[unisog] Google Desktop (cNET inquiry)
michael.holstein at csuohio.edu
Wed Feb 15 14:47:48 GMT 2006
> I would tend to agree. But I believe the technical solution
> to enforce a policy about software installations should
> involve the actual installation process, not some Rube
> Goldberg after the fact network solution.
If you have everyone in the same domain, this is easy with GPO or
whatever else you might use (we, for example, block the .exe from running).
This, however, dosen't catch everyone -- since there are plenty of
professors, etc. that might have what's considered "sensitive" data
(like a class roster, grades, whatever) on a PC that's not in the domain .
I agree that any policy must come from "up on high" and be enforced
unilaterally -- but you're always going to have somebody that "needs
admin rights", or has some goofy gas chromotagraph that needs to run on
At a previous employer, we contemplating disabling the "usb mass
storage" drivers in Windows to prevent information leakage by lost
thumbdrives .. but the outcry quickly quashed that idea.
Short of making everyone use Citrix (or dumb Xterms), you're never going
to be able to force them into acting right. It's that never-ending
balance between security and usability -- I mean "fluffy is so cute,
I've just gotta have him as my desktop wallpaper".
More information about the unisog