How many have their Microsoft client OS to cycle the Security log at maybe 7 days or even less? Just because it gets logged does not mean something done will get caught within the time period that the security log will actually still have it. Depending on the domain I seem to remember that there is a GPO setting that even is the security log is full and not cycling you could still log in.
Jon On Wed, Sep 8, 2010 at 5:24 PM, Raper, Jonathan - Eagle <[email protected] > wrote: > Agreed. While off the cuff it sounds like a great idea, I also see WAY > too much opportunity for abuse. Many of us already don’t have time to audit > logs the way we should as it is, and I don’t see that getting any better any > time soon. Just because it is auditable, does not mean that anyone is > protected, and besides, audits are for catching people after they’ve done > something they weren’t supposed to do. I would surmise that it is a rare > occasion indeed for any of us to have caught someone in the act using audit > logs, unless there was something suspect to begin with… > > > > Jonathan L. Raper, A+, MCSA, MCSE > Technology Coordinator > Eagle Physicians & Associates, PA* > *[email protected]* > *www.eaglemds.com > ------------------------------ > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, September 08, 2010 5:15 PM > *To:* NT System Admin Issues > *Subject:* Re: Non-Repudiation (was: Mac and Windows mix) > > > > Nope, I really wouldn't even want this as an option. > > > > I hear what you're saying, but that feature would be way too easy to abuse. > > > *ASB *(My XeeSM Profile) <http://xeesm.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > > On Wed, Sep 8, 2010 at 4:22 PM, Ben Scott <[email protected]> wrote: > > On Wed, Sep 8, 2010 at 6:26 AM, Andrew S. Baker <[email protected]> wrote: > >>> Or, without editing the plist you can walk up to any Macs with password > >>> protected screensaver on, enter the admin pswd & boom there's the > user's > >>> desktop at your disposal. > >> > >> I wish Windows had that option. > > > > Windows 7 has the best of both worlds, IMO. > > The reason I want that is that in some offices people lock the > session with something important open and then forget and leave, then > someone else who is trusted wants to unlock it but cannot (without > blowing away their logon session). This is often *the* reason why > small offices don't want auto-screen-locking (or have to resort to > writing down passwords). > > Even non-repudiation is not an excuse; I would fully expect this to > show up in the logs, just just any number of other potentially > compromising events show up now. > > I'm not saying it should be enabled by default, but the option would > be useful in many small office environments. You or Ken don't have to > use it. > > -- Ben > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ------------------------------ > Any medical information contained in this electronic message is > CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to > view, copy, disclose, or disseminate CONFIDENTIAL information. This > electronic message may contain information that is confidential and/or > legally privileged. It is intended only for the use of the individual(s) > and/or entity named as recipients in the message. If you are not an intended > recipient of this message, please notify the sender immediately and delete > this material from your computer. Do not deliver, distribute or copy this > message, and do not disclose its contents or take any action in reliance on > the information that it contains. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
