[unisog] Google Desktop (cNET inquiry)

Michael Holstein michael.holstein at csuohio.edu
Wed Feb 15 14:47:48 GMT 2006


> I would tend to agree. But I believe the technical solution
> to enforce a policy about software installations should
> involve the actual installation process, not some Rube
> Goldberg after the fact network solution.

If you have everyone in the same domain, this is easy with GPO or 
whatever else you might use (we, for example, block the .exe from running).

This, however, dosen't catch everyone -- since there are plenty of 
professors, etc. that might have what's considered "sensitive" data 
(like a class roster, grades, whatever) on a PC that's not in the domain  .

I agree that any policy must come from "up on high" and be enforced 
unilaterally -- but you're always going to have somebody that "needs 
admin rights", or has some goofy gas chromotagraph that needs to run on 
Windows 95.

At a previous employer, we contemplating disabling the "usb mass 
storage" drivers in Windows to prevent information leakage by lost 
thumbdrives .. but the outcry quickly quashed that idea.

Short of making everyone use Citrix (or dumb Xterms), you're never going 
to be able to force them into acting right. It's that never-ending 
balance between security and usability -- I mean "fluffy is so cute, 
I've just gotta have him as my desktop wallpaper".

~Mike.


More information about the unisog mailing list