Re: Policy
- From: "skip" <skip@xxxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 26 Aug 2002 12:47:19 -0600
Hows about a written policy backuped by a 9mm :) J/K From my experience,
when you take a user out of the Admins group, they are not permitted to do
all certian functions, like mess with netwrok settings, add drivers,
hardware, software. ect,ect. Unfortunelty i cant do this because i work
for a software company that has a bunsh of programmers, and they need to
be admins on there machines to do there jobs, as you can image this makes
my job of controlling what they are doing on these machines a bit
problematic, but if you have users that do the same taks everyday, and
would nver need toinstall a device driver, that it would work for you. I
would get to know the run as command well, if you are going to do this. As
far as ISA goes I control access based on domain users for access to the
internet, this lets me easily block sites, content redirect users that go
to unarthorised sites back to the company's intranet site, that explains
the internet policy (I love this one)In short, i would setup your ISA
server to control access based on your domain user accounts, this is alos
helpful when you need to read the logs, all access will show up as
username\domain, as long as you have NO Anonymous rules in effect on your
ISA server.
Other related posts:
