What happens when a developer has admin access to a server

J

jonw757

Gawd
Joined
Dec 7, 2004
Messages
661
One of our biggest security issues where I work is politics. A lot of the developers basically do whatever they want with no real punishment. Here is a great example of how they make their lives easier, give everyone full access to the C: drive and share it out. That will make sure that people who need access have it! WTF?!
omfg.JPG
 
Who is the sysadmin that gives the developers enough access to set permissions on the root drive?
 
kumquat said:
Who is the sysadmin that gives the developers enough access to set permissions on the root drive?
Click to expand...

You must have missed part of my OP. It says security problem = politics.. :( Think of it like this, (it was not me who did this as I just got this position) you give 1 person admin access and then they give it to this person who gives it to this person and they each do their own thing. There are around 5 local admin accounts on the machine. Its horrible, and nothing I can really do besides once I find it, fix it.
 
jonw757 said:
You must have missed part of my OP. It says security problem = politics.. :( Think of it like this, (it was not me who did this as I just got this position) you give 1 person admin access and then they give it to this person who gives it to this person and they each do their own thing. There are around 5 local admin accounts on the machine. Its horrible, and nothing I can really do besides once I find it, fix it.
Click to expand...
No, I read it.

Someone is in charge of the machine, and that someone failed by giving unrestricted admin access to someone who was not responsible for the machine.

If someone who is not responsible for the operation of a computer is given administrative access to the computer, it is a failure of the actual system administrator.
 
kumquat said:
No, I read it.

Someone is in charge of the machine, and that someone failed by giving unrestricted admin access to someone who was not responsible for the machine.

If someone who is not responsible for the operation of a computer is given administrative access to the computer, it is a failure of the actual system administrator.
Click to expand...

Unfortunately a lot of whats been done here is due to the fact that company never really had any good windows security admins. In the beginning things were setup as give everyone access to whatever and do what they want. Its a long drawn out process which mostly everything is in corporate america, to much to explain and not enough resources to fix things. :(
 
Number of Administrators == 1

That should never ever ever ever ever change. If someone needs special priviledges, set them up with an account that does exactly what they need, nothing more. If they don't like it, tough shittles. A shared root is horrible. Horrible. :( It's asking for some tool of a person to install some shitty virus, or suspend a service the computer needs....
 
Sharing out the entire C partition on an NT OS? :rolleyes: May you live to see the day that network goes up in smoke....cherish the moment...it can happen in so many different ways.

Although that's a "Server"? Domain Controller? Or just some peer to peer? (I don't think it's a server, I see "Local users and Groups". Either way, not smart.
 
Just a member server but one of the accounts on the server has access to pretty much every other server on our network...
 
My clients don't have admin access to any of their *own* servers. If they or someone else need administrative access, they contact me and I determine the need as well as if I perform the task or if I supervise the access.

For example, Last night I spent two hours doing a database cleanup for a dentist office after business hours since tech support closed at the same time as the office.

I spent about 7 hours on a customer site today to oversee a software upgrade on a client's server by the software vendor. That software tech was *not* given the administrator password, I logged on the console of the server under a local admin account and stayed in the room while he did his work.
 
SJConsultant said:
For example, Last night I spent two hours doing a database cleanup for a dentist office after business hours since tech support closed at the same time as the office..
Click to expand...


Dentrix? Eaglesoft? Kodak?
 
jonw757 said:
Just a member server but one of the accounts on the server has access to pretty much every other server on our network...
Click to expand...
They should really hire a sysadmin or something.

What do you do over there?
 
jonw757 said:
One of our biggest security issues where I work is politics. A lot of the developers basically do whatever they want with no real punishment. Here is a great example of how they make their lives easier, give everyone full access to the C: drive and share it out. That will make sure that people who need access have it! WTF?!
Click to expand...

So, take that problem and add it too every PC that gets built because the stupid PC techs here built their images that way. That's what I am dealing with right now x1400. GPOs are my friend...
 
kumquat said:
They should really hire a sysadmin or something.

What do you do over there?
Click to expand...

There are 6 people in the server group, I am in Security finally.

MorfiusX said:
So, take that problem and add it too every PC that gets built because the stupid PC techs here built their images that way. That's what I am dealing with right now x1400. GPOs are my friend...
Click to expand...

I hear you, we finally, starting a few months ago have stopped giving admin rights out.

SJConsultant said:
My clients don't have admin access to any of their *own* servers. If they or someone else need administrative access, they contact me and I determine the need as well as if I perform the task or if I supervise the access.
Click to expand...

Thats the right way to do it, congrats!
 
You must log in or register to reply here.
Back
Top