Depends on the engineering type. I know Chemical and Nuclear understand rules and will work inside them with little fuss Metallurgical seem to be willing if they can't find a loop hole, but they look hard for loop holes to slip through. Doctors and Chemist ignore rules for the most part until someone beats on them producing enough pain to get compliance. All of that is from personal experience. Doctors seem to be the worst at paying the bill, BTW.
I have been lucky enough to stay away from lawyers so I know nothing of their management. Jon On Thu, Jul 9, 2009 at 8:05 AM, paul chinnery <[email protected]> wrote: > > > > Subject: RE: New IE zero day exploit in the wild > > Date: Wed, 8 Jul 2009 14:56:01 -0400 > > From: [email protected] > > To: [email protected] > > > > We're going through something similar right now. Although, not "everyone" > is a local admin, there are enough of them to cause additional workload on > the field techs. > > > > We also have a few thousand Sales Agents who are allowed to bring in > their home laptops and connect to the network. > > > > That's another battle altogether...... > > > > Don Guyer > > Systems Engineer - Information Services > > Prudential, Fox & Roach/Trident Group > > 431 W. Lancaster Avenue > > Devon, PA 19333 > > Direct: (610) 993-3299 > > Fax: (610) 650-5306 > > [email protected] > > > > > > -----Original Message----- > > From: Kurt Buff [mailto:[email protected]] > > Sent: Wednesday, July 08, 2009 2:51 PM > > To: NT System Admin Issues > > Subject: Re: New IE zero day exploit in the wild > > > > Truth. However, there are also political and training issues. > > > > 1) We haven't, as a company (nor within IT) figured out how to make > > our standard apps work under under non-admin accounts. This will take > > time and resources to figure out, and then further time and resources > > to figure out how to "productionise" the application of these settings > > and apply them across the domain, including two offices overseas. > > > > 2) A large portion of our users are engineers who have a rabid > > aversion to the idea that they can't be admins on their own boxes. I'm > > in the (multi-year!) process of simply trying to convince engineering > > managers that none of the staff need two NICs in their boxes - one for > > the production LAN and one for the test/dev LAN. > > > > 3) The overseas offices are also politically resistant to this idea. > > > > While I agree that the load would be lessened, and we'd have a much > > better managed and more secure environment, this is not a trivial > > effort, and at times I despair. But, I persist, and have it as a goal > > to work toward this fiscal year. > > > > The first step is to get signoff by company management, in the form of > > an actual policy - something of which there are no good examples. > > There are practices and recommendations regarding IT, but very little > > in the way of a real IT policy that has been agreed to by management. > > > > Kurt > > > > On Wed, Jul 8, 2009 at 07:52, Jonathan Link<[email protected]> > wrote: > > > After taking local admin rights away from users my plate is less full. > > > YMMV. > > > > > > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff <[email protected]> > wrote: > > >> > > >> Yes, unfortunately, all our users are admins. It sucks, but I use it > > >> to my advantage when I can. > > >> > > >> The reason we've not done a GP is because we haven't had the luxury of > > >> studying to understand them. Our plates always seem to be full with > > >> other things. > > >> > > >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer<[email protected]> > wrote: > > >> > Are all your users admins? Otherwise, how is that logon script going > to > > >> > update HKLM? > > >> > > > >> > Machine-based startup script would be better idea, no? > > >> > > > >> > Cheers > > >> > Ken > > >> > > > >> > ________________________________________ > > >> > From: Kurt Buff [[email protected]] > > >> > Sent: Wednesday, 8 July 2009 2:41 AM > > >> > To: NT System Admin Issues > > >> > Subject: Re: New IE zero day exploit in the wild > > >> > > > >> > I'm just pushing out the .reg file in the login script: > > >> > > > >> >ĸĸŋĸĸŋĸĸŋĸĸŋĸĸŋĸĸŋ― regedit /s > \\fileserver\public\patches\videokillbits.reg > > >> > > > >> > The file was easy to create, in a capable editor (not notepad or > > >> > wordpad) that allows metacharacter search and replace, such as '\n' > > >> > for CRLF and '\t' for tab. I used the ancient, no-longer-supported > > >> > PFE32. I really should switch to VIM, I suppose. > > >> > > > >> > On Tue, Jul 7, 2009 at 08:40, Eric > > >> > Wittersheim<[email protected]> wrote: > > >> >> I'm pushing out the .reg via GP.ĸĸŋĸĸŋ―So far so good. > > >> >> > > >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum <[email protected]> > wrote: > > >> >>> > > >> >>> The ĸĸ―ĸĸ―ĸĸ―Microsoft fix-iĸĸ―ĸĸ―ĸĸ―ĸĸ― is an MSI that I am > pushing via SMS and is > > >> >>> pushing > > >> >>> fine (so far just a few test cases have it, but no issues). Beats > > >> >>> trying to > > >> >>> push out a .REG or somethingĸĸ―ĸĸ―ĸĸ― > > >> >>> > > >> >>> > > >> >>> > > >> >>> David Lum // SYSTEMS ENGINEER > > >> >>> NORTHWEST EVALUATION ASSOCIATION > > >> >>> (Desk) 971.222.1025 // (Cell) 503.267.9764 > > >> >>> > > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>ĸĸ―ĸĸ―ĸĸ―~ > > > >> > > > >> > > > >> > > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprisĸĸïĸĸïĸ― ~ > > >> > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ------------------------------ > Insert movie times and more without leaving HotmailĸŪ. See > how.<http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009> > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
