NonAdmin Pilot

Views:
 
Category: Education
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

The Non – Admin Pilot: 

The Non – Admin Pilot Michel Christaller Ruben Gaspar Aparicio IT/IS

Agenda: 

Agenda Why a new pilot ? How to participate ? What works ? Issues Workaround : NiceAdmin NiceAdmin Details Current situation Next Steps

Why a new pilot ?: 

Why a new pilot ? Every main user / responsible has admin privilege on his computer Enforced at every boot Security concern : Viruses are empowered to harm the computer Pilot goal is verifying we can live without this privilege Restricted to Windows XP

How to participate ?: 

How to participate ? Add your computer in the Pilot using this page http://cern.ch/win/services/nonadminmgr Participation can be cancelled After next reboot, your account looses it’s administrative privilege A pop-up tells you at every log on your status

What works ?: 

What works ? Nice computer installation, automatic updates Most applications : Microsoft Office 2003 (Word, Excel, Powerpoint, Access, Frontpage, Outlook) Internet browsing with Internet Explorer (but..) Outlook Express, Acrobat Reader 7 CERN Phonebook, Nice Alerter Real Player 8, Windows Media Player 10, Windows Messenger 5.1 Symantec Antivirus 10 Remote Desktop Client Exceed 9 User-specific settings in the Control panel like Display settings, Regional settings, Folder options, Internet options .. Creation of a VPN connection to CERN

Issues: 

Issues Access to some local files Checking a drive or defragmenting a partition is not allowed. (Write) Access to the registry Application installation / removal  Third-party applications and drivers installation / usage problems (Remedy, Corel Draw 10, HomeSite, TopSite, Yahoo Messenger, Sony phone synchronization tool with Outlook, installing a scanner..)  Internet Explorer Plug-ins install problems (QuickTime ,Google toolbar..) Outlook 'Report Spam' button (need to register the dll) Symantec Live-update : can’t update manually RealPlayer 8 does not retain some options set Nero burning CD problem Firewall settings Control Panel problems (Power Options..) Changing date/time Updating with 'Windows Update' site

Workaround: 

Workaround Nice Admin application Allows main user / responsible to launch tasks with temporary administrative privileges Adds your account to the local Administrators group Forks a new process which creates a new logon session and builds a new security token Removes your current account from the local Administrators group

NiceAdmin Details: 

NiceAdmin Details Two layer application : Service Restricts administrative privilege to the main user / responsible (as stated in LANDB) Maintains a cache in case of offline use Application Console mode Shortcuts (including shortcut maker) Context handler Demo

Current situation: 

Current situation Documentation page : http://cern.ch/win/docs/nonadmin NiceAdmin workarounds all issues but Access to G: drive in installation scripts IT/IS computers participates to the Pilot, IT/UDS will do soon

Next Steps: 

Next Steps Until 1st December : Participate to the Pilot, test your computer and NiceAdmin application During December or later : If agreed by DTF, Every newly installed computer will participate No automatic deployment on already installed computers – but allowed to participate Automatic deployment can be done on some Departments asking for it Windows Vista may provide a similar tool .. To be checked next year

authorStream Live Help