Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Shared Computer Toolkit for Windows

Posted by Zonk on from the bag-of-tricks dept.

cygnusx writes "Microsoft Monitor and Ars Technica are reporting that Microsoft has released an administrative toolkit (beta) to help secure Windows machines that are shared by a number of people. Features include protecting the Windows partition from non-administrative changes and Group Policy-like access restrictions. This should be good news because Microsoft seems to be recognizing that not everyone can go down the Active Directory path to manage their Windows machines better."

23 comments

  1. Useless for a lot of people. by rincebrain · · Score: 1

    A lot of large labs that I've seen run Windows 2000, and this functionality is useless, as the toolkit is only for Windows XP.

    My lab, for instance, has approximately 100 terminals running Windows 2000...and none of them can benefit from this.

    Great job, too late, Microsoft.

    --
    It's only an insult if it's not true.
    1. Re:Useless for a lot of people. by Ranma-sensei · · Score: 1

      This is just the same as the User/Root-Approah Microsoft plans - too lat, as always!

      --
      Non-supporter of Online Activation and any other draconian DRM
    2. Re:Useless for a lot of people. by Ranma-sensei · · Score: 1

      Whoops, hit the "Submit" Button instead of "Preview" - so much for my credibility. *sigh*

      --
      Non-supporter of Online Activation and any other draconian DRM
    3. Re:Useless for a lot of people. by Sexy+Bern · · Score: 2, Insightful
      With the greatest of respect, TFA says:

      Shared computers are commonly found in schools, libraries, Internet and gaming cafés, community centers, and other locations.

      If you're running a lab with 100 terminals, you should already using group policies.

      Group policies address the needs for a particular market sector. This lock-down tool addresses the needs of another market sector. They do appear to be trying to do "the right thing"!

    4. Re:Useless for a lot of people. by RealityMogul · · Score: 1

      Maybe its a computer "lab" in a school?

    5. Re:Useless for a lot of people. by leloup · · Score: 1

      You are forgetting that MS is discontinuing support for 2000 in a couple of months. There only desktop OS will be XP (until/if Longhorn). Makes sense that this util only supports XP. BTW, I have not RTFA.

      --
      "If it is just us, seems like an awful waste of space." -- movie: Contact
    6. Re:Useless for a lot of people. by emmetropia · · Score: 3, Insightful

      This is just the same as the User/Root-Approah Microsoft plans - too lat, as always!

      Do any of you believe in better late than never? Honestly, people bitch that Microsoft does nothing about security, if they attempt, they're flamed for a "poor attempt". Even now, they're trying to up security in XP, and 2000 users cry that it's too late. My sweet jesus guys, at least there's an effort somewhere. 2000 is pretty well EOL'd, I don't think it's their major worry right now.

      Yeah, i'll get flamed for saying that it's not their major worry, and most likely for even backing them, but i'm sick of reading this horse shit.

      Let's turn the tables for a minute. I tried installing Mandrake 10 on my laptop a year (maybe year and a half now?) ago. I couldn't get my WiFi to work regardless of how much tweaking I did, what "hack" I tried to implement. There wasn't a driver to be found. I switched to winXP on my laptop because of this, and i'll run XP on my laptop now, until I get a new one, at which point in time, I can't say that i'll try and get my WiFi working again. Are there efforts to fix it? Sure. But i've waiting a year and a half for them. You can offer wifi, but I think it's too late, i've moved on.

      I'd bet five dollars that someone will say that it's either a completely different situation, or that I didn't look hard enough. I'd be told to cut the developers a break, at least they're trying, right? I just hate when people play favourites. I'm going to shut up now.

    7. Re:Useless for a lot of people. by vcv · · Score: 1

      Very well put. However, most people have their anti-MS goggles on and can't think logically and objectively. Good luck with the flames.

    8. Re:Useless for a lot of people. by wcb4 · · Score: 2

      Finally, a voice of reason. True, this does not help the win2k users out there, and you know what? patches realeased now do not help the folks who are still using the linux 1.x kernels, the OS has moved on, MS has moved on. XP is, what?, 3 or 4 years old now. Its on SP2 for God's sake. If you have not moved up, then fine, use what works for you, and if it does not work for you then don't compalin that they are not making it work for you.

      I have a slew of machines, evenly split between Windows and non-Windows machines. NT5.0 was a huge step forward as far as stability went, and 5.1 was a huge step forward as far as ease of use went for many users (though mine has been returned to the non-playschool look because that is what *I* prefer). Its not perfect, but then again, nothing is. Much of what I do is under Windows, and I have no real reason to complain. My machines are behind a firewall, I don't reboot my desktops except for the odd update that requires is, and I only shut down my laptops running windows when I take them out of the house (Off still uses less battery than standby and I'd rather have the extra 15-30 minutes of power than save 30-60 seconds of boot time).

      So MS is now trying to make their OS, the current one better. Great. I think its a wonderful idea. I applaud the effort. Since XP is their current OS, its not too late, and if it works, its not too little.

      Grow up folks. The "My Dad is better than your Dad" attitude does nothing to help the cause. Show valid reasons why things are better now, and don't act like my 2 year old when the competition fixes something to close the gap, instead, make something better to re-open it, that is how you win.

      --
      I reject your reality ... and substitute my own.
    9. Re:Useless for a lot of people. by Decker-Mage · · Score: 1
      Hear, bloody hear! Mod me Troll but I couldn't agree more. Win'2K is now EOL'ed after five long years. I still use it, and support it, extensively here and I don't see that changing as it does some things I want very nicely and one of my development targets are all those individuals (one living with me) and businesses that still use it. However, it was five years. Most Linuxen don't even have five year EOL agreements. Heck, I know of only one, Debian, that does. The rest are three years or less. Oops! They can go whine somewhere else.

      As for the new package, it is ideal for those libraries and other public access setups that need this type of thing and I can see that it would also be useful in home setups that don't have the default Administrator everything setup which is still an Achilles Heel (and all those programs that seem to require it which was stupid!). A Band-Aid, but it is something at least.

      Unfortunately I haven't run into too many public access setups that are even running XP. That may change but somehow I don't think anytime soon as these institutions tend to run the machines until dead and when they get a new one they blow away the installed XP and place their own image on it. We'll have to wait and see what the adoption rate is it seems.

      --
      "[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
  2. administration isn't the problem! by yagu · · Score: 4, Insightful

    The problem lies more in the design, architecture, and implementation. One facet recently appeared here (The 12-minute Windows Heist) and here (Windows Users Ignoring LUA Security).

    Microsoft "grew up" from a fundamentally different mindset than real (no troll intended, just pragmatic viewpoint) computing technologies. Microsoft takes credit (rightly or wrongly) for inventing the PC. PC, that's Personal Computer... and the directory structure (among other things) especially reflects these roots:

    • the directory structure is a cobbled together hodgepodge with little apparent cohesive design. In my opinion it is an incredibly "designed by committee" hack.
    • any whiff of multi-user directory structure aside from not really being well designed is a cobbled hack on top of old directory structures and paradigms.
    • while there certainly isn't any requirement a computer have mulitple users, the notion of multiple users logged into a Windows machine is completely foreign without third party add-ons (terminal servers, et. al.).
    • the multilevel kernel architecture and hardware abstraction (HAL) early on were compromised to give direct access to hardware because HAL didn't allow for good enough performance for gaming.
    • many programs because of buggy behavior (this is not necessarily Microsoft's fault, but it's still true) require(d) conditional code in NT/XP to run thus propogating buggy design right back into the "new" product.

    The third item above was especially interesting to me when I worked at Microsoft. This was the early days of NT, and when I hired on, I didn't have a machine in my office powerful enough to run NT. Wanting to get an early start on learning as much as possible about NT I had an office peer set up an account for me on another NT machine. I asked how to "login" to that machine. He looked at me as if I were mad. His (their) notion of multi-user meant my account on his box gave me access to file services pretty much, not much more.

    Administration tools, while a nice idea, in light of the historical artifacts of Windows are only a bandaid over a compound fracture. It might cover up the bleeding and hide the potentially fatal wound, but it isn't going to solve the problem. Microsoft should have taken the time to desing the "P" out of PC when they completely re-designed the underlying technology. Had they done so, many of these problems today either wouldn't exist or would be much easier to fix.

    1. Re:administration isn't the problem! by It+doesn't+come+easy · · Score: 1

      In defense of Microsoft (damn, never thought I'd say that), of course it is a bandaid fix. However, given that XP is as it is, applying a bandaid is all you can do. One of my long standing gripes about Windows as a system is that it's way too complicated to manage the simplest of things (such as permissions). The permission options for the home user is laughable. You're either a full blown admin or are severely restricted to the point that most Windows programs don't function properly. In other words, no control at all. And I can imagine the typical home user trying to figure out group policies. Hopefully, this tool will help make securing user accounts with a reasonable amount of functionality less of a challenge for the home user (I reserve judgement until I try it).

      --
      The NSA: The only part of the US government that actually listens.
    2. Re:administration isn't the problem! by RzUpAnmsCwrds · · Score: 1, Insightful

      Oh, come on. Windows is, and has been for several years, a true multiuser-OS with a strong permission model.

      "the directory structure is a cobbled together hodgepodge with little apparent cohesive design. In my opinion it is an incredibly "designed by committee" hack. "

      Not true. Essentially, there are three directories, "Documents and Settings" (/home), "Program Files" (/bin), and "Windows" (no direct UNIQ equivilent).

      The problem is not the directory structure, it is stupid applications that write to the root directory or the Windows folder.

      "any whiff of multi-user directory structure aside from not really being well designed is a cobbled hack on top of old directory structures and paradigms. "

      That doesn't even make sense. Like Linux and most other multiuser operating systems, individual users get their own home directories. In Windows, they also get their own registry branch.

      "while there certainly isn't any requirement a computer have mulitple users, the notion of multiple users logged into a Windows machine is completely foreign without third party add-ons (terminal servers, et. al.)."

      Bullshit. Try fast user switching in Windows sometime. Or, for that matter, log onto a server running Windows Server 2003. Just because *you* don't use the functionaltiy doesn't mean that it's not there. It's built into XP (though locked down) and into Windows Server 2000 and 2003.

      "the multilevel kernel architecture and hardware abstraction (HAL) early on were compromised to give direct access to hardware because HAL didn't allow for good enough performance for gaming."

      Also wrong. While there have been some compromises, such as moving the GDI into kernel-space, the HAL is still very much used in Windows 2000/XP/2003. DirectX uses the HAL. Indeed, Windows has much *more* hardware isolation than systems with a monolithic kernel, such as Linux.

      "many programs because of buggy behavior (this is not necessarily Microsoft's fault, but it's still true) require(d) conditional code in NT/XP to run thus propogating buggy design right back into the "new" product."

      This is not limited to Microsoft alone. Even CPUs must maintain bug-compatibility. Trying to run old code on a new platform is not an easy task, and the fact that 10-year-old appplications run at all is impressive.

      Your information is out of date. Windows XP is not Windows 98, and it's not Windows NT4. Microsoft has made some poor design choices in the past, and those choices continue to impact their product today. But Windows XP is not the "inherently insecure" OS that you would have us believe. Its architecture is no less secure than Linux - indeed, Linux is a hodgepodge of code.

      Do not sell Microsoft short. They didn't take 95% of the desktop OS market by being stupid. They did it by understanding what their customers would buy. In the end, people want their games to run. They want their copy of Acrobat 3.0 to run. To many of Microsoft's customers, that's more important than having a "pure" OS. To most users, loose permissions and open ports are a small price to pay for that functionality.

  3. Activation code by revmoo · · Score: 1

    0000000 is a geniune windows validation code according to the MS website.

    Download all you like, kids :)

    --
    I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
    1. Re:Activation code by vcv · · Score: 1

      Or you can just tell it you don't wish to validate and download anyway...

  4. Cool... by afd8856 · · Score: 1

    Now all the bot networks operators can control their bots a lot better, right?

    --
    I'll do the stupid thing first and then you shy people follow...
  5. Registration number by gdav · · Score: 2, Insightful

    is generated randomly in javascript by the registration page. Eight digits - the first must be nonzero, the last is seven minus (the sum of the others, mod 7). E.g 10000006.

    1. Re:Registration number by Bronze+Girl · · Score: 1

      Well, it installs but refuses to run - sending you to a stupid registration web page instead.

  6. Lets turn them again by Seraphim_72 · · Score: 1

    OK, I will bite.

    Insert windows issue here

    I switched to [linux] on my laptop because of this, and i'll run [linux] on my laptop now, until I get a new one, at which point in time, I can't say that i'll try and get my Windows issue working again. Are there efforts to fix it? Sure. But i've waiting a year and a half for them. You can offer Windows issue, but I think it's too late, i've moved on.

    See there is the thing - they all have issues. You want supported Wifi (That - I must point out was designed on a win machine - like a win modem) Me, I want ron jobs, and windows has no such feature. So, you know what? Despite standing on opposite sides - we are both right.
    --
    Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
    1. Re:Lets turn them again by Decker-Mage · · Score: 1

      I've been running cron jobs on Windows for years. There are any number of utilities to do it, CygWin, and there is even the equivalent in Windows NT called the AT command, although to get real functionality you do have to learn how to really get down and dirty with Windows scripting. Six of one, half a dozen of another.

      --
      "[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
    2. Re:Lets turn them again by emmetropia · · Score: 1

      Exactly what I was getting at :)

      All OS's have their issues. Plenty of them. I'm tired of people singling out MicroSoft as the be all and end all of bad software producers. Sure, they're not perfect, but no one is.

      What I was saying, was that people will slag them for this update, but if I did the *exact* same thing about any flavour of Linux, someone will come to it's defence, or cry foul play.

  7. wrong... microsoft astroturf fud troll alert by Anonymous Coward · · Score: 0

    >Not true. Essentially, there are three >directories, "Documents and Settings" (/home), >"Program Files" (/bin), and "Windows" (no direct >UNIQ equivilent).

    right. so Program files is a total hodgepodge. try preventing many applications from writing to their "program files" directory. in unix the point of /bin, /sbin, /usr/bin, /usr/local/bin is to separate crucial stuff which should be readonly 99% of the time, vs core applications, vs local additions, vs possibly network mounted apps. and you know that these can all be mounted read only cause thats the difference between /usr and /var .. oh try having your applications on their own readonly partition in windos ...

    1)STFU

    >Bullshit. Try fast user switching in Windows >sometime. Or, for that matter, log onto a server >running Windows Server 2003. Just because *you* >don't use the functionaltiy doesn't mean that >it's not there. It's built into XP (though locked >down) and into Windows Server 2000 and 2003.

    fastuser switching is not the same as multiuser. you can switch with windos-L or whatever. and you can runas.. all you like.. try having a remote user logon and partake of your computer sometime.. oh yeah it logs you out of you desktop..

    2)STFU

    >Also wrong. While there have been some >compromises, such as moving the GDI into >kernel-space, the HAL is still very much used in >Windows 2000/XP/2003. DirectX uses the HAL. >Indeed, Windows has much *more* hardware >isolation than systems with a monolithic kernel, >such as Linux.

    pfff. the ring 0/3 thing is exactly the point. you know that we know that you know, that that was what was being implied by the GP.. ohhh. go on tell me you know someone with a nvidia card that runs the WHQL drivers... oh the official nvidia drivers require you to click "rape me now to continue".. so its obviously the users fault fro not crippling the main reason for owning the machine.

    >"many programs because of buggy behavior (this is >not necessarily Microsoft's fault, but it's still >true) require(d) conditional code in NT/XP to run >thus propogating buggy design right back into the >"new" product."

    see previous point.

    >This is not limited to Microsoft alone. Even CPUs >must maintain bug-compatibility. Trying to run >old code on a new platform is not an easy task, >and the fact that 10-year-old appplications run >at all is impressive.

    see wine.

    >Your information is out of date. Windows XP is >not Windows 98, and it's not Windows NT4.
    but the gdi -> ring 0 design shift from nt3.1 remains in XP.

    >believe. Its architecture is no less secure than >Linux - indeed, Linux is a hodgepodge of code.
    try chroot. sometime. it kicks the arse off walking/running everything in virtual machines

    >Do not sell Microsoft short. They didn't take 95% >of the desktop OS market by being stupid.
    yes they did.

    >They did it by understanding what their customers >would buy. In the end, people want their games to >run. They want their copy of Acrobat 3.0 to run.
    but obviously they dont want their copy of wordperfect or corel or notes to run. check the ibm settlement.

    >To many of Microsoft's customers, that's more >important than having a "pure" OS. To most users, >loose permissions and open ports are a small >price to pay for that functionality
    no its not functionality and its not a small price. its the opposite. take your blinders off. its a lockin, scam, whatever you want to call it. I call shenanigans on microsfot.

  8. too bad by j_buckley · · Score: 1

    I used to read Ars Technica, until it became apparent that "Caesar" Ken Fisher is a racist. He typically comes off like your typical smug armchair intellectual, but once he gets fired up, he's got quite a mouth on him. I've seen him get pretty worked up on IRC over basically nothing.

    It's too bad, too, since the other guys on the site like Hannibal are actually pretty smart.