Re: Lockdown stuff

From: Markus Berg <kelvin lysator liu se>
To: Alexander Larsson <alexl redhat com>
Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Lockdown stuff
Date: Thu, 09 Oct 2003 02:35:11 +0200

ons 2003-10-08 klockan 10.31 skrev Alexander Larsson:
> 
> I think a better approach to the lockdown problem is to sit down and
> talk to people who want to use lockdown and see what they really want to
> accomplish, then sit down and figure out a few higher-level lockdown
> operations that we implement throughout the desktop and that allows all
> the interesting policies to be implemented. This will allow mortal
> sysadmins to figure out how to set this up, and it will probably make
> the lockdown mode work better since the people who know the software
> best (the developers) will pick the feature details for a particular
> lockdown policy. It will also make the lockdown keys work across
> upgrades in a way that lowlevel 'disable-this-menu-item' keys won't. We
> probably won't be able to make a few high level policy settings do
> everything, so we might need to add a few lowlevel keys for those
> special-case situations where we can't get a sane highlevel policy that
> works for everyone.

I've been sysadmining Windows Terminal Server for a few years now. 
These are the kinds of things for which I use the W2k "lock-down"
features:

1. Set good default values
 - Desktop shortcuts
 - Start-menu organization and clean-up (remove unnecessary items,
organize stuff so it's easier to find)
 - Default icons in the Quick-start tray in the panel
 - "Jump-start" the building of an Outlook profile

2. Lock-down certain settings
 - Desktop background (I use the desktop wallpaper to distribute
information to all users about the system)
 - Network proxy 
 - Certain MS Office settings (workgroup template directory, calendar
settings in Outlook (first day of week, first week of year, etc.))
 - Remove the entire display capplet from the Control Panel (disabling
Active Desktop, screen savers, color schemes, etc)
 - Setting some default paths ("My Documents" is located in the user
homedir instead of the profile, for instance)

Translated to Gnome, most of these tasks are doable with gconf and file
permissions already.  It would be nice to have a UI for setting
mandatory gconf-settings, and that the final UI would reflect the
locked-down status.  For instance if Nautilus (and the control panel)
would remove the "Desktop background" menu items if those gconf-keys are
read-only.

Just a few late-night thoughts.

 / Markus Berg

Follow-Ups:
- Re: Lockdown stuff
  - From: Ross Burton

References:
- Re: Lockdown stuff
  - From: Matt Keenan
- Re: Lockdown stuff
  - From: Alexander Larsson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]