• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

policy issue. You'll like this one

I have a laptop that was provided by the companies IT dept (for which I’m part of) and the common practice is the machine name is named after the user name and, the administrator account is also renamed to the user name. We’re on a power 9 network so there no domains to log into Persia.
  So a typical file server mapping would look like this; \\machinename\username and both are the same. It for higher security.  Anyway I hosed the Software restriction policies under the admin account (which is my user name). I was just looking and noticed that it was empty which I now understand is normal for my company. I have luckily another account with admin rights but it’s still not the same as a renamed administrator account.
       What are my options? I need to somehow repair this so the renamed admin account is still the same as the machine name and I can’t of course change my account name.
0
mgendron57
Asked:
mgendron57
  • 2
  • 2
1 Solution
 
RiDo78Commented:
First of all, your companies securitypolicy is a bunch of garbage. When the machinename is identical to the username, it is pretty easy for hackers to find the right resources once they find out how you organized it. Apart from that, renaming the administrator-account is a very good practice, except if it is used by an ordinary user like you. Usually administrators have 2 accounts, one with normal rights for their daily work and one as member of one or more administrative-roles.

Second, how did you manage to have the machinename to be identical to the username? For as far as I know, windows does not like it at all. Try it on a stand-alone machine, windows will refuse to accept a username that is similar to the machine name or a machine-name that is similar to one of the usernames.

So I would suggest to your colleagues to rename the admin-accounts so the names are unique in the network. And I would suggest changing the computernames as well. If they insist that a user must be indentifiable by the computername, consider prefixing them with a letter. For example: \\Wusername\username.

But be carefull because there is a big change that the Active Directory is messed up with computeraccounts having userprofiles and viceversa. So it might be possible that the user johndoe gets trouble logging in when his computer is renamed to Wjohndoe, as his own useraccount might be effected as well.
0
 
mgendron57Author Commented:
You know,
      What you thoughts ae about the company I work for <<<securitypolicy is a bunch of garbage>>> is not really helpful toward the question or more like the scenario I put out there!. And if you read my request you would have not said half the things you did. I OF COURSE have two accounts (if fact I have several) being a Network Admin for one of the biggest and successful companies in the WORLD, I don't think I'll be making any suggestions like,

   <<<So I would suggest to your colleagues to rename the admin-accounts so the names are unique in the network. And I would suggest changing the computernames as well. If they insist that a user must be indentifiable by the computername, consider prefixing them with a letter. For example: \\Wusername\username>>>

If the company I work for was so badly put together (and if you couldn't tell what company I work just buy a single line I wrote well) I wonder how it is that when ever there a huge virus break out, their one of the few who not are affected...Ummmmmm.

So I guess you don't have a real suggestion/answer and just wanted to show me how badly I and the company are doing lololololololo.

Ps...The triple <<<------->>> were quotes from you very helpful response. And you might want to give a look at the   (Question and Answer tips) area.
0
 
RiDo78Commented:
I'm sorry if I did not understand your question correctly, as English is not my native language and I guess it's not your native language either. But what you say here:

"I have a laptop that was provided by the companies IT dept (for which I’m part of) and the common practice is the machine name is named after the user name and, the administrator account is also renamed to the user name."

I assumed that a laptop for the user with username johndoe is named johndoe. Futhermore the local admin-account is also renamed to that user, so you have the user working as admin on a machine that carries the name of the user. And as I said already, that's not the best way to go.

But apparently I'm mistaken.
0
 
isyseuropeCommented:
Sorry mgendron57, but can you explain you problem a little clearer?

You say that you lost restriction policies, but then that it was normal for your comapany to have none. Then that you have another working account with admin rights..

Perhaps I'm missing something here, but please explain and we may be able to help. :)
0
 
mgendron57Author Commented:
I gave you the points for being polite. It was a very difficult issue to explain in type, but there was no better way to explain it. I even showed it to several other IBMers and they knew, as well as I did going in, that it was probably was too involved to try and fix let alone get and instant answer. But, I though I would give it try. I ended up fixing the broken policy just enough to get me through a few days than then I re-imaged it.
Thanks anyway isyseurope

A NOTE TO "RiDo78"
Just a little some advice;

  I would concentrate more on being part of the solution rather the problem. If you re-read you comment, you had nothing to add to this. Frankly it was a waste of my time even having to read it! Oh, and by the by, I was a English major in college smart a___
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now