Locking Down Linux Desktops In an Enterprise?

supermehra writes "How do you move 300 desktops, locked down with Windows ADS Group Policies (GPO), over to Ubuntu desktop? We have tried Centrify, Likewise, Gnome Gconf, and the like. Of course, we evaluated SuSe Desktop Enterprise and RedHat Desktop. Samba 4.0 promises the server side, however nothing for desktop lockdown. And while gnome gconf does offer promise, no real tools for remotely managing 300 desktops running gnome + gconf exist. All the options listed above are expensive, in fact so expensive that it's cheaper to leave M$ on! So while we've figured out the Office suite, email client, browser, VPN, drawing tools, and pretty much everything else, there seems to be no reasonable, open source alternative to locking down Linux terminals to comply with company policies. We're not looking for kiosk mode — we're looking for IT policy enforcement across the enterprise. Any ideas ladies & gentlemen?"

IT policy?

Sorry - after dealing with an IT group who thinks they know best for every situation, and thus promoting things like "All virus scans will be run during normal business hours", "No linux systems on the production networks", etc. I have no desire to help "the man".

This is very gay

What a bad idea. Linux is too cool to be locked away!

Re:M$

[Bryansix]

When a software company cuts off an operating system at the knees as Microsoft has done with XP in order to promote you to spend more money then the albeit childish acronym of "M$" does indeed apply. The sad part is that Vista STILL isn't ready for primetime and while Windows 7 shows promise as the real Vista SP2; it is not out yet and so you are stuck supporting users on an OS which isn't even for sale anymore.

Canonical Landscape

If you are using Ubuntu on your desktops, you can use Canonical's Landscape service to manage packages across all machines. I presume it can manage user accounts and group permissions, which really is all you need to manage user activities in a generally-similar way to the Windows Group Policies.

See http://www.canonical.com/projects/landscape

And no, I am not affiliated with Canonical, though I have assisted the diagnosis of Ubuntu bugs.

That's what SHE said!!

A YouTube sensation!!!

Re:Isn't this something Unix solved decades ago?

[jamstar7]

This is true, if you don't want your employees to be productive beyond the 6 apps you've installed for them.. but if you want them to actually be able to use the wide variety of open source applications that are available then clearly they need to be able to run a package manager and install new apps. This basically means giving them root.

Let them screw around with package managers on their own time and their home machines. Letting users screw around with root access on a production machine is just asking for trouble. These machines belong to the company, not the user.

One of my clients demanded all his employees have administrator/superuser access on the company server. I told him no way, and why that was a bad idea. He insisted. I wrote him out a bill on the spot for time and services rendered, and gave him the number of a competitor with even less of a sense of humor than I have, then told him he'd be calling his new consultant on a daily basis as various users hosed their workstations and his servers. I also advised him to make sure the new consultant set him up with a damned good backup solution, he'd need it. Two days later, their new consultant called me up to bitch at me. I told him, 'Hey, consider it job security and charge 'em triple.'.

Re:Can someone wash my underwear?

I made an obama in my pants!

Two Obama girls. One cup. What are you going to do?

Re:Can someone wash my underwear?

If you want to see how Slashdot readers are moronic jerkoffs, I highly recommend reading the comment below. 99% of these supposed linux experts have no clue what they're talking about! Windows ownage ahead.