We use a proprietary system from $vendor to run our Bookstore operation. The Bookstore staff use an “terminal emulation” type application to connect to the system and performs a download (daily) of transactions into a plain text file. The file is then uploaded (through an HTTPS web page) to one of our internal servers, where the transactions are recorded and processed.
Recently, one of the PCs screwed up and it was reimaged with our base image. The “termination emulation” application was reinstalled as well. Soon afterwards, I get a call because $user “can’t upload”. Apparently, the application — when downloading the file from the server — attempts to drop it right into the root of the C: drive.
Here’s an e-mail I just sent to $vendor (name obfuscated to protect the guilty):
Greetings,See, it’s not just corporate lawyers that’re stupid (see previous post with regard to e-mail disclaimers), it’s application developers too!It has come to my attention that an issue with our $vendor system can be resolved by adding the user into the Local Administrators group on their PC, granting them all privileges on their computer.
As are many other organizations, we are slowly removing these privileges from our users. We cannot continue to allow ourselves to make up for deficiencies in application development by granting end users complete control over their computers. As we start to deploy PCs running Windows Vista, this is even more important.
As company policy will very soon dictate that end users are not to have administrative privileges on their computers, this is important if we want to continue using the $vendor system within our organization.
On a side note, apparently your application silently fails if it cannot successfully write a file into the root of the C: drive. We’ve taken a vote and decided that whomever thought that the root of the C: drive on a corporate computer is a good place for a plain text file full of confidential and sensitive application to reside needs a good whack from a clue stick. It makes me worry about the safety of the data that resides on the server itself.
Thanks, -j
– Jeremy L. Gaddis Network Administrator
Recent Comments