[OPLINTECH] SteadyState - no Win7

Chad Neeper cneeper at level9networks.com
Thu Sep 2 11:29:11 EDT 2010 

  I'm on the fence, myself between an open patron config and a 
restrictive config. In past years, I've standardized on a restrictive 
patron desktop (plus Deep Freeze), which has worked very, very well. The 
patrons appear to be ok with the restrictive desktops and I very rarely 
have any complaints filtered through the staff to me. However, I'm 
finding the more open desktop (plus DF) more and more appealing and 
useful for patrons.

With an open desktop, patrons would be much more easily able to bring a 
USB device with a portable application installed and then run it on the 
library computers. Not necessarily a bad thing, but it opens the library 
up to another avenue of abuse:  bulk spamming, malicious network 
scanning, etc. These attacks would be coming from library computers. 
Granted, this is already a risk when patrons use the library's wireless 
access. But still, a patron could considered it safer to use the 
library's computer for malicious activity than the patron's own wireless 
device.

With the restrictive desktops, this isn't really an issue.

I think I'm still more inclined to start opening up the desktops.


______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

/Full LAN/WAN consulting services -- Specialized in libraries and schools/

On 9/2/2010 9:51 AM, Dan Will wrote:
>
> Subject: Re: [OPLINTECH] SteadyState - no Win7
>
> For years, the only user control we had on our public PCs was Deep 
> Freeze.  Then a new IT Specialist, frustrated and appalled at the lack 
> of updates, removed Deep Freeze and tried to just lock everything 
> down.  (Sort of the reverse direction that we aged library IT folk 
> have moved in over our careers).
>
>   Yep, been there started with W3.11 & DOS 6.0. Lock those babies down 
> tight and then find a child to break it (any child would do because 
> they knew more about the computers than we did).
>
> That IT person lasted 6 months with us.  We now have no Deep Freeze 
> and crippled public computers.  Something needs to change.
>
> What direction do you all recommend I push New IT Specialist?
>
> Don, we have been trying to get to the point where our patrons can do 
> anything they can at home (short of installing programs and messing 
> with the system files). It actually has made my life easier. I have 
> fewer questions about *“Why can’t I /{add your own nightmare here}/!”* 
> * *As long as Deep Freeze is installed and in the frozen state, you 
> should be good to go.
>
> Does Deep Freeze allow some way that regular updates can automatically 
> be installed, or is it still the tedious process of visiting every 
> machine, booting unlocked, installing updates, and rebooting locked?
>
> The Deep Freeze console is the way to go, hands down & no doubt about 
> it! You can cause the computers to boot at any time you choose & then 
> just have it boot in an unfrozen state & run windows update (I have a 
> WSUS running here, cuts down on the outside internet traffic).
>
> Dan Will
>
> Technology Supervisor
>
> Meigs County District Public Library
>
> willda at oplin.org <mailto:willda at oplin.org>
>
> 740.992.5813
>
> 740.992.6140 (fax)
>
> “When you are growing up there are two institutional places that 
> affect you most powerfully:
>
> the church that belongs to God and the public library that belongs to 
> you.
>
> The public library is the great equalizer.”
>
> Keith Richards
>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at oplin.org
> http://mail.oplin.org/mailman/listinfo/oplintech
> Search: http://oplin.org/techsearch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20100902/0cef14c5/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3286 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.oplin.org/pipermail/oplintech/attachments/20100902/0cef14c5/smime-0001.bin

More information about the OPLINTECH mailing list