[gptalk] Re: PLS help with grouped policies for my audit!!!

  • From: "Scott Klassen" <klas9574@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 14 Jan 2008 12:01:40 -0600

Best Practices aren't something that you decide and then get certified.
They are generally proscribed by the vendor (manufacturer) of a specific
product, be it hardware or software.  Best Practice would be the generally
accepted way of doing/configuring something to achieve a certain goal.  The
goal would be an important point, as the settings could be different
depending on what your trying to do.  An example of this would be if you
were configuring something for pure usability, which would most likely be
very different than configuring that same thing for pure security.  There
are also some Best Practices that operate at a higher level than any
specific product, which fall under the category of common sense.  Two good
examples of this for disaster recovery would be to regularly test backups
and to document everything.

Scott Klassen

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Billy B. Bilano
Sent: Monday, January 14, 2008 11:27 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] PLS help with grouped policies for my audit!!!

Hey dudes!

guys i am embarassed here to even say that this is happening to old 
bills pride, but you know what? i walkied into the bank this morning and 
winked at the security camersas as came out of the toilet (cuz they are 
my cameras LOL!) because thast is my first stop when I walk in you know, 
I gotta put the flag up as it were!!!

so anyway I got there to my desk and sit down and then some food from 
breakfast tumbled out of the old beard (the flavor-saver as they SAY 
LOL!) and it accidentally opened that nasty OUTLOOOK program that 
Mickey$haft makes. I don't know why people like that damn thing it is a 
pigglet. anyway it has a cool feature called "calendar" that makes 
getting meetings easy (if you use that terrible thing) and it turns out 
that I had a meeting for TODAY!!! The subject of the email was 
"Compliance Audit 2008 / Network Security - Group Policy"

Now one tehing I learned years ago back when we still used Macs was that 
when somebody screams AUDIT, you jump! because that means that heads 
will roll. the good news is that this go around they just wanted 
documents on our policies so I figgered that was easy enough so I stole 
a copy of our employee handbook, ripped out the information security 
pages, tossed thems into a vanilla folder and snapped a sticker note on 
it that read "CASE CLOSED" and then this little nerd that works for me 
(he is some kind of micorsoft tech guru that the bank made me bring over 
when we got bought out) came over and said 'they need info on OUR policies".

so I called him in and he said that HR is now apparentlyt keeping 
policies on our Active Director! I wanted to scream because we just put 
a new fileserver in!!! Next thing you see with will be old Billy Goat 
Gates wanting to keep my mails in some kind of alternate bit streams 
(IP6V anyone???). He said that we can get them using GPMCS or some 
policy manager console or something and with that I just about blew my 
lid!!! I am the manager here and if there is a tool to manage somebody 
then I should already have it!

Now I am in a real pickle here because I don't keep docs because it 
means that i am more valuable to the company (been down that road and 
done that alread! LOLOLLS!!). if i say too much then my value goes down 
the poop-chute!!!

So now I need to ask, and BEG the group, if they can send me some of 
their group policies and I can just search/replace your company name 
with mine and we can go from there. I need something to swhow these 
auditors to get them out of my short curlies before dinner time.

also they said i need to have some practices that have been declared 
"best". Where can I submit them off for review so they are certified? 
they wont tell me and that kid that works for me started laughing and 
resigned (all the more vacation time for me LOLOLSL!!!!).

thanks dudesss!!!

OH... And does ANYBODY know where I can get some SAS-70's wholesale??? 
I've been lookin on that Googler thing and can't find it! and YES I have 
checked eBay thank you very much!!

P.S. Check out my bloglog!!! <http://www.bilano.biz>


-- 
Mr. Billy B. Bilano, MSCE, CCNA, CISSP, and now QISP
<http://www.bilano.biz/>
Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: