Comments on: Controls & restrictions at the workplace

By: nirav

nirav — Thu, 29 Apr 2010 11:34:44 +0000

We’re a software development company and for a majority of the tasks we do, we need administrative rights.

And the purpose of the article was NOT to highlight Windows’ weaknesses.

By: Deven Rajdev

Deven Rajdev — Thu, 29 Apr 2010 05:39:14 +0000

Hi,

I can say that your skills were better than the strength of your security products [in the above scenario], but could have been difficult if there was strong Windows Domain security implemented via group policy.

By: Shivanand

Shivanand — Tue, 04 Aug 2009 00:25:57 +0000

ah !! in the previous comment used “bindaas” bindaas all over !!

By: Shivanand

Shivanand — Tue, 04 Aug 2009 00:23:57 +0000

I’ve been fortunate enough not to work in companies that put down all such restrictions. I always make bindaas use of USB drives, DVD / CD Burners bindaas of my office Macs and Mac books

Teaching folks workplace ethics is an excellent idea. Adding to that teaching workplace etiquette is also necessary. I’m stressing on etiquette coz I used to have bad experiences with a lady in my team in my previous company. So manner-less that she would put both her arms behind her head, while wearing a sleeveless top. You wouldn’t know where to look at while talking to her. Its as if she is asking look at my armpits and guess when I last shaved ? Man !! that was gross…

By: Sukesh Nambiar

Sukesh Nambiar — Mon, 03 Aug 2009 08:52:03 +0000

A decent operating system should be able to restrict resource access, especially I/O systems on an integrated os security layer. This way the administrtor can restrict who can have what. It is always safer to use built in security because it can be very robust.

Adding another layer of security is like putting a 9 lever lock on a house with glass door. It is easier to break the door than breaking the lock.

I am not sure whether it is by mistake or by purpose, the windows clients used in software and other companies are configured in a way that the user is an administrator for the machine. This is where the problem starts. I was told that most of the development applications require administrative access to run. If that is the case there is nothing much one can do anything about.

On the other hand if it is done for convenience (who is going to take care of the 100+ machines for trivial issues ?), then the sysadmins of the companies should educate themselves better.

I am not a system administrator. I use ubuntu distribution at home. I do ‘experiments’ with java at home. It is possible for the developer user to install ide’s tomcat servers and other tools locally to the user. The other user will not have any access to such things. Both users are not root. In fact I could even prevent one of the user from accessing CD drives, pen drives, internet etc if I need.

I am not sure how it works in Windows. Maybe your company should invest some time to figure out ways to do this than installing costly third party applications.

Or can switch to Ubuntu