Secure public workstation running NT
Jo Haight Sarling
jsarling at denver.lib.co.us
Tue Dec 9 15:31:35 EST 1997
We are currently upgrading all of our public PCs to Windows NT 4.0. It
took us about 8 months to develop a build that seems to be very stable
and somewhat secure. (I say somewhat, because there are still a few
loopholes that in the perfect world we would be able to close.)
We started with an outline prepared by the Technology Resource Institute
for the Libraries Online program. You can get information from them at
But many of their details didn't fit our needs. They assume that you are
using NT servers; we were sticking with Novell for our network. We also
use CARL's ECAT as the public interface, which requires special file
Basically we created an ntconfig.pol file, using the NT policy editor and
this is stored on the Novell server. Using Novell's IntraNetWare client
for NT, we can indicate where the policy is and stipulate that "profiles"
are to be stored in home directories and the ntuser.dat (registry
settings) are changed to ntuser.man (mandatory). We run a permissions
batch file which locks down all the file permissions as far as we can.
If our scenario is closer to yours than that developed by TRIPL, let me
know and I'll send you details. This was so time consuming (at the time
it seemed no one else had done what we needed to do) that I swore we
would share with all.
Denver Public Library
On Tue, 9 Dec 1997, Jian Liu wrote:
> Hi all,
> Instead of starting from the scratch, I'd better ask this first:
> Has anyone developed a workable way of securing a public workstation
> running windows NT 4.0. If so, could you please share the inforation?
> Or if you know a web site where I can get the information, please
> share it too.
> Indiana University Libraries
More information about the Web4lib