On 10/1/2011 7:38 PM, Allen Drake wrote:
Allen Drake wrote:
For the first time ever I will need to allow someone to have access
to my laptop. IT will be installing CAD applications and I espacially
don't want anyone to have access to my files in Outlook 2010 and other
files to numerous to even consider.
Can I get some opinions on a good way to at least password protect
Outlook? I assume Administrator rights will be needed to install
applications. I have never set up accounts as I am the only one that
has ever use any of my systems. Can I set up a limited account for IT
use that will block everything but what they need to do?
Thanks for any suggestions.
Al.
IT already has access to your Outlook files if you are using Exchange as
your mail server. Since you say "IT" then your workstation is in some
corporate network setup and it's likely they are using Exchange. You
only have a *copy* of what is in your mailbox up on their Exchange
server. Also, it is highly likely that they already monitor their
network traffic so anything within your e-mails, even those that come
from an outside e-mail provider (Hotmail, Gmail, etc), can be
interrogated for keywords and recorded. Also remember that all that
Outlook data is *their* property, not yours. You are using their
property: their workstation, their network, their mail servers, their
software. Plus you are supposed to be working for them when you are at
work. Thay may even have installed a [hidden] client on your host to
assist in backing up all their workstations. They can walk over to your
host, logon as Administrator, and take ownership of all your files. If
you thought they didn't have or couldn't get at that data, you're wrong.
You won't protect your mailbox data on their Exchange server. You can't
be sure what they sniffed out on *their* network while you were using
*their* computer. At best, you can use an encryption tool, like
TrueCrypt, to store your other data files that you don't want them to
see. However, some companies have policies that you cannot secrete any
files on *their* property without their permission and without their
availability to access; else, they'll just delete it, especially if they
just reimage your HDD with their sysprep image when you call for help
and that's the quickest way to get you back to doing your work.
By your question, it looks like you don't even have admin privileges on
your host. You login to their network domain using the account they
gave you which assigns you the privileges they choose to give you. At
best, you may be granted a login that gives you admin privs on just that
host alone (but that requires manual configuration and often the IT
folks aren't willing to work with an individual and instead assign
accounts and their privs in "groups" so you belong to a group that
regulates what privs you get). If, for example, you worked in a Dev or
QA group, then you need admin privs but your domain account will give
them only to that host, not any others. Yet the sysadmins will still
have full privileges on your host and can do anything you can do as an
admin.
Forget about hiding your e-mails. They already have that data on their
Exchange server or by sniffing their network traffic. For that other,
um, "personal stuff" either consider removing it from their property or
hide it in an encrypted container (e.g., TrueCrypt and BestCrypt
Portable are free). Of course, that assumes that they aren't running
keyloggers or data miners on *their* property to monitor what their
employees are doing.
If you don't want them finding those data files on their property and
possibly looking inside, don't put them there (on their workstations or
transferred across their network).
Let me make this easier. My laptop that will soon have Solid Works
installed is my private computer not in any way monitored or
controlled by the IT department. Different from the network I am on
while on company property. One other option I have is to install the
application myself in my home. I have been given that option but it is
taking longer than I expected to get the disks. I was considering the
install be done if I wanted to bring my laptop to work. If and when I
decided to do this is what prompted me to this post for advice after
searching for a way to PW protect Outlook 2010. I don't use exchange.
Only Solid works, MasterCam, AutoCad and a few other design SW most in
the privacy of my own home. I might voluntarily bring a drawing home
to complete or modify rather than stay on the job.
It's just that simple.
I guess that it depends on how much you can rely on the IT people to
just install the CAD/CAM software and nothing else.
I'd likely take the laptop to work, go to the IT department, get them to
hand me the install disks, and do it myself.
Lets just say that I'm retired, and no longer have to deal with company
or govt. IT groups. In my years working with minicomps and then P/Cs,
The IT departments went from (If it's not a mainframe, we don't want
anything to do with it!) to (We control Everything, or else!)
The latter gets really funny when you are dealing with a P/C or similar
computer that is used to control banks of instrumentation and equipment.
Thee IT people usually take one look, and eventually say something to
the effect that you can do whatever you want. It can get a bit sticky
when that includes LAN/WAN access without the IT's favorite software.
Obviously you have the years and experience I will never have and I
respect your wealth of knowledge. I plan on never retiring before the
dirt nap. I just having way to much fun above ground.
Al.
As to retirement - -
Unfortunately, my time in the Vietnam Era Navy (in Vietnam no less!)
came back to haunt me with the usual problems. Non retirement was not
an option, unfortunately. Given the present job situation faced by many,
I'm glad to be out of the rat race.
Just one of my more amusing minor "fights" with the IT people involved
(of all things) a fairly fancy HP Laser printer. It was shown as a
computer related peripheral, so a DOD/USAF IT department supposedly had
the say as to what you could buy, etc. The printer was intended to
connect to a software development system, and to be used to print
graphics as well as the usual text, some of which was classified at a
low level. (Totally outside of the IT department's domain and bailiwick)
What happened was that the printer model was brand new, and we had
"borrowed" an engineering unit from HP to prove that it could do what
was needed. Next, the funding had nothing to do with the IT department,
and convincing them and the purchasing people was a drawn out battle.
(The purchasing people were trying to gain control of the funding, so
they could spend it on their computer systems.)
When all was said and done, we got the printers about six months later
than we should have. The cause was that the purchasing and the IT
departments forced us to get the printer model "stock listed".
When the stock number was finally issued, DOD IT ordered the entire
first production run. They ended up paying a few hundred more than
they might have had to, since the stock listed version had options that
were fairly unique to our application and some power plants, and not
needed for the usual computer related applications.
