[THIN] Re: Users installing programs
- From: "Jim Abshire" <Jim.Abshire@xxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 9 Sep 2004 11:20:04 -0500
Ok, well I have talked it over with my manager and colleague and we
agree the best practice will be to rebuild one server from scratch, lock
it down then use that image on the remaining servers. So tell me exactly
where I will change the security mode to Full.
-----Original Message-----
From: Frank Monroe [mailto:Frank.Monroe@xxxxxxxxxxx]
Sent: Thursday, September 09, 2004 10:25 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Users installing programs
Heck, your lucky users aren't deleting stuff from within program files.
Also, when its restricted (as it is out of the box), you are immune to
many
(not all) the viruses that are floating around.
-----Original Message-----
From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
Sent: Thursday, September 09, 2004 11:18 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Users installing programs
Oh indeedy - it should be setup from the very beginning - and if it
wasn't,
serious questions need asking - what did they think was *going* to
happen?
It's just the inaneness that gets to me - it's like it's Always
September on
this list, sometimes - every so often, somebody will post a message
saying
that users are installing apps on their terminal servers, and like *how*
could this happen. Well unless you've taken explicit steps to *stop* it
from
happening, what did you think was going to happen?
But if you are where you are, you need to sort out being where you want
to
be, at the nearest opportunity - because it's only going to get worse,
not
better.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Luchette, Jon
> Sent: 09 September 2004 16:08
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: Users installing programs
>
> I don't disagree with you that that regular domain users
> should be restricted from having anything but read only
> access to the server's drives, but I think that is something
> that should be set up from the beginning. To have a
> production environment already up and running that is not
> restricted in this way, and then go ahead and wipe out
> permissions all the way down the tree is going to be a
> headache, no matter what way you slice it, you will get
> helpdesk calls after doing this, even if you try and test it
> fully in your "lab" environment.
>
> -----Original Message-----
> From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
> Sent: Thursday, September 09, 2004 10:57 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Users installing programs
>
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Frank Monroe
> > Sent: 09 September 2004 15:31
> > To: 'thin@xxxxxxxxxxxxx'
> > Subject: [THIN] Re: Users installing programs
> >
> > All I can say is, it didn't take anywhere near that long here.
> > Although, we do script everything so each sever is built exactly the
> > same. And our scripted applications installs also know if they need
> > to tweak security and do so if needed. We rebuild our servers about
> > four times a year.
> >
> > This is the same type of fixing that you will have to do if you run
> > these applications on 2000/XP workstations with users who do not
> > have admin or power users.
> >
> > Believe me, once you remove the users ability to write all over the
> > server, your overall support will decrease.
>
> Absolutely - tremendously good point.
>
> It doesn't make sense to treat terminal servers like PC
> desktops on steriods.
>
> It makes sense to treat them like other server real estate -
> which means not letting normal users cause any problems on them.
>
> Opening them up, just because it's quick and easy, and less
> hassle, is the route to the dark side of the force, and
> likely no end of problems on an ongoing basis.
>
> Neil
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its subsidiaries is 100
Old
Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods
Limited is
262152.
************************************************
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running on unsecured Terminal Servers, profile headaches, and
application performance problems? Join us and learn how you can have a
less demanding on-demand enterprise!
http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running on
unsecured Terminal Servers, profile headaches, and application performance
problems? Join us and learn how you can have a less demanding on-demand
enterprise!
http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
