Administrator Securities on Business Laptop

[Maelly]

Guys, just joined a new organisation. Got a new laptop running Windows 7. The most annoying thing is that the level of security is too excessive! I cant even delete unneeded applications on my desktop. It always prompt for Administrator credentials. I cant even install applications such as Flash, Skype, PC Suite, Nokia Ovi Suite, etc etc - is there a way I can override this?

I asked the IT guy and his response was that they are avoiding viruses, I mean really?

Thanks

 

[werner]

content removed

 

[Maelly]

Noted.

 

[UnUnOctium]

You get password reset iso's. Google a bit. What line of work are you in that they are being so restrictive?

 

[werner]

content removed

 

[UnUnOctium]

The last guy that lost his job at my work had used a password reset iso, local admin password was blanked, picked up by MBSA and fired. He did it in the mornig to install some **** for his iphone, but 2pm him and his iphone were out the gate. Please dont try to be clever guys. Proper IT admins generally arent in the mood, because by you trying to be clever it makes them look bad. Blank the password, install stuff, be happy. But when someone asks why you can do that and he cant, and it gets to the BOSS, who then asks the IT guy WTF is going on, it makes the IT guy look clueless. SO there is a good chance that loophole has already been closed.

Our monitoring system send emails whenever a program is installed or uninstalled, amongst other things. And if you have no permissions to install (restricted by system)...and you manage to install...???? see where this is going.............

Hmm, sounds like you work for some bank... But anyways, that's definately not the kind of work environment I thought people could survive in.

 

[Kosmik]

Hmm, sounds like you work for some bank... But anyways, that's definitely not the kind of work environment I thought people could survive in.

It depends. If you are meant to merely use the laptop with normal items ( office etc ) and they are provided by the employer then what need for you to install additional programs? There are levels of privilege which can be granted to users by policies which allow installation and removal of applications depending on what the company sees as that employees responsibilities. If you try to circumvent the policy , then you are normally punished heavily in any organization.

 

[supersunbird]

I work in IT at a large corporate. The same applies to our users. They can phone in to the IT service desk and we will assist our users by remoting to their PCs to install and uninstall software with our administrator rights (software that is permitted and not blocked by the network management software or on the software blacklist). Users can request to be granted permanent administrator rights through a form and with due process followed and if they require it to perform their work functions, it will be granted or declined.

 

[Paul_S]

The company I work for is considering locking down the business laptops too and I fully support the idea.

Nearly all the staff who have business laptops use them for personal use and create a real head ache for IT.

- They install pirated software and we get nailed by the auditors each year
- They install software containing viruses, trojans, etc. and then plug it directly into the LAN when they arrive at work ...
- They abuse their 3G connections browsing for personal junk on the Internet when it's supposed to be used for work via VPN

I can't wait till they lock all those laptops down.
If you need to use a PC for personal use then buy your own PC/laptop and use your own Internet connection.

 

[Oculate]

IT guy and his response was that they are avoiding viruses, I mean really?

Afraid so... Users with admin rights have a greater chance of getting a virus while browsing the net than users who don't

I work in IT at a large corporate. The same applies to our users. They can phone in to the IT service desk and we will assist our users by remoting to their PCs to install and uninstall software with our administrator rights (software that is permitted and not blocked by the network management software or on the software blacklist). Users can request to be granted permanent administrator rights through a form and with due process followed and if they require it to perform their work functions, it will be granted or declined.

Agreed, we have the same policy where I work - except for the permanent admin rights

 

[bekdik]

The laptop belongs to the company, as does the job. When you join a company and use their equipment, you accept their T&C's with the exeption if they are unlawful.

They often disable USB ports as well and if they do, would certainly not allow phone browsing software either.

If you are unhappy, speak to the head of IT.

 

[supersunbird]

Agreed, we have the same policy where I work - except for the permanent admin rights

Some technicians out in the field need it to install software to connect with certain appliances and thus they install and afterward remove the communication software as required and often 3g acess (for remoting) is not available. So its not a common thing.

Regarding the virus story, it's true. Virussses and malicious software occurances are very infrequent than the other much less administired network of where I was before where every user had local admin rights, virusses and malware sometimes abounded.

 

[rurapente]

You get password reset iso's. Google a bit. What line of work are you in that they are being so restrictive?

Just remember, if the company Security Policy states you cannot change anything, and you do. You have violated the policy and depending on the wording in your employment contract you may or may not be dismissed.

The reason is simple, out of 10 people, 2 are going to install rubbish on their systems and spread viruses. Since its an administrational nightmare to control every persons access individually and react accordingly, the accepted response is to lock all 10 people down.

 

[UnUnOctium]

Hmm, are any of you guys (IT admins) in the engineering (electronic specifically) industry? Do you give slack to the people that actually know how to look after a PC?

 

[syntax]

You get password reset iso's. Google a bit. What line of work are you in that they are being so restrictive?

enjoy losing your job once you do this...

Hmm, are any of you guys (IT admins) in the engineering (electronic specifically) industry? Do you give slack to the people that actually know how to look after a PC?

I give slack to everyone. The policies are there for a reason, I honestly dont care if you know how to build your own linux kernel or did an A+/N+ after highschool, if you want to use company equipment, u obey company rules. If you dont like it, whinge to the security Admins...oh wait..thats me..

 

[Oculate]

Hmm, are any of you guys (IT admins) in the engineering (electronic specifically) industry? Do you give slack to the people that actually know how to look after a PC?

I am, and the guys who know how to look after their computers understand why such policies have been implemented. As tau1z said, company equipment - company rules

 

[ponder]

Hmm, are any of you guys (IT admins) in the engineering (electronic specifically) industry? Do you give slack to the people that actually know how to look after a PC?

Used to work for a Telco's IT section with god rights. Later moved out of IT to the telco/networking side, my god profile was revoked which hampered me in certain ways. After asking nicely and motivating they restored my god profile. So now I was god of two universes

 

[Maelly]

The last guy that lost his job at my work had used a password reset iso, local admin password was blanked, picked up by MBSA and fired. He did it in the mornig to install some **** for his iphone, but 2pm him and his iphone were out the gate. Please dont try to be clever guys. Proper IT admins generally arent in the mood, because by you trying to be clever it makes them look bad. Blank the password, install stuff, be happy. But when someone asks why you can do that and he cant, and it gets to the BOSS, who then asks the IT guy WTF is going on, it makes the IT guy look clueless. SO there is a good chance that loophole has already been closed.

Our monitoring system send emails whenever a program is installed or uninstalled, amongst other things. And if you have no permissions to install (restricted by system)...and you manage to install...???? see where this is going.............

Noted.

The company I work for is considering locking down the business laptops too and I fully support the idea.

Nearly all the staff who have business laptops use them for personal use and create a real head ache for IT.

- They install pirated software and we get nailed by the auditors each year
- They install software containing viruses, trojans, etc. and then plug it directly into the LAN when they arrive at work ...
- They abuse their 3G connections browsing for personal junk on the Internet when it's supposed to be used for work via VPN

I can't wait till they lock all those laptops down.
If you need to use a PC for personal use then buy your own PC/laptop and use your own Internet connection.

Ag, I guess policies are just policies. I'm one of the managers at this international education organisation.
I will try to nicely ask the IT guy (consultant) to pleaaaaaaase allow me to install a couple of non-work related apps.