<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Freestyle Script";
panose-1:3 8 4 2 3 2 5 11 4 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Not sure why you want to totally reboot between patrons.
Cassie clears out internet cache at logout. You will have a lot of issues
with cassie scheduling if you reboot after each patron. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>We set up deepfreeze to go into maintenance mode overnight once
per week and set it to download and install updates and then refreeze the
workstation on a reboot prior to opening. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>We only reboot the systems if a patron starts having problems on
them and then Deepfreeze resets them to normal. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><b><span style='font-size:16.0pt;
font-family:"Freestyle Script";color:#1F497D'>Jim Kenzig</span></b><span
style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>Network Manager</span><span style='font-size:11.0pt;font-family:
"Arial","sans-serif";color:#1F497D'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Cuyahoga County Public Library<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><i><span style='font-size:10.0pt;
color:black'>Administrative Offices<o:p></o:p></span></i></p>
<p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;
font-family:"Arial","sans-serif";color:black'>2111 Snow Road / Parma, OH
44134-2728<o:p></o:p></span></p>
<p class=MsoNormal style='text-autospace:none'><i><span style='color:black'>p </span></i><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>216.749.9389
</span><span style='color:black'>/ <i>f </i></span><span style='font-size:10.0pt;
font-family:"Arial","sans-serif";color:black'>216.749.9445<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;color:blue'><a
href="www.cuyahogalibrary.org"><span style='color:blue'>www.cuyahogalibrary.org</span></a></span><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
oplintech-bounces@oplin.org [mailto:oplintech-bounces@oplin.org] <b>On Behalf
Of </b>John Librarian<br>
<b>Sent:</b> Tuesday, January 27, 2009 9:42 AM<br>
<b>To:</b> oplintech@oplin.org; SYSLIB-L@listserv.buffalo.edu<br>
<b>Subject:</b> [OPLINTECH] Moving to less-locked-down public computers with
DeepFreeze<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>Right now
our public computers are locked down so that you can't install anything, can't
run anything that's not on our run-only list, etc. This of course is in
order to keep each computer from getting messed up for subsequent patrons, and
to protect other machines on the network. Of course, there are times when
the computers won't do something a patron wants to do, like using a web site
that requires its own special software to be installed or running a program
from a CD-ROM for school. </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>So, we're
going to try switching to a less-locked-down setup. We're going to use
Deep Freeze to restore computers when they reboot, and we're going to use
CASSIE to reboot between patrons. (Both of these programs are new to us.)
I would appreciate any suggestions for further measures to take to keep
things secure and running nicely. Our environment: We have 34 public PC's
which we're replacing with new ones (with Windows XP); we have an
Active-Directory-enabled Windows domain with one DC, runningServer 2003. </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>My ideas
are to have one user account per computer (with permissions only to that
computer) as a local power user, to put these computers on a separate subnet
and if possible a VLAN, and to make sure our Windows server is locked down as
much as possible. I could put them on a separate segment of the firewall,
but I understand that you can't manage a Windows domain through a firewall (or
any other kind of router) and it seems like it would be useful to manage these
computers on our existing domain. I don't yet know how we can keep users
from turning off CASSIE after they log in; I'm not sure if keeping them from
running taskmgr.exe will do it; if nothing else I suppose we can have a script
run every minute or 5 minutes, check for the CASSIE process, and reboot if it's
not running (I think I can make this invisible to the user using a VBS instead
of just a BAT file). </span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>Thanks
for any help you can give me, even if it's just thoughts, or reasons you think
this is a bad idea. If you reply privately I won't forward your info to
anyone - I know you might not want to talk publicly about your security.</span><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'> <a
href="mailto:johnqlibrarian@gmail.com" target="_blank"><span style='color:#2A5DB0'>johnqlibrarian@gmail.com</span></a></span><o:p></o:p></p>
</div>
</body>
</html>