Slashdot Mirror

← Back to Stories (view on slashdot.org)

UCSB Bans Windows NT/2000 in the Dorms

Posted by ryuzaki0 on from the you've-got-to-be-kidding-me dept.

nick58b writes "The people in charge of the networks for all of the on-campus dorms at UCSB banned the use of Windows NT and 2000 on their networks citing security and network problems associated with them. While there are problems with NT/2000, Windows 98 and ME computers are still permitted. Students using these are "recommended" to upgrade to XP Home Edition. In other news, sales of Windows XP are way up at the campus bookstore."

3 of 436 comments (clear)

  1. What a scam by jameslore · · Score: 5, Insightful

    Permitting Win98 and denying Win2k? For all it's faults, it's not as bad as the 9x series of exploits. Plus with Win2k up to SP3, it's likely more secure than XP.

    Methinks someone wants to make some money...

    1. Re:What a scam by delta407 · · Score: 5, Insightful

      From a private school perspective, Win2k is great. I don't know how you deployed software, but I don't leave anything to "install on first use" -- it's on the hard drive, on the network, or not available. (Microsoft makes tools that let you customize, say, the Office install; no serial number needed, no I Agree on the license agreement, and no Clippy if you so desire.) As far as configuring Outlook 2000, it can be done as a normal user, with the exception of "mode" (Internet or Corporate) which has to be done as administrator but can be done in the base system image. (You do image your clients, right?)

      I don't know what product you're talking about, but Norton AntiVirus Corporate deploys cleanly (via Group Policy) without issues to speak of. The lab printer scenario is a little more complicated, but if you don't want roaming profiles, you can set a mandatory profile and give users a network home. The mandatory profile can include the printer. As far as legacy or proprietary apps go -- open regedt32 or Windows Explorer and change the permissions until it's happy. Then, change your deployment system to do that automatically: problem solved. Don't like Ctrl-Alt-Del? Disable it via Group Policy.

      I don't like Microsoft, but things are far more usable under Windows 2000 than most people would think. Get some network imaging software, reasonably standard desktop hardware, and a Windows 2000 domain with appropriate Group Policy entries. It's really not that bad.

  2. Re:I'll be the first to say it... by kmellis · · Score: 5, Insightful
    They don't suggest those OSs because they would be even less secure in these student's hands than NT/2K was. The issue isn't one of the essential security of a particular operating system. The issue is that NT and 2K, in contrast to Win9x and XP, include some networking services, by default, that are relatively insecure, by default. It's not practical to attempt to get these relatively naive users to secure their OSs. Also, along with better security defaults on shares and IIS and other things, XP is more aggressively (naturally) supported by MS in maintaining its security via bug-fixes and patches--and they do so via a very aggressive transparent version of their auto-update mechanism. In practical terms, XP Home or Pro is going to be much more secure as installed on this campus residential network than many other OSs. Not because it's "better", and not because it's inherently more secure than other OSs, including NT/2K or a UN*X. It just is because that's how it plays out in this particular slice of the real world.

    My problem with this is mostly financial. Obviously, they can restrict usage to their network any darn way they please. But there are inevitably going to be students who simply don't have the money to upgrade from NT/2K to XP. They're imposing a burden on those students that they should try to ease in some manner.

    A good alternative would be a carefully crafted Linux distribution that they pre-configure and make secure according to their needs, and make it available on a CD-ROM. Again, though, even if the security issues were resolved with such a distribution (which would be relatively easy), they would still have to face the costs associated with supporting these naive users using Linux--which would probably be more trouble than it's worth. Thus, they simply say, "Use XP".

    Keep in mind that in some sense, these types of administrators have less control over their networks than corporate admins do. They don't own the licenses to the OSs--they expect the students to supply their own OS. This gives them a lot less control over what's on their network. They don't have a right to lock the machine's configurations down to control security. They probably don't want to have too much involvement with the student's machines, since that would imply a corresponding degree of liability on their part for how the student is using it (meaning: doing illegal things). It's pretty easy for them to identify the OS that a student is using, so their solution (requiring XP) has the biggest benefit for the least cost.

    It is completely absurd for anyone to assume that they are doing this because they have a vested interest in seeing more copies of XP sold.