Tech Forum

We just received a new PC for our unit; it came set up to utilize a Windows password.

My questions are multiple.

The first would be if the desire is to password protect the PC, you would think you almost would need to create separate Windows User Accounts, the rational being if everyone knows the one account password, then why have one at all?

The second question is if anyone is using the Windows password to begin with?

I understand that MLS is password protected in this case I am referring to Windows.

MKPolansky wrote:The first would be if the desire is to password protect the PC, you would think you almost would need to create separate Windows User Accounts, the rational being if everyone knows the one account password, then why have one at all?

The instructions (see Dell 740 installation instructions on the wiki) are very clear: You set up one administrator-level account called "clerk". Everyone who uses MLS uses that account.

I know that seems to violate basic security principles, but the fact is that MLS does not run properly on any type of account except an administrator account. All I can say is, follow the published rules and avoid grief.

It should not be the case that "everyone knows the one account password"; all the authorized users of the ward's computer will know it, but other people walking into the clerk's office won't know it, so it provides some small measure of protection.

MKPolansky wrote:The second question is if anyone is using the Windows password to begin with?

In my stake, everyone follows the rules and all the PCs use a Windows password. They also use a screen saver that locks the computer after a period of inactivity, so that the Windows password has to be entered to unlock the system.

I'm just going to second Alan_Brown here. Follow the setup instructions as provided. If you don't have them, you can download them from the same site you download MLS. See this post for more info if needed and this wiki page.

I can't give you an overly convincing reason except that the church is trusting of its members, and you will not always be around to maintain the computer. Follow the instructions and if anything happens, you won't be liable.

Alan_Brown wrote:It should not be the case that "everyone knows the one account password"; all the authorized users of the ward's computer will know it, but other people walking into the clerk's office won't know it, so it provides some small measure of protection.

The first line of protection is the physical security of the office. Some wards get lax about that.

Trust me, our plan is to keep the password on it. It's one of those follow the rules kind of things. So my follow up question would then be can MLS be modified so a "User" can use MLS not just an "Admin" level person? Not being too techie, I know you can set things up to "Run as Administrator" or something like that? That way each person could also have a separate Windows password.

Just a thought...

I don't think I've seen anyone play with RunAs with MLS.

However, in my playing around in other areas, I have seen issues when the process was run as a different user then the logged in user. Particularly when child processes were spawned.

I think you're just setting your self up for a tech support headache.

If the computer doesn't have Internet access, I don't think you'll have a problem. If it does have Internet access, I think you'd be better off locking down the browser.

MKPolansky wrote:Trust me, our plan is to keep the password on it. It's one of those follow the rules kind of things. So my follow up question would then be can MLS be modified so a "User" can use MLS not just an "Admin" level person? Not being too techie, I know you can set things up to "Run as Administrator" or something like that? That way each person could also have a separate Windows password.

Just a thought...

MLS was designed to operated under the Administrator login. I would strongly recommend that you stick to established procedures. It's just not worth the headaches you may get yourself into.

MKPolansky wrote:Trust me, our plan is to keep the password on it. It's one of those follow the rules kind of things. So my follow up question would then be can MLS be modified so a "User" can use MLS not just an "Admin" level person? Not being too techie, I know you can set things up to "Run as Administrator" or something like that? That way each person could also have a separate Windows password.

Perhaps I'm missing something, but I don't see the benefit of having each person have a separate Window password. The Windows login doesn't have any effect on MLS rights, so the only reasons I could see are to (1) allow users to store documents on the computer separate from other users' documents or (2) try to restrict who can log in to Windows by creating separate accounts that can be deleted when a user who has access to the computer is released.

#1 Using user accounts to restrict access to documents can be problematic. Someone with physical access to the computer can employ other methods (portable boot CDs, etc.) to try to bypass the account restrictions and get at the documents if they really want to. I wouldn't trust the Windows logon process on a standalone XP machine with sensitive documents. This is assuming that you don't have to grant each user administrative rights, which weakens any potential security even further.

#2 Restricting Windows access through user accounts seems like more trouble than it's worth. There shouldn't be network access to the computer, so any access requires physical access to the computer. It should be secured in the clerk's office, which means that anyone with an account to access the computer would also need physical access to the clerk's office. If you're concerned about someone using the computer who shouldn't have physical access to the clerk's office, you've got bigger problems than just trying to secure Windows.

I'm just struggling to see the benefit to using something other than the recommended configuration. Alan_Brown has already documentation the approved configuration and I don't see any benefit with what you're proposing and lots of headaches (account maintenance and troubleshooting/tech support issues).

Am I missing something?

scgallafent wrote:I wouldn't trust the Windows logon process on a standalone XP machine with sensitive documents.

Just a side note about sensitive documents. This should not be an issue if everyone is following Church procedures. And those procedures essentially say that the only place sensitive information may be stored is in MLS. Any documents created with sensitive information may not be stored on the computer hard drive. They may, however, be stored on removable media and locked away when not in use.

I set up a clerk account as suggested in the guidelines and mentioned by Alan Brown. But in addition, I create a "Stake Clerk" account, also with Windows Administrator privilege. I do this for the following reasons:

1) It gives me an account I can depend on. While most users of the computer won't change the Windows password on the clerk account, it does happen. Even though the clerk account has the ability to change the password on the Stake Clerk account, this seems less likely and has never happened.

2) I can have different folder options set for my use than what the general purpose account has. This is important because I commonly want to see all files including hidden and system, and I want to display details and file extensions. This way I don't have to remember to change it back for others' use.

3) When I do a backup (just a dump really) of the entire workstation, I can do this from the Stake Clerk account and I'm able to copy the contents of the clerk user account without having conflicts with Windows having files locked.