[KLUG Members] Drive Shield/Deep Freeze for Linux

[Mike Williams]

>
> ------------------------------------------------------------------------
> From:
> Adam Tauno Williams <adam at morrison-ind.com>
>
>
>>>>>Two problems with that (at least before we have to take this over to 
>>>>>advocacy):  1) In most cases you CAN install stuff on a Windows box 
>>>>>without being an administrator, 
>>>>>          
>>>>>
>>>Only if the local admin hasn't bother to configure a policy (it isn't
>>>hard).  I have lots of 2000/XP boxes and the user can't so much as
>>>install a browser plugin.
>>>      
>>>
>>Guess I need to brush up on my AD (which I needed to anyway, but getting 
>>caught being wrong makes it a little more likely I'll actually do it.)  
>>Seems like it should be the default, though, not something you have to 
>>add.  And in Linux you can lock down a non-networked workstation.  GPO's 
>>require an AD server.
>>    
>>
>
>You don't need AD to do policies.  NT supported policies, and they can
>even be setup on a local machine.  We use NT4 policies from a Samba 3.x
>LDAPSAM PDC.   It *IS* possible to do GPO's from a Samba 3.x PDC
>apparently (I'm told from a very reliable source) but the process hasn't
>been documented yet.  Just grab a copy of poledit.exe and the adm files
>of the web or your NT CD and you can setup policies point-an-click.
>  
>
I tried the samba PDC and roaming profiles thing a while ago.  It mostly 
worked, but I didn't like it.  Two independent and mostly incompatible 
security models makes it kinda messy.  pGINA and Services for Unix (NFS 
client) on the XP box, and a good LDAP server (which I still haven't 
implemented) on the Linux server seems to be the way to go.

>  
>
>>The game that comes to mind is Age of Mythology, written by Ensemble 
>>Studios, a subsidiary of Microsoft themselves!  It's quite recent, but I 
>>don't know for sure if it has the 2000/XP sticker or not.
>>    
>>
>
>One shouldn't take "subsidiary" to mean anything more than 'owned by'.
>Subsidiary-ness is merely a financial/legal status;  it doesn't
>neccesarily have any impact at all on day-to-day operations or access to
>information (trust me).
>  
>
Granted, but it's a little disturbing that MS themselves don't follow 
their rules.

>I haven't played a video game in a very long time (possibly years) so I
>can't help you much there.
>
>  
>
>>>BUT THERE IS NO EXCUSE FOR NOT BITCHIN' TO THE DEVELOPERS ABOUT SOFTWARE
>>>THAT ****IS**** INCORRECTLY IMPLEMENTED.  I believe in writing one's
>>>congressman frequently and even more frequent verbal lashing of
>>>proprietary software developers.  Both actually work (I've had a federal
>>>congressman call me on my cell phone, and I've had patches suddenly
>>>appear that fix the @#**(@#*(@# run-as-administrator ***BUG***).
>>>      
>>>
>>Impressive!  I wonder if an average Joe who doesn't have the muscle of a 
>>company behind him would get the same response.
>>    
>>
>
>People habitually underestimate their influence; in a pasture full of
>sheep even the smallest goat can push its way to the top of the hill
>(How do you think such a tiny religious fringe exerts so much political
>power?  [ for better or worse is beside the point ]  It is simple.  They
>read Luke 18:1-8.  It pays to be really annoying.)
>  
>
A Bible verse that says "piss, moan, and complain until you get your 
way":  I'm pretty sure they never mentioned that in Sunday school!