[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Win Lab 0.0.2



Windows Computers connecting to Linux Servers


Securing the workstation:
	WinNT -- quite secure, however, many office products including MS don't
like a read only harddrive.  However, all the built in software is okay
with this (possible exception is the help utilities).
	Fortress -- (Dan McMenamin) & fortress is not very good It makes a PII 300
with 64MB ram perform like a P233MMX with 32MB ram.  That is becouse it
traps system calls.  (Harry McGregor)
	Ghost Images -- Best bet would be a ghost imageevery morning..., .  What I
am looking for does not neccessarly have to prevent the student from
modifying it during that session (though it would be nice to have some
options in an rc file to set), but what files I need to give the students
read access to, but take away write access. (Harry McGregor)
	Linux Partition -- But lemme discuss real quick about how Linux could help
even in a situation where you are locked into using Windows. For machines
which are public access, a minimum Windows installation is probably
adequate. This may not be the case in a Windows lab with Office and
development programs for Windows (sigh, some ppl will insist on using
Microsoft programs for writing programs. Best to be prepared, eh?) but this
trick may still work now that hard drive sizes are getting huge. When you
first install Windows and fdisk, split your hard drive into two equally
sized partitions and install Windows on the first partition. Then use your
handy Linux on a floppy (you do have one of these, right?) and `dd` the
first partition to the second, and mark the second unwriteable (it's late I
don't remember the exact term I'm looking for). You can do this easily like
this `dd if=/dev/hda1 of=/dev/hda2 bs=512`. Then, when the Windows
partition goes completly haywire, just `dd` it back the other way, by
swapping hda1 with hda2. [If that seems to complicated, consider the
alternative of reinstalling Windows 95 from scratch ) ]
Now I'm sure ghost will do the same thing, but I'm not familiar with it. I
suspect it's not free and not as trivial as this it. Also this little trick
will work with an image file on a network drive as well (some boot disks
support certain network cards and NFS mounts). (Michael A Hamblin) 
	Another possible trick with Windows 95/98 is changing the shell to
something besides the explorer shell. Set the shell to your library
program, or even compile a shell like 'litestep' with limited features.
Windows in inherently insecure, so whenever possible I would reccommend
using Linux instead. If I was setting up a card catalog system which would
work under Linux, I think I would set it up like this. Each machine that a
human accesses is a terminal or client, and those machine connect to a
server which cannot be accessed directly except by staff. If we want
machines outside the library to be able to access the library database, we
can set up another network for the client machines. That way you can add as
many new library terminals as you like without wasting IP space, since they
don't need anything more than to connect to the server. Also it severly
limits what someone can do if they do get root access to a machine.
 (Rest of Network)+ - + Library Server
                        [ PII Server ] + + - Client Machine
                                         + - Client Machine
                                         + - Client Machine
                                         + - Printer
                                         + - and so on...
This doesn't provide for web-surfing machines in the library network,
although if you wanted that it would be possible to set it up. But this
model is very simplistic and serves a very specific purpose. If you wanted
web browsing machines I might still keep them on the library network, but
would use another box for IP Masquerading and move the Library Server off
to the main network, and give it a web-based interface. And when you set up
the machines, make sure that they are physically arranged so that a teacher
or the librarians can see what everyone is doing in a quick glance.
(Michael A Hamblin)


Verifying users:

Email services -- client config/concerns -- see Linux server for explaination:
	pop3
	imap 
	
File Services:
	
	
Collaboration:
	CVS: <http://cvw.mitre.org/>
	
Networking Services:
	setup to use linux settings.
	
Print Services
	Samba: <http://www.samba.org/>

Application Server:
This reduces the need to continually update many workstations.  It will
also allow windows or mac workstations to run Linux apps.  
	VNC (an open source way to connect to a linux server).
<http://www.uk.research.att.com/vnc/> 
	XWindows (currently there are no (IMHO) satisfactory OSS/free xservers for
workstations).
	This will work with nearly all x-windows programs.  (However, server needs
lots of RAM!)
	
Educational Software (from application server):
	If possible use a linux application server.  Less work for matainence and
many more free educational software options.
	
	
Security:
	SSH -- secure login to linux server
	Kuberos -- verify users/machines
	
Productivity Software:
	Word processors:  Abisource, star office, word star -- a more complete
review is in linux server document.
	Spreadsheets:
	Presentation software:
	Database: 
	Graphics software: