|
Remote Users - What can yours do?
Now we have locked down all our desktops and have a bit of spare time we are looking at locking down our remote laptop users.
The question is, what can yours do? They all connect over VPN through our RSA/ACE server and then onto the Lan. From here I see the following as essential: No Proxy settings unless connecting to network over the VPN (when they use their own internet, they should not access the Proxy Server) Able to add and remove printers (in case of printer failures, if at a client site etc.) Able to add and remove devices (USB keys etc.) Access Shared volume on our File Servers Remote Support - via Dameware or RDP Can't think of anything else at the moment Cheers Darren |
Lock downs are the work of the devil :mad: :)
|
We dont let them do anything more than their desktop.. less infact..
What kind of users are they? we are now provide remote access via Citrix Secure Gateway but you could use csg. All users shouldnt be adding their own printers! 100% restrict them and open what is required only. David |
Originally Posted by bioforger
Lock downs are the work of the devil :mad: :)
|
David,
We have a few travelling sales reps who we see about once maybe twice a year so we usually have to get things right first time as we know its at least 6 months before we see them again. and about 30 laptops users who very occasionaly work form home. Currently our users (this currently includes all laptop users, excpet the travelling rep) can't even fart without us knowing about it. However our sales reps have to sometimes add a printer to their laptop, if for example their printer fails and we ship them a new one. We don't want to give them administrator access so we will probally grant Printer Adminstrators (to also manager print jobs) Darren |
i just had all hell break loose when i blocked msn messenger and hotmail access, for work-shy hotel staff.
they pi55 me off and have had certain privileges for 12 months, not anymore. lock every **** down with 6" nails mate, or they will extract the urine repeatedly!!! oh, and its quite good fun too. LOL BOFH BB |
We went through that same process a while ago, no personal webmail, no intresting sites
No Messenger, no Pop3 access, just HTTP and even that is logged :D Darren |
Any other things set?
Darren |
We've just implemented a major lockdown policy when moving to XP. With NT it was more like everythign is open and we lock down as necessary, now it's the opposite :)
You say you've locked down your desktops, why can't you apply the same policies to the laptops? Ok you're always going ot have extra stuff on laptops and are going to have to change a few things, but surely if you already have a satisfactory policy on desktops what's changed? Users cannot execute anything we don't want them to, I couldn't possibly go into everything here as there are masses of policies controlling it all. If there's anything specific you want to know about pm me. |
Originally Posted by thundertiger
i just had all hell break loose when i blocked msn messenger and hotmail access, for work-shy hotel staff.
they pi55 me off and have had certain privileges for 12 months, not anymore. lock every **** down with 6" nails mate, or they will extract the urine repeatedly!!! oh, and its quite good fun too. LOL BOFH BB Good on ya! Gary |
Hello
Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate? Steve |
Originally Posted by boxst
Hello
Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate? Steve If they can't access the bios to boot form cd/another device they can't boot into setup. Plus I very much doubt that the only access these machines have is through VPN, they should be in a domain if the IT setup is any good, which they will not be able to join as they won't know the account details to join it. Plus if they did try it would totally go against the companies computer user guidelines and you'd get a serious telling off, maybe sacked. Also what management systems are implace for your machines (desktops and lapdogs), SMS? If the original poster wants to pm me with specific details I'm sure I could help :) |
Hello Just as a matter of interest, what is stopping a user installing their own version of XP, they will still have VPN access to corporate? Steve If a user at our place reinstalled XP, they would be contravining (sp) the computer usage policy by bringing software into work for one. We (IT) would push for instant dismissal - it would be fookin obvious if they did it too. As for installing printers, if they can establish a VPN connection, can you just not support them over the VPN connection as if they were a 'office' based user?? With them being remote / laptop users I would tie them down even more... Ill take a screen shot of our corporate desktop if you like :D David |
Originally Posted by David_Wallis
R1916v, unfortunatley most people dont change the default domain policy to stop each user adding their quota of members to the domain :rolleyes:
Our desktops aren't locked down as much as some places, but it can still be pretty restrictive. Diff GPOs apply to laptop users that enable extra restrictions/features like offline files. |
David,
A copy would be wicked if its possible. Are you using the Group Policy admin tool, if so you should be able to export as an HTML file. Darren |
Ill have to check the gpo's, i dont particuarly want to share some of it. :)
|
David,
I quite agree :D Darren |
| All times are GMT +1. The time now is 08:16 AM. |
© 2024 MH Sub I, LLC dba Internet Brands