Do you....
If you know theres a security breech on the nework do you go and fix it even if its not your job or do you leave it till someone notices and sorts it.??
PS: Your not meant to have permissons to edit AD but you do......
PS: Your not meant to have permissons to edit AD but you do......
Foolproof systems don't take into account the ingenuity of fools
Comments
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□It all depends on your feelings towards your company.If you work with a good group of people and enjoy your job you will do yourself or ask a colleague.If you feel your company is screwing you, you might say "who cares" .One thing i really hate is when people classify their job into strict fields and like to say "thats not my job".I'm a techie, if theres a problem i can fix, i fix it, thats it.When working in a multivendor environment if everyone says "Thats not my job its the other vendor blah blah blah", the problem would never get fixed.I've come across alot of these stupid people.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
-
Sie Member Posts: 1,195Sorry let me explain better,
I dont mean i wouldnt do it becuase its not my job because im lazy i mean i shouldnt really being doing it (kind of like catching a robber in a secured area that you shouldnt be in) but the person who should is, is the one who has caused it through lazyness.
Have i confused you yet?
(Involves editing domain admin users and delegating right to OU's correctly)Foolproof systems don't take into account the ingenuity of fools -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Can you detail the problems, including the concept of "least-priveledge" not being employed properly, and put it in an email to someone higher up in the company that will understand you? It would need to be a technical minded manager of some sort. The key is to really try and be helpful, not just pointing out problems to get someone in trouble or make them look bad.
If nothing else, email the person who should be doing his job better and try to help him sort it out. Remember at least email is a way of documenting your steps and can be shown later to a manager or someone as proof that you did indeed try to help.All things are possible, only believe. -
Danman32 Member Posts: 1,243Without knowing official company policy and practical application of said policy, I don't think your question can be answered.
Notification of breech should be given to proper channels in any case. They may want to handle things a certain way to get forensic evidence. In trying to be a 'good guy', you might tamper the evidence that would render it useless for prosecution. -
jpeezy55 Member Posts: 255Sie wrote:Sorry let me explain better,
I dont mean i wouldnt do it becuase its not my job because im lazy i mean i shouldnt really being doing it (kind of like catching a robber in a secured area that you shouldnt be in) but the person who should is, is the one who has caused it through lazyness.
Have i confused you yet?
(Involves editing domain admin users and delegating right to OU's correctly)
I understand your problem. You have rights to edit AD, but according to company policy for your position, you should not have those rights. If you correct the problem yourself, you will let them know that you have had a privilege, that you knew you should not have had, but did not tell them.
And, to make it worse, the person who does have those rights caused the problem by not doing his/her job correctly. So, do you get yourself in trouble (possibly), or do you get the other person in trouble?
If you are on good terms with this person, point out the problem, in e-mail of course for documentation, but don't let on that you know he/she caused it, just state that you saw something was wrong and wanted to point it out to them, since that is their job. This will give them a chance to fix it and not be mad or embarrased. If you are not on good terms, point it out to a supervisor that there is a problem, once again, do not say you know or think you know who caused it, but let them deal with this person how they want to. That way, you are still not blaming anyone and you look good to the boss for catching the error.
Now, did I get it right or make it worse???Tech Support: "Ok, so your monitor is not working, the screen is blank, and no matter what you do it stays blank? Do you see that button on the bottom right hand side just below the screen? Press it. . . . Great, talk to you next time!" -
Sie Member Posts: 1,195Thats basically it, have spoken with another admin though and we are now setting up delegate permissions to OU's and removing the unneeded domain admins, also discussing the rights i have (which by chance we also created by this breech) and if i should have them or not.
Must have some faith in me to leave me with them and help mop up.Foolproof systems don't take into account the ingenuity of fools -
Danman32 Member Posts: 1,243Was there a breach, or just a security hole? A breach is when an intrusion has occured. A security hole is a breach waiting to happen.
It's like leaving your house door unlocked. That's a security hole. If an unauthorized person entered your home, that's a breach.
If it was a breach, then someone with authority needs to be notified to prevent further exploitation. If it is just a security hole that needs to be closed up but no breach has occured yet, then notifying the person in charge of securing the holes can be notified discreetly so he can correct the problem and save face.