I have recently made a few utilities which allow users to request Local Admin rights so they can install apps, and then either the rights expire, or the utilty requests that the rights be removed. the utils connect to a central console, and that is what actually grants the permissions and such. It also logs "all the info"....
Just wondering if any of you might have a need for this sort of thing, or knows someone who might. (remote users who occasionally need to update things, for instance)
I KNOW there are commercial $$$oftware packages available that do this, and other ways that users can install things, and ways to use GPU's and scripts and such, but these utils have worked for me very well, and I was just kinda tossing it out there that I can create things such as this for companies.
Bye 4 now, sunshine people!
[This message has been edited by TheDigitalAlchemist (edited 08-28-2017).]
Hell, I'd love stuff like that, but can't ever get approval for any of it. Right now we grant admin rights to the owner of each machine. It sucks.
^^^ This never works out because then you get users who install items that they are not supposed to do.
Your idea is nice but you would need integration with AD to make it worth while like a request comes in to add this person to this group for x number of days and when 12pm hits on the last day poof rights revoked to that 1 specific share / folder. That way it is a set it and forget it clause. Life goes on and you don't forget to complete the task. I could see a huge benefit to it.
^^^ This never works out because then you get users who install items that they are not supposed to do.
Your idea is nice but you would need integration with AD to make it worth while like a request comes in to add this person to this group for x number of days and when 12pm hits on the last day poof rights revoked to that 1 specific share / folder. That way it is a set it and forget it clause. Life goes on and you don't forget to complete the task. I could see a huge benefit to it.
It is integrated w/ AD, I suppose it is geared to fulfill a very specific list of requirements...
[This message has been edited by TheDigitalAlchemist (edited 08-29-2017).]
while I understand what you are doing and would use you tool there are free ms tools that do the same thing
Saw/tried a few of them, and windows 10 has some neat new features, but what they need to do can't be scripted or done via Group Policy due to the way their environment is set up and the way they want things recorded/ deployed.
You write a "free" program for work? The Company likely owns the program(s) and can/will terminate, sue, even have you arrested for giving it away. Most companies have policies that you don't have Copyright or Patent Rights for anything work related at minimum. Is often in the employee manual or stack of doc's when hired that very few read or understand.
Giving Admin rights to any users to install anything is a bad idea on so many levels. Problem is many Companies still allow users to think they use a computer = is theirs to install anything etc.
Yes can/will get attack by malware but is only the start of problems. Get audit by BSA is another big issue because have little to no License Control and any pissed off current or former worker can tip BSA. I've seen companies getting fined to the tune of Millions of $ for "pirate" copies of DOS Windows Office Adobe and many others for decades. My company even lock desktop background and screen savers so users can set them to avoid Security and HR headaches or getting sued by worker(s) for harassment, hostile workplace, etc. HR get complaints just for girls as background and/or screen savers. And that's when users are "good." When a user is DL'ing/Installing pirate items of any type, p__n and worse the Company is in big trouble. Fixing PR problems can cost Hundreds of Millions of $ alone.
These examples and more is why many companies lock the environment so tight that even CEO and BoD can't install anything now. Even IT "desktop admins" can no longer install mouse and other drivers to make Disable Workers equipment to run. Everything must get thru IT Security Committee, get remote install package, get AD group rights to install that package, etc then equipment might work and w/ default settings only.
------------------ Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should. (Jurassic Park)
You write a "free" program for work? The Company likely owns the program(s) and can/will terminate, sue, even have you arrested for giving it away. Most companies have policies that you don't have Copyright or Patent Rights for anything work related at minimum. Is often in the employee manual or stack of doc's when hired that very few read or understand.
Giving Admin rights to any users to install anything is a bad idea on so many levels. Problem is many Companies still allow users to think they use a computer = is theirs to install anything etc.
Yes can/will get attack by malware but is only the start of problems. Get audit by BSA is another big issue because have little to no License Control and any pissed off current or former worker can tip BSA. I've seen companies getting fined to the tune of Millions of $ for "pirate" copies of DOS Windows Office Adobe and many others for decades. My company even lock desktop background and screen savers so users can set them to avoid Security and HR headaches or getting sued by worker(s) for harassment, hostile workplace, etc. HR get complaints just for girls as background and/or screen savers. And that's when users are "good." When a user is DL'ing/Installing pirate items of any type, p__n and worse the Company is in big trouble. Fixing PR problems can cost Hundreds of Millions of $ alone.
These examples and more is why many companies lock the environment so tight that even CEO and BoD can't install anything now. Even IT "desktop admins" can no longer install mouse and other drivers to make Disable Workers equipment to run. Everything must get thru IT Security Committee, get remote install package, get AD group rights to install that package, etc then equipment might work and w/ default settings only.
Wait, wait...are you asking to lick my [censored]?
My code is my own, you want it? [censored] my balls (or ask me for it - my code, not my [censored])
I'd gladly share the events offline over a beer (as long as you like to hear long, boring stories)
Back in the day,we used to use a software package called FORTRESS, to lock down EVERYTHING, icon placement, everything, but now, I is the letter of people install their own fate, because they have decided this, and let them birn down their own house.
"The Company" is all in my mind, I'm living in a van, down by the river, like that dead SNL guy (Charlie sheen?) until that one fateful day MEM found me and made me his [censored]. Now, I give him [censored] all day long, and he lets me stroke his [censored].
I'm sorry man, everything you said is pretty much spot-on and true.
It's been a LONG week already. I don't want to [censor] your [censor] or even catch a quick glimpse of it/them.
but yeah, my stuff is mine, it's alive, and as long as you feed it, I'll share/sell it to you. or that other guy. I don't care, as long as you love me. it. I mean "love IT". Crap. oops.
but yeah...
It's like code, man, only it's living, like some kinda rubick's cube made outta meat...pet it. love it. feed it. and keep it clean and healthy.
