I didn't make it clear in my message, but I was referring to securing an NT
Server, not an NT Workstation.
"Or any other situation where more than one user shares an NT workstation,
including kiosk type access to general applications (such as a public print
shop, computer lab, hotelling, ...), so it's not really fair to simply
dismiss this so blithely as a side effect of third party software."
First of all, the issue was raised about the ability to secure an NT Server
for Internet use as a Firewall. This situation is definitely not one where
we are talking about multiple users sharing the machine for access to
general applications. In an attempt to show that NT is *not* all things to
all men, I used an example that certain configurations of an NT server are
virtually impossible to secure. This was not an attempt to isolate a single
third party vendor, but merely a statement of fact of which I am personally
familiar.
The fact that many *existing* Windows-based applications cannot be properly
secured on an NT box that is going to be logged into locally by multiple
users is a valid extension of my example. Securing an NT box for multiple
users locally (i.e. not network access but actually sitting down in front
of the box and using its keyboard, or, in the case of Citrix-like
applications, doing so through remote emulation), can be very complex and
in some cases impossible. It all depends on the applications that *must*
run on the box. Almost all *NT-specific* user applications comply with the
profile model and can be installed appropriately. Arcada's Backup Exec is
one good example.
I don't think I am blithely dismissing anything. If your workstations are
running server-based installations of Office, you can secure them properly.
Word, Excel, etc. can all be installed on a shared machine running from a
server such that they are secure enough to prevent attacks, even Trojans.
This presumes that the clients are NT as well, in which case application
profiles can be secured by individual user ID. Write access is not
necessary to their shared components once the application has been
installed. The need to maintain write access to a shared component is not
mandated by NT, but by the application. There is a big difference between a
network installation of Office and a local installation. Remember, also,
that there is an NT-specific version of Word and Excel which do properly
understand profiles.
So, you're right Pete, but...;-]
Cheers,
Russ
|
|
