|
Home > Archive > alt.certification.a-plus > August 2003 > public access computers..security with xp/2k
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
public access computers..security with xp/2k
|
|
|
| Hi Gang:
I'm getting ready to set up some public access PCs in a local library.
Given the choices of Windows 2K Professional and Windows XP
Professional, is one or the other better as far as implementing the
type of security I'll need for public access computers. For example,
keeping users from uninstalling/installing software, deleting icons,
or other things that shouldn't be allowed with PA computers.
Thanks in advance!
Drew
| |
|
| Not sure about WinXP, but Win2K is pretty solid for security purposes. Still
worried about that issue that allows anyone with a Win2K original disk to
boot up a recovery console on a WinXp machine and access files. Not sure if
that exploit has been addressed yet.
"Drew" <drew@drew.com> wrote in message
news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> Hi Gang:
>
> I'm getting ready to set up some public access PCs in a local library.
> Given the choices of Windows 2K Professional and Windows XP
> Professional, is one or the other better as far as implementing the
> type of security I'll need for public access computers. For example,
> keeping users from uninstalling/installing software, deleting icons,
> or other things that shouldn't be allowed with PA computers.
>
> Thanks in advance!
> Drew
>
| |
|
| If it's in a win2k domain you can really lock the machine down using GPO's.
If not, use local policies.
Either OS should be fine tho if configured properly. GPO's can be your
friend here.
hth
bil
"Drew" <drew@drew.com> wrote in message
news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> Hi Gang:
>
> I'm getting ready to set up some public access PCs in a local library.
> Given the choices of Windows 2K Professional and Windows XP
> Professional, is one or the other better as far as implementing the
> type of security I'll need for public access computers. For example,
> keeping users from uninstalling/installing software, deleting icons,
> or other things that shouldn't be allowed with PA computers.
>
> Thanks in advance!
> Drew
>
| |
|
| On Sat, 12 Jul 2003 05:18:20 -0500, "Russ" <russ@work.net> wrote:
>Not sure about WinXP, but Win2K is pretty solid for security purposes. Still
>worried about that issue that allows anyone with a Win2K original disk to
>boot up a recovery console on a WinXp machine and access files. Not sure if
>that exploit has been addressed yet.
I guess you could get around this by setting the BIOS to only boot off
of the hard drive (no floppy, no cd drive) and then password protect
the BIOS so that only you could get into it for administrative
purposes. That would take care of that, wouldn't it?
Drew
>
>
>"Drew" <drew@drew.com> wrote in message
> news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
>> Hi Gang:
>>
>> I'm getting ready to set up some public access PCs in a local library.
>> Given the choices of Windows 2K Professional and Windows XP
>> Professional, is one or the other better as far as implementing the
>> type of security I'll need for public access computers. For example,
>> keeping users from uninstalling/installing software, deleting icons,
>> or other things that shouldn't be allowed with PA computers.
>>
>> Thanks in advance!
>> Drew
>>
>
| |
|
| It is really a none issue, unless the option to save files to
removable media and other gpedit tweaks have been used (for RC). Try
it and see the limited access you have to non system files.
You can mess up a computer with this, but should not be able to access
sensitive data.
"Russ" <russ@work.net> wrote in message
news:9dRPa.206559$jT4.3915946@twister.rdc-kc.rr.com...
> Not sure about WinXP, but Win2K is pretty solid for security
purposes. Still
> worried about that issue that allows anyone with a Win2K original
disk to
> boot up a recovery console on a WinXp machine and access files. Not
sure if
> that exploit has been addressed yet.
>
>
> "Drew" <drew@drew.com> wrote in message
> news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> > Hi Gang:
> >
> > I'm getting ready to set up some public access PCs in a local
library.
> > Given the choices of Windows 2K Professional and Windows XP
> > Professional, is one or the other better as far as implementing
the
> > type of security I'll need for public access computers. For
example,
> > keeping users from uninstalling/installing software, deleting
icons,
> > or other things that shouldn't be allowed with PA computers.
> >
> > Thanks in advance!
> > Drew
> >
>
>
>
| |
| Steven Umbach 2003-07-13, 9:24 pm |
| That would be an excellent idea Drew. Be sure that the case has a lock
so that cmos settings password can not be easily reset. It is also a good
idea to disable autorun on cdrom drive and disable USB ports in cmos if they
are not needed. --- Steve
"Drew" <drew@drew.com> wrote in message
news:mn51hv8eo98c143h51jkg7vcn
ghreib1h0@4ax.com...
> On Sat, 12 Jul 2003 05:18:20 -0500, "Russ" <russ@work.net> wrote:
>
> >Not sure about WinXP, but Win2K is pretty solid for security purposes.
Still
> >worried about that issue that allows anyone with a Win2K original disk to
> >boot up a recovery console on a WinXp machine and access files. Not sure
if
> >that exploit has been addressed yet.
>
> I guess you could get around this by setting the BIOS to only boot off
> of the hard drive (no floppy, no cd drive) and then password protect
> the BIOS so that only you could get into it for administrative
> purposes. That would take care of that, wouldn't it?
>
> Drew
>
> >
> >
> >"Drew" <drew@drew.com> wrote in message
> > news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> >> Hi Gang:
> >>
> >> I'm getting ready to set up some public access PCs in a local library.
> >> Given the choices of Windows 2K Professional and Windows XP
> >> Professional, is one or the other better as far as implementing the
> >> type of security I'll need for public access computers. For example,
> >> keeping users from uninstalling/installing software, deleting icons,
> >> or other things that shouldn't be allowed with PA computers.
> >>
> >> Thanks in advance!
> >> Drew
> >>
> >
>
| |
| Steven Umbach 2003-07-13, 9:24 pm |
| XP Pro - without a doubt, no contest. Many more security settings and the
huge advantage is Software Restriction Policies. Remote Desktop makes
managing computers a snap. ICF firewall is a good idea if file and print
sharing is not needed amongst computers. --- Steve
http://support.microsoft.com/defaul...kb;en-us;310791
http://www.microsoft.com/windowsxp/...n/restrictionpo
licies/default.asp
http://www.windowsecurity.com/artic...c
ies_sec
urity.html -- Same as XP has.
"Drew" <drew@drew.com> wrote in message
news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> Hi Gang:
>
> I'm getting ready to set up some public access PCs in a local library.
> Given the choices of Windows 2K Professional and Windows XP
> Professional, is one or the other better as far as implementing the
> type of security I'll need for public access computers. For example,
> keeping users from uninstalling/installing software, deleting icons,
> or other things that shouldn't be allowed with PA computers.
>
> Thanks in advance!
> Drew
>
| |
| Pikoro 2003-07-21, 12:24 am |
| This issue is very interesting.
It is true that XP Pro has all these features out of the box but...I stick
to 2K, maybe a personal preference, I don't like the cartoonesque interface
of XP, although that is also customizable.
There are other (better) solutions to those that XP carries:
1) Deep Freeze for freezing the Registry and any installs.
2) VNC for remote access.
3) Other brand name firewalls.
I prefer a system that will still let me choose, something that Microsoft
abhorrs...big money makes them insatiably greedy for more money.
Pikoro
"Steven Umbach" <n9rou@comcast.com> wrote in message
news:YTmQa.54876$H17.18298@sccrnsc02...
> XP Pro - without a doubt, no contest. Many more security settings and
the
> huge advantage is Software Restriction Policies. Remote Desktop makes
> managing computers a snap. ICF firewall is a good idea if file and print
> sharing is not needed amongst computers. --- Steve
>
> http://support.microsoft.com/defaul...kb;en-us;310791
>
http://www.microsoft.com/windowsxp/...n/restrictionpo
> licies/default.asp
>
http://www.windowsecurity.com/artic...c
ies_sec
> urity.html -- Same as XP has.
>
>
>
> "Drew" <drew@drew.com> wrote in message
> news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> > Hi Gang:
> >
> > I'm getting ready to set up some public access PCs in a local library.
> > Given the choices of Windows 2K Professional and Windows XP
> > Professional, is one or the other better as far as implementing the
> > type of security I'll need for public access computers. For example,
> > keeping users from uninstalling/installing software, deleting icons,
> > or other things that shouldn't be allowed with PA computers.
> >
> > Thanks in advance!
> > Drew
> >
>
>
| |
|
| Hi Pikoro:
You should check out this comparison chart:
http://www.microsoft.com/windowsxp/...featurecomp.asp
If you read between the propaganda, there are some pretty significant
differences, like system restore and driver rollback, etc.
I lean towards Pro, as well, but I understand the affinity for 2K. I
certainly wouldn't upgrade from 2K Pro to XP Pro, unless there were a
special need, but for any new installations I use XP Pro. Microsoft lets
you choose, they just don't make it easy. Isn't that why we're learning all
this stuff? (sorry, I just started my 2K Pro class for the 70-210 exam).
My favorite XP feature right now is the network setup utility for setting up
workgroups. Just pop the disk in each computer (98 or higher) and
BAM!...they're talkin' ;-)
By the way, have you checked out 2003 yet? I just installed the evaluation
copy, but I haven't played with it yet. I didn't have to use a single
separate driver disk, so the hardware database must be huge. You start with
a blank desktop, and add what you want from there. Looks and feels
professional, so far...
Zac
A+
"Pikoro" <pikoro@comcast.net> wrote in message
news:n3GdndOUqdSO_YaiXTWJhQ@co
mcast.com...
> This issue is very interesting.
> It is true that XP Pro has all these features out of the box but...I stick
> to 2K, maybe a personal preference, I don't like the cartoonesque
interface
> of XP, although that is also customizable.
> There are other (better) solutions to those that XP carries:
> 1) Deep Freeze for freezing the Registry and any installs.
> 2) VNC for remote access.
> 3) Other brand name firewalls.
>
> I prefer a system that will still let me choose, something that Microsoft
> abhorrs...big money makes them insatiably greedy for more money.
>
> Pikoro
>
> "Steven Umbach" <n9rou@comcast.com> wrote in message
> news:YTmQa.54876$H17.18298@sccrnsc02...
> > XP Pro - without a doubt, no contest. Many more security settings and
> the
> > huge advantage is Software Restriction Policies. Remote Desktop makes
> > managing computers a snap. ICF firewall is a good idea if file and print
> > sharing is not needed amongst computers. --- Steve
> >
> > http://support.microsoft.com/defaul...kb;en-us;310791
> >
>
http://www.microsoft.com/windowsxp/...n/restrictionpo
> > licies/default.asp
> >
>
http://www.windowsecurity.com/artic...c
ies_sec
> > urity.html -- Same as XP has.
> >
> >
> >
> > "Drew" <drew@drew.com> wrote in message
> > news:iqmtgv82fq19s2247cq0homnc
2l0u302lp@4ax.com...
> > > Hi Gang:
> > >
> > > I'm getting ready to set up some public access PCs in a local library.
> > > Given the choices of Windows 2K Professional and Windows XP
> > > Professional, is one or the other better as far as implementing the
> > > type of security I'll need for public access computers. For example,
> > > keeping users from uninstalling/installing software, deleting icons,
> > > or other things that shouldn't be allowed with PA computers.
> > >
> > > Thanks in advance!
> > > Drew
> > >
> >
> >
>
>
| |
| Pikoro 2003-07-26, 4:24 pm |
| Hey Zac,
Very detailed post as usual, thanks for the link, will check.
Regarding the enhancements by Microsoft like fast user switching, system
restore, driver rollback, etc., I find them to be toys, maybe important to
the mass user, which is what Microsoft targets the most with these
"upgrades", but I don't use them even though I have them.
I have a laptop with XP on it, I reformatted it and loaded a clean OS
without all the commercial crap and still am not convinced about XP.
I replace system restore, which creates overhead in the system, and driver
rollback with one simple thing: backup.
If you backup your system, what are those "utilities" needed for?
They are for the inexperienced user who never backs up, and downloads and
installs blindly malware that will screw their systems.
Regarding the network setup, again, these disks are for people who want the
quick and simple way without really understanding what is going on in the
background, I know about the ease of use, the guest account gets you talking
immediately, but still not convinced that it's worth an upgrade for a user
with some experience, and I prefer the 3rd. party utilities that I mentioned
to those bundled in XP. Yeah, Microsoft will finally let you choose, after
hiding the very existence of this possibility and trying to dissuade you in
every possible way, after all they have to fend off a lawsuit.
Regarding 2003, I am overwhelmed at present but some colleagues have tried
it and played around with it awhile. I will soon "borrow" it from Microsoft
(sorry, I don't use evaluation copies and I don't really have a guilty
conscience about that, after all Bill donates a lot of money, let's see some
of it come my way). I believe what you tell us abouth the huge driver
database, I had the same feeling when loading a clean XP system on my
laptop, not a glitch on the install.
I am also starting study on the 70-210, which I will tackle immediately
after the Network+.
BTW, did you learn that MS is ditching XP and they are already working on
the alpha version of a new OS?
If you love XP better hurry because it is short-lived, myself I prefer to
wait and see, I see nothing in XP that I cannot do with 2K, but this might
be a personal preference because I'm more used to it.
Best regards,
Pikoro
"Zac" <pleasepostreplies@newsgroups.com> wrote in message
news:bsdTa.109061$GL4.28561@rwcrnsc53...
> Hi Pikoro:
>
> You should check out this comparison chart:
>
http://www.microsoft.com/windowsxp/...featurecomp.asp
> If you read between the propaganda, there are some pretty significant
> differences, like system restore and driver rollback, etc.
>
> I lean towards Pro, as well, but I understand the affinity for 2K. I
> certainly wouldn't upgrade from 2K Pro to XP Pro, unless there were a
> special need, but for any new installations I use XP Pro. Microsoft lets
> you choose, they just don't make it easy. Isn't that why we're learning
all
> this stuff? (sorry, I just started my 2K Pro class for the 70-210 exam).
> My favorite XP feature right now is the network setup utility for setting
up
> workgroups. Just pop the disk in each computer (98 or higher) and
> BAM!...they're talkin' ;-)
>
> By the way, have you checked out 2003 yet? I just installed the
evaluation
> copy, but I haven't played with it yet. I didn't have to use a single
> separate driver disk, so the hardware database must be huge. You start
with
> a blank desktop, and add what you want from there. Looks and feels
> professional, so far...
>
> Zac
> A+
| |
|
|
|
| > If you backup your system, what are those "utilities" needed for?
> They are for the the inexperienced user who never backs up, and
> downloads and installs blindly malware that will screw their systems.
> Regarding the network setup, again, these disks are for people who
> want the quick and simple way without really understanding what is
> going on in the background,
Dude, they're called customers. Have fun trying to talk a customer
through a backup restore on the phone. If you have to restore a backup,
you're going on site, and your customer has to pay more. Additionally,
it takes a lot longer. On the other hand, you can walk them through
system restore, driver rollback, etc., in no time.
By the way, those 2 items were just the differences between XP Pro and
2000 Pro that I've gotten some use out of. There are plenty more.
XP Pro is not responsible for all of the commercial crap you got on your
laptop, the maker of your laptop is. Clean install is the only way to
go for any OS.
On the network setup utility, I don't think you would say that if you've
used it. Using that utility doesn't prevent you from knowing how to
setup a small network, just as repeatedly typing in the same information
on 8 different workstations doesn't enhance your understanding of
network setup (peer-to-peer workgroup).
Time is money! These "toys," as you call them, save you time, and your
customers money.
TTYL Pikoro
Zac
A+
| |
| Pikoro 2003-08-21, 2:27 pm |
| Hey Zac,
OK man, I won't fight with you if you like them.
Matter of taste, I would never recommend anybody to use them, most of all in
the light of the recent nasties spread, please read the post on XP and
security.
Customers? Oh well, try to talk a customer who has an infected System
Restore on how to purge it according to Microsoft's guidelines.
Isn't that a service call?
Cheers, bro.
Pikoro
"Zac" <Please_Post_Replies@NewsGroup.com> wrote in message
news:0HAWa.30450$cF.10981@rwcrnsc53...
> > If you backup your system, what are those "utilities" needed for?
> > They are for the the inexperienced user who never backs up, and
> > downloads and installs blindly malware that will screw their systems.
> > Regarding the network setup, again, these disks are for people who
> > want the quick and simple way without really understanding what is
> > going on in the background,
>
> Dude, they're called customers. Have fun trying to talk a customer
> through a backup restore on the phone. If you have to restore a backup,
> you're going on site, and your customer has to pay more. Additionally,
> it takes a lot longer. On the other hand, you can walk them through
> system restore, driver rollback, etc., in no time.
>
> By the way, those 2 items were just the differences between XP Pro and
> 2000 Pro that I've gotten some use out of. There are plenty more.
>
> XP Pro is not responsible for all of the commercial crap you got on your
> laptop, the maker of your laptop is. Clean install is the only way to
> go for any OS.
>
> On the network setup utility, I don't think you would say that if you've
> used it. Using that utility doesn't prevent you from knowing how to
> setup a small network, just as repeatedly typing in the same information
> on 8 different workstations doesn't enhance your understanding of
> network setup (peer-to-peer workgroup).
>
> Time is money! These "toys," as you call them, save you time, and your
> customers money.
>
> TTYL Pikoro
>
> Zac
> A+
|
|
|
|
|