[OPLINTECH] SteadyState and My Documents?

dave menninger davemenningerlibrary at gmail.com
Wed Sep 1 15:30:00 EDT 2010 

We have a logoff script currently, but it sometimes fails to successfully
delete files.

Sometimes files are being held open by a process, sometimes they have messed
up permissions, sometimes they have too long file names.  Windows just fails
to delete them.  Have any of you had similar problems?

Right now our script goes something like this:

RD "c:\DOCUMENTS AND SETTINGS\%USERNAME%" /S /Q

I'm thinking about making it more like this:

TASKKILL /F /FI "USERNAME eq %USERNAME%" /FI "WINDOWTITLE ne plchlogoff"
DEL "c:\DOCUMENTS AND SETTINGS\%USERNAME%" /F /S /Q
RMDIR "c:\DOCUMENTS AND SETTINGS\%USERNAME%" /S /Q

But if I continue to just use the script, then I probably won't even
implement SteadyState at all.

~Dave

On Wed, Sep 1, 2010 at 3:22 PM, David Popeck <dpopeck at lkwdpl.org> wrote:

> For PC Reservation users, you can run a similar script as part of the
> log-off routine.
>
>
> On Wed, Sep 1, 2010 at 3:20 PM, Dan Will <willda at oplin.org> wrote:
> > Dave,
> >
> >     It is quite simple to run a batch file at logoff to do this.
> >
> >
> >
> > Copy the following to a text file and save as a .bat.
> >
> >
> >
> > rd /s /q d:\documents
> >
> > md d:\documents
> >
> > echo y| cacls d:\documents /p Administrators:F system:F everyone:c
> >
> >
> >
> > This will delete d:\documents and then recreate it. Edit if you want your
> > documents file somewhere else.
> >
> >
> >
> >
> >
> > Dan Will
> >
> > Technology Supervisor
> >
> > Meigs County District Public Library
> >
> > willda at oplin.org
> >
> > 740.992.5813
> >
> > 740.992.6140 (fax)
> >
> >
> >
> > “When you are growing up there are two institutional places that affect
> you
> > most powerfully:
> >
> > the church that belongs to God and the public library that belongs to
> you.
> >
> > The public library is the great equalizer.”
> >
> > Keith Richards
> >
> >
> >
> >
> >
> >
> >
> > From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org]
> On
> > Behalf Of Eric Maynard
> > Sent: Wednesday, September 01, 2010 3:11 PM
> > To: dave menninger
> > Cc: oplintech at oplin.org
> > Subject: Re: [OPLINTECH] SteadyState and My Documents?
> >
> >
> >
> > Dave,
> >
> >
> >
> > I have done this with SteadyState, a shared domain user and a few group
> > policy settings in combination with a second partition on the drive and a
> > couple of batch scripts.
> >
> >
> >
> > The basic concept is that a second partion D:\ is the default for saving
> > documents from session to session with a logoff and logon (just to be
> > sure) script that deletes all data on that drive.
> >
> >
> >
> > This works for us since our time management solutions allows for forced
> > reboots, but I suppose you could also handle it with just the local
> logons
> > and the Startup folder as well.
> >
> >
> >
> > Feel free to contact me off list for more details if you're interested.
> >
> > Eric Maynard
> > Head of Information Technology,
> > Holmes County District Public Library
> > Millersburg, OH  44654
> > Email [emaynard at holmeslib.org]
> > Phone [330.674.5972 x.224]
> > Fax   [330.674.1938]
> >
> > "Failure is only the opportunity to begin again more intelligently"
> >
> >
> >
> > On Wed, Sep 1, 2010 at 2:57 PM, dave menninger
> > <davemenningerlibrary at gmail.com> wrote:
> >
> > Hello!
> >
> >
> >
> > This list has been very helpful to me in the past so I'm hoping someone
> out
> > there can help me understand this.  We are experimenting with using MS
> > SteadyState to lock down our Public PCs.  We want to give users a
> location
> > on the PC that they can use to store files during their session, but we
> want
> > it to be erased between every session.  We have had trouble using other
> > methods to accomplish this in the past.
> >
> >
> >
> > It looks like you can give users access to the My Documents folder using
> SS,
> > but here is our issue: if you block the user from seeing the C:\ drive,
> then
> > they are unable to store files in the My Documents folder also.  If you
> > allow them to see the C:\ drive then everything works fine, but then they
> > can browse around and look through the whole C:\ disk under My
> Computer.  If
> > you hide the C:\ drive from the user and put the My Documents folder on
> > another drive, then you lose the benefit of SS erasing it after every log
> > off since SS only erases/restores the system drive.  If you hide My
> > Computer, then they can't get into the C:\ drive and look around, but
> they
> > also can't see the CD/DVD drive, the memory card readers, or any USB
> drive
> > that they plug in.
> >
> >
> >
> > All we want is a location for patrons to stash files during their session
> > that will be reliably erased every time, but we don't want them to be
> able
> > to browse the whole C:\ drive.
> >
> >
> >
> > Is this possible using SteadyState?  Are we missing something?
> >
> >
> >
> > In the past we have used a logoff script to erase the files in the user's
> My
> > Documents folder, but we experienced issues where certain files were
> unable
> > to be erased and the logoff scripts would die or fail, leaving behind
> extra
> > cached profiles.  That's why we liked the idea of using SteadyState to
> > reliably delete everything.  Plus, if we're just going to use a script to
> > perform the file deletion, then we don't really need SS at all because we
> > can accomplish the rest of the lockdown using domain policies.
> >
> >
> >
> > Any help would be appreciated.  It seems like a lot of you out there are
> > using SteadyState.  We're very new to it here.
> >
> >
> >
> > Thanks!
> >
> >
> >
> > ~Dave
> >
> >
> >
> > PC Support Specialist
> >
> > The Public Library of Cincinnati and Hamilton County
> >
> > _______________________________________________
> > OPLINTECH mailing list
> > OPLINTECH at oplin.org
> > http://mail.oplin.org/mailman/listinfo/oplintech
> > Search: http://oplin.org/techsearch
> >
> >
> >
> > _______________________________________________
> > OPLINTECH mailing list
> > OPLINTECH at oplin.org
> > http://mail.oplin.org/mailman/listinfo/oplintech
> > Search: http://oplin.org/techsearch
> >
> >
>
>
>
> --
> David Popeck
> Lakewood Public Library
> Adult and Electronic Services, Supervisor
> 216-226-8275, ext. 126
>  _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at oplin.org
> http://mail.oplin.org/mailman/listinfo/oplintech
> Search: http://oplin.org/techsearch
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20100901/81d52295/attachment.html

More information about the OPLINTECH mailing list