[OPLINTECH] Moving to less-locked-down public computers with Deep Freeze

Bill Hardison bhardison at norweld.org
Tue Jan 27 11:23:47 EST 2009 

Hello "John"

I run Deep Freeze Enterprise here at our regional office and help a number
of libraries implement it as well.  I'm not sure what CASSIE does that DF
does not.  But, you can configure DF to reboot after a customizable amount
of idol time.  It will even notify the patron before rebooting if they are
"using" the PC but have not been seen as active for the prescribed time.

And, DITTO to all the other features of DF that Mohamed mentioned earlier.
The enterprise version of DF is the only way to go in my book.

Bill

Bill Hardison
Computer Services Coordinator
Northwest Regional Library System (NORWELD)


On Tue, Jan 27, 2009 at 9:42 AM, John Librarian <johnqlibrarian at gmail.com>wrote:

> Right now our public computers are locked down so that you can't install
> anything, can't run anything that's not on our run-only list, etc.  This of
> course is in order to keep each computer from getting messed up for
> subsequent patrons, and to protect other machines on the network.  Of
> course, there are times when the computers won't do something a patron wants
> to do, like using a web site that requires its own special software to be
> installed or running a program from a CD-ROM for school.
>
> So, we're going to try switching to a less-locked-down setup.  We're going
> to use Deep Freeze to restore computers when they reboot, and we're going to
> use CASSIE to reboot between patrons.  (Both of these programs are new to
> us.)  I would appreciate any suggestions for further measures to take to
> keep things secure and running nicely.  Our environment: We have 34 public
> PC's which we're replacing with new ones (with Windows XP); we have an
> Active-Directory-enabled Windows domain with one DC, runningServer 2003.
>
> My ideas are to have one user account per computer (with permissions only
> to that computer) as a local power user, to put these computers on a
> separate subnet and if possible a VLAN, and to make sure our Windows server
> is locked down as much as possible.  I could put them on a separate segment
> of the firewall, but I understand that you can't manage a Windows domain
> through a firewall (or any other kind of router) and it seems like it would
> be useful to manage these computers on our existing domain.  I don't yet
> know how we can keep users from turning off CASSIE after they log in; I'm
> not sure if keeping them from running taskmgr.exe will do it; if nothing
> else I suppose we can have a script run every minute or 5 minutes, check for
> the CASSIE process, and reboot if it's not running (I think I can make this
> invisible to the user using a VBS instead of just a BAT file).
>
> Thanks for any help you can give me, even if it's just thoughts, or reasons
> you think this is a bad idea.  If you reply privately I won't forward your
> info to anyone - I know you might not want to talk publicly about your
> security.
>
>  johnqlibrarian at gmail.com
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at oplin.org
> http://mail.oplin.org/mailman/listinfo/oplintech
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20090127/6378a44a/attachment-0001.html

More information about the OPLINTECH mailing list