Security Basics mailing list archives
RE: Allowing Non admin users to install approved software
From: "Isaac Van Name" <ivanname () southerlandsleep com>
Date: Wed, 18 Oct 2006 09:50:33 -0500
I have to agree with that assessment. While there are tools out there that will allow your non-privileged users to install programs, your policy should not allow it. If they need a program installed, they can contact you. If it's a program that is not used on other workstations, evaluate the program and decide whether it should be allowed or not. In every case that does not relate directly to a user's job, I deny such requests. Strict permissions must remain strict, or you're just wasting your time. Isaac Van Name Systems Administrator Southerland, Inc. ivanname () southerlandsleep com "What good would you do with an ignorant employee? Ignorance is grounds for dismissal..." - Mario Spinthiras Open Source developing at its finest: "Written in vim, W3C valid and UTF-8 encoded, for her pleasure." Disclaimer: This email is intended only to be used to feign intellectual mastery of a subject or superhuman command of the English language, when profanity is involved. By reading this email, you are agreeing to cease all correspondence with the sender upon realizing your own ignorance, and furthermore to refrain from taking legal action against said sender when your compounding ignorance crushes your inadequate self-esteem. Have a nice day. Original> -----Original Message----- Original> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Original> On Behalf Of Laundrup, Jens Original> Sent: Tuesday, October 17, 2006 5:24 PM Original> To: Gary Collis; security-basics () securityfocus com Original> Subject: RE: Allowing Non admin users to install approved software Original> Original> Do not! If they would like a program installed, have them send you an Original> e-mail. Then you publish the program to the user. They log out and Original> then back in and the program will install. This way you retain control Original> whilst they get the program they wish. Since you are only allowing them Original> programs that are on your "approved" list, then just make sure you have Original> a valid msi for each and make very sure that you are covering the Original> programs in your patch management tool. Original> Original> Jens Original> Original> -----Original Message----- Original> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Original> On Behalf Of Gary Collis Original> Sent: Tuesday, October 17, 2006 1:30 PM Original> To: security-basics () securityfocus com Original> Subject: Allowing Non admin users to install approved software Original> Original> List, Original> Original> How can I allow non admin/power users in a w2k domain, using XP Original> machines Original> Original> to install software that is approved by IT, whilist maintaining some Original> degree of security and control over what is installed? Original> Original> Any suggestions would be greatly appreciated, Original> Original> Thanks Original> Original> ------------------------------------------------------------------------ Original> --- Original> This list is sponsored by: Norwich University Original> Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE Original> The NSA has designated Norwich University a center of Academic Original> Excellence Original> in Information Security. Our program offers unparalleled Infosec Original> management Original> education and the case study affords you unmatched consulting Original> experience. Original> Using interactive e-Learning technology, you can earn this esteemed Original> degree, Original> without disrupting your career or home life. Original> Original> http://www.msia.norwich.edu/secfocus Original> ------------------------------------------------------------------------ Original> --- Original> Original> Original> Original> --------------------------------------------------------------------------- Original> This list is sponsored by: Norwich University Original> Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE Original> The NSA has designated Norwich University a center of Academic Original> Excellence Original> in Information Security. Our program offers unparalleled Infosec Original> management Original> education and the case study affords you unmatched consulting Original> experience. Original> Using interactive e-Learning technology, you can earn this esteemed Original> degree, Original> without disrupting your career or home life. Original> Original> http://www.msia.norwich.edu/secfocus Original> --------------------------------------------------------------------------- Original> --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Allowing Non admin users to install approved software Gary Collis (Oct 17)
- Re: Allowing Non admin users to install approved software Saqib Ali (Oct 17)
- RE: Allowing Non admin users to install approved software Duncan McAlynn (Oct 18)
- Re: Allowing Non admin users to install approved software Jon Wallace (Oct 18)
- <Possible follow-ups>
- RE: Allowing Non admin users to install approved software Laundrup, Jens (Oct 17)
- RE: Allowing Non admin users to install approved software Isaac Van Name (Oct 18)
- RE: Allowing Non admin users to install approved software Scott Ramsdell (Oct 17)
- Re: Allowing Non admin users to install approved software Saqib Ali (Oct 17)