[WEB4LIB] Lovers of Fortress Convince Me

[Paul Taylor]

I have been using Fortres in our library for around four years, and I think it 
was one of the best investments we ever made. I don't know how well it scales 
beyond 20 or so computers, but for our purposes it's great; I don't even use 
the network management component--and I have it installed on 12 public 
computers with various uses. I have seen it installed on a grander scale, but 
you would definitely need to employ its network capabilities to manage it.

I can't personally speak on locking-down through Windows policies, as I 
haven't used them in a few years--not since replacing NT4 with Linux. True, 
adding third-party software adds complexity, but on the other hand, for my 
purposes, it's much easier to let someone else do the dirty work, a la 
Fortres, rather than learn the arcane intricacies of Windows policy files. 
I'm sure there is greater control using them, but as we deploy our public 
computer services, the fine-tuning offered for security purposes would be 
gilding the lily. 

In our case, we use Fortres 101 to lock down the system generally, and Fortres 
Cooler to lock down elements within applications. A site license for us was, 
back then, something like $795 for Fortres 101. I'm sure client access 
licenses for NT/2k would surpass that, in order to utilize server-based M$ 
group policies, so I am happy not to pay the M$ tax and use Fortres instead.

Perhaps it will be a matter of preference for you, both in terms of the 
approach you prefer to take, and in the level of nagging you are willing to 
take from those insisting on their own preferred 'solution' that you will be 
managing anyhow. :)

-Paul

On Monday 05 August 2002 04:53 pm, GRAY, PAUL wrote:
> We have just upgraded to W2K server (from NT4) and I am in the process of
> developing a lock-down using Group Policies. So far -- the only thing I
> have found that I can't secure using this is Outlook Express -- We don't
> want users able to access this from the 'New Message' or Send URL or Send
> Page choices in IE.
>
> I'm going to be faced in the next couple of days with a meeting with some
> folks who have not seen what we can do using W2K's internal resources --
> and some of them are going to insist we really NEED Fortress and Cooler --
> largely because someone else told THEM that we did.
>
> We are using IE 6 as our front end. We have about 6 local cd-rom products
> that we run using KixStart Scripts -- everything else users access is
> Web-based.  Basicly I just need to prevent users from installing/running
> their own software (chat clients etc) and prevent them from saving to our
> C: or network drives (saving to their A: drive is no only ok - but
> encouraged).
>
> I'm from the school of thought that the more layers of programs you pile on
> -- the greater the chance of unwanted side effects. So I am leaning toward
> NOT adding these extra pieces.
>
> Many of you know much more about Fortress and Cooler and W2K Group Policies
> than I do -- So - before I go toe to toe -----
> Convince me I'm wrong --
>
> Thanks
>
> Paul H. Gray
> Library Manager - LAN & CLC
> TCC Northeast Campus
> Hurst, TX

-- 
Paul Taylor
Computer Coordinator
Salem-South Lyon District Library
9800 Pontiac Trail
South Lyon, MI 48178

248-437-6431 phone
248-437-6593 fax
http://south-lyon.lib.mi.us