Week 5, Oct 1 No class next week Active Directory Unix version of Software Restrictions: "no-execute" status on mount Windows SteadyState ==================================================== Review starting-executables workaround using VB in msword Wireless update and DHCP * domain clients MUST use win2k3 server as DNS server * in the past, I achieved that by having the win2k3 server be the DHCP server * But win2k3 dhcp would zone out at times! * Alternative: Have hub be dhcp server, BUT configure it to set DNS server to ____ ==================================================== Go through Windows SteadyState tell sad story about disabling Fast Switching "It's best to provide an interface that offers only the options the user actually needs" ! comments, anyone? SteadyState restrictions supported: two groups, users & computers We will see this again in Active Directory Users Computers Why do you NOT want "cannot access control panel" to be activated on Computers list! windows disk protection: does unallocated space have to immediately follow? Prologue: p 10 latest updates antivirus software scan for viruses set Administrator password install all programs & features Windows Disk Protection no longer requires a "blank" partition! Note the keep-on-restart backwards option Try it out on laptop3 (formerly with no network drivers!) NOT domain-based Typical use: C: disk protection D: no protection: contains profiles, home directories, restrictions ============================================================= ======================================================== Network configuration Wired networks: basic issues & hardware Cost to wire a lab: $10-20K Wireless networks: << $100 !! HOWEVER, WEP was broken. WPA is stronger, though not ideal. WEP was broken only for special cases, now more or less obsolete. Students will work at cracking WEP, though they may not succeed ad-hoc versus infrastructure modes setting up a network SSID: csed 430 infra Key: experimental7 WPA personal Try accessing the web page at port 8080: 10.20.0.200:8080 DHCP has been turned BACK ON in the router. HOWEVER, in the long run it MUST BE TURNED OFF!!! Because the domain controller has to hand out some domain-specific info with the dhcp package. So the domain controller MUST be the dhcp server, too. 10.20.0.x 255.255.255.0 Router: 10.20.0.200 Be sure to try ipconfig /release before ipconfig /renew ============================================== ============================================== Disk-reset systems cannot realistically only allow admin-created writes to persist; it's all or nothing! Example: otherwise files may be inconsistent (Note that when admin writes, there's no way to "subtract" other previous writes by other users) Disk-reset systems also enforce CONSISTENT USER VIEW, at least if system is rebooted. User program writing: *maybe* no problem if machine code isn't involved: One can allow Python scripts but not ======================================== Software-trust problem What java applets do to address this problem Run in a sandbox What microsoft controls do to address this problem: * control must be "signed". ======================================== Future goals (for MS): * clearer notion of what is an executable * back off from "embedded" executables in doc files, excel, images, etc * intermediate strategies between allow & deny (eg notification) * sandboxes