Original of this document can be found at

Why can't I use Windows 2000 on ResNet?

Note: Response to recent media attention is at the bottom of this page.

The Windows 2000 operating system, although used by only a few residents, was primarily responsible for hundreds of major problems on UCSB's residential network during the 2001-2 academic year. Residents' computers were compromised with several well-known vulnerabilities and used for all manner of unfriendly purposes such as the installation of viruses like Code Red and Nimda on other residents' computers, denial of service attacks, and port scanning.

For this academic year, ResNet staff determined that it is in the best interests of the entire UCSB ResNet community that this operating system not be used. As of the beginning of Fall Quarter, Windows 2000 (and Windows NT 4.0) cannot be used on ResNet. We recommend that users of Windows 2000/NT upgrade to Windows XP Pro. Residential Computer Consultants will be available to assist with these upgrades, and Windows XP Pro is available in the UCSB Bookstore at student rates. Students on financial aid can receive an augmentation of their award to cover the cost of the upgrade.

ResNet staff members consider each and every user of our network very important to us. Providing a reliable, high performance network for these users is the entire reason we are here. Because of that, we have to consider the overall health of our network when dealing with vulnerable operating systems, virus protection, and network security threats. We have decided that the best approach is a policy that protects the ResNet community from the kind of problems we saw last year associated with Windows 2000. While we understand that it is possible to run a secure Windows 2000 environment, past history has shown that this rarely happens on ResNet.

If you feel that you must run Windows 2000 on ResNet for valid academic reasons where no supported operating system will suffice, please email resnet@housing.ucsb.edu. Exceptions will not be granted for reasons other than academic necessity, and exceptions come with certain restrictions and limited support from ResNet Staff.

Response to recent media attention
Recently the UCSB Residential Network Program has been the focus of an article in the Daily Nexus as well as the focus of attention on a few technology-oriented websites. This section is an effort to better explain our decision to our technical peers. Uninterested residents need not read further.

Many folks have criticized our decision based on the fact that they consider other Microsoft operating systems no more secure than Windows 2000. We will not argue that point, and our decision was not made based on the relative security merits of one operating system or another. Our decision was made made based on the specific experiences our technical staff were subject to on our network last academic year. A university residential network is different in many ways than other parts of the univeristy network, and radically different from the average corporate network environment. We would be more than happy to explain this point further to interested parties, and encourage you to contact us with questions.

Other people have accused our staff of being "lazy system administrators". The point they miss is that the system administrators for the computers on our network are not the staff members, but rather the resident students themselves. Most of the students who chose to run Windows 2000 last year did not know or have any desire to know very much about system security. They were average home users, whose primary work on their computer is web browsing and email checking. There really is no clear reasoning for these folks to run an operating system marketed by the manufacturer as the ideal business system. The fact is that these Windows 2000 systems did not have professional system administration, and this is why they were a problem.

A smaller number of observers decided that we should use Microsoft domain group policies to better control our Windows 2000 users. They did not realize that we do not have a Microsoft domain infrastructure, do not have the staff to administer one, and find it extremely unlikely that our students would be comfortable with UCSB staff having domain administrator rights on their personal computers. We would also be on very shaky ground with university privacy policy to have this kind of visibility into a student's personally-owned system.

A few people have made comments to the effect that the staff who made this decision should be fired, or possibly executed. While we are admittedly of a biased opinion (being the ones on the wrong side of the gun ourselves), we certainly disagree. If the above clarifications help to dissuade the would-be hatchet-wielders, that's wonderful. If not, we welcome the opportunity to more fully present our case to anyone who cares to listen. Please email us at resnet@housing.ucsb.edu. We will also respectfully listen to their position, which is far more than we have gotten from many in the technical community recently.

Finally, let us assure you that our decision was carefully considered by people with years of experience in both academic and corporate environments. This was not a decision made on a whim by a first-year student. Our decision has also received some support from our peers in higher education residential networking. We are working directly with Microsoft on ways of educating our students on the vulnerabilities of modern Windows operating systems in hopes that we can head off the disasters we had with Windows 2000 in the future.

Curtis Kline
UCSB Residential Network Coordinator

This page updated on October 11th, 2002 by Curtis Kline.