Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Highest Security with Highest Functionality
- Thread starter Kurti
- Start date
My suggestion:
Make the user the local Administrator of their machines. Use a strong password policy, and set a defined expiration time for passwords.
Explicitly define shared folders on a server. Prevent network access to any local folder. If something needs to be used by someone else it needs to be copied to the shared folder or created there.
Make the user the local Administrator of their machines. Use a strong password policy, and set a defined expiration time for passwords.
Explicitly define shared folders on a server. Prevent network access to any local folder. If something needs to be used by someone else it needs to be copied to the shared folder or created there.
- Thread starter
- #3
It's agood start and definitely one that I am going to do... However, I was thinking more along the lines of the Different User Levels, Administrator, Users, Guests, etc.
Those types of settings first and then the suggestions that you stated above.
Think more along the lines of local computer more so than Server side.
Those types of settings first and then the suggestions that you stated above.
Think more along the lines of local computer more so than Server side.
- Thread starter
- #5
Ok Let me see if I can expand upon my question...
When you first create a computer, the main user is a default Administrator.
When you create a computer as a workstation for a Network, they are able to log into a Domain. Once in a domain they are given different user acounts: Administrator, Standard, User (these are the main three that they start with when setting up a computer for the network.)
Being part of the Administrator Group, gives you access to everything on the computer. Allowing you to Add, Edit and remove applications to and from your computer.
What I would like to know what groups (for Windows XP Pro) that offer the 'highest security'. That doesn't limit the user to the point where he/she cannot work efficiently on his or her computer.
When you first create a computer, the main user is a default Administrator.
When you create a computer as a workstation for a Network, they are able to log into a Domain. Once in a domain they are given different user acounts: Administrator, Standard, User (these are the main three that they start with when setting up a computer for the network.)
Being part of the Administrator Group, gives you access to everything on the computer. Allowing you to Add, Edit and remove applications to and from your computer.
What I would like to know what groups (for Windows XP Pro) that offer the 'highest security'. That doesn't limit the user to the point where he/she cannot work efficiently on his or her computer.
I would try maybe reading this document I stumbled on and this might give you a better understanding of how things work. I understand the question as "how can I lock down a machine, but still let people do their everyday operations efficiently"
A+,N+,CST,CNCT
A+,N+,CST,CNCT
- Thread starter
- #7
FroggyJ
Yes, that was an amazing article that you stumbled upon, however, it was geared towards the System Administrator. I'm an Assistant Systems Administrator. So I cannot physcially access the server and make the changes to the groups.
I'm working with securing workstations to the point that a user can use the programs installed upon it including Email and the Internet, yet protect them from harming the computer indirectly.
Yes, that was an amazing article that you stumbled upon, however, it was geared towards the System Administrator. I'm an Assistant Systems Administrator. So I cannot physcially access the server and make the changes to the groups.
I'm working with securing workstations to the point that a user can use the programs installed upon it including Email and the Internet, yet protect them from harming the computer indirectly.
- Status
Similar threads
