security

**#2#** · 05-25-2007, 11:02 AM

User's need admin rights. I believe there are several problems that pop up if they don't.

I think you are best off training your users. If they know how to change permissions, they should be trainable.

**Matthew D. Hoedeman** · 05-25-2007, 11:06 AM

Originally posted by Goodluck View Post

User's need admin rights. I believe there are several problems that pop up if they don't.

I think you are best off training your users. If they know how to change permissions, they should be trainable.

You're IT guy SHOULD be able to 'track' the keystrokes and mousxe-click-activations (ie changing permissions of files) on each and every PC hooked to the network. Then, if something is changed, he should be able to tell you when. At least, OUR IT guy can track those things and if you ahve users who can 'block' or 'hide' that kind of activity, then they are in the wrong job.

**Underspec** · 05-25-2007, 11:21 AM

I believe Admin is needed because pcdmis uses certain windows resources which need the security rights.

You should not change your file attributes to read only. If you do, you cannot close programs. You would have to use the quit, which would not save your last report or program. But you won't be able to make sure everyone uses quit so not practical.

My best advice is to use a password utility on "pcdlrn.exe". It prompts a password before letting pcdmis run. I've had issues in the past with monkeys fooling around with programs also. Another thing you can do is delete the "pcdmis online" icon from your desktop and "start" menu. You should then add your pcdmis directory to your windows path settings (Your IT should know). Now the only way to run pcdmis online is to go to start, run, type in "pcdlrn".

**#2#** · 05-25-2007, 11:32 AM

Originally posted by Underspec View Post

You should not change your file attributes to read only. If you do, you cannot close programs. You would have to use the quit, which would not save your last report or program. But you won't be able to make sure everyone uses quit so not practical.

You can do what I did and remove 'save' 'save-as' and 'close' from the file menu and tool bars. I can provide instructions if you want to do this. Then, your operators don't have the option to do any of those unless they know the key commands or how to put them back.

**Underspec** · 05-25-2007, 11:45 AM

Originally posted by Goodluck View Post

You can do what I did and remove 'save' 'save-as' and 'close' from the file menu and tool bars. I can provide instructions if you want to do this. Then, your operators don't have the option to do any of those unless they know the key commands or how to put them back.

I think he wants to remove the online version so that no one can edit anything. But that would be a good idea if that's all you want to do.

**Matthew D. Hoedeman** · 05-25-2007, 11:50 AM

Originally posted by Underspec View Post

I think he wants to remove the online version so that no one can edit anything. But that would be a good idea if that's all you want to do.

If you remove the 'online' version, then you will never check another part again. Operator mode IS online, just limited, but it has issues as well (like, re-booting windoze when you close Pcdmis).

**JamesMannes** · 05-25-2007, 11:53 AM

Originally posted by Matthew D. Hoedeman View Post

If you remove the 'online' version, then you will never check another part again. Operator mode IS online, just limited, but it has issues as well (like, re-booting windoze when you close Pcdmis).

I think what Underspec meant was remove the "Online" option from the start menu, not the online version of software?

**Underspec** · 05-25-2007, 11:53 AM

Originally posted by Matthew D. Hoedeman View Post

If you remove the 'online' version, then you will never check another part again. Operator mode IS online, just limited, but it has issues as well (like, re-booting windoze when you close Pcdmis).

Matt, I meant removing access of "pcdmis online" to operators.

**John Riggins** · 05-25-2007, 02:17 PM

Here is what I did

Originally posted by RussL View Post

I have read on this board that it is best if every user uses the same common login with adminitrative priviledges.
Can anyone tell me why,
this is where we are now,
and I was about to make the suggestion we change all files to read only,
and everyone use their own login (that do not have administative priviledges)
to reduce the number of programs we have that are being corrupted,
and to track exactly who touched the program last.
Changing programs to read only has little effect when the user can change the permissions.

Thanks to some help I got from folks here:

I store the master programs in a special folder (each P/N has its own special folder for "Master" programs) and change the security settings on that folder for the common login to "DENY write".
You will have to create these folders with some other login and store the programs in the special folders using the "other" login.
This way, no one using the common login can write anything to the special folders, but everyone has access to read and run programs from them.

I still "write protect" the program just to prevent ME from accidentally overwriting something.

It has worked like a charm.

**cmmguy** · 05-28-2007, 02:26 AM

Online mode is the same as operator mode except for a different "switch" on the command line. If you have a savvy user they could simply right-click on the operator icon and change the switch or remove it...

This lack of security is a supreme weakness in PCDMIS.

**Sl33stak** · 05-29-2007, 08:34 AM

I set up the one next door so that there is no "CLOSE" "SAVE" or "SAVE AS" buttons available. All they have is the "QUIT" button. That way they always "quit without saving". I know it isn't an elegant solution, but it works for me.

security

security

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics