[brlug-general] Active Directory Mandated at LSU

worms worm402 at gmail.com
Mon Oct 1 01:15:50 CDT 2007 

http://appl003.lsu.edu/itsweb/securityweb.nsf/$Content/LSU/$file/letter.pdf

On 9/27/07, Dustin Puryear <dustin at puryear-it.com> wrote:
> If you are part of AD, then you are subject to a Domain Admin, period.
> Now, if they are establishing various trust relationships then things
> are different. Since we don't know how any of this is being implemented,
> it's next to impossible to really know one way or the other. :)
>
> --
> Puryear Information Technology, LLC
> Baton Rouge, LA * 225-706-8414
> http://www.puryear-it.com
>
> Author, "Best Practices for Managing Linux and UNIX Servers"
>   http://www.puryear-it.com/pubs/linux-unix-best-practices
>
> Identity Management, LDAP, and Linux Integration
>
>
> Andrew Baudouin wrote:
> > He's talking about the fact that IT has promised the department admins
> > the ability to lock IT out of their servers.
> >
> > Nothing to see here, move along.
> >
> > On 9/27/07, * Dustin Puryear* <dustin at puryear-it.com
> > <mailto:dustin at puryear-it.com>> wrote:
> >
> >     Honestly, I don't know what you mean by "AD lockout". :)
> >
> >     --
> >     Puryear Information Technology, LLC
> >     Baton Rouge, LA * 225-706-8414
> >     http://www.puryear-it.com
> >
> >     Author, "Best Practices for Managing Linux and UNIX Servers"
> >       http://www.puryear-it.com/pubs/linux-unix-best-practices
> >
> >     Identity Management, LDAP, and Linux Integration
> >
> >
> >     willhill wrote:
> >     > The problems is that people like you are already running ADs of
> >     their own and
> >     > think they are doing a better job than IT will.  I've gotten
> >     conflicting
> >     > reports of how much control this will actually give the IT
> >     people.  IT claims
> >     > they will let you lock them out and there's no way around that
> >     lock out.
> >     > Others have their doubts.  These people know their machines and their
> >     > department needs much better than the IT people do, so I can
> >     understand their
> >     > suspicion and fear.  Job security is another thing for them to
> >     worry about.
> >     >
> >     > So, Dustin, who's right about the AD lockout?
> >     >
> >     > On Thursday 27 September 2007 10:36 am, Dustin Puryear wrote:
> >     >> My thoughts are that if LSU owns the equipment, then they get to
> >     manage
> >     >> it. And when it comes to AD, fact is, I *like* AD. It's powerful
> >     and has
> >     >> some very strong policy enforcement mechanisms.
> >     >>
> >     >> What I think gets lost in the shuffle sometimes is the fact that it
> >     >> costs much more to manage a box than it does to buy a box. MUCH MORE.
> >     >> And it's a recurring expense. So any mechanism that makes improves
> >     >> management is usually fine by me. :)
> >     >>
> >     >> This goes for Windows, Linux, whatever.
> >     >
> >     > _______________________________________________
> >     > General mailing list
> >     > General at brlug.net <mailto:General at brlug.net>
> >     > http://mail.brlug.net/mailman/listinfo/general_brlug.net
> >
> >     _______________________________________________
> >     General mailing list
> >     General at brlug.net <mailto:General at brlug.net>
> >     http://mail.brlug.net/mailman/listinfo/general_brlug.net
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > General mailing list
> > General at brlug.net
> > http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>

More information about the General mailing list