[OPLINLIST] Group pricing for DeepFreeze

Chad Neeper cneeper@verizon.net
Thu, 03 Nov 2005 11:33:51 -0500 

Zeb Smith wrote:
> Using Windows 2000/XP with some added file permission settings and Group Policies, you can set up a secure machine without using software such as DeepFreeze. It takes a bit of configuration, but I would be happy to help anyone who would like to try it.
>   

Setting up file permissions and Group Policies is very useful and does 
much to protect the workstation, however a product such as Deep Freeze 
takes the protection to the next level. Using the two together gives the 
best protection. Using just one or the other leaves holes in your 
security plan.

Using file permissions and Group Policies w/o Deep Freeze will help 
protect the machine from malicious and unintended use. However, there 
will always be chinks in the armor. It could be a security vulnerability 
or other bug in a program's code, a misconfigured security setting, a 
power failure causing data corruption at a critical moment, etc. Any of 
a number of things can cause even a protected workstation to become 
compromised or damaged, possibly in turn to compromise other 
workstations on the local or wide network.

On the other hand, using Deep Freeze without taking the time to lock 
down the workstation with Group Policies and file permissions will allow 
the workstation to be compromised or damaged in an even larger number of 
ways. Yes, the workstation will revert back to it's previous state after 
a simple reboot, but until it's rebooted, the workstation is free to do 
a whole lot of damage to other machines on the local and/or wide network.

Using the two together gives you the best of both. The file permissions 
and policies help to limit the ways in which the machine can be used 
and/or compromised. ...and _when_ it is compromised or damaged, Deep 
Freeze will fix it with no hands-on tech time.


Just my own experience...
Chad


-- 

---------------------
Chad Neeper
Senior Systems Engineer
Network Response Group
614-481-9400

--  Full LAN/WAN consulting services specialized in libraries and schools  --