[265] in winnt
Re: Securing the WinNT root.
daemon@ATHENA.MIT.EDU (Jonathan McIndoe Hunt)
Mon Nov 16 16:43:45 1998
Date: Mon, 16 Nov 1998 16:40:31 -0500
To: "Stephen D. Dowdy" <sdowdy@MIT.EDU>, "Paul B. Hill" <pbh@MIT.EDU>,
ntpartners@MIT.EDU
From: Jonathan McIndoe Hunt <jmhunt@MIT.EDU>
In-Reply-To: <3.0.5.32.19981116162854.009f07b0@po10.mit.edu>
Hi Stephen,
Yes, Windows 2000 (formerly known as NT 5.0) compliance does eliminate .ini
files. The registry already has configurable security so that
administrators can do some things and users can do less. With storing
everything in the registry, the software will have the necessary settings
stored when the administrator installed the application, while user
customizations will be stored in the users portion of the registry, i.e.
HKEY_Current_User.
As for cleaning up user profiles, you can specify with system policies to
delete cached profiles and this will solve having to cleanup user profiles
from multiple machines.
-Jonathan Hunt
At 04:28 PM 11/16/98 -0500, Stephen D. Dowdy wrote:
>Paul... when you get a chance....
>
>I've heard that a rumor that NT 5 compliance may mean not to have .ini
>files but rather include these things in the registry. It seems to me that
>will only complicate things more cause now we'll need to allow user access
>to the registry. Is/are these rumors or is there a real direction towards
>the use of registry over .ini ??? If so... will registry now have its own
>set of permissions so that administrators can do their thing and users can
>store preferences without worrying about other users preferences? Also, as
>this thing continues to grow, how the heck will we ever know how to clean
>it up? I already am seeing many user profiles proliferating across many
>machines. At least I know which ones I might delete from the local
>machine. I certainly wouldn't want to start scanning the registry for
>potential clean-up activities.
>
>
>At 03:47 PM 11/16/98 -0500, Paul B. Hill wrote:
>>>...I've actually had more problems with application directories than
with NT
>>>itself. An appalling number of programs keep config files in their
>>>application executable directories, and require user write access to the
>>>config files, the application directories, and in some cases even the
>>>application's own executables. ...
>>
>>This is the major reason why I have not tried to document any
>>recommendations yet. Unfortunately, at the present time, the only practical
>>answer is that each machine must be reviewed on an individual basis because
>>it depends which applications or services will be running on the machine.
>>
>>The NT 5.0 Logo program does try to make it clear to developers how their
>>applications should behave. Eventually it should be possible to secure
>>major directories without breaking many of the applications that are
>>important to the users.
>>
>>Paul
>>
>
____________________________________
Jonathan M. Hunt
Departmental Computing Support
E40-335 x3-0172
http://web/is/dept-comp/
