Some observations I made while doing some recent Windows 7 installs.
- Samba authenticates using the credentials of the logged-in user, so applying the same credentials to a user's samba account will make the mapping of network drives, and auditing their use, much easier.
- Even without Active Directory, it is still possible to setup a more secure group policy in Windows 7 and lock down specific applications.
- You can do this by adding a group in the Management Console, then by setting the EXE's permissions to non-inherited in it's security properties for the 'Users' group, and then changing the 'Users' group permissions set to 'NewGroup's by editing it. Only members of 'NewGroup' or Admin users will then be able to launch the application.
- Windows 7 can be made more multi-user friendly by disabling the user icons on the login screen. You can do this by going to 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System' in RegEdit and setting 'dontdisplaylastusername' to "1".
ActiveDirectory will simplify this process dramatically, but in a pinch (or a small office) these steps will work well.
No comments:
Post a Comment