[itdiscuss] Need advice
Thompson, Ken
Ken.Thompson at mtw.org
Mon Jul 6 12:37:22 EDT 2009
Nope, if not on our domain, can't get to file shares or network devices.
We're looking to implement Network Access Protection soon. Might be able to change this at that point. We understand that NAP should give us more options as it will pre-screen a system before it can get on the domain and / or access network devices. But, don't think it'll work for Macs.
Updating monthly seems terribly long these days - seems that malware issues are on the rise and one would want to exert more care rather than less.
We can empathize with the desire but it is a fallen world and security is a "necessary evil" if Greenwood is going to demonstrate good stewardship in providing safe computing for all staff and church members. I doubt that the Worship and Arts staff would want to be responsible for compromising the Greenwood network and exposing staff, member and visitor information to hackers - which could happen were one of their systems to be compromised and then that compromised data passed into the network via the file share.
Another option for file sharing in a more "open" environment is to use an application like SharePoint. We're looking at this for all staff, missionaries and ministry partners. Then SharePoint handles the security pieces, scanning files, etc. this might be the better way to go if you can't fight the security battle mentioned above.
Ken Thompson
IT Manager, Mission to the World
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Rob Shaw
Sent: Monday, July 06, 2009 11:55 AM
To: discuss at itdiscuss.org
Subject: [itdiscuss] Need advice
Our Worship Arts dept is insisting they have some computers they believe have no need to be on the network or under IT's protection ("control" is actually the word they used). But they still want to be able to transfer files between networked and non-networked PCs.
I am wondering if anyone else is in this situation and how you handle the non-controlled (or less controlled) PCs in your environment (PCs include Macs, too)?
As a compromise, I am currently thinking that even these computers should be networked (for their stated need, as well), but can be outside of the regular nightly updates and would only be updated monthly(?). Additionally, these PCs would be outside of the usual desktop control. And one person in their department (the most computer-savvy), would be given local admin rights on their PCs (giving them the faster/instant service) but would be responsible for reporting to me anything they needed to do with these rights on any of their computers. And above all, EVERY PC would maintain proper antivirus protection (currently using SOPHOS on Macs and PCs).
PLEASE... any thoughts or suggestions???!!
[cid:image001.jpg at 01C9FE35.A0AF3AD0]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20090706/f1eb8c65/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 13778 bytes
Desc: image001.jpg
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20090706/f1eb8c65/attachment-0001.jpg
More information about the discuss
mailing list