Hi ! We are a medium sized departmental network, with minimum administration and security policies in place. Connected to the Win 2K DC are predominantly Win 2K Pro boxes, with very few 9X machines. Our NW Admin & Security Policy is a clear guideline, framed by a Committee including the Management. Salient aspects of the approved Policy include min. 12 char complex passwd, to be changed every 30 days, cannot use last 12 passwds, only admin can install new programs, a/c locks after three unsuccessful attempts, etc. While everyone in the Dept. is comfortable with this arrangement, one User is not, and has shot off the following email (I reproduce the excerpts only).
Focussing on the larger issues, I would like to know how your company handles such a situation ? From an Admin point of view ? From a Security point of view ? Are the policy features unreasonable ? Who should have the upper hand - the User or the Policy ? Would be happy to receive reactions and suggestions. TIA, C.Rajagopalan, NW Admin User Outburst (User Identity withheld) ========================== [snip] Now with your policies, it seems to me, we are like school kids, entering DPEND everyday, with a fear of getting a beating from the Administrator, for not doing the homework (policies are updated regularly with maximum hassles and minimum freedom for the user to use his own PC). It is like, if I have to enter my house, I need to go and get the key from the Administrator! (Because I am not allowed to have a key of my home!). I am not allowed to use any of my belongings in the house without the presence of the Administrator! The NW policies mimic the above situation. Users are not allowed to do even the defragmentation job without the help from the administrator. We are unable to update the scientific software, without the mercy of the administrator! By mistake if we type a wrong password on Friday evening, we need to wait a few days for the arrival of the Administrator! If we forgot to change the password , the PC is locked! If we need to install small software, we need to wait for the convenience of the administrator! These are highly objectionable policies. Why to impose so many restrictions on the users? The individuals are allowed to manage their costly equipments worth Lakhs and crores, without such restrictions, at their own risk! They sincerely keep the systems in healthy conditions. Department trust their employees and give them full freedom to look after and maintain the systems/equipments/labs. After all, why we need to open up the PC's for the administrator. The present policy would only help the administrator to be the King and everyone needs to be at his Mercy. There is absolutely no benefits other than that. I do not understand what we benefit from all these controls? It is quite easy to say that all these measures are for keeping the virus out. But someone can easily send a virus file from outside. Or someone can bring a file from another infected PC. Then the PC is affected! NO virus packages can guarantee full protections to the PC's. Then why do we blame the virus, for each and everything! In brief, the network policies are really unwanted and the users are wasting lots of their precious time to satisfy the requirements and policies of the administrators rather than their own benefits. E.g.: DPEND LAN can not be accessed by others. Why do we need to change the passwords every month? That too with the maximum complications? (14 character, no previous 13 passwords etc..) Who do you afraid of? Do you fear the DPEND users so much? What is the necessity of locking the PC for 760hrs? After all there are many options available in the Administrator set up of Windows 2000, and you have chosen the worst option, which no other Administrator ever opted for. While the Administrator has NO faith in the users (e.g.: password policy), the users have to blindly trust the administrator! [snip] ================ ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
