[vox] MS and Homeland Security
ME
vox@lists.lugod.org
Thu, 17 Jul 2003 12:32:37 -0700 (PDT)
>> Up spake ME on Wed, Jul 16, 2003 at 08:32:32PM -0700:
>> > One of the long-known weaknesses in MS Windows has been a lack of
>> built-in
>> > low-bandwidth remote control systems such as those we have with *NIX
>> > solutions like ssh and use of a remote shell.
Eric D. Pierce said:
> http://tech.erdelynet.com/cygwin-sshd.html
After having been an NT Admin for Windows NT 3.5.1, 4.0 (Server Edition),
Windows 2000 Advanced Server Edition, administering a small Citrix Server
farm, and generally windows support, I can tell you that use of telnet or
ssh to use cmd.exe as a "shell" for a windows server just does not cut it.
Most major things that you would want to do can't be done from cmd.exe.
Most major things require a gui.
As a result, this is where my qualified statement of "built-in,
low-bandwidth remote control systems..." and "... like ssh and the use of
a remote shell." are of importance. With a shell like bash on my Linux
box, I can reconfigure every service that I run, rebuild a kernel and
complete all critical server administration and update my applications
without being disconnected or be required to use graphics.
With Windows, there are things that just cannot be done from cmd.exe.
Adding ssh does permit more security, and you can tunnel GUI-based remote
control systems for administration, but there are still things you cannot
do.
Take for instance you are using the terminals services and Citrix and you
want to install the latest SP4 for W2K, you must shut down the citrix
terminal services and alter the state of the machine to prevent remote
login. If you disable te service that you use for remote access in order
to upgrade, how can you remotely upgrade?
However, with my Linux box, I can upgrade core libs without reboot,
upgrade my ssh services without being disconnected (while using ssh) and
use just a shell with ssh and no graphics to do it all.
And for those who state such a thing is not an issue, MS has stated they
think it is an issue, and they have plans to include support to configure
most of their services with something like a remote shell that does not
need to be halted for upgrades. It is enough of an issue for MS to
conceede this as a failing ("failing" is not their word) by choosing to
offer support for this in future products.
-ME