1.
Basic Principals (continued)
Here’s a common
question: Should you let every user decide which software to use based
on their personal preferences?
The
answer: Absolutely not! You own the computers, you own the data and
you determine the tools through which that data is maintained. A “pick
and choose your own software” environment not only leads to instability
of the individual computers but also introduces unmanageable complexity
for the Administrator.
Access Control:
Here is your opportunity to minimize the amount of changes a user can
introduce to their computer. Most operating systems support the principal
of “privileges” granted to individuals by means of identification.
One
company I frequently interact with is strictly adverse to utilizing any
type of PIN or password. Does that limit the ability for the Administrator
to apply access control? Absolutely
not!
The
principal in that case is this: You protect the configuration, not the
data.
What
you don’t want to happen from a system administrator’s standpoint is
to allow users to add or remove programs on their computer. In some cases
you don’t even want them to change configurations to existing
applications. You can separate the two by declaring the lowest privilege
level to have the right to use the applications but not to change global
settings (which includes adding and removing programs). Then, it is up to
you to decide whether or not you want to password protect this layer. Only
the Administrator has the global change privileges and since that is not
used on a day-to-day basis it should be password protected.
Oh,
and talking about the Administrators: There are a lot of techno crazy kids
out there that have phenomenal computer knowledge. Unfortunately they
rather frequently bring with that an utter lack of business sense. If you
happen to have your computer wiz kid from around the corner maintain your
network, have them justify the changes to you and explain in laymen’s
terms what they’re doing.
These
are the first examples on how to stabilize your computer environment. Stay
tuned for more in the coming articles.
(read
on ...)
Copyright (c) 2008 by In Scope-Solutions,
Inc.
|