|
BOOT CAMP 140
SYSTEM POLICIES
One of the things that surprises a lot of Window 95/98 users
is the operating system's apparent lack of security features. Anyone with a mind
to do so can easily interfere with key settings that can drastically affect the
way a PC behaves, even stop it working altogether. Microsoft could have
incorporated effective security measures as standard but good sense prevailed.
Security systems have a nasty habit of backfiring and there is no doubt they
would cause enormous problems, especially for inexperienced users – Windows
without restrictions is bad enough…
In fact Windows 95 and 98 does come with a powerful security
facility but it is not installed by default, or readily accessible, unless you
know what you are looking for. The System Policy Editor or "Poledit" is meant to
be used by System Administrators. They’re the folks who look after networks or a
number of PCs, such as teachers and lecturers, who use it to stop mischievous
students messing around with desktop settings and running illicit programs.
Clearly it could also be of interest to anyone who’s PC is shared by several
people, particularly if they include meddlesome children.
This week we'll have a brief look at what Poledit can do.
Next week we'll put theory into practice but before we go any further this is an
appropriate point to issue the customary warning and disclaimer. Poledit is not
especially difficult to use but it can easily muck up your computer so leave it
alone, unless you are confident of your abilities and are prepared to accept the
consequences, and don’t blame us if you get it wrong!
Poledit covers a lot of ground but the part we’re interested
in is basically a tool for editing the Windows Registry. As regular readers will
know the Registry is a set of files that controls how Windows looks and works.
For more information see Boot Camps 126 & 127 (June 1st and
8th 2000).
Poledit lives on the Windows 95 and 98 installation
discs. Unlike most other Windows
utilities Poledit is not loaded into the PC during setup nor is it accessible
from Control Panel or the desktop. It is possible to install it on your PCs hard
disc drive if you wish but that would defeat the object and compromise security.
Ensuring that the installation disc has to be loaded every time in order to make
changes is a useful first line of defence against casual tinkering by PC-savvy
users (though obviously it can’t stop determined fiddlers, who may have their
own copy of Poledit on a floppy or CD-ROM…).
Windows 95 and 98 have different versions of Poledit. The
Windows 95 one is slightly simpler in presentation and therefore easier for
beginners to get to grips with, moreover it appears to work on Windows 98 PCs
without any problems, however it's sensible to play safe and use the one that
came with your version of Windows. The main difference is that Poledit in
Windows 98 contains a number of extra features, mostly designed to control
Internet and email facilities; however, to keep things as simple as possible
we'll stick to the basic features common to both versions. If you want to know
more about what Poledit can do there are plenty of web sites and books covering
the subject.
The changes made by Poledit on a stand-alone PC are usually
global and will affect everyone who uses that computer, however it’s possible to
confine the changes to single “profiles”, where the PC is used by a number of
people with different passwords, but more about that next week.
Before you do anything it’s a good idea to work out exactly
what you want to achieve since too many restrictions can be just as bad as none
at all and you could end up making your PC difficult or impossible to use for
routine tasks. To help you decide we’ll round off part one with a run down of
some of the available options.
Poledit controls how the PC works using a series of
‘administration templates’. There are several of them, mostly dealing with
advanced network operations. However, the one we’re interested in concerns the
Control Panel, the Desktop, access to the Windows filing system and disc drives.
The Control Panel options include the facility to hide the Background,
Appearance and Settings tabs on the Display icon. The latter allows users to
change screen resolution, which can create a lot of problems. Incidentally,
Smart Alecs who know how to get into Control Panel by various alternative
methods (right-clicking on the desktop and selecting Properties, My Computer,
Windows Explorer etc.,) will not be able to get around the restrictions, they
will be greeted with a message advising them that “Your System Administrator has
disabled the Display Control Panel” and they won’t be able to make any changes.
Other Control Panel items that can be restricted or disabled include Networks,
Printers, Passwords and System, which includes the important Device Manager and
Hardware Profiles tabs.
Poledit can lock Windows wallpaper and colour schemes and
again will defeat any scurrilous attempts to make changes by backdoor means,
such as using Internet Explorer to set new wallpaper. Poledit can also remove
the Run Command from the Start
menu, turn off Folder Options and Taskbar & Start Menu on Settings on the
Start Men. It can hide disc drives in My Computer, make everything vanish from
the desktop, disable the Shut Down command and cancel the feature whereby
desktop settings are automatically saved on exit. Finally to scupper any serious
attempts at sabotage Poledit can stop editing tools making changes to the
Registry, prevent DOS-based software from running in a Windows DOS session and
restarting the PC in DOS mode and there’s a provision to only run designated
Windows programs.
Next week – Using Poledit
JARGON FILTER
ADMIN TEMPLATES
Poledit options that cover a range of Windows features,
including how it looks and works, restrictions on Internet and e-mail access,
network configuration etc.
MS DOS
Microsoft Disc Operating System -- core control program that
functions alongside Windows, determining how a PC stores, retrieves and
organises files on its disc drives and providing an environment for non-Windows
programs to operate in
PROFILE
Windows facility (see Passwords in Control Panel) that allows
several users to share a PC, setting up their own custom preferences and desktop
settings
TOP TIP
Here’s an unusual way to organise your desktop if you are
using Windows 95/98 and Internet Explorer version 4 or later. Open Windows Paint
or your preferred paint program, draw several large boxes or shapes and use the
insert text facility to give them names (Internet and E-mail, Music, Pictures,
Games etc), colour it in if you like, then use the image size or attributes
facility to change the size to the same as your display (i.e. 640 x 480, 800 x
600, 1024 x 768 etc). Give the image a name and save it as a Bitmap file. Now
set it as Wallpaper (File menu in Paint) or go to Display in Control Panel,
select the Background tab and use Browse to locate your image. Return to the
desktop and move the icons into the labelled boxes. If they won’t stay put
switch off Auto Arrange by right clicking into an empty area of the desktop.
|