|
|
Mac network admins: How strictly do you secure your machines
|
|
|
|
Senior User
Join Date: Mar 2002
Status:
Offline
|
|
I've been assigned to admin a new department at work that includes 40-50 Mac Pros, a Mac server and a Windows server. I'm debating on whether to take a more strict stance and lock-down the machines or looser and let end-users install apps. They won't have access to the admin account. I was curious, for those of you who work with, support, or admin a network of Macs, what your security policy is?
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jun 2006
Status:
Offline
|
|
Our workers have about 100 macs, and we give them admin rights. This is mainly because they are pretty experienced computer users, and seem to do pretty well. We use filevault on all the computers, and try to make sure people have proper passwords.
On the other hand if we are talking about macs in an educational institute that students would be using, I would definatly not give admin rights. Unless of course they need to install so much programs that there is no other option. Then I would look into an option to use images to restore the macs every night (or something similar).
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2002
Status:
Offline
|
|
Thanks for the info.
So you don't lock down any of the system prefs either?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2003
Location: Body in London, mind elsewhere
Status:
Offline
|
|
Personally I make sure the machines are locked down. Mostly you can get away with giving people Standard accounts. That way you'll know what gets installed in the main Applications folder and they can't delete anything too important. Even experienced users can cause a lot of problems if you don't lock the machines down. Saves a lot of down time in the long run, which if anyone moans just say this to the directors and they'll back you 100%. Time = Money
If you want to give them a bit more control but still keep a base setting each night you might want to look at Deep Freeze - It's what Apple uses in their stores.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2002
Status:
Offline
|
|
That's more along the lines of my philosophy. I'm probably going to lock everything down aside from their home directory. The less access people have, the easier my job will be.
Deep Freeze looks cool, but I don't really see a point in giving them more control, then wiping everything each night. People will be on these computers anywhere from 6AM to 3AM the next morning, so I won't be able to consistently keep up.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jun 2006
Status:
Offline
|
|
Originally Posted by superfula
Thanks for the info.
So you don't lock down any of the system prefs either?
Nope, but 90% of these people know there computers pretty well, and it has not caused problems till now. They are mainly programmers, system administrators and graphic designers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|