On Aug 18, 2006, at 10:03 AM, Stephen Russell wrote:
But the Q comes up, what should a security model for a workstation be?
Locked and loaded for users by network admins? Root comes to mind
here,
or Domain Admins you pick your flavor. Or do you think that a
workstation should be allowed to install what ever and whatever it
wants? Notice I said the device and not a user....
It should be at the user level, not the hardware level. How would
the machine get configured and updated if it was set up to never
allow configuration changes or updates at the hardware level?
The Mac's security model works great, IMO. On the family machine,
I'm an admin, and everyone else is a normal user. They can install
apps, but only in their home directory - they have no rights to
common directories, especially system-level. When a shared app needs
upgrading, or a security patch to the OS needs applying, they have to
get me to do it. This way, they're free to install all the apps they
want, since the worst it can do is screw up their own stuff. If an
app tries to mess with a protected location, a dialog pops up asking
for admin credentials. Unless an admin OKs it, changes to the
protected areas are simply not allowed.
-- Ed Leafe
-- http://leafe.com
-- http://dabodev.com
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
