Let's see, which of the four Slinger-ism's does that fall under...ah, #1 - Shotgun I aka "Deal with difficult situations and achieve stunning and unforgettable results"
Dave * * * * * G.Slinger's Axiom's for success 1) Shotgun I AKA "Deal with difficult situations and achieve stunning and unforgettable results" 2) Shotgun II AKA "Seek continual development with your negotiation skills" 3) Advanced Fighting Rifle AKA "Seek ongoing improvement in your abilities to execute" 4) Tactical Trauma Care AKA "Have proper skills remediation" * * * * * From: Gary Slinger [mailto:[email protected]] Sent: Thursday, September 30, 2010 12:28 PM To: NT System Admin Issues Subject: Re: Restricting groups in Active Directory I've done that (OK, to be accurate, it was seven to one). You need someone with juice at the level of the "new, to be" main company to make the point to the downlevel folks that they're being merged in to the main company, not the other way around. I have actually used the expression "you know that we bought you, right?" in a meeting, but I try to be nicer than that most times :) On Thu, Sep 30, 2010 at 2:09 PM, James Rankin <[email protected]<mailto:[email protected]>> wrote: The problem comes because we are consolidating thirteen separate entities with their own IT staff into a single structure. I'm encountering a lot of the resistance you used to get when performing outsourcing operations. Lots of political intrigue. I'm sure we've all experienced it from time to time. Should make for an interesting few months...there's always someone who kicks up a stink. On 30 September 2010 19:02, Jonathan Link <[email protected]<mailto:[email protected]>> wrote: Not really. I can see that the IT staff in general would want to retain admin rights generally and limit rights to users based on what they need. IT staff at that organization need to adjust to a least permissions framework, too. If they've already pushed that framework down to the users or if the users have always operated under such a framework, then it should be a fairly easy concept to grasp and there will already be precedent for limiting administrative user rights. On Thu, Sep 30, 2010 at 12:29 PM, Crawford, Scott <[email protected]<mailto:[email protected]>> wrote: You're *incredibly* optimistic. Do you actually think there's a chance that a company that wants all of IT to be Domain Admins has seen the light and doesn't let users run as local admins? From: Jonathan Link [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, September 30, 2010 10:34 AM To: NT System Admin Issues Subject: Re: Restricting groups in Active Directory Lemme ask this... since there's a need to get management buy in. Is everyone in the organization running as local admin? If not, then an analogy can be drawn. Afterall, if helpdesk had to support staff who ran as admin, well, that would be more difficult, right? It's a good argument to shutdown the helpdesk golfing buddies. If everyone does run as admin, then you have a mighty challenge, sir. On Thu, Sep 30, 2010 at 10:36 AM, Don Guyer <[email protected]<mailto:[email protected]>> wrote: When I first arrived here, "everyone and their Grandmother" in IT were Domain Admins. After months of kicking and screaming, we were able to convince management that we need to narrow that list down. It did take quite a bit of work, but needed to be done. Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected]<mailto:[email protected]> From: William Robbins [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, September 30, 2010 10:24 AM To: NT System Admin Issues Subject: Re: Restricting groups in Active Directory I'll see your +1 and raise +11 - WJR On Thu, Sep 30, 2010 at 09:04, Jeff Steward <[email protected]<mailto:[email protected]>> wrote: +1 -Jeff Steward On Thu, Sep 30, 2010 at 9:47 AM, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: Change = accountability + better levels of support due to less stuff mysteriously breaking. ASB (My XeeSM Profile)<http://xeesm.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Sep 30, 2010 at 9:40 AM, James Rankin <[email protected]<mailto:[email protected]>> wrote: As usual, the boss of the helpdesk (and his golf buddies) think that change = interruptions to support. I'm going to convince them that change = accountability + the same level of support. On 30 September 2010 14:38, Maglinger, Paul <[email protected]<mailto:[email protected]>> wrote: What are they trying to accomplish? Do they believe that everyone needs domain admin rights just to change passwords or unlock accounts? I'd try to find out what they need to do and then restrict them accordingly. Help desk doesn't need rights to be able to change administrator passwords, free reign to all files, and add machines to the domain (just to name a few). From: James Rankin [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, September 30, 2010 8:18 AM To: NT System Admin Issues Subject: Re: Restricting groups in Active Directory I am raising this up with IS management, as it is unsupportable - there's no point in me putting a structure together that can just be pulled apart at will. There's no way around it, so I'm just going to have to trust in my own stubbornness to get the buy-in I need :-) Audit was going to be one of the hot words to throw into the debate, though. I'd be interested myself in seeing the results of any previous audits they've had here. On 30 September 2010 14:08, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: >>However, the business are adamant that every member of the support teams >>(from helpdesk upwards) will be given a Domain Admin account. Am I right in >>assuming this means that they could simply add themselves into the groups I >>am setting up, because even if I restrict these groups via an ACL, they could >>just take ownership of the group? You might need to enlist the assistance of... dare I say it? ... Auditors. If everyone is a domain admin, then they can all do whatsoever they want in the domain. Seriously, is your organization not subject to some you sort of regulatory compliance? Who is your CTO/CIO? ASB (My XeeSM Profile)<http://xeesm.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Sep 30, 2010 at 7:49 AM, James Rankin <[email protected]<mailto:[email protected]>> wrote: However, the business are adamant that every member of the support teams (from helpdesk upwards) will be given a Domain Admin account. Am I right in assuming this means that they could simply add themselves into the groups I am setting up, because even if I restrict these groups via an ACL, they could just take ownership of the group? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- Gary K. Slinger Voice: 727-475-1947 // gChat [email protected]<mailto:[email protected]> // Skype: garyslinger Profile: http://www.linkedin.com/in/garyslinger ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
