Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: ShadowAce
Here at the BIG International PetroChemical Company ® over 90% of the users have locked machines. They can't even create a text file on their C drive unless it's in a folder unlocked by a software installation script.

If a desktop goes bad it can be reimaged in about an hour.

Acquiring an unlocked machine requires and act of God.

10 posted on 08/29/2006 11:02:53 AM PDT by tx_eggman (The people who work for me wear the dog collars. It's good to be king. - ccmay)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: tx_eggman
There is a way of allowing users to have unlocked machines and still be able to fix their mistakes.

Have each user log into a thin client that looks and feels like a real machine. If something goes wrong, simply restore the machine image on the server.

This has been done using a *nix-based OS on the clients, running a VM from the server. If the virtual client goes bad, merely copy that machine's image from a backup file.

Usually, the users don't even know they're on a thin client.

12 posted on 08/29/2006 11:06:49 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 10 | View Replies ]
To: tx_eggman

"Acquiring an unlocked machine requires and act of God.

Or maybe a quick perusal of a couple of articles from 2600.

It is really very difficult to stop a privilege escalation attack if the user has an account on a box, particularly a Windows box.


18 posted on 08/29/2006 11:09:46 AM PDT by proxy_user
[ Post Reply | Private Reply | To 10 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson