There are multiple ways to reach us for support. The best way to do so is to send an email to email@example.com
You can also submit an online request if your email is not working properly by going
To reach us by phone, please call 202-345-1965.
Please be sure to always include the best phone number to reach you at when submitting a ticket.
If it is a
What is a Local Administrator (Admin)?
A local administrator is a permission setting that is conducted on the system-level. It means that a particular user's profile is given sole control when they are signed in to a single machine. They are able to download various applications without
Sounds great, doesn't it? While this is a wonderful feature to have, there is one thing to keep in mind - "with great power, comes great responsibility."
Okay, while this is a well-known Spiderman movie line, it couldn't be
It's for this reason that the staff here at ETTE not only try to limit who becomes a local admin, but also the number of local administrators there are within a given organization. The more local admins there are, the more individuals' actions need to be reviewed if something happens that exposes the network to various types of threats. This can slow down threat response - the less time spent reviewing actions, the more time there is for malware to cause a lot of damage to organization files and/or siphon data to cyber criminals.
So does this mean I cannot be a Local Admin?
With all of this said, that's not to say that the staff here at ETTE will tell you no outright. If the user is properly educated about the potential threats and permission is granted from the organization's executive team member(s), local administrative permissions can be granted to an individual. We simply wish to ensure that the risks are understood and accepted before doing so.
The best way to request local administrative permissions to a user is to grant it for a short time frame. For example, if a user has a project that requires them to download a variety of tools and/or modify various attributes that would prompt for administrative credentials and thus, slow down the project, then local admin can be granted for the duration of the project, then be removed when the project is complete. This is preferable to granting permission indefinitely.
So if you or a staff member would like to become a local admin, please feel free to reach out to us to request this permission. We will be happy to work with you and your staff to ensure the proper use cases.
Rebooting computers on a regular basis provides many benefits that can be quite useful to users and to the system itself. Some of these reasons directly benefit the hardware, which in turn, help the systems to run better. These indirectly bring benefits to the user - having a happy system means less issues and a longer life.
Rebooting a computer is incredibly important for a number of things. The first is related to the implementation of updates that download in the background via Windows Update. It's one thing for the download to complete in the background, but it's not until those updates are implemented at startup that they are actually used. The only way that happens is through going through an update.
So How Often are Updates Downloaded?
This can happen several times a month, so a good rule of thumb is to reboot your system once a week. This will ensure that updates are installed to the startup processes to keep your system running healthy.
Flushing the system's RAM
No, I don't mean flushing the systems RAM down a drain... Sometimes information can get backed up at the RAM level. I like describe RAM as a basket between the Hard drive and the processor. The hard drive will take snippets of data and deposit into the RAM bucket to take to the CPU, and the reverse will happen when data is written "to disc." Its basically a temporary holding area.
As such, this "basket" can get overfilled sometimes, which means that things can get a little sluggish because the system is struggling to get to the things in that basket. This can be when things are writing to disc, and/or implementing the next command the user prompts. Rebooting the computer forces the system to provide a fresh start for the RAM, which means that the basket gets emptied, and as such, may wind up fixing the backup that was ocurring. So if you encounter issues during operation, its always a good idea to reboot the computer to see if that resolves them.
Systems go to the doctor?
When a user reboots a computer, the system gets the chance to run diagnostics at shutdown, and again at startup to ensure everything is running properly. If the diagnostics come back with an issue, the system will attempt to repair it on the background when its started up next. However, when systems don't get rebooted regularly, its likely that the system will become buggy and problematic, which then leads to errors that will likely create issues for the users when they use it for their daily tasks. Additionally, computers that freeze usually benefit from a restart just to get the system to start fresh - which hopefully resolves the issues that caused it to freeze in the first place.
How often should I reboot my system?
Even if this is not in the reference of doing so when updates are installed, it is a good rule to reboot your system at least once a week. This allows for a fresh startup process to occur - which will allow it to clean up any errors that may have occurred during that week's operation.
Like all buggy systems, if you are finding that you are having to reboot your systems to resolve such issues on a more-than regular basis, please contact us to run additional maintenance, as this may signal other issues going on that a simple reboot may not resolve.
Here, we will address all questions about shared accounts:
What is a shared account in Active Directory?
A shared account is basically just that - an account that can be utilized by multiple users for the purposes of sharing the login information. Like all accounts, these accounts are created in the "background" within Active Directory and are designated for the use of logging into accounts within your organization's network (otherwise called a Domain).
Why would I want to make a Shared Active Directory Account?
Shared accounts can provide multiple people with a singular account to share between themselves and access shared resources (such as network shares) all from one user account.
What are some Examples of Shared Accounts?
Guest - This account can typically be created for instances where anyone outside of the organization can access the computer for their own personal use. This is common in libraries and community centers.
Temp/Intern - These types of accounts may have access to some limited network resources within the organization since organizations may have many users who come and go at any one time.
Are there any drawbacks?
Yes, there are numerous drawbacks to organizing your user accounts this way.
Shared accounts by definition, means that multiple users may access resources through a singular account. This does not provide any user accountability and therefore, can make auditing an organization's technical environment a difficult process. This means that if a user signs in and does something that endangers the network, all users who share that access can be blamed and/or scrutinized, which can distract from addressing the damage that was done in a timely manner.
Shared accounts are usually linked with a shared, communal network drive that provides all users with the ability to make changes. While it is possible to fine-tune these permissions with individual users, shared accounts cannot distinguish between one user and another using the same account - again, due to not having any ability to provide accountability. While it is possible to limit the access to especially sensitive resources, a user may still get into things that are not meant for his/her eyes, simply by having to share the "space" with others. This can be a huge security concern if sensitive data needs to be kept separate from certain users.
Shared accounts also make password management a huge security concern. Because multiple users can access these accounts, passwords have to be known to more than one individual and as such, cannot be changed regularly to provide sound security practices. This can be where you'd have to write it down and leave it near a computer or make it as simple as possible, which means that its easier for an unauthorized user to crack and/or for an authorized user to access that account and its contents. Furthermore, if a former employee used to use that account and knows the password has never been changed, even when other employees have left, there isn't anything stopping them from attempting to come back to an organization and try to access resources or cause damage.
What do I need to consider before deciding to have a Shared Account?
Before moving forward with creating or asking about such accounts, ask what the purpose will be and whether it truly makes sense for your organization to have them?
How/What policies will you create to secure those accounts?
What kind of permissions will these accounts have when accessing your network's shared resources? Write Only, Read Only? In such scenarios, it would be strongly discouraged to allow Full Control, which gives the ability to delete things.
How will you make policies about Password management? What about the frequency and process of changing the Password?
What does ETTE Recommend regarding Shared Accounts?
Because we take your security very seriously, ETTE's recommendation will always be to maintain individual accounts only, with very limited, if any, shared accounts.
However, we understand that there are a few select instances where a shared account may need to happen. In such cases, we will work with you to provide the most sound processes to maintain the security of your organization's network and its contents. If you have any questions about the content you've seen here or how to secure your own shared accounts, please feel free to contact us and we'll be happy to assist you.