Trusted Extensions establishes tighter security defaults than the Solaris OS:
By default, auditing is enabled.
An administrator can turn off auditing. However, auditing is typically required at sites that install Trusted Extensions.
By default, device allocation is enabled.
By default, device allocation requires authorization. Therefore, by default, regular users cannot use removable media.
An administrator can remove the authorization requirement. However, device allocation is typically required at sites that install Trusted Extensions.
Regular users can print only to printers that include the user's label in the printer's label range.
By default, printed output has trailer and banner pages. These pages, and the body pages, include the label of the print job.
By default, users cannot print PostScript files.
Roles are available in the Solaris OS, but their use is optional. In Trusted Extensions, roles are required for proper administration.
Making the root user a role is possible in the Solaris OS. In Trusted Extensions, the root user is made a role to better audit who is acting as superuser.