security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • security

    I have read on this board that it is best if every user uses the same common login with adminitrative priviledges.
    Can anyone tell me why,
    this is where we are now,
    and I was about to make the suggestion we change all files to read only,
    and everyone use their own login (that do not have administative priviledges)
    to reduce the number of programs we have that are being corrupted,
    and to track exactly who touched the program last.
    Changing programs to read only has little effect when the user can change the permissions.

  • #2
    User's need admin rights. I believe there are several problems that pop up if they don't.

    I think you are best off training your users. If they know how to change permissions, they should be trainable.

    Comment


    • #3
      Originally posted by Goodluck View Post
      User's need admin rights. I believe there are several problems that pop up if they don't.

      I think you are best off training your users. If they know how to change permissions, they should be trainable.
      You're IT guy SHOULD be able to 'track' the keystrokes and mousxe-click-activations (ie changing permissions of files) on each and every PC hooked to the network. Then, if something is changed, he should be able to tell you when. At least, OUR IT guy can track those things and if you ahve users who can 'block' or 'hide' that kind of activity, then they are in the wrong job.
      sigpic
      Originally posted by AndersI
      I've got one from September 2006 (bug ticket) which has finally been fixed in 2013.

      Comment


      • #4
        I believe Admin is needed because pcdmis uses certain windows resources which need the security rights.

        You should not change your file attributes to read only. If you do, you cannot close programs. You would have to use the quit, which would not save your last report or program. But you won't be able to make sure everyone uses quit so not practical.

        My best advice is to use a password utility on "pcdlrn.exe". It prompts a password before letting pcdmis run. I've had issues in the past with monkeys fooling around with programs also. Another thing you can do is delete the "pcdmis online" icon from your desktop and "start" menu. You should then add your pcdmis directory to your windows path settings (Your IT should know). Now the only way to run pcdmis online is to go to start, run, type in "pcdlrn".
        I used to be high on life but I built up a tolerance.

        Brown & Sharpe Global Advantage
        PCDMIS CAD++ v2011mr2
        PH10MQ/SP600M


        sigpic

        Comment


        • #5
          Originally posted by Underspec View Post
          You should not change your file attributes to read only. If you do, you cannot close programs. You would have to use the quit, which would not save your last report or program. But you won't be able to make sure everyone uses quit so not practical.
          You can do what I did and remove 'save' 'save-as' and 'close' from the file menu and tool bars. I can provide instructions if you want to do this. Then, your operators don't have the option to do any of those unless they know the key commands or how to put them back.

          Comment


          • #6
            Originally posted by Goodluck View Post
            You can do what I did and remove 'save' 'save-as' and 'close' from the file menu and tool bars. I can provide instructions if you want to do this. Then, your operators don't have the option to do any of those unless they know the key commands or how to put them back.
            I think he wants to remove the online version so that no one can edit anything. But that would be a good idea if that's all you want to do.
            I used to be high on life but I built up a tolerance.

            Brown & Sharpe Global Advantage
            PCDMIS CAD++ v2011mr2
            PH10MQ/SP600M


            sigpic

            Comment


            • #7
              Originally posted by Underspec View Post
              I think he wants to remove the online version so that no one can edit anything. But that would be a good idea if that's all you want to do.
              If you remove the 'online' version, then you will never check another part again. Operator mode IS online, just limited, but it has issues as well (like, re-booting windoze when you close Pcdmis).
              sigpic
              Originally posted by AndersI
              I've got one from September 2006 (bug ticket) which has finally been fixed in 2013.

              Comment


              • #8
                Originally posted by Matthew D. Hoedeman View Post
                If you remove the 'online' version, then you will never check another part again. Operator mode IS online, just limited, but it has issues as well (like, re-booting windoze when you close Pcdmis).
                I think what Underspec meant was remove the "Online" option from the start menu, not the online version of software?
                sigpic

                James Mannes

                Comment


                • #9
                  Originally posted by Matthew D. Hoedeman View Post
                  If you remove the 'online' version, then you will never check another part again. Operator mode IS online, just limited, but it has issues as well (like, re-booting windoze when you close Pcdmis).
                  Matt, I meant removing access of "pcdmis online" to operators.
                  I used to be high on life but I built up a tolerance.

                  Brown & Sharpe Global Advantage
                  PCDMIS CAD++ v2011mr2
                  PH10MQ/SP600M


                  sigpic

                  Comment


                  • #10
                    Here is what I did

                    Originally posted by RussL View Post
                    I have read on this board that it is best if every user uses the same common login with adminitrative priviledges.
                    Can anyone tell me why,
                    this is where we are now,
                    and I was about to make the suggestion we change all files to read only,
                    and everyone use their own login (that do not have administative priviledges)
                    to reduce the number of programs we have that are being corrupted,
                    and to track exactly who touched the program last.
                    Changing programs to read only has little effect when the user can change the permissions.
                    Thanks to some help I got from folks here:

                    I store the master programs in a special folder (each P/N has its own special folder for "Master" programs) and change the security settings on that folder for the common login to "DENY write".
                    You will have to create these folders with some other login and store the programs in the special folders using the "other" login.
                    This way, no one using the common login can write anything to the special folders, but everyone has access to read and run programs from them.

                    I still "write protect" the program just to prevent ME from accidentally overwriting something.

                    It has worked like a charm.
                    Lately, it occurs to me
                    What a long, strange trip it's been.

                    2017 R1 (Offline programming)

                    Comment


                    • #11
                      Online mode is the same as operator mode except for a different "switch" on the command line. If you have a savvy user they could simply right-click on the operator icon and change the switch or remove it...

                      This lack of security is a supreme weakness in PCDMIS.
                      Links to my utilities for PCDMIS

                      Comment


                      • #12
                        I set up the one next door so that there is no "CLOSE" "SAVE" or "SAVE AS" buttons available. All they have is the "QUIT" button. That way they always "quit without saving". I know it isn't an elegant solution, but it works for me.
                        CMM Programmer
                        Jackson Michigan
                        Mistral 7.7.5
                        4.3MR2

                        Comment

                        Related Topics

                        Collapse

                        Working...
                        X