Mailinglist Archive: opensuse (5130 mails)

< Previous Next >
Re: [SLE] Re: GNOME vs KDE Redoux
  • From: Hans du Plooy <hansdp-lists@xxxxxxxxxxx>
  • Date: Sun, 07 May 2006 22:52:11 +0200
  • Message-id: <1147035132.12167.57.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
On Sun, 2006-05-07 at 16:10 -0400, James Knott wrote:
> It's not just that I dislike it. I have to deal with the problems it
> creates, every day at work. I have also supported OS/2 and it has
> nowhere near the problems Windows does. I'm the one who has to tell a
> user that the computer is so messed up, that it has to be reimaged. I'm
> the one who has to try and figure out why it's so slow lately. I'm the
> one who has to tell someone that he just lost a lot of his work, because
> when Windows crashed, it took out most of his documents etc. It's not
> just dislike. It's called "experience".

Give a clueless user a Linux desktop, and then let him work as root.
He'll mess it up in no time. The vast majority of the day to day
windows problems (I know, I do the same support you mention) would be
avoided if users were not given full Administrator privileges.

Case in point: Linux server with the following: samba set up as domain
controller with roaming profiles, communigate pro for mail (plugin for
Outlook), bind, dhcp, squid. No virus scanning on either samba,
communigate or squid. Desktops: all WindowsXP Pro with Office2k3 and a
variety of programs, varying from user to user. Norman antivirus
installed on all the desktops. No Firefox anywhere.

Now, the users don't have admin or "power user" privileges on any
machines. It's been five months, and even though NormanAV doesn't
update itself automatically by default, I haven't had a single call to
attend to an unstable or virus/malware infested machine.

See, most stupid things users do to mess up the system, doesn't work if
they're not admins or power users. Most viruses/malware assume they'll
have admin privileges, and fail to get themselves into such a machine.

User's documents are stored on the server, mail sits in Communigate. If
they manage to mess up their profile somehow, all I have to do is log
them out, log into the box as administrator, delete the offending
profile, delete everything from their profile on the server *except* "My
Documents" and "Desktop," and log them back in. All they lose is
program settings, and this took all of 1 minute. No reload or re-image.

This is such a basic setup, yet so effective. If you're using a Windows
domain controller you can protect users even further with policies.

Now, take the above setup, add a transparent virus scanning proxy
(endian firewall does this), disable NAT, add virus scanning to samba
(samba-vscan - very effective), add some virus scanning to Communigate
(there are several options). Unless hardware breaks, Windows won't
crash often. Now put all desktops, the server, and the switches on a
UPS each, and even during a power outage, you'll have a pretty stable
network.

Also from experience...

Hans


< Previous Next >
Follow Ups