At Ease for Workgroups 4.0: Tips for Increased Security (7/96)

This information is taken from the Tips and Troubleshooting section in Part 2 of the Apple Network Administrator Toolkit manual.

To make your At Ease workgroup as secure as possible, here are some suggestions on how to set it up. (If you are concerned about security, you should print out the At Ease activity log on a regular basis with the option "Security risks" checked. This will show which users accessed the Finder and which users accessed or tried to access the At Ease Administration program.)

- For maximum security, don't designate any Workgroup Administrators. A workgroup with one Administrator only is the most secure.

-Don't include a clue for your password.

To prevent users from tampering with the hard disk:
---------------------------------------------------
-Set an Administrator password so that no one but you can access the At Ease Administration program.

- From the Security menu, choose System Settings. Then select "Prevent users from bypassing security by starting up from a floppy disk."
This prevents users from seeing the At Ease startup disk even if they use a different disk to start up the computer.

- Make sure the option "Allow applications to be used from floppy disks" is not checked for all workgroups. This prevents users from running applications, like disk editors, off floppy disks.

- Make sure that you've allowed users to save and open documents only from within their Documents folder. (See the Locations panel of the At Ease Administration program.) In the Panels environment, this prevents users from gaining access to documents you don't want them to see.

- Don't install system debuggers on your system. This prevents users from gaining access to documents and programs that they shouldn't.

- Don't make the "Open Other" and "Go To Finder" menu commands available to users. This prevents users from gaining access to the Finder and other unauthorized applications.

- Don't allow access to the Control Panels folder. This prevents users from modifying the standard settings on the computers.

- Don't allow access to the Chooser. This prevents users from logging in to other servers on the network and using a different printer from the one you've designated for their workgroup.

To prevent unauthorized people from using the computers:
--------------------------------------------------------
- Don't allow Guest access to any of the workgroups.

- Give every user a password, and specify in the User Settings dialog box that users must change passwords on a regular basis. You can set the minimum length of a password and prohibit easy-to-guess passwords to help prevent individuals from guessing the passwords of authorized users.



Published Date: Feb 18, 2012