Posted on 11/02/2011 4:19:29 PM PDT by Swordmaker
“Active Directory Group Policy can disable the use of USB drives on domain-joined Windows computers, and prevent network access by non-domain joined computers. Macs cannot be joined to an Active Directory network, or be controlled by AD Group Policy.”
Sure, and then (as usual) the question becomes: “How much do I want to restrict my users productivity in the name of security?”
So now you’ve locked down USB drives, have you also locked down email? Access to SSL enabled websites? Disabled writing optical media? Perhaps you should just get rid of those pesky computers altogether.
“As far as whether a “position” requires access to the information, once non-secured computers are allowed onto the network then you’re faced with trying to control who can and cannot use those computers.”
You’re referring to the “network” as a monolithic entity, which it is not. There are devices called “routers” that can efficiently and extremely securely control which devices have access to given network resources. Making sure “employee owned computers” can’t access sensitive information is trivial.
“If you have that kind of information on your network, there is no rationializing allowing employees to access that data from a non-corporate computer as being anything but very bad practice.”
Nor have I said anything that disagrees with that stance. Company provided Macs (perhaps running Windows in a VM) are a different issue.
No, it doesn't. We don't hire people who can't be productive using the computers we provide for them. If they can be productive on a Mac, they can be productive on a Windows based computer if they want to.
We're not going to re-architect the infrastructure to accomodate a handful of whining hardware snobs.
"No, it doesn't. We don't hire people who can't be productive using the computers we provide for them. If they can be productive on a Mac, they can be productive on a Windows based computer if they want to."
Great job missing the point entirely... Try reading it again.
"We're not going to re-architect the infrastructure to accomodate a handful of whining hardware snobs."
I bet the turnover rate among your best people is plenty high. You epitomize why many folks hate IT/network admins.
BTW, the best attributes of Macs involve software, not hardware.
You epitomize the people the term "Macbot" was invented for.
Now, do you want to keep throwning insults and see if you can turn it into a full-blown flame war?
LOL! Not at all, though I do like to use and support the best available tech. After all, Macs do run more software titles than any other PC.
"Now, do you want to keep throwning insults and see if you can turn it into a full-blown flame war?"
Let's see who was first to use incendiary language...oh yeah it was you with your immortal "We're not going to re-architect the infrastructure to accomodate a handful of whining hardware snobs." Also, by the way, it's "accommodate".
Now, be a good PHB/BOFH and run along... We'll somehow make do without your "wisdom".
You just stay there in your little Mac "ecosystem", and I'll stay here in the real world.
We're an IBM mainframe shop, and I've been at least as accomodating to Apple as they've been to us, historically. They'll get exactly the consideration they deserve from me, and their syncopants can come along for the ride.
‘You just stay there in your little Mac “ecosystem”, and I’ll stay here in the real world.’
It’s hilarious that you’d say that, given that Apple has almost twice the market cap of IBM at the moment. It seems it’s doing a lot of things right, no?
I’ll let you have the last word since you seem to feel compelled to do so.
They're not doing anything I need, despite your apparent belief that you know what I need, how my organization and infrastructure works, and who's accessing what kind of data on my network better than I do.
Where did you get the idea that because they're making a lot of money everybody needs to buy what they're selling?
The only information that remains personal in this life, is something you just thought up. Little can be concealed today, especially if you use a computer.
Soon all your medical information including DNA will be controlled by the IRS, and unlike ICE, they will find you anywhere.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.