Is that Devil's Advocate, or something else? :) But that is the $64k question, isn't it.
My thinking is that in theory, a VM has less physical exposure than the laptop I lug around. Credentials can be stolen whether the apps are run on the VM or locally, so that's a wash, but I'm thinking that it'll be less likely for malware, unless it's specifically targeted for my kind of situation, to get snarfed that way. Don't know for sure - that's why I'm thinking it through, and do welcome the feedback on this. Kurt On Tue, Feb 28, 2012 at 17:59, Richard Stovall <[email protected]> wrote: > <da> > If the machine you're using to launch the RDP sessions is compromised, > what's the point? If you trust that machine, why not just run the tools > directly from it? > </da> > > On Tue, Feb 28, 2012 at 8:47 PM, Ben Scott <[email protected]> wrote: >> >> On Tue, Feb 28, 2012 at 6:54 PM, Kurt Buff <[email protected]> wrote: >> > One other thing that I've been mulling over along with the other >> > credentials is a set of VMs on which to run them. Want to manage >> > AD/DNS/WINS/CA? RDP into this Win7 VM with the correct tools on it. >> > Want to manage AV/WSUS/other workstation stuff? Log into that Win7 VM >> > over there with those tools on it. Lather, Rinse, Repeat. Then my >> > laptop would be just another end-user station, with much reduced >> > chances of getting my elevated credentials compromised. >> >> Hmmm. Interesting idea. Definitely some advantages. >> >> You mention RDP. So does that mean a bunch of VMs running all the >> time on some other box somewhere? If not, why RDP? If yes, are those >> VMs all shared between the admin team, or are they dedicated to one >> body? If the former, how do we handle contention? If the later, why >> not just run them on one's own end-user station? >> >> Questions posed for mulling purposes. :-) >> >> -- Ben >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
