On Wed, Oct 08, 2008 at 10:35:43AM -0400, Matthias Johnson wrote: > I was curious if there is a way to set group policy on windows pcs using > a linux based server. I assume it isn't possible but again just curious. I > know you can set local policies on windows but I have found these to be > ineffective since many VB scripts will allow you to reverse the rules. From > what I can tell you can use Samba to achieve some functions of Active > Directory such as domain authentication but not group policy. I found this > book...
Definitely samba as a domain controller. > Also I was interested in how one would setup a network entirely linux based > down to the workstations/clients. Is there a Group Policy equivalent for > Ubuntu server? It's not fun and it's a big startup cost, but GRSec can do all of this. I've used this for student lab setups at a college. With grsec you can neuter the system at the kernel level and write rules for exactly what activities are permitted - even for root - and modify them down to the per-app and per-directory level. I used this for high-speed restoration of vmware images in the guest account (rsync, data owned by user but unreadable/unwritable thanks to grsec, but once the root monitor daemon copied it out it was fine, other tricks like that). You can limit users views of processes, what devices they can see, etc. It's very effective - barring an unknown kernel bug, you can lock a system down to the point that only physical attacks boot other media and replace the ACL list) are going to do it any harm. SELinux can also do much of this, but I've always preferred grsec. -m -- Mike Kershaw/Dragorn <[EMAIL PROTECTED]> GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1 Quidquid Latine Dictum Sit, Altum Viditur (Anything said in latin sounds profound)
pgpzzhdJmhSRn.pgp
Description: PGP signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Sep 3 - Porkchop - The Areas of My Expertise Oct 1 - Ubikeys Oct 4 - Linux Fest Nov 5 - Releasing Open Source Software Dec 3 - TBD
