[KLUG Advocacy] Why Windows isn't a multi-user networked OS
Mike Williams
knightperson at zuzax.com
Sun Jun 5 23:48:30 EDT 2005
>Windows provides very robust file permissions (assuming you are using NTFS). It
>is *NOT* Bill's fault that most ding-bat users add themselves to the
>Administrators group and then go merrily on their way.
Two problems with that (at least before we have to take this over to
advocacy): 1) In most cases you can install stuff on a Windows box
without being an administrator, 2) A few applications (admittedly, most
of them are games) won't run without administrator rights, so the users
DO have to be administrators.
---- Here's the long and ranty bit that I talked myself out of posting
to members.
The NTFS file permissions are very powerful, but a default build of
Windows doesn't use them properly. In XP Pro, it takes something like 6
specific mouse-clicks to reconfigure the environment so you can even see
them! There's some real security settings on the c:\windows directory,
but nowhere else. Program Files is unrestricted, and if you set it so
Users had Read/Execute and only Admins had Full Control, you'd probably
break all kinds of applications that use their Program Files directory
for scratch work.
<rant>Windows seems to do a dismal job of handling network filesystems,
multiple partitions, multiple users and so forth. The only thing you
can do without major hacking is redirect the "My Documents" folder to a
remote share. That will preserve data files through a crash/reformat,
but not any installed applications. Imaging helps, but it's a kludge.
You could make Program Files a separate partition, but it can't be a
network drive. In theory, anyway: it probably wouldn't work properly.
You'd lose all the registry information associated with the programs
anyway, so you'd still have to reinstall. Ever try installing Windows
on a machine that has some form of dual-boot and seen it take the H:
drive, thereby breaking some old code that assumes Windows is on C?
If you install something as one user (even an Adminstrator), half the
time it won't work from any other account. Windows has "current user"
and "all users" areas of desktop and start menu, but almost nothing is
aware of them. It's pretty random which location the links (err, I
should call them shortcuts, shouldn't I? guess I'm more converted to
Linux than I thought!) will appear in. If you install several things as
one user, then switch to another, there will be lots of strange things
happening as programs try to build their config files for this user, and
usually fail miserably.
And here's my favorite: XP, as a standalone machine has a method of
logging in a user without logging out the first one, sort of like su or
sudo, but it's buggy. Hardware-monitoring apps (UPS communication
software, PDA sync utils, probably some virus-killers, etc) will try to
load themselves again, often gumming things up. The best part is that
in the environment where you need it, a multi-user networked one, that
functionality doesn't exist! If Joe user calls Fred the IT guy over to
do something that requires Administrator rights (assuming IT has set
things up so that Joe isn't an Adminstrator of the box), Joe has to log
completely out. This is stoopid if he's got 4 things open, and Fred
only needs to do something simple like change a file permission. File
permissions (I think) can be changed remotely, but Fred the IT guy
shouldn't have to walk back to his desk to log in across the net to
change it. There's also a "run this program as a different user", but
it doesn't work much more than half the time.
And in case you haven't seen this bit, look here. "Windows rapidly
approaching desktop usability"
http://os.newsforge.com/article.pl?sid=05/05/18/2033216
</rant>
More information about the Advocacy
mailing list