Ron Kaye Jr on 18 May 2005 20:09:58 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Drexel MCS Society Debate


and users login to an active directory server.
they can be placed in groups (OUs) based on some criteria.
group policies are then applied to those OUs to tighten things up.

it works

rk

-----Original Message-----
From: Art Alexion <art.alexion@verizon.net>
Sent: May 18, 2005 4:02 PM
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Drexel MCS Society Debate

LeRoy Cressy wrote:

> Stephen Gran wrote:
>
>
>
> >Does anything really need to be said here?  They have provided an OS
> >where the user generally runs as root.  They didn't expect problems with
> >that?
>
>
> Windows actually warns against setting up a restricted user stating that
> some program will fail to run.
>
> There is very little concept of user configuration on Windows machines.
>  If a user changes the configuration of a program, the configuration has
> been changed for everyone by default.  For the most part windows does
> not support by default a home directory.  The basic windows setup puts
> all user documents in c:\"my documents" directory.  If you want to add a
> user on a Windows system, there is some work involved to make the user
> have a home directory.

LeRoy,

This isn't really entirely true anymore and it hasn't been since
win98se.  We have always had user accounts on the family windows box and
windows creates user "profiles" directories under the "windows" or
"winnt" directory.  The "profiles" directory includes the "Application
Data" directory which stores program settings, and the "Desktop" and
"Document" directories.  So, "c:\winnt\profiles\arthur" would be similar
to my home "/home/arthur" directory on Linux.  The problem is that
windows lacks a real permissions system, and not every application
developer recognizes the profiles directories, so sometimes settings are
private and sometimes not.  To complicate matters, on win2k, there are
three layers of privilege: Administrator (root), a regular user (who can
do some, but not all administrative things which can have system-wide
effect, like install some applications), and a restricted user (who
can't make system changes).  Problem is, once you are one of these
users, you always have their permissions, so if I have administrative
privileges, I always have them, even when I just log in to type a letter
or check email or browse the web.  (I can create multiple users for
myself, but that is like logging on as root as opposed to su-ing to root
or sudo.  It is cumbersome.)

Now say I have administrative privileges, and I install a couple of
programs.  One may appear on all users desktops and menus while the
other may only appear on my menus.  And there is no way to control
this.  It seems to depend on the sophistication and whim of the
application developer and the third-party installer the developer utilizes.

I don't need to describe how this all works in Linux...




-- 

_______________________________________
Art Alexion
Arthur S. Alexion LLC
arthur [at] alexion [dot] com
aim: aalexion
sms: 2679725536 [at] messaging [dot] sprintpcs [dot] com

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
The attachment -- signature.asc -- is my electronic signature; no need
for alarm.
Info @
http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html

Key for signed PDFs available at
http://mysite.verizon.net/art.alexion/encryption/ArthurSAlexion.p7c
The validation string is TTJY-ZILJ-BJJG.
________________________________________


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug