Nice article on Techrepublic here. Are we all doing these?
You wouldn’t believe how much scheduling various tasks can help prevent issues. The tasks you should definitely schedule are: And just to be on the paranoid side, you should schedule all end users to change their password every 30 days. Scheduling these tasks eliminates the risk of users overlooking them and leaving their PCs vulnerable to various issues. Unless you can think of a solid reason to make an end user a local administrator, don’t. I understand this can be a real hassle in certain situations. And particular applications might require local admin rights just to run. But unless it is absolutely necessary… it is not at all necessary. The less your end users CAN do, the less they WILL do. The biggest issue with this setup is that you will come off with some serious control issues. But in the interest of cost cutting and/or sanity saving, keeping your end users from running tasks that should be run by an administrator can be a big help. Be warned: This will cause you a lot of running to and from offices entering admin credentials. To that end, make sure you can remote into those end-user machines quickly. This one might seem overly elementary, and you will certainly think that it is not your responsibility. However… Keep an encrypted spreadsheet (or encrypted text file) with updated user passwords. Why? Your users ARE going to forget their passwords. You can count on it. Instead of your having to go back to the Active Directory user manager and reset their passwords, just keep an updated file with all the passwords in it. That way, all you have to do is a quick lookup. Just remember to encrypt that file so only you can see it. As annoying as Windows 7’s UAC is, it is not without purpose. In fact, that annoying feature is an integral part of the Windows 7 security mechanism. Many people disable UAC to get around that bothersome popup. That might be fine on an admin’s machine (not a server, of course). But with end users, who will be trying to download and install the strangest, must unsafe tools imaginable, you do not want this happening without some warnings being passed to them. With Windows Vista, UAC was nothing more than a serious annoyance. Windows 7 has gone a long way to actually make the UAC useful. So do not disable this feature. Don’t just throw your end users to the wolves without a little preparation. You can teach them a few simple things that will help you in the long run. For example, most techs take for granted what does what on a computer. But how many times have you told users to open up a browser, and they had no idea what you were talking about? Teach them what a browser is, what office tools to do what, what Outlook can do, what keyboard shortcuts are, etc. And don’t even presume to think that an end user knows what it means to safely turn off a computer. You tell some users to shut down their computer and they will simply reach for that power button. And just like that, you have possible data loss on your hands. Make sure all of your end users know the proper way to shut off their machine. This is especially true for your mobile users.1: Schedule tasks
2: Keep a tight rein on permissions
3: Preempt password resets
4: Don’t sacrifice security for usability
5: Provide some basic training
No comments:
Post a Comment