Secure public workstation running NT

[Jo Haight Sarling]

We are currently upgrading all of our public PCs to Windows NT 4.0.  It 
took us about 8 months to develop a build that seems to be very stable 
and somewhat secure.  (I say somewhat, because there are still a few 
loopholes that in the perfect world we would be able to close.)  

We started with an outline prepared by the Technology Resource Institute 
for the Libraries Online program.  You can get information from them at 
www.tripl.org.

But many of their details didn't fit our needs.  They assume that you are 
using NT servers; we were sticking with Novell for our network.  We also 
use CARL's ECAT as the public interface, which requires special file 
permissions.

Basically we created an ntconfig.pol file, using the NT policy editor and 
this is stored on the Novell server.  Using Novell's IntraNetWare client 
for NT, we can indicate where the policy is and stipulate that "profiles" 
are to be stored in home directories and the ntuser.dat (registry 
settings) are changed to ntuser.man (mandatory).  We run a permissions 
batch file which locks down all the file permissions as far as we can.

If our scenario is closer to yours than that developed by TRIPL, let me 
know and I'll send you details.  This was so time consuming (at the time 
it seemed no one else had done what we needed to do) that I swore we 
would share with all.

Jo Sarling
Systems Librarian
Denver Public Library

On Tue, 9 Dec 1997, Jian Liu wrote:

> Hi all,
> 
> Instead of starting from the scratch, I'd better ask this first:
> 
> Has anyone developed a workable way of securing a public workstation
> running windows NT 4.0. If so, could you please share the inforation?
> Or if you know a web site where I can get the information, please
> share it too.
> 
> Thanks
> 
> Jian
> Indiana University Libraries
>