Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have learned how to setup samba as the PDC on the network. Is it possible to setup ACLs to where the user is prohibited from installing programs, etc.?
It depends on the operating system the client machines will be using. There are methods of controlling both Linux + Windows machines to lock down settings. Let us know a little more about what environment you're wishing to try this out with.
windows systems. I want to be able to set file/folder access control, which i can find by googling. but i can't find anything that goes into more depth, like regulating the CLIENT's machine that logs on thru the PDC.
ACL's are Access Control Lists, which are associated with files and folders on a drive. You can't use ACL's if the filesystem doesn't support them. So that means you must have NTFS on the client machines. If they have fat32, then you can't limit what users can do with files, since they will be able to do anything with them.
When you create users on the PDC, they are added to the Global group called "Domain Users". This domain global group is a member of each client computer's (if they're members of the domain) local group called "Users". So by default, standard users can't modify system files (if you're using NTFS), and can't modify the registry. Both of these are typically required to install programs.
Keep in mind that there's a whole world of programs that will run from a thumb drive. They are standalone .exe files that don't need to modify or update system files, or make any changes to the registry. The only way to stop those is to impose a computer policy where only approved programs are allowed to run, such as explorer.exe (the shell), etc.
So in conclusion, some of it depends on how your client machines are configured (particularly their filesystem), and some depends on how tight you want you security to be. You can make the security super-tight, but remember that many Windows programs won't run properly for users if they have such limited access to the computer.
One last thing to consider is a program like DeepFreeze. This program restores the computer to exactly how it was when you enabled deep freeze. So if programs are installed, or files are saved to the desktop, all that goes away with the next reboot and the computer is restored to how it was. I know some internet cafe's use stuff like that but I haven't played with it much.
Hope this helped.
Last edited by WindowBreaker; 12-20-2005 at 06:42 PM.
Yes, that helps out a ton! I thought I was in for a day of reading and a couple days of playing around .. sigh of relief.
I will definitely check into DeepFreeze. I also found someone who wrote a program off of XP's shutdown.exe. Its called AutoShutdown.exe. I tried it and it works. So with DeepFreeze and AutoShutdown, clients can leave there computers Logged Off when leaving work, and all can be set to shutdown at a time during the night so DeepFreeze can do its task.
One other question. How would I restrice access to browsing the clients comptuer (windows box) to the %systemroot% folder? I'm sure you are going to tell me to read up on the roaming profile, which I do need to, but thought I would ask in case I'm wrong.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.