Brother Scanning: MFC2700 / MFC 8480
-
@thecreativeone91 said:
I wouldn't give it admin rights, I'd find a work around. Use Process Monitor to see what it needs. https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
What's the harm of giving a single program like this admin rights? All it can do is scan, basically. What threat would that pose to the computer or network?
-
@handsofqwerty said:
@thecreativeone91 said:
I wouldn't give it admin rights, I'd find a work around. Use Process Monitor to see what it needs. https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
What's the harm of giving a single program like this admin rights? All it can do is scan, basically. What threat would that pose to the computer or network?
Privilege escalation, running a program or service with more rights and it needs as how people are able to do it in most cases. It also will give the user access (full control) to any files through the file dialog box inside the program as it will be running with admin rights as well.
-
@thecreativeone91 said:
@handsofqwerty said:
@thecreativeone91 said:
I wouldn't give it admin rights, I'd find a work around. Use Process Monitor to see what it needs. https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
What's the harm of giving a single program like this admin rights? All it can do is scan, basically. What threat would that pose to the computer or network?
Privilege escalation, running a program or service with more rights and it needs as how people are able to do it in most cases. It also will give the user access (full control) to any files through the file dialog box inside the program as it will be running with admin rights as well.
Yeah, that's technically true. But for this software, you setup the directory to scan to and they hit a button and it scans. Besides, if you knew these users...
-
@handsofqwerty said:
Yeah, that's technically true. But for this software, you setup the directory to scan to and they hit a button and it scans. Besides, if you knew these users...
THIS ^^ This right here is what I hear every day - my users will never do anything they aren't supposed to, so I don't need to worry about security issues...
and that's true.. until you do need to worry about it! A different person sits down there and starts messin' around... or a virus gets on there and takes advantage.. etc.
The whole idea of fixing it only after it breaks just drives me insane!
-
eesh, I despise that kinda stuff. Make em' scan to email. Safer, traceable, no permissions garbage, etc.
-
@Dashrender said:
@handsofqwerty said:
Yeah, that's technically true. But for this software, you setup the directory to scan to and they hit a button and it scans. Besides, if you knew these users...
THIS ^^ This right here is what I hear every day - my users will never do anything they aren't supposed to, so I don't need to worry about security issues...
and that's true.. until you do need to worry about it! A different person sits down there and starts messin' around... or a virus gets on there and takes advantage.. etc.
The whole idea of fixing it only after it breaks just drives me insane!
I get where you're coming from, but flip it over. Why create additional issues for yourself when a solution is available in the name of what might happen? It's all a balancing act. Will the potential side effects of granting normal users admin rights to one program result in a greater cost to the client than trying to figure out the perfect solution that might not exist?
-
@MattSpeller said:
eesh, I despise that kinda stuff. Make em' scan to email. Safer, traceable, no permissions garbage, etc.
Yeah, I've become a big fan of scan-to-email, although for large documents, this can be MUCH slower and doesn't always work with attachment size limitations.
-
@handsofqwerty said:
doesn't always work with attachment size limitations.
Thats when you scan to USB stick, but it's gotta be a monster or the printer has really weak compression algorithms.
-
@handsofqwerty said:
@Dashrender said:
@handsofqwerty said:
Yeah, that's technically true. But for this software, you setup the directory to scan to and they hit a button and it scans. Besides, if you knew these users...
THIS ^^ This right here is what I hear every day - my users will never do anything they aren't supposed to, so I don't need to worry about security issues...
and that's true.. until you do need to worry about it! A different person sits down there and starts messin' around... or a virus gets on there and takes advantage.. etc.
The whole idea of fixing it only after it breaks just drives me insane!
I get where you're coming from, but flip it over. Why create additional issues for yourself when a solution is available in the name of what might happen? It's all a balancing act. Is the potential side effects of granting normal users admin rights to one program result in a greater cost to the client than trying to figure out the perfect solution that might not exist?
This is probably one of the best arguments I've ever seen you make!
That said, it's definitely a case by case issue. and I'd personally spend at least 30 mins trying to make this work correctly before just tossing in the towel.
-
@handsofqwerty said:
@MattSpeller said:
eesh, I despise that kinda stuff. Make em' scan to email. Safer, traceable, no permissions garbage, etc.
Yeah, I've become a big fan of scan-to-email, although for large documents, this can be MUCH slower and doesn't always work with attachment size limitations.
Scanning to network often solves this problem then!
-
It sounds like this printer/scanner is connected directly to a computer - but if it's not, I'd definitely setup both Scan to email and scan to network and ditch the local scanning software from the machine.
-
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
-
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
-
@thecreativeone91 said:
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
This, UAC being disabled has cause no end of grief to me on a few computers, I had a Canon MFP that refused to scan to the local disk without UAC enabled.
-
@coliver said:
@thecreativeone91 said:
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
This, UAC being disabled has cause no end of grief to me on a few computers, I had a Canon MFP that refused to scan to the local disk without UAC enabled.
Wow.. not that just seems backwards.
-
@Dashrender said:
@handsofqwerty said:
@Dashrender said:
@handsofqwerty said:
Yeah, that's technically true. But for this software, you setup the directory to scan to and they hit a button and it scans. Besides, if you knew these users...
THIS ^^ This right here is what I hear every day - my users will never do anything they aren't supposed to, so I don't need to worry about security issues...
and that's true.. until you do need to worry about it! A different person sits down there and starts messin' around... or a virus gets on there and takes advantage.. etc.
The whole idea of fixing it only after it breaks just drives me insane!
I get where you're coming from, but flip it over. Why create additional issues for yourself when a solution is available in the name of what might happen? It's all a balancing act. Is the potential side effects of granting normal users admin rights to one program result in a greater cost to the client than trying to figure out the perfect solution that might not exist?
This is probably one of the best arguments I've ever seen you make!
That said, it's definitely a case by case issue. and I'd personally spend at least 30 mins trying to make this work correctly before just tossing in the towel.
Oh I totally agree that totally not trying is a bad idea. However, balance is required. Thank you for the kind words.
-
@coliver said:
@thecreativeone91 said:
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
This, UAC being disabled has cause no end of grief to me on a few computers, I had a Canon MFP that refused to scan to the local disk without UAC enabled.
Without it being ENABLED? That's just weird...
-
@Dashrender said:
@coliver said:
@thecreativeone91 said:
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
This, UAC being disabled has cause no end of grief to me on a few computers, I had a Canon MFP that refused to scan to the local disk without UAC enabled.
Wow.. not that just seems backwards.
Ditto.
-
@Dashrender said:
@coliver said:
@thecreativeone91 said:
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
This, UAC being disabled has cause no end of grief to me on a few computers, I had a Canon MFP that refused to scan to the local disk without UAC enabled.
Wow.. not that just seems backwards.
Agreed... I was trying to figure it out. Even made the user an admin temporarily to see if that had anything to do with it... still wouldn't scan. It was only after enabling UAC (which was off for some reason) that we were able to get it to work... even worked after demoting them to a standard user again.
-
@coliver said:
@Dashrender said:
@coliver said:
@thecreativeone91 said:
@g.jacobse said:
There are about four scanners in the office, and about 20 users.
It is not currently set to scan to the server, but to the local users computer. Each scanner is on the network, separate IP address.
Again, some computers are the issue,.. not all. many work fine with no issues. Pulling the same GPO and User rights.
Same version of windows? Do all have UAC enabled?
This, UAC being disabled has cause no end of grief to me on a few computers, I had a Canon MFP that refused to scan to the local disk without UAC enabled.
Wow.. not that just seems backwards.
Agreed... I was trying to figure it out. Even made the user an admin temporarily to see if that had anything to do with it... still wouldn't scan. It was only after enabling UAC (which was off for some reason) that we were able to get it to work... even worked after demoting them to a standard user again.
When the standard user is running it, do they get a UAC prompt?