LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Use-Prevention Technology (slightly Off-Topic)

Use-Prevention Technology (slightly Off-Topic)

Posted Feb 12, 2010 17:01 UTC (Fri) by Epicanis (guest, #62805)
In reply to: Samba with Active Directory: getting bigger? by buchanmilne
Parent article: Samba with Active Directory: getting closer

Just a philosophical observation, but there's something that really, really bugs me about the fact that "Enterprise" features seem to revolve around use-prevention technologies.

Though it's not by any means exclusively a "Microsoft" thing, this is especially apparent when AD comes up, and it never seems to be about making things more productve so much as preventing people from using their computers. "All the computers have USB ports. How to I keep people from using them?" "The computers have internet access, how do I keep people from using the internet?" and so forth (and the perception that use-prevention features of ActiveDirectory and other technologies somehow magically fix everything).

Yeah, I understand why people feel the need for them, and I don't really have a real alternative to suggest. There's just something that really bugs me about it.

We now return you to your regularly-scheduled ActiveDirectoryFest...

(Log in to post comments)

Use-Prevention Technology (slightly Off-Topic)

Posted Feb 12, 2010 19:02 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

the truth is that an Enterprise network is not a free-for-all with everyone running whatever they want and doing whatever they want.

you have a small (compared to the userbase) team of admins who are managing lots of machines. They need to the machines to continue to match what they expect them to be running. A significant part of this is preventing people from installing/doing things on those machines that they are not supposed to (another part is publishing the correct software and configs out to the machines, but this currently has many solutions)

these machines are company machines, supporting the business of the company. They are not the users personal machines.

in the old days there was the central mainframe and everything had to go through the admins, then with the PC the processing power (and administration) got distributed. What companies are finding is that this has some fairly significant problems.

Among them is the fact that since the company owns the computers, the company is liable if any illegal, the company needs to control what gets installed on the machines.

Another issue in many environments is that the company is liable for damages if the wrong data leaves the company. This can't be completely prevented, but it can be made difficult enough that it won't be done accidently.

Now I would be the last to try and claim that there aren't companies who just have bad management and who micro-manage their employees just because they can, but there are real needs for theseuse-prevention technologies. The uses are almost all int the enterprise, and at this point this space is one of the few areas where a lot of work is needed (I don't count reverse engineering the exchange protocol to be in the same class, while that's very important to users (myself included), it's not a requirement for any enterprise that's willing to break the exchange shackle, and there are a lot of options there)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds