Security Policy. Local Security Policy (gpedit.msc) for, 2000 Professional, Windows XP Professional or Vista Business. Or the server versions thereof.
I Think tweakUI is the only way to do this with the "home" (aka toy) versions of Windows.
For the Domain, then you have Domain Policy. I disable autorun, on all drives, on my domains. I can't think of a single reason to ever enable it. I've never had a single helpdesk call about "how do I install 'x'". Users quite happily live witout it.
Trend Micro (et al) have viruses listed that leave "autorun.inf" in network drives. It's not just removable drives that can have viruses on them.
Vista is a nice Operating System for those that bought PCs up to MSs specification. Applicatons ran nicely, hibernate and sleep worked. However, it totally failed to function in any way with any sort of legacy support.
At the same time I bought a nice new Dell with Vista preinstalled, and work bought me a 2 x 64bit beasty, also with Vista pre-installed. Short story: Vista at home is still there, for at least a little while. I still do my video transcoding on my old workstaion, but happily work with vista and Cygwin when I need access to my workstation. At work, Vista had no drivers for our many printers. That alone was a show stopper. Applicatons did not deploy using our Group Policy scripts. More specifically, IBM, HP and Lexmark did not produce working printer drivers for legacy hardward for 64 bit versions of Vista. This was not fixed with Sp1. Nor would Vmware work without disabling device driver signing enforcement on each and every boot. The work PC has since had a sensible operating system installed because I could no longer afford the non-productive time.
uname -a Linux Host-Name 2.6.27-gentoo-r7 #7 SMP Wed Jan 7 17:11:56 CET 2009 x86_64 Intel(R) Core(TM)2 Extreme CPU Q6850 @ 3.00GHz GenuineIntel GNU/Linux
At work, we pulled the pin on any further investigation of Vista and decided to stick with XP. Seems the right decision. At home, Vista's days may be numbered if the next version of Knoppix supports the SATA drive.
Maybe for "one off" computers, or for an independant Computer Shop.
However, any business (> about 30 emplyees), should have the tech to re-image a computer an make it useful again. (And in the "stitch in time" basket... decent ant-virus and locked down user permissions).
Dell's, IBM's and big suppliers, should also have re-install disks which will at least make the computer useful again. You DO have backups of the photos of your (Dog/2 year old making faces/Pr0n/Warez), right?
I did that for a while. Paid the bar bills with the "Don't leave home without it". Figured that I'd be able to track how much I was drinking in the month. And perhaps earn an airfare with my addiction.
The shock of looking at an empty wallet on a weekend is nothing compared to the sting of it being all there in black an white at the end of the month.
The logical thing to do would be to cut back on the drinking, but some how that never seemed to get raised as a coping strategy. I went to back cash.
As an IT guy, I could care less if Fredd Dagg office worker installs a picture of wife, kids and dog on his PC as a wallpaper.
However, the 18 year old office temp, wants pop star de jour on the desktop, downloads PussycatDolls-nekkid-screensaver-install.exe and kills the local system, puts virus infected files on the network shares, deleting or changing files they have access to and starts eating LAN and WAN bandwidth as fast possible.
Risks and issues to the company: - IT staff time cleaning computer, network. - IT staff time restoring backups of files. - Possible copyright infringement exposure. - Office temp downtime as moving resource to new PC is not "cost free". Time is money.
Do you have time to run around and personally vet each and every screensaver installation? The most cost-efficient way here to make a corporate standard, and enforce with whatever vendor supplied tools are available.
Change the above to "Photoshop", that the user downlaoded from a P2P service. Anyone with a business need will have this installed by a competant administrator, license paid for and the application will be supported.
And let's not forget about the various pieces of phoney-baloney compliance legislation out there. (Sarbanes-Oxley, et al). Every year, we have to prove that the corporate information is safe, and is providing an accurate picture to our corporate overlords, who are in turn providing accurate information to the market.
An IT departments biggest threat is the person that might know a thing or two about a PC, but nothing about how to run a network. An IT department that isn't responsive to users legitimate needs will end up having more problems than it solves as users find a way to "get things done". Users aren't the enemy, nor is IT.
Obviously the response should be somewhat randomised so it doesn't get boring.
A few suggestions (that I've heard before 8-) ) - Sorry, I love you like a brother - With you? Eeeewwww. - I think we should see other people - I'm no way drunk enough yet - Did you know that I have discovered that I'm a Lesbian? - I'm saving myself for marriage - My parents might hear us
I have been in a business when govenment taxation change meant that most business systems had to be re-written. (Old systems in a nearly dead language). Consumed the greater part of a year from a small IT dept (3 persons plus manager/Analyst). Old systems had to get over the initial hurdle of supporting functionality that it was not even remotely designed for, then if possible re-write it.
Promotions dept boss heard of what possible regulations we had to comply with and ensured that we had every possible case to support on go live day, every one which was outside of the core business. We asked MD to have a look, Promotions boss replied "IT doesn't run the business, Sales runs the business".
Three months time the yearly sales roadshow comes to HQ hometown. Not one IT nor Accouting person turns up (to overtime unpaid) Saturday meeting. Financial Controller and MD and Promotions bosses haul the two departments over the coals for lack of support, company spirit. Got a severe reprimand and warning for saying "IT doesn't run the business, Sales runs the business". Sorry arsehole, cuts both ways.
A little communication and understanding BOTH WAYS is necessery. I don't need to be an expert in Sales, Legal, Logistics and Accounting, but do try and give me the big picture and take on suggestions on how it can be done the best, easiest simplest and cheapest way.
Point is, most folks actually want to help. Some people are just arseholes.
10 persons? In some businesses that's enough for an IT person. Other businesses, well, there may be someone that knows the difference between a printer and mouse, and they do that as a side line.
Centralised backup? Shared access between 2 persons needing access? Files on a RAID drive, not subject to the whim of a dodgy power supply?
When I think Bogan, I'm thinking packet of Winnie blue up the sleeve of a too tight black t-shit. Obligatory moccies, stonewash blue jeans, mullet, dream car is the SLR5000 Torana (or later day Ford Falcon V8 ute), hails from Narre Warren/Cranbourne, all the "Special" subjects at high school and knows the lyrics to all the AC/DC songs ever written, but probably not the National Anthem. And for what they will be condemned to the 9th level of hell for all eternity: Collingwood supporter.
A naming scheme based on cultural references is bound to fail as soon as you deal with non-english speaking backgrounds. SideShowBob is probably only good for US/Can/Aus/Nz/UK. Telling one of our Russian counterparts to look for SideShowBob01 is not going to work.
- ISO standard Country codes (3 characters) - Site number within country (1 digit, we only need one) - O/S NT based, LX based, MC based, A4 for AS/400 - WS Workstation, FS (File)Server, DC Domain Controller. - Unique number. 3 digits only are needed here for us.
We have a flat DNS space. One domain. Works for us.
But it's probably a good idea to have your DNS managable by the local IT support. Three timezones is best handled with 3 DNS domains (AfEurope, Americas, Asiapac).
People tend to realise which resources they are commonly connecting to. And mostly that should be scripted. Anyone else is going to be careful what they type.
Job's done.
My test domains on the other hand are a much funner place. Bundys, Flintstones, Simpsons and Family Guy are good targets. Keep the group membership based on family and you do have an easy to remember scheme. Bit characters are always good for testing unauthorised access.
If it's illegal where you are, don't do it. If the boss threatens to fire you. Let him. Being fired for NOT doing something illegal...... I smell a fat juicy lawsuit. Of course, assuming there is any money left in the business after everyone else sues them in to oblivion.
1 Get the direction to do it in writing. Put your objection to doing in writing and have it witnessed/notarised. 2 Wait 3 ??? 4 Profit.
Actual I fear an "Absolute Monarchy" more than Communism. Communism at least has a veneer of "looking after you", rather than looking after "Number 1".
Fear governments. All governments. Be suspicious once, twice, three times. They are, after all, about power. With the right personality type (ie, corrupt) the only thing better than a little power, is a lot of power. The honest ones don't really care about supervision, or checks and balances, they get along fine with it.
1984 was about power taken to (one of) it's logical conclusions.
No it's just that I have no desire to have the world contaminated by tadioactive material for the next 'x' thousand thousand years. (I can't be bothered Googling the various half-lives).
No matter how good the safe guards. There is always human error to watch out for. And human stupidity, and malice. Then there are supposedly failsafe devices that aren't.
As for the waste, well, that hot radioactive rock has to be stored somewhere. American mid-west? Under NY? Outback Australia? Arctic/Antarctic? Even safe transport is massively complex undertaking. Try and predict what might be around in 1,000 years in those areas.
It's polluting, very, very polluting. It's just that it doesn't go up in the sky and turn it browny/orange.
And no, it's not cheap either. Whatever cost advantages per Kw/h, are more than outweighed by the massive storage costs, generally underwritten by the various governments.
Linux has always done well with Servers. Thanks in no small part to the Techie/Admin.
Low end consumers at one end, and a constant battle for the hearts and soul of the server. I guess the middle ground is (eventually) going to have pressure from both ends.
Don't just disable it, remove it from your System. It's just another networking service and it can be un-installed.
Although, as the parent poster mentioned, it's not beyond Microsoft to re-install it as part of a Service Pack/Security Update. (See Windows Messenger).
If it can be done, (1) try and get an internal transfer within your company or (2) there are often businesses set up just to help the actual move. These are mainly targetting the executive end of the market, and they will cost you, but they also look after small fish too. Sound them out about fees and ask perhaps to speak to someone they have moved. (Remember that they are leeches and will try and own your soul).
Internal transfers generally make everything plain sailing. Especially paperwork.
Forget moving large amounts of furniture. Just the stuff you really personally need. One trip to Ikea will sort you when you get there.
And you will miss Vegemite, Chicko Rolls, Twisties, Dim Sims and Meat Pies. Even if you hate them now, you will miss them. Have a strategy for getting a hold of some every now and again.
(Melb, Aus to Switzerland in 2001).
P.S. Language classes are an excellent way to meet women. Granted you mention Vancouver, but picking up a little French won't go astray if you do some travel in Canada. And it will may help you get your job after next.
So Windows '95 was indeed a high point for Microsoft. They were the first to deliver a stable 32-bit-ish graphical OS to Intel PCs. And it was the first OS to integrate well enough with DOS to replace it. Windows 3.1 was more of a graphical shell than an operating system. Windows '95 is why we use the term "wintel" and it is why IBM and OS/2 did not win the operating system wars.
Windows 95 did neither of those things first. It was the first for Microsoft, but OS/2 was a better DOS than DOS and had 32 bit shell. It did win the marketing war though. (Fair means and foul).
Slashdot Mirror
Security Policy.
Local Security Policy (gpedit.msc) for, 2000 Professional, Windows XP Professional or Vista Business. Or the server versions thereof.
I Think tweakUI is the only way to do this with the "home" (aka toy) versions of Windows.
For the Domain, then you have Domain Policy. I disable autorun, on all drives, on my domains. I can't think of a single reason to ever enable it. I've never had a single helpdesk call about "how do I install 'x'". Users quite happily live witout it.
Trend Micro (et al) have viruses listed that leave "autorun.inf" in network drives. It's not just removable drives that can have viruses on them.
Vista is a nice Operating System for those that bought PCs up to MSs specification. Applicatons ran nicely, hibernate and sleep worked. However, it totally failed to function in any way with any sort of legacy support.
At the same time I bought a nice new Dell with Vista preinstalled, and work bought me a 2 x 64bit beasty, also with Vista pre-installed. Short story: Vista at home is still there, for at least a little while. I still do my video transcoding on my old workstaion, but happily work with vista and Cygwin when I need access to my workstation. At work, Vista had no drivers for our many printers. That alone was a show stopper. Applicatons did not deploy using our Group Policy scripts. More specifically, IBM, HP and Lexmark did not produce working printer drivers for legacy hardward for 64 bit versions of Vista. This was not fixed with Sp1. Nor would Vmware work without disabling device driver signing enforcement on each and every boot. The work PC has since had a sensible operating system installed because I could no longer afford the non-productive time.
uname -a
Linux Host-Name 2.6.27-gentoo-r7 #7 SMP Wed Jan 7 17:11:56 CET 2009 x86_64 Intel(R) Core(TM)2 Extreme CPU Q6850 @ 3.00GHz GenuineIntel GNU/Linux
At work, we pulled the pin on any further investigation of Vista and decided to stick with XP. Seems the right decision. At home, Vista's days may be numbered if the next version of Knoppix supports the SATA drive.
Maybe for "one off" computers, or for an independant Computer Shop.
However, any business (> about 30 emplyees), should have the tech to re-image a computer an make it useful again. (And in the "stitch in time" basket ... decent ant-virus and locked down user permissions).
Dell's, IBM's and big suppliers, should also have re-install disks which will at least make the computer useful again. You DO have backups of the photos of your (Dog/2 year old making faces/Pr0n/Warez), right?
One trick ponies? Only if only know ONE trick.
Socialism: Man exploiting man.
Capitalism: The other way around.
(With apologies to the original author).
Either way, unless you're top banana, you're screwed.
Not necessarily, but maybe online.
Once you can get your hands on a 2~16Gb usb stick, you're set. I've seen a lot of swapping of sticks on busses, uni, trains on to laptops etc.
It's just the much lamented return of sneaker net. Which only goes to prove that the biggest leeches (not leachers) are BigPond, Optarse, etc.
Forget the cure for cancer.
Give me a beer that takes from the Beer Belly (or gut or pot), and returns Beer Biceps.
"Teletrekkies" perhaps?
Hell, they even wear the nice colourful uniforms. "ooh oh. Full warp speed Mr Sulu."
(Handing in my geek card, I only had a passing interest in Star Trek. Doctor Who was more my style).
I did that for a while. Paid the bar bills with the "Don't leave home without it". Figured that I'd be able to track how much I was drinking in the month. And perhaps earn an airfare with my addiction.
The shock of looking at an empty wallet on a weekend is nothing compared to the sting of it being all there in black an white at the end of the month.
The logical thing to do would be to cut back on the drinking, but some how that never seemed to get raised as a coping strategy. I went to back cash.
As an IT guy, I could care less if Fredd Dagg office worker installs a picture of wife, kids and dog on his PC as a wallpaper.
However, the 18 year old office temp, wants pop star de jour on the desktop, downloads PussycatDolls-nekkid-screensaver-install.exe and kills the local system, puts virus infected files on the network shares, deleting or changing files they have access to and starts eating LAN and WAN bandwidth as fast possible.
Risks and issues to the company:
- IT staff time cleaning computer, network.
- IT staff time restoring backups of files.
- Possible copyright infringement exposure.
- Office temp downtime as moving resource to new PC is not "cost free". Time is money.
Do you have time to run around and personally vet each and every screensaver installation? The most cost-efficient way here to make a corporate standard, and enforce with whatever vendor supplied tools are available.
Change the above to "Photoshop", that the user downlaoded from a P2P service. Anyone with a business need will have this installed by a competant administrator, license paid for and the application will be supported.
And let's not forget about the various pieces of phoney-baloney compliance legislation out there. (Sarbanes-Oxley, et al). Every year, we have to prove that the corporate information is safe, and is providing an accurate picture to our corporate overlords, who are in turn providing accurate information to the market.
An IT departments biggest threat is the person that might know a thing or two about a PC, but nothing about how to run a network. An IT department that isn't responsive to users legitimate needs will end up having more problems than it solves as users find a way to "get things done". Users aren't the enemy, nor is IT.
Obviously the response should be somewhat randomised so it doesn't get boring.
A few suggestions (that I've heard before 8-) )
- Sorry, I love you like a brother
- With you? Eeeewwww.
- I think we should see other people
- I'm no way drunk enough yet
- Did you know that I have discovered that I'm a Lesbian?
- I'm saving myself for marriage
- My parents might hear us
I have been in a business when govenment taxation change meant that most business systems had to be re-written. (Old systems in a nearly dead language). Consumed the greater part of a year from a small IT dept (3 persons plus manager/Analyst). Old systems had to get over the initial hurdle of supporting functionality that it was not even remotely designed for, then if possible re-write it.
Promotions dept boss heard of what possible regulations we had to comply with and ensured that we had every possible case to support on go live day, every one which was outside of the core business. We asked MD to have a look, Promotions boss replied "IT doesn't run the business, Sales runs the business".
Three months time the yearly sales roadshow comes to HQ hometown. Not one IT nor Accouting person turns up (to overtime unpaid) Saturday meeting. Financial Controller and MD and Promotions bosses haul the two departments over the coals for lack of support, company spirit. Got a severe reprimand and warning for saying "IT doesn't run the business, Sales runs the business". Sorry arsehole, cuts both ways.
A little communication and understanding BOTH WAYS is necessery. I don't need to be an expert in Sales, Legal, Logistics and Accounting, but do try and give me the big picture and take on suggestions on how it can be done the best, easiest simplest and cheapest way.
Point is, most folks actually want to help. Some people are just arseholes.
I agree.
The average dog is way smarter than the average human. Show me one dog with a job and kids? (not that I have kids ... that i know about).
Define small.
3 persons? Probably still done by cheque.
10 persons? In some businesses that's enough for an IT person. Other businesses, well, there may be someone that knows the difference between a printer and mouse, and they do that as a side line.
Centralised backup? Shared access between 2 persons needing access? Files on a RAID drive, not subject to the whim of a dodgy power supply?
Agreed.
When I think Bogan, I'm thinking packet of Winnie blue up the sleeve of a too tight black t-shit. Obligatory moccies, stonewash blue jeans, mullet, dream car is the SLR5000 Torana (or later day Ford Falcon V8 ute), hails from Narre Warren/Cranbourne, all the "Special" subjects at high school and knows the lyrics to all the AC/DC songs ever written, but probably not the National Anthem. And for what they will be condemned to the 9th level of hell for all eternity: Collingwood supporter.
Hell, you only need The President to say "you're a very bad man" and you get a free holiday in Cuba.
Proof is no longer required. The truth may actually be inconvenient.
No, I'd say it's a pretty good scheme.
A naming scheme based on cultural references is bound to fail as soon as you deal with non-english speaking backgrounds. SideShowBob is probably only good for US/Can/Aus/Nz/UK. Telling one of our Russian counterparts to look for SideShowBob01 is not going to work.
- ISO standard Country codes (3 characters)
- Site number within country (1 digit, we only need one)
- O/S NT based, LX based, MC based, A4 for AS/400
- WS Workstation, FS (File)Server, DC Domain Controller.
- Unique number. 3 digits only are needed here for us.
We have a flat DNS space. One domain. Works for us.
But it's probably a good idea to have your DNS managable by the local IT support. Three timezones is best handled with 3 DNS domains (AfEurope, Americas, Asiapac).
People tend to realise which resources they are commonly connecting to. And mostly that should be scripted. Anyone else is going to be careful what they type.
Job's done.
My test domains on the other hand are a much funner place. Bundys, Flintstones, Simpsons and Family Guy are good targets. Keep the group membership based on family and you do have an easy to remember scheme. Bit characters are always good for testing unauthorised access.
Sport is the new opiate of the masses.
Coporate Media is the media.
Don't do it. It's illegal in many places.
... ... I smell a fat juicy lawsuit. Of course, assuming there is any money left in the business after everyone else sues them in to oblivion.
If it's illegal where you are, don't do it. If the boss threatens to fire you. Let him. Being fired for NOT doing something illegal
1 Get the direction to do it in writing. Put your objection to doing in writing and have it witnessed/notarised.
2 Wait
3 ???
4 Profit.
Actual I fear an "Absolute Monarchy" more than Communism. Communism at least has a veneer of "looking after you", rather than looking after "Number 1".
Fear governments. All governments. Be suspicious once, twice, three times. They are, after all, about power. With the right personality type (ie, corrupt) the only thing better than a little power, is a lot of power. The honest ones don't really care about supervision, or checks and balances, they get along fine with it.
1984 was about power taken to (one of) it's logical conclusions.
ThinkGeek have a range of posters by Despair Inc.
http://www.thinkgeek.com/interests/exclusives/8aec/
Although Dilbert is always good.
No it's just that I have no desire to have the world contaminated by tadioactive material for the next 'x' thousand thousand years. (I can't be bothered Googling the various half-lives).
No matter how good the safe guards. There is always human error to watch out for. And human stupidity, and malice. Then there are supposedly failsafe devices that aren't.
As for the waste, well, that hot radioactive rock has to be stored somewhere. American mid-west? Under NY? Outback Australia? Arctic/Antarctic? Even safe transport is massively complex undertaking. Try and predict what might be around in 1,000 years in those areas.
It's polluting, very, very polluting. It's just that it doesn't go up in the sky and turn it browny/orange.
And no, it's not cheap either. Whatever cost advantages per Kw/h, are more than outweighed by the massive storage costs, generally underwritten by the various governments.
Linux has always done well with Servers. Thanks in no small part to the Techie/Admin.
Low end consumers at one end, and a constant battle for the hearts and soul of the server. I guess the middle ground is (eventually) going to have pressure from both ends.
Good point.
Don't just disable it, remove it from your System. It's just another networking service and it can be un-installed.
Although, as the parent poster mentioned, it's not beyond Microsoft to re-install it as part of a Service Pack/Security Update. (See Windows Messenger).
This is true.
Bad information is worse that no information.
If it can be done, (1) try and get an internal transfer within your company or (2) there are often businesses set up just to help the actual move. These are mainly targetting the executive end of the market, and they will cost you, but they also look after small fish too. Sound them out about fees and ask perhaps to speak to someone they have moved. (Remember that they are leeches and will try and own your soul).
Internal transfers generally make everything plain sailing. Especially paperwork.
Forget moving large amounts of furniture. Just the stuff you really personally need. One trip to Ikea will sort you when you get there.
And you will miss Vegemite, Chicko Rolls, Twisties, Dim Sims and Meat Pies. Even if you hate them now, you will miss them. Have a strategy for getting a hold of some every now and again.
(Melb, Aus to Switzerland in 2001).
P.S. Language classes are an excellent way to meet women. Granted you mention Vancouver, but picking up a little French won't go astray if you do some travel in Canada. And it will may help you get your job after next.
So Windows '95 was indeed a high point for Microsoft. They were the first to deliver a stable 32-bit-ish graphical OS to Intel PCs. And it was the first OS to integrate well enough with DOS to replace it. Windows 3.1 was more of a graphical shell than an operating system. Windows '95 is why we use the term "wintel" and it is why IBM and OS/2 did not win the operating system wars.
Windows 95 did neither of those things first. It was the first for Microsoft, but OS/2 was a better DOS than DOS and had 32 bit shell. It did win the marketing war though. (Fair means and foul).