Locking Down Linux Desktops In an Enterprise?
supermehra writes "How do you move 300 desktops, locked down with Windows ADS Group Policies (GPO), over to Ubuntu desktop? We have tried Centrify, Likewise, Gnome Gconf, and the like. Of course, we evaluated SuSe Desktop Enterprise and RedHat Desktop. Samba 4.0 promises the server side, however nothing for desktop lockdown. And while gnome gconf does offer promise, no real tools for remotely managing 300 desktops running gnome + gconf exist. All the options listed above are expensive, in fact so expensive that it's cheaper to leave M$ on! So while we've figured out the Office suite, email client, browser, VPN, drawing tools, and pretty much everything else, there seems to be no reasonable, open source alternative to locking down Linux terminals to comply with company policies. We're not looking for kiosk mode — we're looking for IT policy enforcement across the enterprise. Any ideas ladies & gentlemen?"
Issue everyone Mittens!!!! They are relatively cheap and make it oh so hard to type terminal commands when worn.
Paws... Then they could have Caps Paws...
But, if Puppet offers tiered services, then you can evaluate the... Puppet Tiers (LOL)... Then controlling the employees simply becomes a matter of ... pulling strings...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Doesn't work:
bash-3.2$ less douchebaggery
douchebaggery: No such file or directory
bash-3.2$
Why not use LSTP? That way you only have to worry about whatever image(s) you keep on the server.
Better yet, use LSD! Then all you have to worry about is why those images are talking to you.
Anybody want my mod points?
No, au contraire. The following policy _will_ guarantee that users will act like adult human beings:
We will take a peep at your files randomly and fire you without severance the first time we find something we don't like. Period.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Locking Down Linux Desktops In an Enterprise?
We leave our security in the hands of Mr. Worf.
I work for the Department of Redundancy Department.
Let me try and predict this one: "[Problem they've randomly had in the last two years and didn't bother to research or bugfix] is the biggest issue in desktop Linux. The developers have lost touch because, for example, [anecdote that offers no valuable bug-ridding information, or even enough to replicate it], showing that [Problem] is still a big of a problem as it was four years ago. I've seen [however instances they've seen it, plus four] instances of this issue in my computer but also in other's, and it refuses to be fixed because Linux is simply put, not user-friendly or stable in the least bit. It's things like these that make me draw the conclusion that Linux is simply not ready for the desktop."
You've already installed Linux. I doubt they can install anything on there that would be a problem, not without gunning for your job that is.
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
Use a boot loader password.
:)
Disable CD/USB boot in BIOS or make the hard drive boot first(and password protect it... with clever users, lock the box so no one can clear the CMOS).
The bottom line though is that if someone has physical access to 'your' box, it's no longer yours. This applies to security as well as users. The only thing you can do is make the process so painful and bothersome that they decide it's not worth it.
Speak softly and carry a big stick. Keeping a CAT5 cable that terminates to a power outlet is a good tool to have handy. Plug it in to the spot on the patch panel where the trouble user's connection is - they'll get the point after a couple of 'hardware failures' for their desktop.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.