On Wed, Apr 9, 2008 at 1:15 PM, Tom Strader <[EMAIL PROTECTED]> wrote: > Our CEO is quite smart when it comes to technology however, he has > stated to my upper managers he does not like to be controlled or > protected to the point he cannot override the system.
Have you tried actually working it out with him? In particular: Point out that the entire IT staff operates under the same exact set of restrictions on a day-to-day basis[1]. I find that mollifies a lot people, when they realize they're not being left out of some exclusive club. Also explain how this is not a matter of trust in him, but rather, protecting him from all the malicious software in the world. If the regular user account can't be used to modify the system, that means malware can't use it to modify the system, either. [1] If that's *not* how your IT department works, then your bad. I always make sure I eat my own dogfood. One analogy I've used is that this stuff is like the hand guards on a piece of machinery. It's not like anyone would deliberately stick their hand into the spinning gears. We put safety measures in place to help protect against human mistakes -- not because we don't trust our people. One thing I've also done is to use tools like RUNAS and sudowin and fine-grained permissions to give users the ability to do all sorts of things, but without running as admin all the time. That keeps the protections in place, and encourages them to think before acting, too. Even if you need to create a separate local admin account just for them, that still goes a long way. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~