Answer the question
In order to leave comments, you need to log in
S
S
SterhXXX2020-01-27 15:47:54
SterhXXX, 2020-01-27 15:47:54
How to prepare a computer before handing it over to a user at an enterprise?
Hello!!!
Colleagues, please share your best practices or advise where to see what complex measures the system administrator should take on the computer before handing it over to the user. I'm not interested in the method, but the action itself: for example, disabling USB, prohibiting installation of programs, prohibiting saving to the desktop ... It is clear that something will be done through GPO, and something will be sealed with electrical tape) Tool tip: +5 to karma)))
Guys. Well, what about you? (((But what about setting the frequency of creating a restore point? But what about setting periodic disk defragmentation? And how about installing remote control on each machine?
It is clear about GPO, most, if not all, should be strived to be done through group policies, and the same is clear about the rights of departments. But what rights are you exposing? Or what rights do you recommend?
It so happened that I work as a system administrator at an enterprise where there is no unification and systematization, despite the fact that there are several points and there is the head of the information department. Therefore, I have almost complete freedom of action, and I want to make everything "beautiful", and so that the subsequent maintenance will be hassle-free.
4 answer(s)
@Rsa97
@antonwx
Without a special need, you should not do this. What really needs to be done is to take away administrator rights and install and password protect the antivirus. Anal gardens are not needed.
@CityCat4
Add to domain - to the group corresponding to the organizational unit in which the user works. All settings should be pulled up by politicians - because politicians should be used, if they exist :) To create something with your hands - you won't get enough time.
As for blocking USB and other things - there are security guards for this. Draining something via USB will still be caught by the SMP with an exact fixation of who, when, where - the user will receive people (and may change his mind about working in the office - at least we had precedents). I don’t think that you have such data there that a one-time leak can greatly affect something - you can run into your own limitations yourself :)
R
Rsa97, 2020-01-27 @Rsa97
Enter into the enterprise domain. Everything else should be determined by domain policies and the rights of a particular user.
A
antonwx, 2020-01-27 @antonwx
disable USB, prohibit installation of programs, disable saves to the desktop
Without a special need, you should not do this. What really needs to be done is to take away administrator rights and install and password protect the antivirus. Anal gardens are not needed.
C
CityCat4, 2020-01-27 @CityCat4
what complex measures should a system administrator take on a computer before handing it over to a user
Add to domain - to the group corresponding to the organizational unit in which the user works. All settings should be pulled up by politicians - because politicians should be used, if they exist :) To create something with your hands - you won't get enough time.
As for blocking USB and other things - there are security guards for this. Draining something via USB will still be caught by the SMP with an exact fixation of who, when, where - the user will receive people (and may change his mind about working in the office - at least we had precedents). I don’t think that you have such data there that a one-time leak can greatly affect something - you can run into your own limitations yourself :)
Similar questions
D
E
T
V
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question