Quake3World

Foo wrote:
If you're running an all-windows system, and presumably active directory-based administration, I'd recommend building a container with properly restricted policies, and migrating users into this container sections at a time.

Course I can't give too much advice without asking questions as I go along, so hit me up on IM for a chat? 31864930 or thegreatfoo@hotmail.com

Kracus wrote:I wouldn't let them install anything that isn't installed by me. It's tough to do with all those web programs but once you determin what's need for the buisness to run you just make sure nothing else get's in.

Giraffe }{unter wrote:

Kracus wrote:I wouldn't let them install anything that isn't installed by me. It's tough to do with all those web programs but once you determin what's need for the buisness to run you just make sure nothing else get's in.

you gotta read man....


there are way too many employees that need to swap software versions on a minutes notice, we don't have the staff to do that every day. we're down to about 1 idiot outbreak a week, which is not bad compaired to how it used to be.

dzjepp wrote:Mein fuher! :lol:

Cool Blue wrote:A SINGLE proper perimiter appliance would filter ALL of this.

By default, all corporate network traffic should be blocked unless deemed necessary to operate (mail, web, ftp, etc are the only protocols that should be allowed to get through your gateway. Why? Because it's corporate. In an enterprise environment, security and reliablility are the primary objectives, therefore should be put above user convenience all the time.

Veto by the VP

To begin with, users DO NOT EVER need to install their own apps. I've work on several huge networks were the users couldn't install shit without an admin. As a direct result, there were almost no user created problems from crap, non-corporate software.

they do reason posted in this thread

Users should have standardized software packages installed on their machine allowing them to perform all the functions of their job. Any program after that is gravy and therefore not IT's problem.

this isn't your standard IT department everything is our problem in a company where they are creating and inventing high end technology, with show deadlines, we cannot limit our engineers in any way, if they install 30 porn dialers and it takes us 2 hours to remove, it is our fault it took so long, it's our fault we let him do it, and it is our fault if we slow him down, but putting restrictions on his user rights

Sorry G}{, but Tormentius is right, your firm should be standardizing your policies and software. Specifically to address the problem you face right now. Now I know you're thinking, 'your situation is different from everybody elses' but it's not. :P We ALL (net admins) have special needs users and special circumstance, but we learn to fit them into the plan, even though the user might not always have it the way they want, when they want it. it's just too bad.

When addressing issues like this Mike, you need to consider what the primary objective is; the users convenience or the corporate networks well being?

Pandering to the end user always ends in trouble. They know DICK, that's why they pay us to tell them what to do with their networks.

My opinion anyway.



But if your hands are truely tied, here's my two cents:

This device would allow you to filter traffice at the perimter and allow you to set individual user profiles defining their internet usage ability:

http://www.watchguard.com/products/x2500.asp

see below I am working on a few of these bad boys

Installed with the upgraded software image, Fireware Pro, it can perform some insanely finite configurations and monitoring. Combine that with the optional Web Blocker software, and it can filter content, URLs, IPs, networks, etc from the perimeter.

This device is top notch. Sounds perfect for what you need G}{.

rep wrote: I would install Winamp on the file server so people can listen to shoutcast. It would also be on all their computers as well if they work well with headphones.

Foo wrote:

Giraffe }{unter wrote:

Kracus wrote:I wouldn't let them install anything that isn't installed by me. It's tough to do with all those web programs but once you determin what's need for the buisness to run you just make sure nothing else get's in.

you gotta read man....


there are way too many employees that need to swap software versions on a minutes notice, we don't have the staff to do that every day. we're down to about 1 idiot outbreak a week, which is not bad compaired to how it used to be.

How many people do you have who need to swap software versions? Are these in-house produced pieces of software? Are they supporting it within the business, or talking to members of the public?

Have you looked into VMWare and/or Citrix/Terminal server as a solution to this problem? it's pretty easy to set up a clump of 10-20 old desktop machines with Windows XP pro loaded on and a different version of the software on each.

Giraffe }{unter wrote:this isn't your standard IT department everything is our problem in a company where they are creating and inventing high end technology, with show deadlines, we cannot limit our engineers in any way, if they install 30 porn dialers and it takes us 2 hours to remove, it is our fault it took so long, it's our fault we let him do it, and it is our fault if we slow him down, but putting restrictions on his user rights

Giraffe }{unter wrote:

rep wrote:

Giraffe }{unter wrote:Part of the problem is streaming music, it's kicking the crap out of our T3 line. That and eDonky, torrents, P2p apps etc.

I think the P2P stuff is your trouble. If there are 20 employees all listening to different 128kbps shoutcast stations, that's not all that much bandwidth.

Try like 200+


We had one guy sucking up some serious bandwidth last year running an eDonky server... When we shut him down there were over 230 simultanious downloads going on...

Sucked for him on monday morning

Giraffe }{unter wrote:

Foo wrote:

Giraffe }{unter wrote: you gotta read man....


there are way too many employees that need to swap software versions on a minutes notice, we don't have the staff to do that every day. we're down to about 1 idiot outbreak a week, which is not bad compaired to how it used to be.

How many people do you have who need to swap software versions? Are these in-house produced pieces of software? Are they supporting it within the business, or talking to members of the public?

Have you looked into VMWare and/or Citrix/Terminal server as a solution to this problem? it's pretty easy to set up a clump of 10-20 old desktop machines with Windows XP pro loaded on and a different version of the software on each.

That's a whole other debate we set them up with a few laptops with fresh windows installs on them to test their software.

How great is that one laptop with an image of
Windows 95
Windows 98
Windows ME
Windows 2000
Windows XP and it takes 10 minutes tops to restore any clean image they want. They complained it took to long to setup :icon19:

+JuggerNaut+ wrote:

Giraffe }{unter wrote:

rep wrote: I think the P2P stuff is your trouble. If there are 20 employees all listening to different 128kbps shoutcast stations, that's not all that much bandwidth.

Try like 200+


We had one guy sucking up some serious bandwidth last year running an eDonky server... When we shut him down there were over 230 simultanious downloads going on...

Sucked for him on monday morning

rofl, he still works there?

+JuggerNaut+ wrote:that's pretty lax. any spyware detected and the machine gets a brand new image, no if's, and's, or but's. we don't have two hours to get rid of spyware, the box just gets yanked from the network.

also, we rebuild every one of our laptops that gets checked out for offsite use upon return, harddrive is wiped before being put back on the network, then SMS shoves a new image on it.

+JuggerNaut+ wrote:in all honesty GH, i feel bad for you. i would never be able to work in that kind of zoo.

Foo wrote:

+JuggerNaut+ wrote:in all honesty GH, i feel bad for you. i would never be able to work in that kind of zoo.

I fucking love a challenge. Especially if there's power in reserve to actually make changes.

Foo wrote: hehe. That's the right approach though. the key paradigm is that if the company requires an IT facility which is badly thought out and unreasonable to yourself, you implement it and give the lions share responsibility to the people who clamoured for it.

+JuggerNaut+ wrote:

Foo wrote:

+JuggerNaut+ wrote:in all honesty GH, i feel bad for you. i would never be able to work in that kind of zoo.

I fucking love a challenge. Especially if there's power in reserve to actually make changes.

that's beyond a challenge. just look at Mr. eDonkey. he still works there? that's incredible. you can't have that kind of employee in a corporate environment. at least not on your network.