New Shared Computer Toolkit for Windows

cygnusx writes "Microsoft Monitor and Ars Technica are reporting that Microsoft has released an administrative toolkit (beta) to help secure Windows machines that are shared by a number of people. Features include protecting the Windows partition from non-administrative changes and Group Policy-like access restrictions. This should be good news because Microsoft seems to be recognizing that not everyone can go down the Active Directory path to manage their Windows machines better."

administration isn't the problem!

[yagu]

The problem lies more in the design, architecture, and implementation. One facet recently appeared here (The 12-minute Windows Heist) and here (Windows Users Ignoring LUA Security).

Microsoft "grew up" from a fundamentally different mindset than real (no troll intended, just pragmatic viewpoint) computing technologies. Microsoft takes credit (rightly or wrongly) for inventing the PC. PC, that's Personal Computer... and the directory structure (among other things) especially reflects these roots:

• the directory structure is a cobbled together hodgepodge with little apparent cohesive design. In my opinion it is an incredibly "designed by committee" hack.
• any whiff of multi-user directory structure aside from not really being well designed is a cobbled hack on top of old directory structures and paradigms.
• while there certainly isn't any requirement a computer have mulitple users, the notion of multiple users logged into a Windows machine is completely foreign without third party add-ons (terminal servers, et. al.).
• the multilevel kernel architecture and hardware abstraction (HAL) early on were compromised to give direct access to hardware because HAL didn't allow for good enough performance for gaming.
• many programs because of buggy behavior (this is not necessarily Microsoft's fault, but it's still true) require(d) conditional code in NT/XP to run thus propogating buggy design right back into the "new" product.

The third item above was especially interesting to me when I worked at Microsoft. This was the early days of NT, and when I hired on, I didn't have a machine in my office powerful enough to run NT. Wanting to get an early start on learning as much as possible about NT I had an office peer set up an account for me on another NT machine. I asked how to "login" to that machine. He looked at me as if I were mad. His (their) notion of multi-user meant my account on his box gave me access to file services pretty much, not much more.

Administration tools, while a nice idea, in light of the historical artifacts of Windows are only a bandaid over a compound fracture. It might cover up the bleeding and hide the potentially fatal wound, but it isn't going to solve the problem. Microsoft should have taken the time to desing the "P" out of PC when they completely re-designed the underlying technology. Had they done so, many of these problems today either wouldn't exist or would be much easier to fix.

Re:Useless for a lot of people.

[emmetropia]

This is just the same as the User/Root-Approah Microsoft plans - too lat, as always!

Do any of you believe in better late than never? Honestly, people bitch that Microsoft does nothing about security, if they attempt, they're flamed for a "poor attempt". Even now, they're trying to up security in XP, and 2000 users cry that it's too late. My sweet jesus guys, at least there's an effort somewhere. 2000 is pretty well EOL'd, I don't think it's their major worry right now.

Yeah, i'll get flamed for saying that it's not their major worry, and most likely for even backing them, but i'm sick of reading this horse shit.

Let's turn the tables for a minute. I tried installing Mandrake 10 on my laptop a year (maybe year and a half now?) ago. I couldn't get my WiFi to work regardless of how much tweaking I did, what "hack" I tried to implement. There wasn't a driver to be found. I switched to winXP on my laptop because of this, and i'll run XP on my laptop now, until I get a new one, at which point in time, I can't say that i'll try and get my WiFi working again. Are there efforts to fix it? Sure. But i've waiting a year and a half for them. You can offer wifi, but I think it's too late, i've moved on.

I'd bet five dollars that someone will say that it's either a completely different situation, or that I didn't look hard enough. I'd be told to cut the developers a break, at least they're trying, right? I just hate when people play favourites. I'm going to shut up now.