On Tue, 17 Aug 2010 17:01:50 -0400 Benjamin Scott <dragonh...@gmail.com> wrote:
> On Tue, Aug 17, 2010 at 2:31 PM, Bill Sconce <sco...@in-spec-inc.com> wrote: > > (*) Sorry, Windows users. The tools you need just aren't > > available on Windows. > > Windows NT certainly has user accounts. Always has, since the first > version (Version 3.0). (NT is today called "Windows 7", and has also > been called "Vista", "XP", and "2000".) (It's still Microsoft; they > love playing name games.) > > Vista also introduces a number of features along the lines of > privilege isolation. Before you let me get ripped to shreds, let me say: if NT's user accounts can be made to do what's needed, I want (and my clients want) to know how to make it happen. And I'll be happy to eat crow because I didn't know enough about Windows, if that's the case. I certainly know about NT user accounts But. By "do what's needed" I don't and can't mean o "when you want to go to the Web, log out and log back in"; o "when you want to view a PDF document, log out and log back in"; o "when you want to run a program which can't see the files you have open on your desktop, log out and log back in"; o and so on. Perhaps I'd have run less risk of shredding if I'd said "The tools to make user-privilege separation usable day to day, e.g., the ability to run programs with/without the net and to switch among working environments/desktops/user accounts with a single keypress, and so on just aren't available on Windows." Or perhaps Windows users can do these things, in which case I deserve shredding. (I can surely say I'll be *pissed* if someone shows me that what took me three years' part time to get working usably can be done more easily in Windows!) I can also surely say I've never seen a Windows shop where any of Microsoft's "privilege separation" was used. The best of them have user accounts set as "restricted" (a good thing), but I've never seen ACLs used, including in the largest/most professional Windows shop I've worked in, 4000+ desktops. Only saying I've never seen it, not that it doesn't happen somewhere. (Full disclosure: I've never seen a Vista system at all. None of my clients use it. Or Windows 7. [I hope to convert them to Linux before they ever have to!] All Vista shops could be doing security right and I wouldn't know. And if they are all doing it right I hereby volunteer to be shredded, with broken CRT necks.) (I've never seen a Linux shop using ACLs or implementing SELinux either, but those do exist. Just not at the social strata I move in -- not in one-man-admin shops. Which are what I care about these days.) > Vista also supports running simultaneous virtual desktops > in support of multiple user sessions ("Fast User Switching", > in Microsoft parlance). OK, that might actually help. If that facility is usable, I was wrong. Thanks. -Bill P.S. It was worth a threat of shredding to have triggered md's telling of the DecWest/Cutler story. The best! I love this list. _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/