Windows NT for public computers (long)

Robert Sullivan SCP_SULLI at sals.edu
Sun Jul 27 01:30:30 EDT 1997 

Steve Morris asked...

>We are considering using WinNT on public webstations in our small library.
>...I was wondering if anyone has any
>additional feedback to offer on the pros and cons of using NT on public
>access stations.  Is the combination of built in NT security features and IE
>Administrator's Kit adequate?  Any other tips, cautions?

I am nowhere near the end of my quest for enlightenment in this area, but my 
studies so far seem to indicate that yes, you can set up a very secure public 
system with NT Workstation by using a combination of the registry editor or
policy editor and the NT file system.  I have spent the last few weeks hunting
for print  and Internet resources which will help in this, and I've listed them
below.

One thing I've noticed is that many otherwise useful sources of information 
assume that even if you're running NT Workstation, you're connected to an NT 
Server somewhere.  Those of us running peer to peer or even standalone (in 
small libraries or branches which are not yet wired) find it rather 
frustrating to read descriptions of the System Policy Editor which only tell 
you which directory on the server to use for your ntconfig.pol file, or 
details of the Zero Administration Kit, which also requires Server. 

My other recent frustration is - where has the Internet Explorer Administra-
tion Kit gone?  I saw it on Microsoft's site a couple of months ago, but it 
seems to have vanished.

One item which has appeared on Microsoft's site is Service Pack 3. At slightly 
over 18 MB it's a long download, but it has some interesting security enhance-
ments, and our NT system vendor says it's relatively stable (but to avoid the 
first two service packs).

*Internet sites:

http://www.jsiinc.com/reghack.htm
Windows NT Tips, Tricks and Registry Hacks - Far out in front of the pack, 
Jerold Schulman's JSI site contains this collection of nearly 200 tips on how 
to customize your NT system by adjusting the registry.

http://www.savilltech.com/ntfaq.html
Savilltech's NT FAQ is 92 pages of useful information, including some registry 
tips.

http://www.usyd.edu.au/su/is/dts/DTSwinNTProfiles.html
Windows NT 4.0 Profiles and Policies - Compact and opinionated, this essay 
from the folks at the University of Sydney explains how profiles and policies 
work, common mistakes made in implementing them, and why you should install 
Service Pack 3.  It also has some good links to other sources. 

http://www.microsoft.com/kb/articles/  (samples from the MS Knowledge Base)

q97/5/97.htm
How to Enable Automatic Logon in Windows NT

q156/6/99.htm
Limitations of "Run Only Allowed Windows Applications"

q151/1/76.htm
Policy Registry Entries (Default User)
A good companion to the JSI site

http://206.241.12.4/archives/winnt-l.html
Archives of WINNT-L - If you can't face any more mail coming in, you may scan 
the collective wisdom of WINNT-L either a week at a time or by keyword.

*Print resources:

I'm not familiar enough with NT magazines to evaluate them, but when I looked 
in a local bookstore, Windows NT Magazine seemed to have a lot more useful 
information than NT Systems.  FWIW.

You might also want to check out the current (August) issue of Windows 
Sources, which has an article by David Strom on pp. 217 and 219 called "Make 
the Web a Safer Place."  It has some suggestions on configuring some security 
settings in Netscape and Internet Explorer.

Books:

This isn't security-related, but you have to start somewhere.  Running 
Microsoft Windows NT Workstation Version 4.0 by Craig Stinson and Carl 
Siechert (Microsoft Press, $29.95, 770pp) is lucid, easy reading, especially 
for those without Windows 95 experience in the new interface.  Beginners don't 
necessarily need to read all of it - unless you've just inherited the job of 
administrator.

Windows NT Workstation 4.0 Bible - Allen L. Wyatt (IDG Books, $49.99, 682pp + 
CD-ROM).  Categorized as "Intermediate to Advanced," this is also fairly light 
reading for its subject, and not as much overlap with Running MWNTW as I 
expected.  Offers more coverage of NT's Internet utilities, and step by step 
instructions on many procedures.  I was glad to see the discussion of the 
performance drain of wallpaper, screensavers, etc. The CD includes IE, WinZip 
and miscellaneous other shareware and freeware.

Microsoft Windows NT Workstation Resource Kit (Microsoft Press, $69.99, 1350pp 
+ CD-ROM).  Unlikely to be mistaken for light reading by anyone not involved 
in the actual design of Windows NT, it is widely regarded as a must-have for 
anyone who has to lift up the rock and deal with what's crawling around 
underneath.  The CD provides the Policy Editor (otherwise only included with 
NT Server) and many other utilities I'm still reading about.  Suggests many 
useful registry changes, and has a whole page telling you what directories 
should have what permissions.  Bottom line: unless your hourly pay is quite 
high, just reading the registry and security chapters will likely pay for the 
cost of this book (which can frequently be found for $50-55) in the time it 
saves you, not to mention that (IMHO) you shouldn't even be touching the 
registry unless you understand it at the level explained by the Resource Kit. 

>From the "haven't had a chance to read it yet, but it looks good" pile:

Windows NT Security Handbook - Tom Sheldon (Osborne, $34.99, 679 pp).  A 
review at amazon.com said this book was good, but the author was too paranoid 
- a clear indication that person has never dealt with library patrons.  From 
the little I've read so far, it appears to be very comprehensive in its 
treatment of security issues, and has some good suggestions about permissions.  
If you're just setting up a couple of standalone machines, this book may be 
overkill, and you certainly don't get a lot of registry information.  Probably 
of more benefit to large installations, it fell into the "better borrowed than 
bought" category for me, with no disrespect meant to the author - he obviously 
knows his stuff. 

[PC Week] Microsoft Windows NT Security System Administrator's Guide - Nevin 
Lambert and Manish Patel (ZD Press, $39.99, 388pp).  Includes a lot more 
registry information than the Sheldon book, and in a quick scan looked to have 
more details useful for my own situation.  If you get the Resource Kit or the 
book mentioned next, this one might not be necessary for you.

Windows NT Registry Troubleshooting - Rob Tidrow (New Riders, $39.99, 401pp + 
CD-ROM).  I picked this one over three other registry books in the store and 
have high hopes for it.  Looks like it may answer a lot of things I haven't 
figured out yet.

Windows NT Workstation Professional Reference - Kathy Ivens et al. (New 
Riders, $59.99, 1025pp + CD-ROM).  Looks like a good advanced book, similar to
but less dense than the Resource Kit.  It gives more information on profiles
and policies than the Resource Kit.

N.B. One book I haven't seen is Troubleshooting & Configuring the Windows 
NT/95 Registry by Clayton Johnson.  Books in Print lists it at 1600 pp and 
$49.99 with CD, which makes it either the last word on the registry or a sure 
substitute for Melatonin, or both.  I'd love to know what's in this book that 
isn't in the Tidrow book.

I hope this helps someone!

=====================================================================
Bob Sullivan                                    scp_sulli at sals.edu
Schenectady County Public Library               http://www.scpl.org
99 Clinton Street                               Voice: (518) 388-4500
Schenectady, NY 12305-2083                      Fax:   (518) 386-2241

More information about the Web4lib mailing list