There are many things that are useful, but usefulness/convenience pretty much always compromises security.
Cheers Ken -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, 9 September 2010 4:23 AM To: NT System Admin Issues Subject: Re: Mac and Windows mix On Wed, Sep 8, 2010 at 6:26 AM, Andrew S. Baker <[email protected]> wrote: >>> Or, without editing the plist you can walk up to any Macs with >>> password protected screensaver on, enter the admin pswd & boom >>> there's the user's desktop at your disposal. >> >> I wish Windows had that option. > > Windows 7 has the best of both worlds, IMO. The reason I want that is that in some offices people lock the session with something important open and then forget and leave, then someone else who is trusted wants to unlock it but cannot (without blowing away their logon session). This is often *the* reason why small offices don't want auto-screen-locking (or have to resort to writing down passwords). Even non-repudiation is not an excuse; I would fully expect this to show up in the logs, just just any number of other potentially compromising events show up now. I'm not saying it should be enabled by default, but the option would be useful in many small office environments. You or Ken don't have to use it. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
