From: "Geo" 

"Gary Britt"  wrote in message
news:44c22fbc{at}w3.nls.net...
> .  Its true that those users who don't use anything special or unique
> don't need anything a totally locked down computer can't provide.  Hadn't
> thought of it that way.

yeah, sometimes it's difficult to understand that though. For example, my
biggest problem users are the techs at netlink. They are fairly literate
computer users (I say that with reservations) and spend their day on the
phone with customers solving problems. There are tools they need to use to
track down problems and I encourage them to go out on the net and find any
other free tools that help them do their job.

My problem comes in when they ask for things like Excel, I question why
they might need a spreadsheet and either they can't explain (because it
wasn't work related) or they are looking to tap into the ISP database via
excel (which won't work since I locked it specifically so they can't do
that sort of thing).

I end up giving them admin access to their own machines, and I end up
finding that they replaced a paid version of AVG with a free version of
Avast and crap like that which then forces me to lecture them on how these
are not their personal computers.. Some things they are not supposed to
change.

I have them isolated on their own routed subnet just to be safe, that way I
can firewall them from attaching to other netlink machines in ways I don't
want to allow and treat them like they were any other machine out on the
internet with just a few exceptions. So far this seems to work better than
trying to get them to live in a locked down world.

Everyone else gets a fully locked down system, they don't need any tools
that aren't already installed so there is no requirement for more control.

Geo.

--- BBBS/NT v4.01 Flag-5