Page 2
All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...
Table of Contents Introduction............................i 1. Document Conventions ......................i 2. Activate Your Subscription ....................iii 2.1. Provide a Red Hat Login..................iv 2.2. Provide Your Subscription Number ..............iv 2.3. Connect Your System.................... iv 3. We Need Feedback! ......................v 1.
Introduction Welcome to the Red Hat Desktop Deployment Guide! Deploying the GNOME Desktop across an organization commonly requires that some aspects of the desktop enviroment be modified for that specific deployment. This document aims to enumerate common deployment tasks and establish best practices for those tasks. This document is not intended to address the more general topic of system administration and the GNOME Desktop.
Page 6
Introduction [key]-[combination] A combination of keystrokes is represented in this way. For example: The [Ctrl]-[Alt]-[Backspace] key combination exits your graphical session and returns you to the graphical login screen or the console. text found on a GUI interface A title, word, or phrase found on a GUI interface screen or window is shown in this style. Text shown in this style is being used to identify a particular GUI screen or an element on a GUI screen (such as text associated with a checkbox or field).
Page 7
Introduction <replaceable> Text used for examples, which is meant to be replaced with data provided by the user, is displayed in this style. In the following example, <version-number> is displayed in this style: The directory for the kernel source is , where /usr/src/kernels/ <...
If you can not complete registration during the Setup Agent (which requires network access), you can alternatively complete the Red Hat registration process online at http://www.redhat.com/register/. 2.1. Provide a Red Hat Login...
If you spot a typographical error in the Red Hat Desktop Deployment Guide, or if you have thought of a way to make this manual better, we would love to hear from you! Please submit a report in Bugzilla: http://bugzilla.redhat.com/bugzilla/ against the component rhd-dg. When submitting a bug report, be sure to mention the manual’s identifier: rhd-dg(EN)-4-Print-RHI (2005-03-09T16:26) If you have a suggestion for improving the documentation, try to be as specific as possible when de-...
Chapter 1. Configuration Overview: The GConf System The GConf system is one of the primary means to configure the users’ desktops, therefore a brief overview of this system is provided below. Many configurable quantities are accessible via key/value pairs using the graphical GConf editor tool. This tool is available from the command-line using the command , or, /usr/bin/gconf-editor...
Page 12
Chapter 1. Configuration Overview: The GConf System Readers might first wish to refer to the GConf section of the GNOME Desktop System Administration Guide available through Applications (the main menu on the panel) => Help, and by selecting the Desktop Category, selecting the System Administration Guide Document, and reading the chapter titled Using GConf , and also the GConf project page located on the web at http://www.gnome.org/projects/gconf/ before continuing.
Chapter 1. Configuration Overview: The GConf System $(ENV_name) Any other environmental variable may be referenced by prefixing the environmental variables name with ENV_ 1.2. Setting System-Wide Default and Mandatory Preferences You can set system-wide settings using either the graphical GConf editor or the command line utility, .
Chapter 1. Configuration Overview: The GConf System Refer to the Configuration Editor Manual (available through the online help system) for more detailed information on using the GConf editor. 1.2.2. Using the Utility gconftool-2 you can set the system-wide default number of workspaces to 5 by For example, using gconftool-2 issuing the command:...
Chapter 2. Configuring the Panel For more information on configuring panels, refer to the GConf chapter of the GNOME Desktop Ad- ministration Guide available through Applications (the main menu on the panel) => Help, selecting the Desktop Category, and choosing the System Administration Guide Document. Note For information on locking down the panel, refer to Section 4.3 Locking Down the Panel .
Page 17
Chapter 2. Configuring the Panel Refer to the GNOME Desktop System Administration Guide for an alternative method for changing the default panel configuration to that described below. The following provides a more complex example of how to modify the default panel configuration. 2.1.3.1.
Page 18
Chapter 2. Configuring the Panel <string>clock</string> </value> <value> <!-- System Tray Applet --> <entry> <key>applets/systray/object_type</key> <schema_key>/schemas/apps/panel/objects/object_type</schema_key> <value> <string>bonobo-applet</string> </value> </entry> <entry> <key>applets/systray/menu_path</key> <schema_key>/schemas/apps/panel/objects/menu_path</schema_key> </entry> <entry> <key>applets/systray/launcher_location</key> <schema_key>/schemas/apps/panel/objects/launcher_location</schema_key> </entry> <entry> <key>applets/systray/action_type</key> <schema_key>/schemas/apps/panel/objects/action_type</schema_key> </entry> <!-- Clock Applet --> Create the configuration source into which you will load your modified default setup: •...
Chapter 3. Menu Editing and Configuration For detailed information describing the implementation of the menu system, refer to the Desktop Menu Specification located at the freedesktop.org website: http://standards.freedesktop.org/menu- spec/latest. It is often useful for an administrator to add or remove items from the main desktop Applications menu.
Chapter 3. Menu Editing and Configuration Directory Entry ( ) Files *.directory files provide data about a menu such as its name, tooltip, and icon, and *.directory . Refer to the GNOME Desktop System are located in /usr/share/desktop-directories/ Administration Guide for more information on directory entry files. Desktop Entry ( ) Files *.desktop...
Chapter 3. Menu Editing and Configuration Note The user’s session must be restarted for the menu changes to take effect. 3.3. Removing Submenus for Individual Users To remove the entire System Settings submenu for a user, use the <Deleted/> element in the user’s file as shown: $HOME/.config/menus/applications.menu <!DOCTYPE Menu PUBLIC "-//freedesktop//DTD Menu 1.0//EN"...
Page 22
Chapter 3. Menu Editing and Configuration 3.5. Removing System Menus for All Users System Settings Applications remove submenu menu, edit , by adding the following before the final </Menu> tag /etc/xdg/menus/applications.menu in the file: <Menu> <Name>System Settings</Name> <Deleted/> </Menu> </Menu> <!-- End Applications --> The other submenus of the Applications can be removed in similar fashion.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features The GNOME desktop can be configured to restrict user access to a number of actions, such as print- ing, access to the command line, and even the ability to log out of the system. The most restricted configuration can be used to form the basis for a public terminal configuration or that of a kiosk-like setup, in which the user can only perform simple functions like web browsing.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features 4.2. Disabling [Ctrl]-[Alt]-[Delete] To prevent the key sequence [Ctrl]-[Alt]-[Delete] from rebooting the computer and from displaying the Log Out dialog, you must make configuration changes at both the window manager level and at the system level.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-3. Resetting the run_command_1 4.2.2. System-Level Configuration To disable [Ctrl]-[Alt]-[Delete] at the system level, comment out the relevant section in as shown below: /etc/inittab # Trap CTRL-ALT-DELETE #ca::ctrlaltdel:/sbin/shutdown -t3 -r now 4.2.3.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features key using Gconf editor, as shown in Figure 4-4. Figure 4-4. Locking Down the Panel 4.3.1. Disabling Applets To disable certain applets from loading or appearing in the applet menu, you can specify which applets you wish to disable by adding the appropriate applet IID to the key.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-5. Disabling Panel Applets Disabled applets may still appear in the dialog for adding applets, but will not be added to the panels. Note The panel must be restarted for disabled applet changes to take effect. 4.4.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-6. Setting the GConf Key disable_command_line Disabling the Command Line (Mini Commander) applet disable this applet, will need applet OAFIID:GNOME_MiniCommanderApplet to the list of disabled applets. Refer to Section 4.3.1 Disabling Applets for information on disabling applets. Disabling Console Switching Access to all virtual consoles can be disabled by adding a option to the...
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-7. Setting the Number of Workspaces 4.6. Removing Desktop Icons To remove one or more of the default icons from the desktop, unset the appropriate key /apps/nautilus/desktop/*_icon_visible as shown in Figure 4-8.
Page 30
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-8. Removing the Computer Desktop Icon To prevent the appearance of icons representing mounted media such as cdroms, unset the following /apps/nautilus/desktop/volumes_visible as shown in Figure 4-9.
Page 31
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-9. Removing Desktop Volumes Icons To eliminate all icons from the desktop, unset the following key /apps/nautilus/preferences/show_desktop as shown in Figure 4-10.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-10. Removing All Desktop Icons Note Unsetting this key also removes the desktop background menu, thereby eliminating access to the Open Terminal menu item. This is a recommended step for disabling command line access as described in Section 4.4 Disabling Command Line Access.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-11. Disabling Automounting 4.7.2. Disabling Printing Functionality To disable printing and printing setup, set the following keys /desktop/gnome/lockdown/printing /desktop/gnome/lockdown/print-setup as shown in Figure 4-12.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-12. Disabling Printing Functionality 4.7.3. Disabling File Saving To prevent a user from saving files to disk and from access to all "Save As..." dialogs, set the /desktop/gnome/lockdown/save_to_disk key as shown in Figure 4-13.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-13. Disabling Writing to Disk 4.7.4. Disabling Application Force Quit To prevent the user from forcing an application to quit by eliminating access to the force quit button, set the /apps/panel/global/disable_force_quit key as shown in Figure 4-14.
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features Figure 4-14. Disabling Application Force Quit 4.7.5. Locking Down Preferences for the Firefox Web Browser A complete, succinct guide to locking down preferences for the Firefox and Mozilla web browsers is available on the web at http://togami.com/~warren/guides/mozlockdown.
Page 37
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features 4.7.6.1. Using the Login Screen Setup Tool To enable automatic login using the graphical Login Screen Setup tool, start the application by either typing the command • gdmsetup or via the menus through Applications (the main menu on the panel) =>...
Page 38
Chapter 4. Locking Down the Desktop: Disabling GNOME Desktop Features...
Chapter 5. Remote Desktop Access In the enterprise environment, system administrators often need to deal with a large number of basic problems on users’ machines. Remotely taking control of a user’s desktop to fix the problem, while at the same time training the user how to resolve the problem for themselves, is an effective and simple way to handle these types of support scenarios.
Chapter 5. Remote Desktop Access Figure 5-1. Default Remote Desktop Access Control Dialog As can be seen in the above image, the access can be granted in a number of ways: Allow other users to view your desktop • Allow other users to control your desktop •...
Chapter 5. Remote Desktop Access Figure 5-2. Remote Desktop Access for Administration With the above access permissions, the administrator should be able to gain complete access to the user’s desktop. This method has the further benefit that the user can observe the administrator control the user’s desktop in real time.
Chapter 5. Remote Desktop Access The Terminal Server Client serves as a graphical interface to the command line programs , and can be accessed from the command line using the vncviewer rdesktop tsclient command. Terminal Server Client is a GNOME 2 application for remotely accessing Microsoft Windows NT/2000™...
Chapter 5. Remote Desktop Access Figure 5-3. Terminal Server Client Using VNC to Connect to a Linux Desktop 5.3.2. Connecting to a Remote Windows Desktop The minimal configuration for a user named "sam" connecting to a Windows 2000™ desktop named using the RDPv5 protocol is shown in Figure 5-3.
Page 44
Chapter 5. Remote Desktop Access Figure 5-4. Terminal Server Client Using RDP to Connect to a Windows Desktop After choosing Connect, you will be prompted for a user name and password. Note The user account with which you connect to the terminal server must have administrative privileges on the machine to which you are connecting.
Index feedback contact information for this manual, v file saving activating your subscription, iv disabling, 24 auto login, 26 Firefox editing gdm.conf, 27 lockdown, 26 automounting force quit disabling, 22 disabling, 25 browser lockdown, 26 gconf configuration sources, 1 reference, 1 GConf editor, 1 command line access introduction, 3...
Colophon The manuals are written in DocBook SGML v4.1 format. The HTML and PDF formats are produced using custom DSSSL stylesheets and custom jade wrapper scripts. The DocBook SGML files are written in Emacs with the help of PSGML mode. Garrett LeSage created the admonition graphics (note, tip, important, caution, and warning).
Page 48
Nadine Richter — German translations Audrey Simons — French translations Francesco Valente — Italian translations Sarah Wang — Simplified Chinese translations Ben Hung-Pin Wu — Traditional Chinese translations...