Re: Weird situation

"Barton L. Phillips" <barton@xxxxxxxxxxxxxxxxxx> (06-12-16 06:09:22):

I have seen a lot of enterprise Windows shops and almost all of them
have a VERY restricted user policy. No casual user has "Administrator"
(root) privilege. These shops are just a locked down as any Unix shop
and in some cases more locked down as they also use policies to
restrict use of applications and ACL (access control lists) to
restrict privileges (something which Linux has only recently started
to support). These enterprise shops have a full time staff of IT
people that have been trained and get good pay. End users do NOT under
any circumstance get to install anything. It can be pretty draconian
but it works just like the Sun shops I worked in. If you need it done
you have to call the IT people who come and do it and leave.

Most people just don't have the understanding or patience for this at
home. Windows biggest problem, in my opinion, has been there is no
equivalent to su or sudo. Windows does have a "Run As" mechanism but
it is disabled by default and it is just too hard to make work, if
fact it is just plane broken. Linux distributions like Ubuntu make it
pretty easy for a person to keep from living as root. The sudo
mechanism works pretty well, though it is a problem if a person is too
uninitiated. It is also not a good distribution, in my opinion, for an
enterprise shop as it is too easy to be root and destroy everything.

I hope I don't get flamed for this. As I said it is just my opinion
and I could be wrong.

In some matters, yes. The problem of Windows is, that security means
restriction. To secure something up, you need to prohibit at least this
particular thing. For example, in Linux you can do almost anything as a
normal user, besides changing system-wide things.

In Windows, such a configuration is not possible. Some people might
consider this security by obscurity. Like I have to prohibit my
children from turning on the TV themselves, so I get control over which
programs they watch.