Richard – a minor rant,
In a school environment you can remove all tools that allow a student to have access to files in protected folders. The best way is to purchase 3rd party security software but you can achieve the same results through the Restrictrun policy plus a removal of problem programs plus disabling of hot keys, plus various system policies, etc. It does work, I have seen it work.
Many schools, libraries & universities (thousands or even 10 of thousands of institutions) have done successfully large scale implementations of Win9x clients & these systems stayed stable & protected for long periods of time. Even today, many such Win9x labs still exist, 8 years after Win9x was released. These environments have undergone an intensive invasive use on a daily basis for close to a decade. The equivalent in a business environment does not exist. Imagine if a significant number of workers made it their primary goal each day to disable the computer on their desk. In the business world the philosophy is the user controls, protects & influences their machine/system to some extent. Whereas in a school, we know that a significant number of users are hostile to the computers. As a consequence, in a school things are done & should be done that would never fly in the business world.
Another perspective, Novell 3/4 had many security features that were ideal for school IT managers. When MS brought out the proprietary ACL/SID security environment with NT, it was a serious backward step for many schools. Things that were easy in Novell were impossible in this new environment. It took years for IT managers in schools to achieve with NT the same level of security achieved with Novell.
Defining “real security” as an ACL/SID environment implies that one must always use MS post-NT clients & servers. Not only can Win9x never be secure but Linux & any other non MS clients or server can never be secure either. In this limited world the only way to be secure is to have an ACL/SID system which is a proprietary MS system which in turn means you can only be secure with MS software. Thus security is something that can only be provided by MS.
Finally, Win2000 in not a panacea for security concerns. Students do things that MS never contemplated & they can be very sophisticated in their attacks. Protecting a Win2000 system in a school is an ongoing battle that you can never fully win. One of my favorite stories is of an elementary school where the IT teacher thought they had an iron tight desktop. Students couldn’t delete files or icons or edit them yet one day the teacher found that icons were disappearing from the desktops. He couldn’t figure out how students were doing it. It turned out the students had discovered that they could hide the icons behind the Start button on the tool bar. This wasn’t easy to do since they first had to move the tool bar than place the icon were the tool bar use to be & then move the tool bar back. These were 11 year olds!
[ 11. September 2003, 20:30: Message edited by: Jack Lothian ]
_________________________
Jack
