http://appl003.lsu.edu/itsweb/securityweb.nsf/$Content/LSU/$file/letter.pdf
On 9/27/07, Dustin Puryear <dustin at puryear-it.com> wrote: > If you are part of AD, then you are subject to a Domain Admin, period. > Now, if they are establishing various trust relationships then things > are different. Since we don't know how any of this is being implemented, > it's next to impossible to really know one way or the other. :) > > -- > Puryear Information Technology, LLC > Baton Rouge, LA * 225-706-8414 > http://www.puryear-it.com > > Author, "Best Practices for Managing Linux and UNIX Servers" > http://www.puryear-it.com/pubs/linux-unix-best-practices > > Identity Management, LDAP, and Linux Integration > > > Andrew Baudouin wrote: > > He's talking about the fact that IT has promised the department admins > > the ability to lock IT out of their servers. > > > > Nothing to see here, move along. > > > > On 9/27/07, * Dustin Puryear* <dustin at puryear-it.com > > <mailto:dustin at puryear-it.com>> wrote: > > > > Honestly, I don't know what you mean by "AD lockout". :) > > > > -- > > Puryear Information Technology, LLC > > Baton Rouge, LA * 225-706-8414 > > http://www.puryear-it.com > > > > Author, "Best Practices for Managing Linux and UNIX Servers" > > http://www.puryear-it.com/pubs/linux-unix-best-practices > > > > Identity Management, LDAP, and Linux Integration > > > > > > willhill wrote: > > > The problems is that people like you are already running ADs of > > their own and > > > think they are doing a better job than IT will. I've gotten > > conflicting > > > reports of how much control this will actually give the IT > > people. IT claims > > > they will let you lock them out and there's no way around that > > lock out. > > > Others have their doubts. These people know their machines and their > > > department needs much better than the IT people do, so I can > > understand their > > > suspicion and fear. Job security is another thing for them to > > worry about. > > > > > > So, Dustin, who's right about the AD lockout? > > > > > > On Thursday 27 September 2007 10:36 am, Dustin Puryear wrote: > > >> My thoughts are that if LSU owns the equipment, then they get to > > manage > > >> it. And when it comes to AD, fact is, I *like* AD. It's powerful > > and has > > >> some very strong policy enforcement mechanisms. > > >> > > >> What I think gets lost in the shuffle sometimes is the fact that it > > >> costs much more to manage a box than it does to buy a box. MUCH MORE. > > >> And it's a recurring expense. So any mechanism that makes improves > > >> management is usually fine by me. :) > > >> > > >> This goes for Windows, Linux, whatever. > > > > > > _______________________________________________ > > > General mailing list > > > General at brlug.net <mailto:General at brlug.net> > > > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > > > _______________________________________________ > > General mailing list > > General at brlug.net <mailto:General at brlug.net> > > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > General mailing list > > General at brlug.net > > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net >
