M
murraysholinder
Hi,
I have a client with a Windows 2000 Server, Active Directory installed
and everything is (or was) good with the server. C: drive is the System
drive, D: is the Active Directory drive, E: is the CD-ROM, and F: is
the data drive (RAID 1).
My problem is with the application vendor insisting on two things:
- installing their application software (a product based on the old
Borland Paradox database) on the server. There are five workstations
and no one ever sits at the server so I cannot see any reason why this
would be a good thing.
- part 2 is much worse. After giving the application vendor access to
install the software ("had to be admin level"), the tech installed the
software on C: drive on the server, stored the client data files in a
subdirectory of C: (i.e. c:\data), shared C: drive (left C$ share alone
and created a new "C" share), granted group "Everyone" "Full Control"
to the share, went to the workstations and mapped "remembered" drives
to the new share (no script or Active Directory mapping) and then
installed the software on each workstation.
To say I was choked is an understatement. It is now my chore to
clean-up this mess as the workstations have the mapped drive peppered
in the registry w.r.t. the application and data drive. However, before
I do clean things up, I must "enlighten" the application vendor's
"tech" to how a real server is securely configured.
So that is my question to the group. Are there any TechNet articles,
MCSE documents, etc. that describe what this "tech" did as really
stupid? I need to gather as much ammo as possible to show my client and
the tech's boss that what he did was really, really idiotic.
Um, and the tech's only comment when I asked if he knew this was not a
good idea, his response was "if it was a bad idea, the OS wouldn't have
let me do it!". And I told him I gotta find a bridge or a cliff; if he
can jump off, it must not be a bad idea.
And before anyone questions my sanity, I did not have much choice in
the application software or the vendor or in preventing the dweeb from
having the admin password. However, I do have the choice of walking
away from the client, which is a very real possibility.
Thanks in advance,
Murray
I have a client with a Windows 2000 Server, Active Directory installed
and everything is (or was) good with the server. C: drive is the System
drive, D: is the Active Directory drive, E: is the CD-ROM, and F: is
the data drive (RAID 1).
My problem is with the application vendor insisting on two things:
- installing their application software (a product based on the old
Borland Paradox database) on the server. There are five workstations
and no one ever sits at the server so I cannot see any reason why this
would be a good thing.
- part 2 is much worse. After giving the application vendor access to
install the software ("had to be admin level"), the tech installed the
software on C: drive on the server, stored the client data files in a
subdirectory of C: (i.e. c:\data), shared C: drive (left C$ share alone
and created a new "C" share), granted group "Everyone" "Full Control"
to the share, went to the workstations and mapped "remembered" drives
to the new share (no script or Active Directory mapping) and then
installed the software on each workstation.
To say I was choked is an understatement. It is now my chore to
clean-up this mess as the workstations have the mapped drive peppered
in the registry w.r.t. the application and data drive. However, before
I do clean things up, I must "enlighten" the application vendor's
"tech" to how a real server is securely configured.
So that is my question to the group. Are there any TechNet articles,
MCSE documents, etc. that describe what this "tech" did as really
stupid? I need to gather as much ammo as possible to show my client and
the tech's boss that what he did was really, really idiotic.
Um, and the tech's only comment when I asked if he knew this was not a
good idea, his response was "if it was a bad idea, the OS wouldn't have
let me do it!". And I told him I gotta find a bridge or a cliff; if he
can jump off, it must not be a bad idea.
And before anyone questions my sanity, I did not have much choice in
the application software or the vendor or in preventing the dweeb from
having the admin password. However, I do have the choice of walking
away from the client, which is a very real possibility.
Thanks in advance,
Murray