Win 9x and policies: easy said, easier done

Two Toronto-based IT workers have a message for anyone considering migrating from Windows 9x to Windows NT in order to gain desktop lock-down functionality — find another career.

IT consultant Lorenzo Palermo and IS manager Guy Bowie together make up two-thirds of William F. White Ltd.’s IS department. The Toronto company rents and sells motion picture equipment to the television and film industry.

White’s 100 users have been working in a completely locked-down desktop environment for several years. Users can’t access their C or A drives, let alone the StartUp menu or Control Panel.

Perhaps surprising is that Palermo and Bowie started policy-based management several years ago, using Novell NetWare as their network OS and Windows 95 as their desktop platform.

When the two read a recent ComputerWorld Canada story in which an IS executive at a large Canadian company detailed plans to replace Windows 9x on thousands of clients with Windows NT — in order to gain similar lock-down abilities — Palermo and Bowie were shocked. (“NT increasingly becoming…,” CWC, April 9, 1999, page 3.)

“The reality is NT is equally manageable or unmanageable, because it employs the exact same methodology and principles as the younger brothers 95 and 98 do, in terms of implementing [policies]. It’s the same policy editors, the same registry type settings, the exact same methodology,” Palermo said.

“So that’s what’s laughable about that, because all you’re going to do is change the client desktop and find you’re in the same situation at enormous cost.”

When Bowie hired Palermo several years ago, one of the first tasks he assigned him was to roll out Windows 95 over White’s Novell network. The goal was to pave the way for a new custom-built Visual Basic application designed for the tracking of rental inventory. At the time, Bowie was concerened about the OS’ controlled desktop features.

“I was really sceptical about being the first to deploy [Windows 95] across our networks, just because of the power it put in the hands of users,” Bowie said. He wanted to find a way to “lock down” the users to a specific desktop environment to head off management headaches.

After doing some research, Palermo concluded that user policies across the network was not only possible, it was straightforward. After some persuading Bowie decided to go ahead with the project.

Though Windows 9x may not seem like the obvious environment for policies, it has incorporated funcitonalty for using them, Palermo said. But he admits it still took months of reading and conducting research to fully understand that – research he did while juggling other projects, including facilitating White’s move to a new building.

“All we had to do was install Windows 95 on the machines including the policy editor…the policies created using the policy editor and stored on the network,” Palermo said. They customized the user policy templates using a text editor. The profiles are then stored in the network’s mail directory, where it can be managed as a floating desktop, and is always in effect regardless of which workstation a user logs into.

“So in a large company, if you had a standard desktop in let’s say your sales department, you would create that once, put it into the mail directory…and as soon as they log on, that’s the policy that’s going to come up on their desktop. And there’s no circumventing that,” Bowie said.

Now when White’s users come in each morning, they type in a password and gain access to their own pre-defined network storage area, where only the applications they need to do their job reside.

And because they save their documents directly to a network-based drive, Palermo and Bowie no longer worry about desktop crashes becoming catastrophic.

Overall, the two spend very little time on support issues, despite the fact White has offices in every major Canadian city. Palermo and Bowie hired a third person to deal with the help desk concerns – which are mostly hardware related — and have since devoted their efforts to developing new applications.

“It’s remarkable in a sense that…there’s three of us here. We don’t have any IS people outside Toronto. Basically, we support them from here, and we don’t deal with a lot of frivolous issues that would just drive you crazy with users bringing in stuff and uploading viruses and stuff like that,” Palermo said.

As to why so many of their peers are unaware of the policy power of Windows 9x, Palermo and Bowie say they probably haven’t taken the time to educate themselves.

“It’s possible that they’re not aware of the power of those policies. I and Palermo did a lot of research on it here at this end, and I think that’s what it takes sometimes.”

But the pair aren’t ruling out incompetence. Palermo said too many IS people waste their time chasing after desktop issues. “I think for anyone in this field, if you find [policies] too difficult, you should probably find another field.”