[THIN] Re: Users installing programs
- From: Frank Monroe <Frank.Monroe@xxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 9 Sep 2004 10:24:47 -0500
Heck, your lucky users aren't deleting stuff from within program files.
Also, when its restricted (as it is out of the box), you are immune to many
(not all) the viruses that are floating around.
-----Original Message-----
From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
Sent: Thursday, September 09, 2004 11:18 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Users installing programs
Oh indeedy - it should be setup from the very beginning - and if it wasn't,
serious questions need asking - what did they think was *going* to happen?
It's just the inaneness that gets to me - it's like it's Always September on
this list, sometimes - every so often, somebody will post a message saying
that users are installing apps on their terminal servers, and like *how*
could this happen. Well unless you've taken explicit steps to *stop* it from
happening, what did you think was going to happen?
But if you are where you are, you need to sort out being where you want to
be, at the nearest opportunity - because it's only going to get worse, not
better.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Luchette, Jon
> Sent: 09 September 2004 16:08
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: Users installing programs
>
> I don't disagree with you that that regular domain users
> should be restricted from having anything but read only
> access to the server's drives, but I think that is something
> that should be set up from the beginning. To have a
> production environment already up and running that is not
> restricted in this way, and then go ahead and wipe out
> permissions all the way down the tree is going to be a
> headache, no matter what way you slice it, you will get
> helpdesk calls after doing this, even if you try and test it
> fully in your "lab" environment.
>
> -----Original Message-----
> From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
> Sent: Thursday, September 09, 2004 10:57 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Users installing programs
>
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Frank Monroe
> > Sent: 09 September 2004 15:31
> > To: 'thin@xxxxxxxxxxxxx'
> > Subject: [THIN] Re: Users installing programs
> >
> > All I can say is, it didn't take anywhere near that long here.
> > Although, we do script everything so each sever is built exactly the
> > same. And our scripted applications installs also know if they need
> > to tweak security and do so if needed. We rebuild our servers about
> > four times a year.
> >
> > This is the same type of fixing that you will have to do if you run
> > these applications on 2000/XP workstations with users who do not
> > have admin or power users.
> >
> > Believe me, once you remove the users ability to write all over the
> > server, your overall support will decrease.
>
> Absolutely - tremendously good point.
>
> It doesn't make sense to treat terminal servers like PC
> desktops on steriods.
>
> It makes sense to treat them like other server real estate -
> which means not letting normal users cause any problems on them.
>
> Opening them up, just because it's quick and easy, and less
> hassle, is the route to the dark side of the force, and
> likely no end of problems on an ongoing basis.
>
> Neil
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its subsidiaries is 100 Old
Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is
262152.
************************************************
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less demanding
on-demand enterprise! http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running on
unsecured Terminal Servers, profile headaches, and application performance
problems? Join us and learn how you can have a less demanding on-demand
enterprise!
http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
