Work tracking internet history?

The major companies you've worked for have hired idiots and have non-compliant IT practices then.

Compliant with what? I would say an IT department that is spending it's time spying on the employees instead of answering actual support calls was the one with it's priorities the wrong way around.
 
Non complaint with what?

I'm not talking about browsing the web, I'm talking about effectively bypassing whatever group security policy is in operation and gaining too much access to your PC without it going through the proper audit checks.
 
Well maybe you work for some over zealous Big Brother style IT department. As I keep saying, none of the major companies I've worked for have had one of these yet.

It's just simply not how group policy works, it has nothing to do with my company. This isn't the forum (I know, it confused me too) for this though and is just taking this thread off topic.
 
I'm not talking about browsing the web, I'm talking about effectively bypassing whatever group security policy is in operation and gaining too much access to your PC without it going through the proper audit checks.

I wasn't talking about browsing the web, either. It was claimed that clearly his company was non compliant, I was just wondering what they were supposed to by complying with?
 
In terms of everyone shouting at "IT" for monitoring activity or putting "draconian" rules and regulations in place I think you need to realise that for the most part it has nothing to do with IT. Any IT department with the most basic of ITIL knowledge treats the business as a customer. This means that the systems are put in place on the request of other departments and/or the business and has very little to do with IT themselves.

This is based purely on the companies I have worked for and of course you always get that over zealous god complex idiot who wants to know everything about everyone on "their" network and use it as some sort of power trip. I can't speak for those sorts of people...
 
Of course! The only reason for running users through a proxy is to spy on them! :rolleyes:

No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.
 
It's just simply not how group policy works, it has nothing to do with my company. This isn't the forum (I know, it confused me too) for this though and is just taking this thread off topic.

I wasn't explaining how GPO works.

But even if a GPO did run that removed me from the admin group it wouldn't stop me logging in to the machine (not the network) in the admin account, doing what I need like installing a programme or changing a setting then logging back into the network with my default account again.

I'm pretty sure years ago I even used my admin account to turn off the function within Windows that deals with GP requests.

Bottom line is the person who has physical access to the machine will always be in a superior position to someone trying to control it from afar with scripts and enforced network policies.
 
Last edited:
No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

Or just turn off all restrictions and save having to go through the process?
 
No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

Worked somewhere like this, blocked stuff and you needed to request access through an annoying business process, backfired cos any job this effected just got binned and never completed.

I mean no thought whatsoever put into what was blocked, even suppliers and our wholesalers sites were sometimes blocked, i mean wtf = no work done :)
 
Last edited:
I wasn't explaining how GPO works.

But even if a GPO did run that removed me from the admin group it wouldn't stop me logging in to the machine (not the network) in the admin account,

If they setup GPO correctly it would remove anyone but defined users from the local admin group.

The people you have worked for are clearly inept at setting up a secure environment or not utilising gpo correctly.
 
If they setup GPO correctly it would remove anyone but defined users from the local admin group.

The people you have worked for are clearly inept at setting up a secure environment or not utilising gpo correctly.

But a GPO cannot run unless you log into the network. You will have a local admin account (i.e username something like 'admin' and different to your network log in) as Windows requires one.

If you know this account password then you can use that to install programmes on the machine then just log into your 'restricted' network log in to use it.
 
No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

You're welcome.

Of course you don't need someone sitting in IT watching your every move. But having logging in place does not mean that someone is doing just that. Most people couldn't care less what you're looking at, they have printers to fix.

IT departments are there to support the needs of everyone in the company. If HR / a Director wants logs of what someone has been looking at (none of IT's business _why_ they want it) then so be it. This is legal, its the companys equipment. No doubt this was also in the IT usage policy / employment contract you've signed.

The bottom line is. If you're worried about getting caught wasting time / doing something you shouldnt be doing on the internet, then you shouldnt do it.
 
You're welcome.

Of course you don't need someone sitting in IT watching your every move. But having logging in place does not mean that someone is doing just that. Most people couldn't care less what you're looking at, they have printers to fix.

IT departments are there to support the needs of everyone in the company. If HR / a Director wants logs of what someone has been looking at (none of IT's business _why_ they want it) then so be it. This is legal, its the companys equipment. No doubt this was also in the IT usage policy / employment contract you've signed.

The bottom line is. If you're worried about getting caught wasting time / doing something you shouldnt be doing on the internet, then you shouldnt do it.

I don't believe I said anything contrary to that, and that all sounds very fair to me.

I think you're mistaking me for someone else though.
 
I don't believe I said anything contrary to that, and that all sounds very fair to me.

I think you're mistaking me for someone else though.

Agreeing with estebanrey that if you're recording peoples browsing habits, then you must be a nosy IT bod who spends all day looking at logs? :P

If I've misunderstood, I apologise. I cant read marketings net logs (juicy stuff) _and_ read OCUK simultaneously it seems.
 
Last edited:
Back
Top Bottom