First question. Are there company management policies in place to deal
with this? For instance, some employers will fire offending employees for
violating such policies.
Second question. Have you even talked to management about the activities
of some employees in this situation?
First, a company needs some documented (and preferably, signed
acknowledgements) policies. Second, when you find a violation, collect
the PC up as evidence...treating the situation like you would for any
investigation. I'd recommend using the CISSP type guidelines: unplug the
PC (powered up or not) and image the drive for evidence. Then present the
evidence to management to take appropriate action.
Caveat: do not make policies without consulting legal experts. The laws
and ruling vary greatly depending on where you live.
Second, if everything is set up, this is an issue for management. And if
you can get the backing, disconnect the PC entirely from the network until
management has resolved the issue and given you a green light to reconnect
the system.
Sincerely,
Bryan S. Sampsel
LibertyActivist.org
Edward VanDewars said:
We utilize Group Policies and Software Restriction
Policies as the primary means of limiting unwanted
user actions on our desktop machines.
Recently, however, several of our more "creative"
users have discovered that if they remove the ethernet
cable from the computer immediately after logging in
(i.e. as soon as their credentials are accepted) GPs
are not downloaded/applied. These users then are able
to use "net use" commands to map their necessary
network drives so they can work with full access to
resources usually mapped by GPs but without any of the
restrictions/limitations we impose and without
Software Restriction Policies preventing unwanted
programs from running (i.e. my nightmare).
Short of gluing in the ethernet cables, how can I
prevent this bypassing of GPs? It appears that this
is only an issue if a cached local profile does not
exist on the computer. However, these computers use
drive "freezing" software to make changes to local
disks non-persistent. Thus, at each reboot a local
cache of their profile is gone. I tried shortening
the "Group Policy refresh interval for users" but
obviously if they don't download the policy in the
first place the computer will not see the shortened
refresh interval.
Any advice is greatly appreciated; thanks in advance.
__________________________________
Do you Yahoo!?
All your favorites on one personal page ? Try My Yahoo!
http://my.yahoo.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
