ETTE

HomeFAQ for UsersPrinter Friendly Version

FAQ for Users

FAQs

1. How can I get support?

There are multiple ways to reach us for support. The best way to do so is to send an email to helpdesk@ette.biz

You can also submit an online request if your email is not working properly by going to: https://ette.zendesk.com/hc/en-us/requests/new

To reach us by phone, please call 202-345-1965.

Please be sure to always include the best phone number to reach you at when submitting a ticket.

If it is a time sensitive or urgent matter, it is best to call us.

2. What is a Local Admin and How Can I Become One?

What is a Local Administrator (Admin)?

A local administrator is a permission setting that is conducted on the system-level.  It means that a particular user's profile is given sole control when they are signed in to a single machine.  They are able to download various applications without approval, and execute various system commands without limitation.  

Sounds great, doesn't it?  While this is a wonderful feature to have, there is one thing to keep in mind - "with great power, comes great responsibility."  

Okay, while this is a well-known Spiderman movie line, it couldn't be more true.  Local Admins have a lot of power when this ability is granted to them.  They can download and do just about anything they want, which can come with lots of risks to the organization's network.  Choose the wrong application to download, and the network can quickly become infested with various types of malware.  

It's for this reason that the staff here at ETTE not only try to limit who becomes a local admin, but also the number of local administrators there are within a given organization.  The more local admins there are, the more individuals' actions need to be reviewed if something happens that exposes the network to various types of threats.  This can slow down threat response - the less time spent reviewing actions, the more time there is for malware to cause a lot of damage to organization files and/or siphon data to cyber criminals.  

So does this mean I cannot be a Local Admin?

With all of this said, that's not to say that the staff here at ETTE will tell you no outright.  If the user is properly educated about the potential threats and permission is granted from the organization's executive team member(s), local administrative permissions can be granted to an individual.  We simply wish to ensure that the risks are understood and accepted before doing so.  

The best way to request local administrative permissions to a user is to grant it for a short time frame.  For example, if a user has a project that requires them to download a variety of tools and/or modify various attributes that would prompt for administrative credentials and thus, slow down the project, then local admin can be granted for the duration of the project, then be removed when the project is complete.  This is preferable to granting permission indefinitely.  

So if you or a staff member would like to become a local admin, please feel free to reach out to us to request this permission.  We will be happy to work with you and your staff to ensure the proper use cases.  


3. Why Reboot? FAQs

Rebooting computers on a regular basis provides many benefits that can be quite useful to users and to the system itself.  Some of these reasons directly benefit the hardware, which in turn, help the systems to run better.  These indirectly bring benefits to the user - having a happy system means less issues and a longer life.  

Installing Updates

Rebooting a computer is incredibly important for a number of things.  The first is related to the implementation of updates that download in the background via Windows Update.  It's one thing for the download to complete in the background, but it's not until those updates are implemented at startup that they are actually used.  The only way that happens is through going through an update. 

So How Often are Updates Downloaded?  

This can happen several times a month, so a good rule of thumb is to reboot your system once a week.  This will ensure that updates are installed to the startup processes to keep your system running healthy.  

Flushing the system's RAM

No, I don't mean flushing the systems RAM down a drain... Sometimes information can get backed up at the RAM level.  I like describe RAM as a basket between the Hard drive and the processor.  The hard drive will take snippets of data and deposit into the RAM bucket to take to the CPU, and the reverse will happen when data is written "to disc."  Its basically a temporary holding area.  

As such, this "basket" can get overfilled sometimes, which means that things can get a little sluggish because the system is struggling to get to the things in that basket.  This can be when things are writing to disc, and/or implementing the next command the user prompts.  Rebooting the computer forces the system to provide a fresh start for the RAM, which means that the basket gets emptied, and as such, may wind up fixing the backup that was ocurring.  So if you encounter issues during operation, its always a good idea to reboot the computer to see if that resolves them.  

Systems go to the doctor?

When a user reboots a computer, the system gets the chance to run diagnostics at shutdown, and again at startup to ensure everything is running properly.  If the diagnostics come back with an issue, the system will attempt to repair it on the background when its started up next.  However, when systems don't get rebooted regularly, its likely that the system will become buggy and problematic, which then leads to errors that will likely create issues for the users when they use it for their daily tasks.  Additionally, computers that freeze usually benefit from a restart just to get the system to start fresh - which hopefully resolves the issues that caused it to freeze in the first place.

How often should I reboot my system?

Even if this is not in the reference of doing so when updates are installed, it is a good rule to reboot your system at least once a week. This allows for a fresh startup process to occur - which will allow it to clean up any errors that may have occurred during that week's operation.   

----

Like all buggy systems, if you are finding that you are having to reboot your systems to resolve such issues on a more-than regular basis, please contact us to run additional maintenance, as this may signal other issues going on that a simple reboot may not resolve.  


4. Shared Active Directory Account FAQs

Here, we will address all questions about shared accounts:

 

What is a shared account in Active Directory?

A shared account is basically just that - an account that can be utilized by multiple users for the purposes of sharing the login information.  Like all accounts, these accounts are created in the "background" within Active Directory and are designated for the use of logging into accounts within your organization's network (otherwise called a Domain).  

Why would I want to make a Shared Active Directory Account?

Shared accounts can provide multiple people with a singular account to share between themselves and access shared resources (such as network shares) all from one user account.  

What are some Examples of Shared Accounts?

Guest - This account can typically be created for instances where anyone outside of the organization can access the computer for their own personal use.  This is common in libraries and community centers.  

Temp/Intern - These types of accounts may have access to some limited network resources within the organization since organizations may have many users who come and go at any one time.  

 

Are there any drawbacks?

Yes, there are numerous drawbacks to organizing your user accounts this way.  

Shared accounts by definition, means that multiple users may access resources through a singular account.  This does not provide any user accountability and therefore, can make auditing an organization's technical environment a difficult process.  This means that if a user signs in and does something that endangers the network, all users who share that access can be blamed and/or scrutinized, which can distract from addressing the damage that was done in a timely manner. 

Shared accounts are usually linked with a shared, communal network drive that provides all users with the ability to make changes.  While it is possible to fine-tune these permissions with individual users, shared accounts cannot distinguish between one user and another using the same account - again, due to not having any ability to provide accountability.  While it is possible to limit the access to especially sensitive resources, a user may still get into things that are not meant for his/her eyes, simply by having to share the "space" with others.  This can be a huge security concern if sensitive data needs to be kept separate from certain users.  

Shared accounts also make password management a huge security concern. Because multiple users can access these accounts, passwords have to be known to more than one individual and as such, cannot be changed regularly to provide sound security practices.   This can be where you'd have to write it down and leave it near a computer or make it as simple as possible, which means that its easier for an unauthorized user to crack and/or for an authorized user to access that account and its contents.  Furthermore, if a former employee used to use that account and knows the password has never been changed, even when other employees have left, there isn't anything stopping them from attempting to come back to an organization and try to access resources or cause damage.

 

What do I need to consider before deciding to have a Shared Account?

Before moving forward with creating or asking about such accounts, ask what the purpose will be and whether it truly makes sense for your organization to have them? 

How/What policies will you create to secure those accounts?  

What kind of permissions will these accounts have when accessing your network's shared resources?  Write Only, Read Only?  In such scenarios, it would be strongly discouraged to allow Full Control, which gives the ability to delete things.  

How will you make policies about Password management?  What about the frequency and process of changing the Password?

 

What does ETTE Recommend regarding Shared Accounts?

Because we take your security very seriously, ETTE's recommendation will always be to maintain individual accounts only, with very limited, if any, shared accounts.  

However, we understand that there are a few select instances where a shared account may need to happen.  In such cases, we will work with you to provide the most sound processes to maintain the security of your organization's network and its contents.  If you have any questions about the content you've seen here or how to secure your own shared accounts, please feel free to contact us and we'll be happy to assist you.  


5. What Should I do with My Windows XP Machines?


Systems operating under the Windows XP OS are no longer receiving support and critical security-related updates through Microsoft, and as such, are no longer viable for support under ETTE.  
 
The security updates that are passed along through Windows Updates are critical pieces of maintaining the security of your organization's network as a whole.  Because these systems are not receiving those updates, there could be a hole in your network's security that could expose your entire network to malware and other threats.  In rare cases, such holes could also allow certain types of malware to find important data within your network and send it to outside entities who could use it to harm your organization.  
 
There are a few options on how to proceed from here.  If there are plans for your staff to use this system in the future, it is our strong recommendation that you consider updating this system to the newest version of Operating System, Windows 10. 
 
In order to determine whether such systems can be upgraded, ETTE will need to review their hardware capabilities to determine whether they will require additional memory or other hardware components.  In addition, because Windows XP is not included as an Operating System that is capable of being upgraded directly to Windows 10, you will need to purchase a license to an OS that is.   Additionally, please be aware that there may be additional charges from ETTE in order to complete all work associated to preparing the new Operating System. 
 
If the system is unlikely to be used in the near future, and/or the upgrade to Windows 10 is not an option, another option would be to retire this system entirely.  To complete this, we would recommend that any critical data on the Hard drive should be removed.  We can assist you with the proper destruction of the hard drive free of charge. 
 
Until retirement occurs, all XP systems should be disconnected from your network by disconnecting the Ethernet cable from the back port.  Additionally, any wireless capabilities should also be turned off.  This will ensure that this system is no longer capable of connecting to your organization's network.  Disallowing this capability will isolate any infections of malware that may be present from your network. 
 
Please feel free to contact us should you have any questions about how to proceed from this point.  We will be happy to assist you in your decision-making process.