[KLUG Advocacy] Why Windows isn't a multi-user networked OS

[Mike Williams]

>Windows provides very robust file permissions (assuming you are using NTFS).  It
>is *NOT* Bill's fault that most ding-bat users add themselves to the
>Administrators group and then go merrily on their way.


Two problems with that (at least before we have to take this over to 
advocacy):  1) In most cases you can install stuff on a Windows box 
without being an administrator, 2) A few applications (admittedly, most 
of them are games) won't run without administrator rights, so the users 
DO have to be administrators.

----  Here's the long and ranty bit that I talked myself out of posting 
to members.

The NTFS file permissions are very powerful, but a default build of 
Windows doesn't use them properly.  In XP Pro, it takes something like 6 
specific mouse-clicks to reconfigure the environment so you can even see 
them!  There's some real security settings on the c:\windows directory, 
but nowhere else.  Program Files is unrestricted, and if you set it so 
Users had Read/Execute and only Admins had Full Control, you'd probably 
break all kinds of applications that use their Program Files directory 
for scratch work. 

<rant>Windows seems to do a dismal job of handling network filesystems, 
multiple partitions, multiple users and so forth.  The only thing you 
can do without major hacking is redirect the "My Documents" folder to a 
remote share.  That will preserve data files through a crash/reformat, 
but not any installed applications.  Imaging helps, but it's a kludge.  
You could make Program Files a separate partition, but it can't be a 
network drive.  In theory, anyway:  it probably wouldn't work properly.  
You'd lose all the registry information associated with the programs 
anyway, so you'd still have to reinstall.  Ever try installing Windows 
on a machine that has some form of dual-boot and seen it take the H: 
drive, thereby breaking some old code that assumes Windows is on C?

If you install something as one user (even an Adminstrator), half the 
time it won't work from any other account.  Windows has "current user" 
and "all users" areas of desktop and start menu, but almost nothing is 
aware of them.  It's pretty random which location the links (err, I 
should call them shortcuts, shouldn't I?  guess I'm more converted to 
Linux than I thought!) will appear in.  If you install several things as 
one user, then switch to another, there will be lots of strange things 
happening as programs try to build their config files for this user, and 
usually fail miserably.

And here's my favorite:  XP, as a standalone machine has a method of 
logging in a user without logging out the first one, sort of like su or 
sudo, but it's buggy.  Hardware-monitoring apps (UPS communication 
software, PDA sync utils, probably some virus-killers, etc) will try to 
load themselves again, often gumming things up.  The best part is that 
in the environment where you need it, a multi-user networked one, that 
functionality doesn't exist!  If Joe user calls Fred the IT guy over to 
do something that requires Administrator rights (assuming IT has set 
things up so that Joe isn't an Adminstrator of the box), Joe has to log 
completely out.  This is stoopid if he's got 4 things open, and Fred 
only needs to do something simple like change a file permission.  File 
permissions (I think) can be changed remotely, but Fred the IT guy 
shouldn't have to walk back to his desk to log in across the net to 
change it.  There's also a "run this program as a different user", but 
it doesn't work much more than half the time.

And in case you haven't seen this bit, look here.  "Windows rapidly 
approaching desktop usability"  
http://os.newsforge.com/article.pl?sid=05/05/18/2033216

</rant>