Monday, October 11, 2004

Keeping the Gremlins (and all other AMC Models) Out

Leon and I spent an admirable chunk of this weekend working on the new, improved DENTSERVER. Permissions can be a real bugger.
He and I sat side by side at my desk, he on his Tablet, logging on and off of the server and testing the permissions I was creating, and I on my main system, on a remote desktop to the server on one of my monitors and in a local Windows Explorer on the other.
It's a tedious job, because you must test that both the users that are meant to be restricted actually are, and the users that are meant to be permitted actually are. And then there are the varying degrees between restriction and permission. Frustrating? Oh my, yes.
The really sticky part of this is the Personal Folders area. Each user has a folder with his/her name on it, and then a folder below that one that is private. The first folder is fully-accessible to everyone on the network, but the second is only accessible to the user who owns it.  It's a nightmare that won't go away until inherited permissions are killed for each Personal Folder and then special permissions are set for each private folder.
I've added to that a new stress...mandatory server authentication. No one sees data on the server if they're not logged on, and my parents (yes, even my own mother) hate me for it.
I suppose this is the classic quandary of the sys/netadmin: user-friendly means insecure, and secure means user-unfriendly. Or, the principle of "You can please all the hackers all the time, or all the users all the time, but you can't please both all the time." Hmm. That one needs work.
Like I said, my parents hate me for the changes, but I've established enough good rapport with them that they went along anyway. The two of them have a sort of loathing for the represents everything about computers that is hard for them. It is every task some young computer-savvy person has told them is easy as making toast, and then ends up being completely inscrutable. The server is what brought on the requirement that they use a strong format password to log on to their own computers, and they hate it (and me) for that.
"And what the hell is 'strong format', anyway?", they wonder. Calmly explaining that it's simply a password that is at least eight characters in length, contains both letters and numbers, and has either special characters like punctuation marks or both upper and lower-case letters is of no avail. I get a look from them that is the parental equivalent of "WTF."
The problem is compounded by the fact that there haven't been any real security breaches on our network. During my administration of DENTNET, I've implemented various security measures, and usually when I say that a particular measure is for the purpose of keeping hackers and worms out, they go along with no argument.
But the paradox is that I've been really successful at keeping hackers and worms out, so my family thinks that when I talk about hackers and worms, I'm just trying to scare them into doing whatever I want. Do I need some nasty to come through and trash the network for my network users to take me seriously?
But I don't want my nice network trashed. I just want everyone to be happy.
Alas and alack, I won't trash my own network just to make having the network trashed a reality instead of a bogeyman. But I will throw people off of the server for not playing by the rules, and I suspect that no one wants that. So they grumble when they think I'm not listening.
Leon understands my motivations, though, and Crystal does her best to understand, and that is enough. Jeff wants to understand and is getting better all the time.
This is probably the right time and place to thank Jeff for all his help. He does a lot of my physical running around, updating, and troubleshooting in the upper levels of the house. He sort of sub-administrates the four (five?) computers up there, and he does a very nice job of it...when he gets around to it. Thanks Jeff.
Soon Jeff will have a network printer to deal with up there. That'll be fun. Printers are a hairy lot.
I'm calling this good for now.


Eric said...

What's the OS on DENTSERVER? Did you finally get Linux working to your satisfaction?

I remember doing the same thing with you once. It was both enlightening and frustrating. Good luck.

Your entry has given me some ideas for things to do with the home network (which don't matter much because I have a very basic network topology, but hey, a guy can dream).

Jake said...

WinServer 2003, baby. I like it so far, although it's quirky at times.