2 reasons
Perhaps my outgoing SMTP server doesnt accept incoming mail for me, which is what an MX record indicates. This is not uncommon in large orginzations.
It would mean that you could not use smart hosts.
Or you could actually properly configure sendmail to use your ISPs SMTP server. Even with that you could add a SPF record for it so mail would not bounce.
A) I never said anything about outlawing alcohol. I have no problem with it
if used responsibly.
B) Cigarettes don't cause damage beyond the person using them and they know it.
Second hand smoke doesn't count, don't like it then leave. If it is a restaurant
then go to one that doesn't allow it. Enough people leave then they will feel it
where it counts.
C) Being accused of a crime and having possessions taken from you etc... is not
a function of what is illegal or not. It is corrupt law enforcement and courts
as well as general abuse of power..
I do agree that children today are raised on TV and don't really know much about
the world. I fall into this category to some extent. What is even sadder is the
ones that know all the Pokemon critters but cant find Texas on a map or other
basic skills..
I have no problem with treating drug use as a medical problem as well as a
criminal problem. End users fall into a different category than dealers.
This is not an issue of it being a police state. Everything that I mentioned
are CHOICES that people make. And there should be accountability for making
them, particularly when those choices endanger me or my family.
Obviously there are a number of things that we could point the finger at but
the ones we should be focusing on are the ones that make laws like this
necessary. Meaning good parenting and good schools as well as a good community
that teaches them right from wrong and how to make good life decisions. Some of
the things I hear about teen/pre-teens today make me sick, my parents would have
never allowed to happen. And the parents just throw their arms up and talk about
how terrible their kid is. Yet, the do nothing about it. We should be addressing
root cause is what it all boils down to.
The murderer directly impacted the life of 1 person and his/her family. Someone distrbuting drugs can impact dozens or even hundreds of people/families. Add to that to the fact that it isnt a big mystery that drugs do lead to/influence other crimes.
So based on that I have no problem with hitting people pusing drugs as hard if not harder than people that comit violent crimes.
Here's my take:
Child not in a child seat- remove the child from the home PERIOD.
DWI- 1st time:90 day suspension. 2nd time: Permenent licence revocation.
Death is way too nice for sex offenders, particularly if childern were involved. PPV deathmatches sound good to me.
And the endless appeals and such.....Conviction..2 appeals then a bullet in the head behind the courthouse, end of story.
It may sound draconian and if it does, then tough shit. I am tired of living in a world where criminals have more rights than I do and the gov pays tens of thousands a year per inmate to house them with A/C, heat and cable TV while working people go without food.
A contract cannot make the illeagl legal. If I sign a contract saying that it is ok for you to kill me, it doesnt mean it is not illegal. As I understand it, if you are hourly/non exempt they are obligated to pay you overtime, regardless of your agreement with them. If you are exempt/slaried regardless of your "position" weither it is manager or janitor they are not obligated to pay overtime.
You should because you are making judgements on it based on either false or misinformation. Your system may be exactly what you need, but that doesn't make your incorrect statement about how GP works more correct. And, you can save all that GP info in an inf file and even print it if you like.
The ability to manage all my users and their workstations as well as any future workstations in one central place as opposed to per machine is a HUGE advantage in my book. It may not be as minimalistic, but it is very powerful. I can be certain that every machine within my domain has the latest patches or new applications without even thinking about it. It joins the domain and it gets them. In terms of managing end users this is wonderful. Just set it and go. But, this is just my.02 on it and for you it may not work. Thats what makes the world go round.
As I see it I am not here to provide them with and support/fix their own little playground. If part of their assignment/job function is to do this, then you allow it as securely as possible. Give users only as much rights as they need to do their job. If they want to gripe that they can't install the latest spyware, tough. It saves you headaches and the company money.
In theory, if your permissions are right, they wont be able to hose it running an exe anyhow, but I was speaking more specifically to the concern of people running things they download.
"You can run anything you want when you rename the EXE to a runnable like 'notepad.exe'"
This assumes that they have write/change and execute in the same dir.
"You most likely can run anything you want off the floppy"
You are admitting that the machine is misconfigured
"and then you can use policy editor to start mounting all those hidden windows shares and hijacking other user's computers."
This also assumes that the shares have been modified since by default the $/admin shares are only available to admins. Also I would like to know how to use policy editor to mount a share.
Don't mistake poor configuration for a poor OS. *nix has its strengths but management at the desktop level isnt one of them. Windows has it beat IF you know how. But that goes for both
You can save them as a template/inf and it just takes moments to apply. And you can do it remotely with the MMC with no domain. Just connect to each machine and do it.
Number 1 thing you can do to keep your users from doing anything real stupid. Don't give them write/change AND execute access in the same dir. Then you can be pretty sure that they arent renaming or getting their own.exe's. Even if they do run one, they shouldnt have write/change access to the system dir so they wont hose the box.
Dont give the execute permissions on any folder they have write access too. Simple as that, No more running things from their desktops. Just lock the thing down tight, dont let the execute anything anywhere and try to do whatever it is they need to. Then open it up as needed. With GP you can disable Active X and all that in pages, so no more worries about that.
While I will agree that the phrasing needs some polishing and yes all the replys are right, that this is a very Linuxcentric board, if you dont like it, go elsewhere.
But, at the same time I was just saying the same thing to a friend. The jist of the discussion was that the/.ers can take ANY discussion and make it into an anti Microsoft discussion.
My suggestion would be rather than discussing the evils of MS, maybe you could work towards improving open source so it can better compete with MS.
pssst.... IPSec isnt a packet filter. And if anyone wants to bring up the fact that you can restrict certain ports in the TCP/IP properties it applies to all interfaces, so if you make your webserver accessable only via port 80 you just killed all your remote manageability. The easy answer is a true hardware firewall if you are running lots of servers, or even something as simple as a $59 nat router if its just one.
The point is that out of the box you cant say to only allow port 80 connections on a particular interface.
Ok, here is the chance for all you pengin breaths to shut up and vote with your dollars. Thats how the system works.
MS has such a strangle hold on the market because it works. Go ahead and feed me a line of BS about how much better Linux is and then go research it. Then you can tell me that you were wrong. Linux is slower (3rd party verified) A major PITA to patch (common sense). And lets look beyond that. Why the hell does RH insist on isntalling Sendmail on a "desktop" install. 99% of the people out there dont need an MTA running locally, they use the corp/ISP mail server. Same with Apache and so on and soforth. For whatever reason, Windows is the defacto standard and you pay for out of the box functionality. Same with Office. I tried OpenOffice and thought it was the most unpolished kludgy piece of water buffalo dung I had ever used. Linux has another fatal flaw. It is a patchwork of different software makeshift pieced together into an OS. Now, I am not saying it doesnt have its place, I LOVE Squid, I like the control Apache gives me, but for the desktop you may as well give me a Timex Sinclair 2000, its just as useful in todays business enviroment. Sure, I could spend a week *ucking with Samba to be able to print or access a share, or I could use XP and do it in seconds. The reality is that unless you are a Geek, the price difference is more than worth it. The time savings more than pays me back and I just dont have a problem with that.
Really folks, does this REALLY effect you? All the software in question is junk/spyware. The intentionally build it to not allow you to really restrict uploads by not providing good controls or it ignoring them. I routinely have to kill my girlfriends limewire to make SSHing from work barable. It saturates my upstream and kills the connection speed. The instant I kill it, things are good. We are victims of poor software design more than anything else. While I dont advocate ISPs blocking anything I can see their point. Like it or not it still thier network that they more or less rent you time on. Don't like it? Use another. Broadband is not a 'right' (yet). I used to have DSL that the ISP used QoS to rate limit me after I downloaded more than X amount. They were upfront about this and their prices did refect it. Its a resonable solution.
Slashdot Mirror
2 reasons Perhaps my outgoing SMTP server doesnt accept incoming mail for me, which is what an MX record indicates. This is not uncommon in large orginzations. It would mean that you could not use smart hosts.
Or you could actually properly configure sendmail to use your ISPs SMTP server. Even with that you could add a SPF record for it so mail would not bounce.
You still have 100% control of your computer.
They are restricting what you can do on THEIR network. If you don't like this change ISPs.
So, what do I get for regularly wearing my FreeBSD T-shirt in Houston? And, I have never had a single word said to me about it...
So, perhaps you should realize that just because we are in Texas, we aren't a bunch of backwoods religious zealots as you think.
A) I never said anything about outlawing alcohol. I have no problem with it if used responsibly.
B) Cigarettes don't cause damage beyond the person using them and they know it. Second hand smoke doesn't count, don't like it then leave. If it is a restaurant then go to one that doesn't allow it. Enough people leave then they will feel it where it counts.
C) Being accused of a crime and having possessions taken from you etc... is not a function of what is illegal or not. It is corrupt law enforcement and courts as well as general abuse of power..
I do agree that children today are raised on TV and don't really know much about the world. I fall into this category to some extent. What is even sadder is the ones that know all the Pokemon critters but cant find Texas on a map or other basic skills..
I have no problem with treating drug use as a medical problem as well as a criminal problem. End users fall into a different category than dealers.
This is not an issue of it being a police state. Everything that I mentioned are CHOICES that people make. And there should be accountability for making them, particularly when those choices endanger me or my family.
Obviously there are a number of things that we could point the finger at but the ones we should be focusing on are the ones that make laws like this necessary. Meaning good parenting and good schools as well as a good community that teaches them right from wrong and how to make good life decisions. Some of the things I hear about teen/pre-teens today make me sick, my parents would have never allowed to happen. And the parents just throw their arms up and talk about how terrible their kid is. Yet, the do nothing about it. We should be addressing root cause is what it all boils down to.
The murderer directly impacted the life of 1 person and his/her family. Someone distrbuting drugs can impact dozens or even hundreds of people/families. Add to that to the fact that it isnt a big mystery that drugs do lead to/influence other crimes.
So based on that I have no problem with hitting people pusing drugs as hard if not harder than people that comit violent crimes.
Here's my take:
Child not in a child seat- remove the child from the home PERIOD.
DWI- 1st time:90 day suspension. 2nd time: Permenent licence revocation.
Death is way too nice for sex offenders, particularly if childern were involved. PPV deathmatches sound good to me.
And the endless appeals and such.....Conviction..2 appeals then a bullet in the head behind the courthouse, end of story.
It may sound draconian and if it does, then tough shit. I am tired of living in a world where criminals have more rights than I do and the gov pays tens of thousands a year per inmate to house them with A/C, heat and cable TV while working people go without food.
Biggest problem is indexing it all, just poking around shares looking for a file is pretty much a pain.
Um, at least in the US I live in its still innocent until proven guilty. Still up to them to prove I did anything.
At least in Texas the family does not have to honor your request in a living will or for organ donation. I dont agree with it, but thats how it is.
A contract cannot make the illeagl legal. If I sign a contract saying that it is ok for you to kill me, it doesnt mean it is not illegal. As I understand it, if you are hourly/non exempt they are obligated to pay you overtime, regardless of your agreement with them. If you are exempt/slaried regardless of your "position" weither it is manager or janitor they are not obligated to pay overtime.
You should because you are making judgements on it based on either false or misinformation. Your system may be exactly what you need, but that doesn't make your incorrect statement about how GP works more correct. And, you can save all that GP info in an inf file and even print it if you like.
The ability to manage all my users and their workstations as well as any future workstations in one central place as opposed to per machine is a HUGE advantage in my book. It may not be as minimalistic, but it is very powerful. I can be certain that every machine within my domain has the latest patches or new applications without even thinking about it. It joins the domain and it gets them. In terms of managing end users this is wonderful. Just set it and go. But, this is just my .02 on it and for you it may not work. Thats what makes the world go round.
Hmmmmm, maybe you should read more about applying GPO's to OU's. You can easily do thousands of machines/users at once.
As I see it I am not here to provide them with and support/fix their own little playground. If part of their assignment/job function is to do this, then you allow it as securely as possible. Give users only as much rights as they need to do their job. If they want to gripe that they can't install the latest spyware, tough. It saves you headaches and the company money.
You give them access to system management functions through local and global group memberships. And it can apply to more than one machine!
You can control access to those on a per-user or per-group basis using standard WINDOWS protection mechanisms.
If you like something more general, you can use the "run as" function
By default, regular Windows users can perform no system management functions
Amazing! It's still true! Before you go bashing something, please be informed about it.In theory, if your permissions are right, they wont be able to hose it running an exe anyhow, but I was speaking more specifically to the concern of people running things they download.
"You can run anything you want when you rename the EXE to a runnable like 'notepad.exe'"
This assumes that they have write/change and execute in the same dir."You most likely can run anything you want off the floppy"
You are admitting that the machine is misconfigured"and then you can use policy editor to start mounting all those hidden windows shares and hijacking other user's computers."
This also assumes that the shares have been modified since by default the $/admin shares are only available to admins. Also I would like to know how to use policy editor to mount a share.Don't mistake poor configuration for a poor OS. *nix has its strengths but management at the desktop level isnt one of them. Windows has it beat IF you know how. But that goes for both
You can save them as a template/inf and it just takes moments to apply. And you can do it remotely with the MMC with no domain. Just connect to each machine and do it.
Number 1 thing you can do to keep your users from doing anything real stupid. Don't give them write/change AND execute access in the same dir. Then you can be pretty sure that they arent renaming or getting their own .exe's. Even if they do run one, they shouldnt have write/change access to the system dir so they wont hose the box.
Dont give the execute permissions on any folder they have write access too. Simple as that, No more running things from their desktops. Just lock the thing down tight, dont let the execute anything anywhere and try to do whatever it is they need to. Then open it up as needed. With GP you can disable Active X and all that in pages, so no more worries about that.
I think I could help you with your coughing problem. mark*siliconjunkie.net
While I will agree that the phrasing needs some polishing and yes all the replys are right, that this is a very Linuxcentric board, if you dont like it, go elsewhere.
But, at the same time I was just saying the same thing to a friend. The jist of the discussion was that the /.ers can take ANY discussion and make it into an anti Microsoft discussion.
My suggestion would be rather than discussing the evils of MS, maybe you could work towards improving open source so it can better compete with MS.Just my .02
The point is that out of the box you cant say to only allow port 80 connections on a particular interface.
Ok, here is the chance for all you pengin breaths to shut up and vote with your dollars. Thats how the system works. MS has such a strangle hold on the market because it works. Go ahead and feed me a line of BS about how much better Linux is and then go research it. Then you can tell me that you were wrong. Linux is slower (3rd party verified) A major PITA to patch (common sense). And lets look beyond that. Why the hell does RH insist on isntalling Sendmail on a "desktop" install. 99% of the people out there dont need an MTA running locally, they use the corp/ISP mail server. Same with Apache and so on and soforth. For whatever reason, Windows is the defacto standard and you pay for out of the box functionality. Same with Office. I tried OpenOffice and thought it was the most unpolished kludgy piece of water buffalo dung I had ever used. Linux has another fatal flaw. It is a patchwork of different software makeshift pieced together into an OS. Now, I am not saying it doesnt have its place, I LOVE Squid, I like the control Apache gives me, but for the desktop you may as well give me a Timex Sinclair 2000, its just as useful in todays business enviroment. Sure, I could spend a week *ucking with Samba to be able to print or access a share, or I could use XP and do it in seconds. The reality is that unless you are a Geek, the price difference is more than worth it. The time savings more than pays me back and I just dont have a problem with that.
Really folks, does this REALLY effect you? All the software in question is junk/spyware. The intentionally build it to not allow you to really restrict uploads by not providing good controls or it ignoring them. I routinely have to kill my girlfriends limewire to make SSHing from work barable. It saturates my upstream and kills the connection speed. The instant I kill it, things are good. We are victims of poor software design more than anything else. While I dont advocate ISPs blocking anything I can see their point. Like it or not it still thier network that they more or less rent you time on. Don't like it? Use another. Broadband is not a 'right' (yet). I used to have DSL that the ISP used QoS to rate limit me after I downloaded more than X amount. They were upfront about this and their prices did refect it. Its a resonable solution.