• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 464
  • Last Modified:

How is linux managed on the network the way windows can be.

How are linux desktops managed in large network environment? In windows i can create policies in Active Directory like disallowing change of wallpaper, to play/use a certain game/application or other user rights assignments, folder redirection, automatic share mapping, package distribution, vista's removable storage restrictions etc.etc.etc.  How do organizations with linux for a desktop control user actions???

If as of today it is impossible and linux has no solution to restrict John from putting up disruptive wallpapers for Marry to change local $PATH in her home profile and therefore ignore all the system wide settings/restrictions or for Alex to connect to his personal network storage with one click, then is there room for developers to create such solutions.
I know there is argument for saying "its going to be useless because linux is not widely used", but i have been asked many times if it was possible for them to run linux as the main OS on the entire network.  Even though I use linux every step of the way at home and support it as much as i can, i still have to answer "no, have to use windows" because I've never heard of a solution for problem in #1.

So, how is it done if done at all??
0
AlexanderR
Asked:
AlexanderR
  • 2
  • 2
1 Solution
 
vizrtCommented:
Hi AlexandeR,

I am in the situation where my company aqured another company with 75% of the users running Linux. We are working on how to implement them into our existing windows eviroment without imposing to many limitations. We don't do alot of limiting on the actual client side, but first step to doing this would be to protect the root user from being used on a day-to-day basis. This <a href="http://www.ibm.com/developerworks/views/linux/libraryview.jsp?topic_by=All+topics+and+related+products&sort_order=asc&lcl_sort_order=asc&search_by=roadmap&search_flag=true&type_by=Articles&show_abstract=false&sort_by=Title&end_no=100&show_all=false">article </a>is a good place to start.

Cheers!
0
 
NopiusCommented:
That's a flame topic.

> How are linux desktops managed in large network environment?

Quite different then Windows.

> If as of today it is impossible and linux has no solution to restrict John from putting up disruptive wallpapers for Marry to change local $PATH in her home profile and therefore ignore all the system wide settings/restrictions or for Alex to connect to his personal network storage with one click, then is there room for developers to create such solutions.

By default in Linux access control is opposite to what you said. No one can write or even browse Mary's home directory except 'root', no one but owner or superuser can change PATH variable, the same with shared storage, if you configure it so, you can connect it with one click and only from Alex account.

I know many examples when Linux is more configurable in a way of restricting users and applications (say with SELinux enabled), then Windows.
0
 
AlexanderREnterprise Web DeveloperAuthor Commented:
I wouldn't say thats a flame topic.  I really need to know how an organization that is used to per-registry-key type of control can work with linux.

Windows workstation has registry that can be modified through Group Policies on the server (and in so doing replacing all local configurations).  Linux has no concept of registry, as far as i know, on the workstation side.  There are just text based configuration files in /etc for example (which i think is a better way than registry).  So is there a utility on the server side that is capable of publishing a set of predefined configurations that the linux workstation HAS to accept and use, the way AD publishes registry settings for windows workstation.

May be my question sounded too broad and got a feel of a flame because I have very little knowledge on the issue.  My research gave me no coherent results so i am now asking here.
0
 
NopiusCommented:
> Windows workstation has registry

Unix hosts have config files.

> that can be modified through Group Policies on the server (and in so doing replacing all local configurations).

Config files together with the applications can be shared via NFS, so being accessible from all clients.

> There are just text based configuration files in /etc for example (which i think is a better way than registry).

Exactly. Not all Unixes, but Linux has many scattered config files. As opposite to Linux, IBM AIX has one common 'registry-like' config for all services.

>  So is there a utility on the server side that is capable of publishing a set of predefined configurations that the linux workstation HAS to accept and use, the way AD publishes registry settings for windows workstation.

Unix exports filesystems. Client just mount them and use as local. No data replication... Yes, client may override any such 'mount', but user should be 'root', that is quite reasonable substitution to registry propagation. At the same way any user in Windows may log in as local Admin, not to domain and perform any change.

Usually in enterprise network (in Solaris) user's home directories are also exported from one server via NFS to clients. So any permission change on any file propagates immediately.


0
 
AlexanderREnterprise Web DeveloperAuthor Commented:
OK i understand the procedure now.  Thanks!
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now