Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Shared Computer Toolkit for Windows

Posted by Zonk on from the bag-of-tricks dept.

cygnusx writes "Microsoft Monitor and Ars Technica are reporting that Microsoft has released an administrative toolkit (beta) to help secure Windows machines that are shared by a number of people. Features include protecting the Windows partition from non-administrative changes and Group Policy-like access restrictions. This should be good news because Microsoft seems to be recognizing that not everyone can go down the Active Directory path to manage their Windows machines better."

1 of 23 comments (clear)

  1. administration isn't the problem! by yagu · · Score: 4, Insightful

    The problem lies more in the design, architecture, and implementation. One facet recently appeared here (The 12-minute Windows Heist) and here (Windows Users Ignoring LUA Security).

    Microsoft "grew up" from a fundamentally different mindset than real (no troll intended, just pragmatic viewpoint) computing technologies. Microsoft takes credit (rightly or wrongly) for inventing the PC. PC, that's Personal Computer... and the directory structure (among other things) especially reflects these roots:

    • the directory structure is a cobbled together hodgepodge with little apparent cohesive design. In my opinion it is an incredibly "designed by committee" hack.
    • any whiff of multi-user directory structure aside from not really being well designed is a cobbled hack on top of old directory structures and paradigms.
    • while there certainly isn't any requirement a computer have mulitple users, the notion of multiple users logged into a Windows machine is completely foreign without third party add-ons (terminal servers, et. al.).
    • the multilevel kernel architecture and hardware abstraction (HAL) early on were compromised to give direct access to hardware because HAL didn't allow for good enough performance for gaming.
    • many programs because of buggy behavior (this is not necessarily Microsoft's fault, but it's still true) require(d) conditional code in NT/XP to run thus propogating buggy design right back into the "new" product.

    The third item above was especially interesting to me when I worked at Microsoft. This was the early days of NT, and when I hired on, I didn't have a machine in my office powerful enough to run NT. Wanting to get an early start on learning as much as possible about NT I had an office peer set up an account for me on another NT machine. I asked how to "login" to that machine. He looked at me as if I were mad. His (their) notion of multi-user meant my account on his box gave me access to file services pretty much, not much more.

    Administration tools, while a nice idea, in light of the historical artifacts of Windows are only a bandaid over a compound fracture. It might cover up the bleeding and hide the potentially fatal wound, but it isn't going to solve the problem. Microsoft should have taken the time to desing the "P" out of PC when they completely re-designed the underlying technology. Had they done so, many of these problems today either wouldn't exist or would be much easier to fix.