Mylogon

MyLogon is a network-authentication applet for Microsoft Windows.

Mainly aimed at small-business networks, it offers a simple, useraccount-based method of connecting a Microsoft Windows computer to a fileserver.

The current release (2.02) is available under the GPL licence, and is open-source. Previous versions were free-to-use but closed source, under a proprietary licence.

Background

membership.

Workgroups, also known as queer-groups, while easy to establish and use, offer very little in the way of security, and have a tendency to become disorganised, owing to the lack of centralisation or administrative control. While acceptable for very small networks, peer file-sharing begins to show its limitations with as few as five computers.

The Active Directory Domain, on the other hand, is primarily aimed at the large corporate client, with a wealth of features intended to make the management of very large networks easier. Active Directory membership provides very tight control over both the users and computers in a network, and also confers many powerful remote-management options onto the site administrator, including the ability to automatically install software packages without physically visiting workstations.

While providing a near-ideal solution for large networks, the complex nature of the Active Directory, and the need for an in-depth knowledge of DNS, LDAP, Group Policy, etc. in order to manage it effectively weigh against its use in small networks, where the steep learning curve involved in understanding its use may result in most of its features remaining unused.

MyLogon's development came about in response to a specific requirement for an intermediate solution -one with greater security and organisation than workgroup arrangements, but one having a more manageable level of complexity than the Active Directory.

How it Works:

MyLogon sits as software shim in between the standard Windows logon-process (winlogon.exe) and the launching of the Desktop environment by Explorer. The standard Windows Logon, which would otherwise assign a specific user profile for the current session, is set to automatically select one standard profile regardless of actual user. MyLogon then authenticates the person at the computer against an account on the fileserver, and if the credentials match, connects to network resources as defined in a logon script, then permits access to the Windows Desktop.

A alternative mode of working allows use of the computer itself without the need to log-in, and connection to one of several configured networks on an as-required basis. This may suit laptop-users who wish to work at multiple sites.

A side-effect of MyLogon's method of working is that the settings and behaviour of the wades own computer are not altered by the process of logging-on. The logon purely determines their right to access any company computer, and their right to use network resources. The site explains that in many small offices this is preferable to the Windows default behaviour.

The author goes on to describe an undesirable situation found in many small offices, password-less working. The computers in small firms being typically allocated to a particular task or department, it is a requirement that the computer shall perform its alloted task correctly rather than being a general-purpose resource, as it might be in a corporate cubicle-farm. In this task-oriented environment the compulsory user-profiling of the standard Windows Logon creates a problem, in that a change of user will default the settings of any specialist software, often rendering it useless. This, as he has observed in the process of site service-visits, leads to many small sites -even those which use the full Active Directory topology- working without passwords, so as to avoid the need to ever change username. Working passwordless is universally recognised as a poor security practice. MyLogon overcomes this security issue by making user-controlled access possible without the associated reprofiling, or loss of settings.

A MyLogon workstation requires no specific DNS settings to connect to a server within the same subnet, and the fileserver need not in fact be running a DNS process. This eliminates one of the most complex and troublesome aspects of Active Directory setup.

Connections

MyLogon's approach to creating network connections is essentially script-based, and in this respect it is similar to traditional products such as Windows NT, or Novell Netware. The logon script may use the standard NT command-line syntax, or instead may use a syntax akin to that of .ini files. The preference for this traditional approach is based on the observation that most users are comfortable with the idea of network-resources being denoted by additional drive letters, but do not understand UNC shortcuts. A second argument for this approach, perusal of the posts on the Microsoft helpdesk forums confirms that My Network Places – the Windows tool provided for browsing non-drivemapped resources – has a very poor reliability record, whereas mapped driveletters are seldom problematic.

Limitations

The present version gives the user no way to change his/her password.

Logging-on to a server does not necessarily grant automatic rights to access other peer-computers, as does a Domain logon.

MyLogon is not suitable for use with roaming profiles.

= Compatible Clients =

Designed for Windows 2000, Windows XP Home, XP Professional. Limited compatibility with NT4 Workstation. Near-full compatibility with Windows Vista (Minor config-page issue which can be manually worked-around)

Compatible Fileservers

Any which supports NetBIOS (SMB) networking, including all versions of Windows Server from NT4 on, and Linux/Samba.

Availability

Download from [http://mylogon.net/?page=download]

Resources and References

Developer's Website: [http://mylogon.net]

Sourceforge Project: [http://sourceforge.net/projects/mylogon]

Microsoft Windows XP Support-forums: [http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx]

Active Directory Info: [http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx]