Pavel Kankovsky wrote: <<snip>> > Moreover, it is pretty stupid to give users rights to modify critical > system directories just to let them install new software.
That's because it is (more than) pretty stupid to let users install software at all. The job of system administrators is to "manage" the systems they are responsible for. With Windows systems that requires that "ordinary users" (i.e. everyone whose job is not officially "system administrator") _MUST NOT_ be allowed to install new software. Sadly, extraordinarily few Windows system admins actually have enough nouse to realize this, and most of the few who do cannot get enough management muscle to back such a "draconian" policy. This all, directly and indirectly, stems from the "personal computer" focus of all preceding Windows-related development _AND_ the crushing banality that "backwards compatibility" imposes on any truly significant improvement that a Windows developer at MS may suggest for the OS. Of course, the considerations of the first paragraph above don't map at all well onto the SOHO market (on which MS significantly depends for its quite undeserved and largely unjustified stranglehold on the corporate desktop market), as your typical SOHO computer user has, by now, bought the marketing BS line (lergely fuelled by MS) that "anyone" can setup and manage a SOHO computer system, despite the fact that your typical SOHO computer user has no idea that there may even be such things as different privilege levels, let alone why the heck anyone would ever bother with the hassle of trying to implement and use them. Of course, it is just this user experience that so many of today's larger corporate "managers" have already had outside the corporation with Windows that makes so many of them hamper the proper development, deployment and support of Windows desktop systems within their corporate networks... And, I'm sure that the marketing and PR folk at MS are not unaware of this, so it is little surprise that so much of the "Security Initiative" talk, starting with Bill's infamous letter a couple of years back, is seen as just so much more marketing and spin. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
