[KLUG Advocacy] Why Windows isn't a multi-user networked OS

[Adam Tauno Williams]

> The NTFS file permissions are very powerful, but a default build of 
> Windows doesn't use them properly.  In XP Pro, it takes something like 6 
> specific mouse-clicks to reconfigure the environment so you can even see 
> them!  There's some real security settings on the c:\windows directory, 
> but nowhere else.  Program Files is unrestricted, and if you set it so 
> Users had Read/Execute and only Admins had Full Control, you'd probably 
> break all kinds of applications that use their Program Files directory 
> for scratch work. 
> 
> <rant>Windows seems to do a dismal job of handling network filesystems, 
> multiple partitions, multiple users and so forth.  The only thing you 
> can do without major hacking is redirect the "My Documents" folder to a 
> remote share. 

I think this is an exaggeration,  through the use of policies a great
many things can be changed.  Via policies is the way that Windows was
meant to be administered.  If someone tries to go about managing Windows
system through another means they will no doubt be frustrated.  That is
like trying to run a Novell shop without using NDS or manage a bunch of
Macs while refusing to use NetInfo.

>  That will preserve data files through a crash/reformat, but not any installed applications.  

Yep.

> Imaging helps, but it's a kludge.  

Agree, 100%

> You could make Program Files a separate partition, but it can't be a 
> network drive.  In theory, anyway:  it probably wouldn't work properly.  

You can, but you're correct, it won't.

> You'd lose all the registry information associated with the programs 
> anyway, so you'd still have to reinstall.  

Yep.  Thats why we run the buggers in a VM.  It makes backup POSSIBLE.

> Ever try installing Windows 
> on a machine that has some form of dual-boot and seen it take the H: 
> drive, thereby breaking some old code that assumes Windows is on C?

I'll defer to you, I haven't dual booted a box in years and hopefully
never will again.

> If you install something as one user (even an Adminstrator), half the 
> time it won't work from any other account.  

I'm not defending Windows (it sucks).  But again,  this is because of
broken applications, not because of windows.  The guidelines an
application is supposed to follow are very clear.   Many many many many
many developers and administrators have simply carried forward their 9x
conceptions, failing to grasp that NT/2000/XP is an entirely different
platform.  These people need to GET FIRED and beg on street corners for
scraps, making room for people willing to do-their-job.

> Windows has "current user" and "all users" areas of desktop and start menu, but almost nothing is 
> aware of them.  

I think this is an overstatement.  A great deal of software works
correctly;  lots of fringe, nineth-party, and vertical software doesn't.
That is because it is developed by people who need to BE FIRED and left
to beg on street corners for scraps.  All software should place it's
start shortcut in %ALLUSERSPROFILE%\Start Menu\Programs unless the
installer provides a 'for this user only or all users' option.  If a
package doesn't THEN IT IS NOT WINDOWS 2000/XP COMPATIBLE and the
responsible administrator is morally obligated to bitch and raise all
holy hell with the software vendor.  Their package IS BROKEN.  And there
is not other word for it than "BROKEN",  this is a "BUG".  Not in
Windows, but in the package.

That is why environment variables like %ALLUSERSPROFILE% exist.

I'm not defending Windows;  Windows SUCKS.  But the problem here isn't
really Windows, it is the portion of Windows community still stuck in a
Win9x mindset.  Of course,  The Windows community also sucks.

> It's pretty random which location the links 

Not if the package is 2000/XP compatible.

> (err, I should call them shortcuts, shouldn't I?  

yes.

> guess I'm more converted to Linux than I thought!)

:)

>  will appear in.  If you install several things as 
> one user, then switch to another, there will be lots of strange things 
> happening as programs try to build their config files for this user, and 
> usually fail miserably.

True,  Palm Desktop is a good example of a mainstream TERRIBLE
application.  *@^&!*&@#^!&( &$^*@&(^$  @!#&*^@#!$#@!^$&@#(*&#@ I hate
Palm Desktop.  And Palm has no excuse for turning out this crap for
years.  Mentioning this to Palm is about as effective as shouting into a
howling abyss.  And howling abysses are scary.

> And here's my favorite:  XP, as a standalone machine has a method of 
> logging in a user without logging out the first one, sort of like su or 
> sudo, but it's buggy.  Hardware-monitoring apps (UPS communication 
> software, PDA sync utils, probably some virus-killers, etc) will try to 
> load themselves again, often gumming things up. 

Yep.  But you should be able to "runas" a setup.exe;  it shouldn't start
the entire environment.

> do something that requires Administrator rights (assuming IT has set 
> things up so that Joe isn't an Adminstrator of the box), Joe has to log 
> completely out.  This is stoopid if he's got 4 things open, and Fred 
> only needs to do something simple like change a file permission.  

The admin should be able to runas or cpau explorer.exe or cacls.

> File permissions (I think) can be changed remotely, 

Yes.

> but Fred the IT guy 
> shouldn't have to walk back to his desk to log in across the net to 
> change it.  There's also a "run this program as a different user", but 
> it doesn't work much more than half the time.

Right, thats "runas".  It works for simple stuff, and most installers,
at least for me, most of the time.  Try cpau and see if that works
better your you.
http://www.joeware.net/win/free/tools/cpau.htm


> And in case you haven't seen this bit, look here.  "Windows rapidly 
> approaching desktop usability"  
> http://os.newsforge.com/article.pl?sid=05/05/18/2033216

I especially like -
"Windows XP can't be considered consumer-ready until it has driver
support for common LCD monitors during its installation and bootup
procedure, especially if those monitors are easily and routinely
recognized by popular Linux distributions."
- after listening to lots of people winge about Linux hardware support.
My experience with 2000/XP is very much like this - hardware support in
Linux is vastly superior.


FYI, Win32 environment variables -
Win32 Environment Variables - 
%ALLUSERSPROFILE% - Local returns the location of the All Users
Profile. 
%COMPUTERNAME% - System returns the name of the computer. 
%HOMEDRIVE% - System returns which local workstation drive letter is
connected to the user's home directory. This variable is set based on
the value of the home directory. The user's home directory is specified
in Local Users and Groups. 
%HOMEPATH% - System returns the full path of the user's home directory.
This variable is set based on the value of the home directory. The
user's home directory is specified in Local Users and Groups. 
%HOMEPATH% - System returns the network path to the user's shared home
directory. This variable is set based on the value of the home
directory. The user's home directory is specified in Local Users and
Groups. 
%LOGONSERVER% - Local returns the name of the domain controller that
validated the current logon session. 
%OS% - System returns the OS name. Windows XP and Windows 2000 display
the OS as Windows_NT. 
%SYSTEMDRIVE% - System returns the drive containing the Windows root
directory (i.e., the system root). 
%SYSTEMROOT% - System returns the location of the Windows root
directory. 
%TMP% or %TEMP% - System and User return the default temporary
directories for applications that are available to users who are
currently logged on. Some applications require TEMP and others require
TMP. 
%USERDOMAIN% - Local returns the name of the domain that contains the
user's account. 
%USERNAME% - Local returns the name of the user currently logged on. 
%USERPROFILE% - Local returns the location of the profile for the
current user. 
%WINDIR% - System returns the location of the OS directory