Security Out-of-the- Box????

  • Thread starter Thread starter GX
  • Start date Start date
G

GX

Hello All,

I have a couple of questions for all Windows XP security guys here.\

We purchased 30 brnad new machines from Dell. Before you introduce those
machines to your network, would you:
a. boot them up and add them to the domain and do all extra configurations
to the machine as you along with the end user?
b. wipe out a machine out, re-install a clean copy of Windows XP and Office
XP, do updates, install production applications, do the nessesary changes to
the registry for misc items, then extract an image of the machine and then
deplay the same image to all the new workstations?

Is this me the only one thinking this way or is there's anyone outthere that
thinks this is a MUST do for any organization in order to mantain platform
consistency?

I just don't believe in all the 3rd party applications that comes preloaded
with vendords PC.

Thanks
HecG
 
GX said:
Hello All,

I have a couple of questions for all Windows XP security guys here.\
Click to expand...

You might try asking this in the XP security newsgrou as well then ;-)
We purchased 30 brnad new machines from Dell. Before you introduce
those machines to your network, would you:
a. boot them up and add them to the domain and do all extra
configurations to the machine as you along with the end user?
b. wipe out a machine out, re-install a clean copy of Windows XP and
Office XP, do updates, install production applications, do the
nessesary changes to the registry for misc items, then extract an
image of the machine and then deplay the same image to all the new
workstations?
Click to expand...

I'd go for door "b." myself, or a variation of that. I wouldn't trust a
system that had not been re-imaged to my IT dept's standard.
Is this me the only one thinking this way or is there's anyone
outthere that thinks this is a MUST do for any organization in order
to mantain platform consistency?
Click to expand...

Oh yeah. Talking of your 30 PCs, what happens if you order 15 this month and
15 next, and in the time between each order they change the bundled
antivirus software?
I just don't believe in all the 3rd party applications that comes
preloaded with vendords PC.
Click to expand...

I strongly believe that this adds to the cost of supporting these machines
in a company; each machine on the network should ideally conform to your
standard build (its ok to have more than one standard build to meet
different needs, and even ok to allow customisation from a standard build
where needed)


--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.
 
i would:
1. ask dell before i bought them if they could supply them either with no
operating system (if you already have a license that covers them)
or
2. ask dell before i bought them if they could pre-install software to my
specifications instead of their default package.

and
3. if they couldn't do one of the above, look elsewhere for a supplier that
could

the time spent by techs configuring each machine, removing unwanted software
(and fighting the bad uninstallers that leave pieces here and there),
installing new apps, just isn't worth it. so the best thing on your side is
to make one image and duplicate it on all the machines.... however, if you
are going to do that, why pay dell to install stuff you are throwing away?
when buying machines you must THINK AHEAD! the cost of a machine is not
just the hardware and software that come with it, you have to include your
support and headaches.
 
Hi there - several others (and I) replied in m.p.windowsxp.security_admin -
if you need to post to multiple groups, it's best to do so all at once in a
single message (separate the NG names with commas) so that everyone can
follow the thread. A lot of people subscribe to multiple groups, and this
way you won't be asking anyone to reproduce someone else's work, and
everyone can benefit.

Crossposting = posting once to several newsgroups within a single message.
This is not a Bad Thing (presuming the list of groups posted to is small,
and all the groups are truly relevant to your question)

Multiposting = posting separate, identical posts to several newsgroups. This
is a Bad Thing. :-)

See http://www.aspfaq.com/etiquette.asp?id=5003 and
http://www.blakjak.demon.co.uk/mul_crss.htm
 
Lanwench,

Where is the post I placed in regards to the same subject on the
windowsxp.security.admin?

I looked for it but maybe it was deleted? Do you know? I would like to check
the responses.

graxirena AT hotmail DOT com
 
I see it - do you not see your original message from there on 4/13, and all
the replies? Using msnews.microsoft.com as your news server in OE?

Here's what I wrote:
"If you're deploying a bunch of workstations with virtually identical
hardware, I'd use ghost - set up a machine as you wish, patch it, install
whatever you need, take it out of the domain, create a ghost image to the
server, run ghost to deploy it to the workstations, change the names as you
need to, run ghostwalker to change the SIDs, and then rejoin to the domain."

But as I said, you have many replies.
 
Back
Top