Work tracking internet history?

estebanrey · 20 Sep 2012 at 17:05

Mr^B said:
The major companies you've worked for have hired idiots and have non-compliant IT practices then.

Compliant with what? I would say an IT department that is spending it's time spying on the employees instead of answering actual support calls was the one with it's priorities the wrong way around.

Mr^B · 20 Sep 2012 at 17:10

Basher said:
Non complaint with what?

I'm not talking about browsing the web, I'm talking about effectively bypassing whatever group security policy is in operation and gaining too much access to your PC without it going through the proper audit checks.

Mr^B · 20 Sep 2012 at 17:11

estebanrey said:
Compliant with what? I would say an IT department that is spending it's time spying on the employees instead of answering actual support calls was the one with it's priorities the wrong way around.

I agree with this completely.

ubern00b · 20 Sep 2012 at 17:11

estebanrey said:
Well maybe you work for some over zealous Big Brother style IT department. As I keep saying, none of the major companies I've worked for have had one of these yet.

It's just simply not how group policy works, it has nothing to do with my company. This isn't the forum (I know, it confused me too) for this though and is just taking this thread off topic.

Basher · 20 Sep 2012 at 17:14

Mr^B said:
I'm not talking about browsing the web, I'm talking about effectively bypassing whatever group security policy is in operation and gaining too much access to your PC without it going through the proper audit checks.

I wasn't talking about browsing the web, either. It was claimed that clearly his company was non compliant, I was just wondering what they were supposed to by complying with?

Absomalutely · 20 Sep 2012 at 17:15

Mr^B said:
I agree with this completely.

Of course! The only reason for running users through a proxy is to spy on them! :rolleyes:

ubern00b · 20 Sep 2012 at 17:17

In terms of everyone shouting at "IT" for monitoring activity or putting "draconian" rules and regulations in place I think you need to realise that for the most part it has nothing to do with IT. Any IT department with the most basic of ITIL knowledge treats the business as a customer. This means that the systems are put in place on the request of other departments and/or the business and has very little to do with IT themselves.

This is based purely on the companies I have worked for and of course you always get that over zealous god complex idiot who wants to know everything about everyone on "their" network and use it as some sort of power trip. I can't speak for those sorts of people...

Mr^B · 20 Sep 2012 at 17:25

Absomalutely said:
Of course! The only reason for running users through a proxy is to spy on them!

No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

estebanrey · 20 Sep 2012 at 17:27

ubern00b said:
It's just simply not how group policy works, it has nothing to do with my company. This isn't the forum (I know, it confused me too) for this though and is just taking this thread off topic.

I wasn't explaining how GPO works.

But even if a GPO did run that removed me from the admin group it wouldn't stop me logging in to the machine (not the network) in the admin account, doing what I need like installing a programme or changing a setting then logging back into the network with my default account again.

I'm pretty sure years ago I even used my admin account to turn off the function within Windows that deals with GP requests.

Bottom line is the person who has physical access to the machine will always be in a superior position to someone trying to control it from afar with scripts and enforced network policies.

Basher · 20 Sep 2012 at 17:28

Mr^B said:
No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

Or just turn off all restrictions and save having to go through the process?

Mr^B · 20 Sep 2012 at 17:28

Basher said:
I wasn't talking about browsing the web, either. It was claimed that clearly his company was non compliant, I was just wondering what they were supposed to by complying with?

Whatever compliance or audit directives they are running.

HardwareGeek · 20 Sep 2012 at 17:29

Mr^B said:
No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

Worked somewhere like this, blocked stuff and you needed to request access through an annoying business process, backfired cos any job this effected just got binned and never completed.

I mean no thought whatsoever put into what was blocked, even suppliers and our wholesalers sites were sometimes blocked, i mean wtf = no work done

Mr^B · 20 Sep 2012 at 17:31

Basher said:
Or just turn off all restrictions and save having to go through the process?

They could do that as well, yes. I don't have a problem with that.

LizardKing · 20 Sep 2012 at 17:31

estebanrey said:
I wasn't explaining how GPO works.

But even if a GPO did run that removed me from the admin group it wouldn't stop me logging in to the machine (not the network) in the admin account,

If they setup GPO correctly it would remove anyone but defined users from the local admin group.

The people you have worked for are clearly inept at setting up a secure environment or not utilising gpo correctly.

estebanrey · 20 Sep 2012 at 17:36

LizardKing said:
If they setup GPO correctly it would remove anyone but defined users from the local admin group.

The people you have worked for are clearly inept at setting up a secure environment or not utilising gpo correctly.

But a GPO cannot run unless you log into the network. You will have a local admin account (i.e username something like 'admin' and different to your network log in) as Windows requires one.

If you know this account password then you can use that to install programmes on the machine then just log into your 'restricted' network log in to use it.

Absomalutely · 20 Sep 2012 at 17:55

Mr^B said:
No, you run a proxy and have heuristics on what is allowed and what isn't. You then let the employees loose on whatever they want. If they want something that is forbidden they request it with a reason and a manager sign-off.

What you then do not NEED to do is sit and monitor individual accounts and access. Which is a waste of time, because you'd probably need one person per 2-3 people to monitor everything manually.

Thanks for the rolleyes, that was a nice touch.

You're welcome.

Of course you don't need someone sitting in IT watching your every move. But having logging in place does not mean that someone is doing just that. Most people couldn't care less what you're looking at, they have printers to fix.

IT departments are there to support the needs of everyone in the company. If HR / a Director wants logs of what someone has been looking at (none of IT's business _why_ they want it) then so be it. This is legal, its the companys equipment. No doubt this was also in the IT usage policy / employment contract you've signed.

The bottom line is. If you're worried about getting caught wasting time / doing something you shouldnt be doing on the internet, then you shouldnt do it.

Mr^B · 20 Sep 2012 at 17:58

Absomalutely said:
You're welcome.

Of course you don't need someone sitting in IT watching your every move. But having logging in place does not mean that someone is doing just that. Most people couldn't care less what you're looking at, they have printers to fix.

IT departments are there to support the needs of everyone in the company. If HR / a Director wants logs of what someone has been looking at (none of IT's business _why_ they want it) then so be it. This is legal, its the companys equipment. No doubt this was also in the IT usage policy / employment contract you've signed.

The bottom line is. If you're worried about getting caught wasting time / doing something you shouldnt be doing on the internet, then you shouldnt do it.

I don't believe I said anything contrary to that, and that all sounds very fair to me.

I think you're mistaking me for someone else though.

Absomalutely · 20 Sep 2012 at 18:02

Mr^B said:
I don't believe I said anything contrary to that, and that all sounds very fair to me.

I think you're mistaking me for someone else though.

Agreeing with estebanrey that if you're recording peoples browsing habits, then you must be a nosy IT bod who spends all day looking at logs?

If I've misunderstood, I apologise. I cant read marketings net logs (juicy stuff) _and_ read OCUK simultaneously it seems.

estebanrey · 20 Sep 2012 at 18:05

Absomalutely said:
Agreeing with estebanrey that if you're recording peoples browsing habits, then you must be a nosy IT bod who spends all day looking at logs?

Which was in response to someone that made it sound like monitoring employees was a primary (rather than a secondary) role of an IT department.

Absomalutely · 20 Sep 2012 at 18:07

whooooooooooooooooooooooops