On 21 Mar 2013 at 11:28, Novosielski, Ryan wrote: > Well, if you must allow them to have this access, I would make it through a > separate account. There is no good reason to have users logging in daily as > Administrator anymore.
There's too much idiocy in the design of our point-of-sale/inventory software, and we have a deal support web site we *have* to use to run our business that runs on ActiveX controls in IE (and that get updated often enough to be a pain), and too many users who couldn't remember how to do that. It'd never work. Believe me, I know the hazards here. Once we start logging in to a domain, things will be a *lot* more secure than they ever have been before, with just local Windows accounts (with admin rights). The risks are mitigated by the fact that we are a retail business, and the vast majority of my users are store level management (who, wile often clueless about computers, are generally pretty smart) who spend as little time as possible in the office instead of on the sales floor. They don't so much on the computer, even less online, and very little of that is outside of a very small group of web sites that are generally pretty safe. Only the store office computers have unrestricted internet access. We haven't had a lot of issues. One, that I recall, in 15 years, that required more than a system restore to fix or affected more than one particular computer. > > Trouble with mailing lists: you will get an opinion on what you're doing, > want it or not. Honest, I'm surprised it took as long as it did. Really, folks, I do know the risks. And I really have no choice. > > > ----- Original Message ----- > From: Terry Austin [mailto:te...@crownhardware.com] > Sent: Thursday, March 21, 2013 11:24 AM > To: L.P.H. van Belle <be...@bazuin.nl> > Cc: samba@lists.samba.org <samba@lists.samba.org> > Subject: Re: [Samba] Making users local administrators > > On 21 Mar 2013 at 10:29, L.P.H. van Belle wrote: > > > DONT DO IT !! > > > > This is Administrators 1ste rule !! > > NEVER, but then NEVER giver users Administrator/PowerUser rights. > > I have no choice. There's too much stuff out of my control that requires > the daily user have admin rights locally. > > Plus, we've beeing doing it this way for 15 years, and have never had any > serious issues. > > > Its simpel, without Admin rights on users, you pc is about 90% more safer. > > if you also remove flash java adobe, you are about 99,5% safe. > > In our case, they'd be 100% safer because we'd be out of business. If I > don't keep things working, my replacement will. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba