On 2/13/06, Gene Heskett <gene.heskett@xxxxxxxxxxx> wrote:
I am going to have to remember this for when I have some power. What an awesome policy. I assume most of the information sharing is done with the network instead now. Working for the military I don't really see this as a viable option for me, but it would be a lot easier.
JT
On Monday 13 February 2006 15:55, Tim wrote:
>On Sun, 2006-02-12 at 12:49 -0600, Mikkel L. Ellertson wrote:
>> But preventing a user that has physical access to the machine from
>> rebooting it or shutting it down is rather pointless. They can
>> always pull the plug to do a shutdown. (Unless you have an internal
>> UPS.) I would rather let them do a controlled shutdown...
>
>I tend to agree, though I can think of situations like a public
>demonstration PC locked into a box, or schools where you don't trust
> the students, where making rebooting/powering-down difficult is
> beneficial.
>
>I think you also have to take care of other matters if you allow
> people to reboot computers that aren't their own, so that they can't
> easily boot from other media, or change boot parameters, to bypass
> your security.
Which is why, when building a new box for someone at the tv station,
there is only one cdrom drive and floppy, and they live on the shelf in
the room where maintainance on computers is normally done. Almost none
of the other boxes in the building have either a floppy or a cdrom
reader. And its sure slowed down the infection rate when they can't
bring their fav doom disk in thats already infected and install it on
their work box. We go a bunch of static at first but after the message
was delivered in force by the GM, that was the end of the squawking.
We also pretty well fixed the porn problem because anytime we find some
on a box while we're replaceing the cpu fan or some such piddly detail,
the drive gets re-imaged. They lose all their personal account data
2-3 times and thats the end of the porn sucking. More than once it was
a box dedicated to news graphics. The third time it got re-imaged, the
news director finally got the message that these were work boxes, not
play boxes and he is now helping to enforce the ban. And things are
running a hell of a lot smoother. Note that these boxes all have free
reign on the net, often required to run down a news or sales lead, and
we don't cripple that access as its totally non-productive to do so.
I am going to have to remember this for when I have some power. What an awesome policy. I assume most of the information sharing is done with the network instead now. Working for the military I don't really see this as a viable option for me, but it would be a lot easier.
JT
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
