Agreed. While off the cuff it sounds like a great idea, I also see WAY too much opportunity for abuse. Many of us already don't have time to audit logs the way we should as it is, and I don't see that getting any better any time soon. Just because it is auditable, does not mean that anyone is protected, and besides, audits are for catching people after they've done something they weren't supposed to do. I would surmise that it is a rare occasion indeed for any of us to have caught someone in the act using audit logs, unless there was something suspect to begin with...
Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA [email protected]<BLOCKED::mailto:%[email protected]> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Andrew S. Baker [mailto:[email protected]] Sent: Wednesday, September 08, 2010 5:15 PM To: NT System Admin Issues Subject: Re: Non-Repudiation (was: Mac and Windows mix) Nope, I really wouldn't even want this as an option. I hear what you're saying, but that feature would be way too easy to abuse. ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... On Wed, Sep 8, 2010 at 4:22 PM, Ben Scott <[email protected]<mailto:[email protected]>> wrote: On Wed, Sep 8, 2010 at 6:26 AM, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: >>> Or, without editing the plist you can walk up to any Macs with password >>> protected screensaver on, enter the admin pswd & boom there's the user's >>> desktop at your disposal. >> >> I wish Windows had that option. > > Windows 7 has the best of both worlds, IMO. The reason I want that is that in some offices people lock the session with something important open and then forget and leave, then someone else who is trusted wants to unlock it but cannot (without blowing away their logon session). This is often *the* reason why small offices don't want auto-screen-locking (or have to resort to writing down passwords). Even non-repudiation is not an excuse; I would fully expect this to show up in the logs, just just any number of other potentially compromising events show up now. I'm not saying it should be enabled by default, but the option would be useful in many small office environments. You or Ken don't have to use it. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
