Windows 10 showing weird Logon screen

NattNatt

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

Jason

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Dashrender

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Exactly what I was thinking.

Sure, the CEO shouldn't have an admin account, but the CIO is the head of IT. If they want it, they can and should have it.

NattNatt

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Yes, but his main ISNT an admin account..? You said he has one, but doesn't use it day-to-day, which is how it should be..? But the fact the Chairman's laptop isn't even on the domain is always going to be the point of failure...

NattNatt

@Dashrender said:

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Exactly what I was thinking.

Sure, the CEO shouldn't have an admin account, but the CIO is the head of IT. If they want it, they can and should have it.

@Jason said:

the CIO doesn't run in an admin account either (but has one).

^ How I read it is he has one (as he should) but doesn't use his admin account for day-to-day stuff (which again, is the way it should be)?

Dashrender

@NattNatt said:

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Yes, but his main ISNT an admin account..? You said he has one, but doesn't use it day-to-day, which is how it should be..? But the fact the Chairman's laptop isn't even on the domain is always going to be the point of failure...

That was the OP's situation, not @Jason's situation.

NattNatt

@Dashrender said:

@NattNatt said:

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Yes, but his main ISNT an admin account..? You said he has one, but doesn't use it day-to-day, which is how it should be..? But the fact the Chairman's laptop isn't even on the domain is always going to be the point of failure...

That was the OP's situation, not @Jason's situation.

So it was, the lack of avatar confuses me, thought they were the same person, my bad :') apologies @Jason - thought it was OP trying to say "but we did all this stuff" to try and make the initial thing seem better...

Dashrender

Sounds like we are all in agreement then.

CIO and IT staff should have two accounts -

normal every day account = non admin
admin account for admin tasks = admin level.

NattNatt

@Dashrender said:

Sounds like we are all in agreement then.

CIO and IT staff should have two accounts -

normal every day account = non admin
admin account for admin tasks = admin level.

And everyone should be on the domain... EVERYONE especially the chairman...

Dashrender

@NattNatt said:

@Dashrender said:

Sounds like we are all in agreement then.

CIO and IT staff should have two accounts -

normal every day account = non admin
admin account for admin tasks = admin level.

And everyone should be on the domain... EVERYONE especially the chairman...

Well, unless you're doing a LANless design, then it doesn't matter.

Jason

@NattNatt said:

And everyone should be on the domain... EVERYONE especially the chairman...

I don't know about everyone.. There's some laptops we have for maintenance that aren't on the domain, blocked from the network and have local admin rights so they can work on random crap.

NattNatt

@Jason said:

@NattNatt said:

And everyone should be on the domain... EVERYONE especially the chairman...

I don't know about everyone.. There's some laptops we have for maintenance that aren't on the domain, blocked from the network and have local admin rights so they can work on random crap.

As a general rule, unless there is a specific reason for them not to be, they should... obviously there are exceptions, there are to anything...but for least confusion, lets leave it at that for now