .

Quote:


Honestly, if doing NT oldstyle Domain ones is anything or working with NDS from Novell? You'd grasp it in a flash on that part! Well, not in a flash, but I bet you would quick.



You must reprimand that tech... make him run cable thru ducts he has to crawl thru, lol...

* GOOD REPLY!



APK

First that tech is at the moment in Saudi Arabia, running fiber in a ISP project. Then he is moving to lebenon. in total it makes about a month. And I have canceled his weekends in the civilized world so he has to stay there all the time. That should be punishment enough. If he wants to he can buy his own tickets to come back. It is 60 degrees in arabia and not a drop of cold beer or anything alcholoc

For the other thing we do NT networks all the time. And as further as i got, i have not seen any difference between xp and 2k apart from the screwed up interface They are both stable OS's but XP needs 2 service packs at least in my opinion. Or maybe MS will create a miracle and do it in one SP but i doubt it

BTW: About the Tech, I know i am mean. He was *****ing about it to his mum and girlfriend all week over the e-mails. But he did deserved it. And yes i do read their e-mails time to time and the ones containing certain business related word combinations are marked for my attention also...

Sometime's it's required. I have to sniff my network. I have to read the email's that get affected by viruse's or are likely to be affected. I have to backtrack an employee's activities for a length of time, which of course inolves reading their email.
 
If it's sooooooooooooooo personal that they would complain about it then they shouldn't be doing it on my network. Some poeple just don't seem to realize that. For instance, the rest of the Domain Admin's at my job could read my email if they really wanted too. Do I use PGP because of this? No, because I couldn't care less if they read my email. If they want to read some stupid little email to my parent's or a response to a thread on the net helping somebody well...I feel pretty sorry for 'em but they are welcome to read all they want.
 
Also when I do read their email I usually inform them if I dig down deep but If I do a cursory inspection I don't.

The network is owned by the company, and should be treated as such, period. If they own a locker, they can go into it. Many companies require waivers to allow for searches of handbags and such as they enter/leave the property (and some others require the use of clear plastic handbags or none at all). PCs are not meant to have anything personal on them, and should be treated as such.

OK, you are confusing the two different topics. First, if someone was on my property trying to break in or listen to what I am saying, that is trespassing AND invasion of privacy. If this person was off my property, but was trying to listen in (via directional mic or whatever) that would be invasion of privacy as well as I am still on my property. Now, let's say that you were to be held responsible for ANYTHING that can be said/written/expressed on your property by anyone either on OR off of your property, would you have more incentive to keep an eye on things? You haven't been an admin in quite a while to ride the more current court rulings, so you probably haven't had to deal with HR's perspective on these legal issues. It's company property, and the company can and is held liable for anything held/displayed by it.

Good point clutch.
Also i would like to state the flagged msg's i pay attention to are not i miss you etc. It is about insider information. I do contracts in many places some of the dodgy like lebanon or arabia as i said before. Competition is fierce because amounts of money involved are unreal. I have to protect myself and i would rather do it covertly. i don't want my employees looking over their shoulder if they piss on the floor in the toilet by accident. $hit happens, i accept that and not hold them responsible. But i would like to prevent it happening deliberately, and cannot trust it upon a 1 hour max interview i had with a guy. There is such a thing as industrial espionage. i am not a defense contractor or such but even a quote we gave can have massive effects on a contract bid if it ever got out. Not everybody has the same ethics we do. You will make a mistake if you think so.
 
I would like to trust my employees from the trainees to the Tech majors (I give them sort of military rank to keep them motivated with advances and reprimads and all.) but i can't. Hell, i don't even trust my own uncle or father in that sense. Not they will do something deliberate but accidents do happen. I know u are going to say i am paranoid alecstaar but remember;

Even paranoids have enemies sometimes!

Quote:

My question & statement however is: Who's "guarding the guards", the admins??


Pointless question, as it can endlessly be applied to the guards guarding them and so on. The systems are property of the company, and the admins are held responsible for their operation. If the admin is charged with monitoring email or anything else on the system, so be it. Kids have lockers in schools that are subject to search, while adults that have lockers at work have the same rules as well. Very simple; don't jack around with or on the computer, and you will do fine.

You have got to be kidding. The example you have shown actually proves just how *big* your method is and how long it takes to get anywhere. Sure, in something as complicated as running a country it may work out OK, but in something as lame as monitoring email traffic that is simply overkill. Assigning personnel to watch other personnel is very resource intensive. And even if it's assigned as a "side" duty, it is still an overhead that can't be overlooked. Have you ever been involved in a project that just couldn't get anywhere because you *constantly* had to get someone "on-board" with the project? Or, there was so much debating about some mundane detail that it nearly (or may have) canceled the project? This is what happens when you drag too many people into the equation. Congress takes forever to move a stupid bill around, and that's a hell of a lot more important than reviewing email or scanning files.

OK, your response was way too big so I skimmed it. The response of "guards watching guards" on my part was in response to your question of "who's guarding the guards?" which is something that has been applied to many areas of security over the years (who's policing the police? Internal Affairs, but who's policing them?).
 
Here's how it works; you ask any real admin who has to support not only workstations, servers, and their respective applications but enforce policies on the behalf of the company (usually through personnel or HR) and they will tell you that a fully open environment is simply the best policy. No privacy, period. So no, I did not contradict myself in any manner, but merely pointed out the overhead and flaws of your suggestion (and why it isn't implemented). Have a nice day (as in, end of this discussion for me).
 

We are just going in circles. We all agree it has to be done only difference is, clutch is stating and talking about the logistics of it, while i state the obvious and give a different point of view.
AlecStaar, no offense intended but you are taking the moral high ground just for the sake of it in my opinion. You are involved in the computers, you should have an idea how the businesses work.
We don't / can't apply democracy to business. Maybe in a charity organization or so which will be pointless.
 
Can you imagine a board of directors calling in a vote by the employees whatever to raise their salary or whatever to close the company or not. I know those are overkill questions. Looking into the private e-mails of the employees is like tapping their mobile or home phone. Should not be done. but any e-mail under that company's domain is company property. Nobody is complaining when they install CCTV in their offices. This is not so different. if they have a private matter to discuss there always is hotmail yahoo etc, if they are broke enough not to have an isp connection.
 
Ahh, i am bored. You guys got my point i think

I didn't know the license applied to ealier versions of windows NT (well, 2000 and NT) as well. When I asked MS, they said you need a separate license for each OS.

Quote:I didn't know the license applied to ealier versions of windows NT (well, 2000 and NT) as well. When I asked MS, they said you need a separate license for each OS.

Both license consultants that I use (one at CDW and one at Dell) tell me that they are backward compatible. So, that's what I go on.

SWEET! May as well buy XP Pro then, and not worry at all!!