|
|
10.6: Make a temporary Administrator account
I also am a sys admin for a large deployment of macs for a school system. We have 6,000 macbooks and 1,500 to 2,000 mac desktops. I would never give a managed user admin rights, because it tosses out all security I have in place right out the window. If something needs to be pushed out, I do so over the network with client based software, furthermore if it is something the user needs to trigger I accomplish this with self service policies (Casper Suite), but the same thing could be accomplished with things like radmind, munki, and other free solutions that are client based and run as admin under-the-hood. That is of course if you cannot afford to buy a license of Casper or Absolute. The good thing about the pay for Enterprise tools is that they just work, where the open source ones are more like roll your own.
10.6: Make a temporary Administrator account
I've had the opposite experience. I'm rather permissive with giving out local admin rights and have yet to be seriously burned. At the end of the day, being a sysadmin is all about having happy, productive users. I'd rather sacrifice security to have a better relationship.
10.6: Make a temporary Administrator account
If I didn't work in academia it would be a different game all together. Adults get fired when they tamper with company equipment maliciously, students don't have much to lose rather than some discipline like suspension. I'd love to give everyone admin rights, if I could be sure that it wouldn't blow up in my face. At one point in time we let non IT staff control some computer labs, and passwords got compromised and students installed Quake 3 on every PC in the lab.
10.6: Make a temporary Administrator account
As mentioned, we also use a software deployment solution. In my opinion, it's the only way to go when you have large deployments. We too push out the most popular printer drivers, but I was merely giving an example of where someone could use this solution. There is occasionally the odd all-in-one printer that comes with "special" software that we don't care to make a software set for.
10.6: Make a temporary Administrator account
Oh yeah trust me, I have a system of catching hackers because anytime you give a teenager all the time in the world, Google, and their laptop off campus, they will eventually find away around your security. I have a script that checks for admin membership and if so flags the system for abuse. It is impossible to stop someone with physical access, but it is very possible to play detective and catch those who hack machines. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.06 seconds |
|