That's what this is about? Looks not only straight-forward, but like something they should have done sooner to me.
-- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author, "Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices Identity Management, LDAP, and Linux Integration worms wrote: > http://appl003.lsu.edu/itsweb/securityweb.nsf/$Content/LSU/$file/letter.pdf > > On 9/27/07, Dustin Puryear <dustin at puryear-it.com> wrote: >> If you are part of AD, then you are subject to a Domain Admin, period. >> Now, if they are establishing various trust relationships then things >> are different. Since we don't know how any of this is being implemented, >> it's next to impossible to really know one way or the other. :) >> >> -- >> Puryear Information Technology, LLC >> Baton Rouge, LA * 225-706-8414 >> http://www.puryear-it.com >> >> Author, "Best Practices for Managing Linux and UNIX Servers" >> http://www.puryear-it.com/pubs/linux-unix-best-practices >> >> Identity Management, LDAP, and Linux Integration >> >> >> Andrew Baudouin wrote: >>> He's talking about the fact that IT has promised the department admins >>> the ability to lock IT out of their servers. >>> >>> Nothing to see here, move along. >>> >>> On 9/27/07, * Dustin Puryear* <dustin at puryear-it.com >>> <mailto:dustin at puryear-it.com>> wrote: >>> >>> Honestly, I don't know what you mean by "AD lockout". :) >>> >>> -- >>> Puryear Information Technology, LLC >>> Baton Rouge, LA * 225-706-8414 >>> http://www.puryear-it.com >>> >>> Author, "Best Practices for Managing Linux and UNIX Servers" >>> http://www.puryear-it.com/pubs/linux-unix-best-practices >>> >>> Identity Management, LDAP, and Linux Integration >>> >>> >>> willhill wrote: >>> > The problems is that people like you are already running ADs of >>> their own and >>> > think they are doing a better job than IT will. I've gotten >>> conflicting >>> > reports of how much control this will actually give the IT >>> people. IT claims >>> > they will let you lock them out and there's no way around that >>> lock out. >>> > Others have their doubts. These people know their machines and their >>> > department needs much better than the IT people do, so I can >>> understand their >>> > suspicion and fear. Job security is another thing for them to >>> worry about. >>> > >>> > So, Dustin, who's right about the AD lockout? >>> > >>> > On Thursday 27 September 2007 10:36 am, Dustin Puryear wrote: >>> >> My thoughts are that if LSU owns the equipment, then they get to >>> manage >>> >> it. And when it comes to AD, fact is, I *like* AD. It's powerful >>> and has >>> >> some very strong policy enforcement mechanisms. >>> >> >>> >> What I think gets lost in the shuffle sometimes is the fact that it >>> >> costs much more to manage a box than it does to buy a box. MUCH MORE. >>> >> And it's a recurring expense. So any mechanism that makes improves >>> >> management is usually fine by me. :) >>> >> >>> >> This goes for Windows, Linux, whatever. >>> > >>> > _______________________________________________ >>> > General mailing list >>> > General at brlug.net <mailto:General at brlug.net> >>> > http://mail.brlug.net/mailman/listinfo/general_brlug.net >>> >>> _______________________________________________ >>> General mailing list >>> General at brlug.net <mailto:General at brlug.net> >>> http://mail.brlug.net/mailman/listinfo/general_brlug.net >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> General mailing list >>> General at brlug.net >>> http://mail.brlug.net/mailman/listinfo/general_brlug.net >> _______________________________________________ >> General mailing list >> General at brlug.net >> http://mail.brlug.net/mailman/listinfo/general_brlug.net >> > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net
