Need guidance on basic System Security

[nowwhatnapster]

Mods: If there is a better spot for this thread please move it.

I work for a small retail shop with about 10 employees. I signed up to be their Website admin, but later I learned I was filling in for their sys-admin and web-admin. I am no way trained to be a system admin, but if this jobs gives me the opportunity to learn I might as well take advantage of it. I haven't figured out my career path so this might work well for both parties.

The lack of security measures in place here, scares me. They don't count the cash drawer, nor does anything have a lock/key on it except access to the building. Everyone knows and uses the administrator password for the POS software. It is going to take awhile to fix all these problems.

I just recently migrated all our passwords to KeePass from a spreadsheet and I am starting to work on the windows user accounts, but I could use some direction.

I was thinking of giving each PC a limited user account. I have never actually used a LUA, but I don't think it will be too limiting on any one that works here other than myself.

Any advices would be greatly appreciated.

 

[adam30k]

To start.. do the store owners want the computer security improved?

 

[evilsofa]

They don't count the cash drawer

And with an employee count of 10, the odds that the business is currently being embezzled approach one. You need to think about some CYA.

 

[c0rpt3ch]

I used to work for a company that sounds just like the one you're at. When I started implementing passwords and user limits, it caused a lot of issues. It was my experience that people in that situation don't see the value in what you're doing and think it's more a hindrance than a help. I would start by getting everyone a user name & password and then slowly implement the restrictions.

I hope you have better luck in your situation.

 

[Cmoney90]

Test the software they are using with a LUA first before you implement the changes. Some software requires certain privileges to make changes to configs if needed for whatever reason. For instance, Allscripts.

 

[adam30k]

Using user accounts really depends on what they do the computer. If all they do is use the POS software there should be an account for the computer itself which restricts access to the Start menu, programs, etc etc. Then people will of course have an account in the POS software. I don't see a need for them to be logging in and out of Windows itself. On the other hand, if they need to use an email client or use different websites to check product inventory or look something up etc then you may want to use Windows user accounts. Again removing privileges they don't need like installing software, opening the computer settings, etc.

Since the cash drawers aren't even being counted, like I said do the managers even want this work to be done.