Certified Mail

Outsourcing 101; Bill's Mills; AD Accounts and more

RUNAS Command
I liked Don Jones’ “Tips & Tricks” column, “Giving Up Privilege,” in the March issue about the RUNAS command. I’ve been working like this since the early NT 4.0 days. As Don mentions in the column, life has gotten a lot easier since Windows 2000 and Windows XP. But there’s still one thing I just can’t understand. The main feature of running a program as another user is to reach files and programs with different privileges. Even though I’m fond of using the command line (I was born and raised during the DOS era), there’s still some stuff that just works better with a graphical file viewer. That’s were you get shocked to find out that you can run any program with the RUNAS command except Explorer.exe itself! So you can’t use the best file management utility you have as another user, forcing you to log off and log on as another user to work with files. Do you know why this is? Or, do you know a good way to work around this?
—Bruno Horvat, MCSA, MCSE
Sweden

It’s definitely true that you can’t run Explorer with RUNAS; it won’t let you run multiple instances of itself. That’s an overlooked area of functionality with regard to security. What we really need is the old Windows File Manager that can run as a separate utility! In the meantime, there are third-party file management tools that may work for you (check out www.download.com for several), which you could launch under alternate credentials. Hope it helps!
—Don Jones

AD Accounts
As a fellow CISSP and reader of Roberta Bragg’s “Security Advisor” column, I don’t believe March’s “Divide and Conquer” could have come at a more opportune time. As such, I have a best practices question regarding the creation of separate super user accounts for administration. We currently require all domain admins and higher to have separate accounts for administration purposes and one for their regular roles, per best practices. However, as it stands now, regular users who have roles such as help desk and desktop support are members of the account operators group and use their user accounts for creating such.

The question came up due to a theoretical possibility of one of the members of the account operators group logging on with normal credentials, opening an infected e-mail and creating a backdoor that captures the logon credentials. Those credentials could then be used to add or delete regular user accounts, as well as log on locally to shut down domain controllers. The credentials could also be used to delete any and all regular user accounts and groups in the domain. What are your thoughts, Roberta?
—Jack Mackenzie, MCSE:Security, CISSP
Dayton, Ohio

Yes, I believe that best practices for administrative accounts should extend to any account that has privileges that if compromised would... Well, I see from your note that you get the point. Like everything else, it’s a question of risk. It sounds like you’ve already answered your own question. All that remains is to figure out how great the risk of such an occurrence is and what other groups of users may have a similar situation.
—Roberta Bragg

Bill’s Mills
In March’s “Call Me Certifiable” column, Em C. Pea asked for suggestions on where Microsoft might best put its cash reserves (now up to $50 billion) to work. You readers didn't disappoint. Here are some of the responses we liked best.

Just sign Earth over to Bill already and get it done with. Then he can come up with patches for the ozone layer as well as Windows...
—Brian S., via online
New York

How about cutting down the federal debt, so that we can thank Microsoft for unslaving us, or opening some kind of investment fund that would double all corporate donations toward that same goal—and then force aforementioned corporations into donating by not patronizing them unless they do?

Or, forget the debt. We don’t seem to mind owing our souls; let Microsoft make social security solvent for all of us baby boomers by opening and running a trust fund for us.
—Carmen Arif
Garland, Texas

I think Bill’s next strategy is to take over the oil companies—MS Exxon? Even Bill doesn’t have enough money to buy the U.S.A. yet, but why should he when he can control it with oil and software? A gallon of gas would cost about the same as a Windows software CD—about $200. The rest of the world would be in poverty trying to buy enough gasoline to get to their job at MS Texaco, MS California or MS U.S. Congress. Of course, our children would no longer graduate from high school; they would pick from a variety of careers. MS Biologist: This person would develop new frontiers of science to integrate human life into software interests. Microsoft Money Managers: These people would provide more convenient ways of giving more money to Bill. MS Medical Doctors would sell people medication to make sure they don’t rebel against the system. And, of course, there would have to be MS Prison for people like me who can’t keep their mouths shut.
—Loyal Blair, MCP
Miamisburg, Ohio

It’s actually very simple. Give it to SCO so they can sue over Linux.
—Timothy R. Davidson
Vail, Colorado

Outsourcing 101
In response to Dian Schaffhauser’s “Editor’s Desk” in the April issue, “Reality Bites,” outsourcing is a reality that every sector of the job market has to face. It’s a fact we have to deal with in a global economy.

What I disagree with is the idea that unions should somehow get involved. Unions have largely been the cause for much of the outsourcing in our country. They don’t negotiate with the best interest of both parties in mind and, therefore, force corporations to look elsewhere. An example is outsourcing in the automotive industry.

If unions get involved in this industry, it would be a compelling reason for me to transition to another field, not outsourcing.
—Chad A Pirtle, MCP
Twinsburg, Ohio

I’m currently employed as an accountant but was hoping to switch to the IT sector as a database developer. I’m studying to complete an MCDBA/MCSD and am horrified to read the effect that outsourcing has on the IT industry. I’m seriously considering not completing this venture, despite having spent a large sum of money on computer equipment, courses and textbooks—not to mention the time commitment.

You can imagine my disappointment to learn that this dream appears to be in danger of being snatched from in front of me, literally as soon as my efforts are poised to pay off. The idea that salaries in IT are going to collapse and the jobs themselves be exported in large numbers to countries such as India, China and Russia is devastating.

Is the honest advice to anyone in the western high-wage economies, “Don’t touch IT with a barge pole”?
—Gerry
Dublin, Ireland

I don’t think that domestic outsourcing and foreign offshoring are representative of the same problem. U.S.-based companies that compete with one another for the same service contracts at least are competing on a level playing field (skills, personnel, comparable education, and so on) and working from the same cost basis (cost of living, salary expectations,...). Sure, it’s easy to restate the argument that some of these companies aren’t entirely U.S.-based and have divisions overseas and, as such, they should have a competitive cost advantage when bidding contracts as their labor costs are less, but any short-term gain for such companies is illusionary at best and downright detrimental in the long run.

I love working in this field and was hoping it was a career that had longevity and prosperity, but, for the first time, I’m beginning to have misgivings about this concept. I imagine I’ll always be able to find work as a software developer, due to proven experience with multiple platforms, languages and management experience, but I fear it just won’t pay a living wage.
—Drew Wildner, MCP
Cincinnati, Ohio

There’s a balanced way to do all of this. How many people changed their own oil in their car when they were younger? And now they have the dealership do it. It’s cheaper to have someone do something for you. Globalization is here—you can’t stop it. Yet, as a consultant, I see the limitations of outsourcing; I’m not trying to take money out of my pocket. The truth is, if you do something that most people can’t do, you can’t be everywhere at once. So good IT people will still have a job.

Outsoucing to offshore is another thing. There’s nothing wrong with someone having a job, if he or she can do it. But can they? Communications is still a problem—not just language but culture.
—Curt Spanburgh
San Diego, California

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.