First off, let me get this out of the way - none of these are going to be about security. An OS is usually a better reflection of the administrator than of the manufacturer. This recent article at InfoWorld suggests that it's poor administration that causes many system comprimises, and I firmly believe that a good administrator can keep Windows just as secure as Linux or UNIX with the proper skill and care. System patches and updates should be applied, application updates should be diligently monitored, and the proper filtering and gateways should be activated. So, given that security is, at least in this article, more a product of the admin than the environment, I have not included any reflection of security or the politics of the company.
One: Folder Options
"Folder Options" is the name of the dialog box that controls Explorer options (Explorer is the default file manager for Windows). On a workstation, this is purposely configured to do some simple things like hide file extensions, hidden files, core OS/system files, and configure the behavior of title and address bars. On a server, however, it's very important for an admin logged in at the console to have as much access as possible. A server is not a desktop system, or rather, should not be, and as a result, the default options should be configured for server use.
Two: Internet Connection Wizard
The concept of the "Wizard," which walks you through a configuration in simple, easy to understand steps, has gone through some revisions. Most of the time, wizards tend to aggravate power users these days. There was a time not too long ago when wizards were very helpful and many appreciated them. Having built countless Windows workstations, I can tell you that the Internet Connection Wizard (ICW), is by far the most annoying of all wizards. As a network administrator, you should understand the concepts of gateways and proxy servers. These days, a server should expect to connect through a LAN and not need proxy authentication. The few people who need those options should know where to configure it.
As if to add insult to the matter, the ICW asks you with EVERY setup, which, incidentally, is once PER PROFILE, per machine, to setup an "internet e-mail account," which is Hotmail/MSN based, of course. No one using a server and configuring IE for the first time should be thinking, "I wonder how to set up an e-mail account -- ooh! Here's a way!" Again, if they are, then they probably aren't qualified to configure a server. The fact that Microsoft invites this bahvior by making Windows servers accessible to people like this does not bode well for the quality of network admins.
Three: Windows Media Player
I can swallow that IE is tied to the core code of the file manager and thus cannot be stripped out of the OS easily without sacrificing some functionality. I think the desired behavior, which I witness with Konquerer too, is that if I type a URI into my file manager that it passes it off to a browser of some kind (it should be noted though, that Konq is not a pre-requesite to installing Linux.) I'm not thrilled that I HAVE to have a browser on my servers, which shouldn't be used for internet surfing - even Windows Update should have a stand alone piece for servers, but that aside, there's a bigger issue.
Why must I have a media player on my server? And why are the codecs so important? How come just to install this media player, I have to reboot my server? Anyway, who out there is using WMP on their servers? This appears to be a case of using the same code base for their Server line as their workstation line. If I'm wrong, which I could be, as I've not audited any of Microsoft's code nor am I qualified to review it, then I ask, WHY? And if I'm right, then why haven't they removed the functionality? And if it's tightly integrated, why haven't they changed that? I don't see a reason why multimedia capabilities should be buried and tied so deeply to the core of your operating system. Dump WMP from the server line. One way or another. Period.
- "Windows Server Annoyances, Page 1/2"
- "Windows Server Annoyances, Page 2/2"