<div>We have a logoff script currently, but it sometimes fails to successfully delete files.</div>
<div> </div>
<div>Sometimes files are being held open by a process, sometimes they have messed up permissions, sometimes they have too long file names. Windows just fails to delete them. Have any of you had similar problems?</div>
<div> </div>
<div>Right now our script goes something like this:</div>
<div> </div>
<div>RD "c:\DOCUMENTS AND SETTINGS\%USERNAME%" /S /Q</div>
<div> </div>
<div>I'm thinking about making it more like this:</div>
<div> </div>
<div>TASKKILL /F /FI "USERNAME eq %USERNAME%" /FI "WINDOWTITLE ne plchlogoff"</div>
<div>DEL "c:\DOCUMENTS AND SETTINGS\%USERNAME%" /F /S /Q </div>
<div>RMDIR "c:\DOCUMENTS AND SETTINGS\%USERNAME%" /S /Q </div>
<div> </div>
<div>But if I continue to just use the script, then I probably won't even implement SteadyState at all.</div>
<div> </div>
<div>~Dave<br><br></div>
<div class="gmail_quote">On Wed, Sep 1, 2010 at 3:22 PM, David Popeck <span dir="ltr"><<a href="mailto:dpopeck@lkwdpl.org">dpopeck@lkwdpl.org</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">For PC Reservation users, you can run a similar script as part of the<br>log-off routine.<br>
<div>
<div></div>
<div class="h5"><br><br>On Wed, Sep 1, 2010 at 3:20 PM, Dan Will <<a href="mailto:willda@oplin.org">willda@oplin.org</a>> wrote:<br>> Dave,<br>><br>> It is quite simple to run a batch file at logoff to do this.<br>
><br>><br>><br>> Copy the following to a text file and save as a .bat.<br>><br>><br>><br>> rd /s /q d:\documents<br>><br>> md d:\documents<br>><br>> echo y| cacls d:\documents /p Administrators:F system:F everyone:c<br>
><br>><br>><br>> This will delete d:\documents and then recreate it. Edit if you want your<br>> documents file somewhere else.<br>><br>><br>><br>><br>><br>> Dan Will<br>><br>> Technology Supervisor<br>
><br>> Meigs County District Public Library<br>><br>> <a href="mailto:willda@oplin.org">willda@oplin.org</a><br>><br>> 740.992.5813<br>><br>> 740.992.6140 (fax)<br>><br>><br>><br>> “When you are growing up there are two institutional places that affect you<br>
> most powerfully:<br>><br>> the church that belongs to God and the public library that belongs to you.<br>><br>> The public library is the great equalizer.”<br>><br>> Keith Richards<br>><br>><br>
><br>><br>><br>><br>><br>> From: <a href="mailto:oplintech-bounces@oplin.org">oplintech-bounces@oplin.org</a> [mailto:<a href="mailto:oplintech-bounces@oplin.org">oplintech-bounces@oplin.org</a>] On<br>> Behalf Of Eric Maynard<br>
> Sent: Wednesday, September 01, 2010 3:11 PM<br>> To: dave menninger<br>> Cc: <a href="mailto:oplintech@oplin.org">oplintech@oplin.org</a><br>> Subject: Re: [OPLINTECH] SteadyState and My Documents?<br>><br>
><br>><br>> Dave,<br>><br>><br>><br>> I have done this with SteadyState, a shared domain user and a few group<br>> policy settings in combination with a second partition on the drive and a<br>> couple of batch scripts.<br>
><br>><br>><br>> The basic concept is that a second partion D:\ is the default for saving<br>> documents from session to session with a logoff and logon (just to be<br>> sure) script that deletes all data on that drive.<br>
><br>><br>><br>> This works for us since our time management solutions allows for forced<br>> reboots, but I suppose you could also handle it with just the local logons<br>> and the Startup folder as well.<br>
><br>><br>><br>> Feel free to contact me off list for more details if you're interested.<br>><br>> Eric Maynard<br>> Head of Information Technology,<br>> Holmes County District Public Library<br>
> Millersburg, OH 44654<br>> Email [<a href="mailto:emaynard@holmeslib.org">emaynard@holmeslib.org</a>]<br>> Phone [330.674.5972 x.224]<br>> Fax [330.674.1938]<br>><br>> "Failure is only the opportunity to begin again more intelligently"<br>
><br>><br>><br>> On Wed, Sep 1, 2010 at 2:57 PM, dave menninger<br>> <<a href="mailto:davemenningerlibrary@gmail.com">davemenningerlibrary@gmail.com</a>> wrote:<br>><br>> Hello!<br>><br>><br>
><br>> This list has been very helpful to me in the past so I'm hoping someone out<br>> there can help me understand this. We are experimenting with using MS<br>> SteadyState to lock down our Public PCs. We want to give users a location<br>
> on the PC that they can use to store files during their session, but we want<br>> it to be erased between every session. We have had trouble using other<br>> methods to accomplish this in the past.<br>><br>
><br>><br>> It looks like you can give users access to the My Documents folder using SS,<br>> but here is our issue: if you block the user from seeing the C:\ drive, then<br>> they are unable to store files in the My Documents folder also. If you<br>
> allow them to see the C:\ drive then everything works fine, but then they<br>> can browse around and look through the whole C:\ disk under My Computer. If<br>> you hide the C:\ drive from the user and put the My Documents folder on<br>
> another drive, then you lose the benefit of SS erasing it after every log<br>> off since SS only erases/restores the system drive. If you hide My<br>> Computer, then they can't get into the C:\ drive and look around, but they<br>
> also can't see the CD/DVD drive, the memory card readers, or any USB drive<br>> that they plug in.<br>><br>><br>><br>> All we want is a location for patrons to stash files during their session<br>> that will be reliably erased every time, but we don't want them to be able<br>
> to browse the whole C:\ drive.<br>><br>><br>><br>> Is this possible using SteadyState? Are we missing something?<br>><br>><br>><br>> In the past we have used a logoff script to erase the files in the user's My<br>
> Documents folder, but we experienced issues where certain files were unable<br>> to be erased and the logoff scripts would die or fail, leaving behind extra<br>> cached profiles. That's why we liked the idea of using SteadyState to<br>
> reliably delete everything. Plus, if we're just going to use a script to<br>> perform the file deletion, then we don't really need SS at all because we<br>> can accomplish the rest of the lockdown using domain policies.<br>
><br>><br>><br>> Any help would be appreciated. It seems like a lot of you out there are<br>> using SteadyState. We're very new to it here.<br>><br>><br>><br>> Thanks!<br>><br>><br>><br>
> ~Dave<br>><br>><br>><br>> PC Support Specialist<br>><br>> The Public Library of Cincinnati and Hamilton County<br>><br>> _______________________________________________<br>> OPLINTECH mailing list<br>
> <a href="mailto:OPLINTECH@oplin.org">OPLINTECH@oplin.org</a><br>> <a href="http://mail.oplin.org/mailman/listinfo/oplintech" target="_blank">http://mail.oplin.org/mailman/listinfo/oplintech</a><br>> Search: <a href="http://oplin.org/techsearch" target="_blank">http://oplin.org/techsearch</a><br>
><br>><br>><br>> _______________________________________________<br>> OPLINTECH mailing list<br>> <a href="mailto:OPLINTECH@oplin.org">OPLINTECH@oplin.org</a><br>> <a href="http://mail.oplin.org/mailman/listinfo/oplintech" target="_blank">http://mail.oplin.org/mailman/listinfo/oplintech</a><br>
> Search: <a href="http://oplin.org/techsearch" target="_blank">http://oplin.org/techsearch</a><br>><br>><br><br><br><br></div></div><font color="#888888">--<br>David Popeck<br>Lakewood Public Library<br>Adult and Electronic Services, Supervisor<br>
216-226-8275, ext. 126<br></font>
<div>
<div></div>
<div class="h5">_______________________________________________<br>OPLINTECH mailing list<br><a href="mailto:OPLINTECH@oplin.org">OPLINTECH@oplin.org</a><br><a href="http://mail.oplin.org/mailman/listinfo/oplintech" target="_blank">http://mail.oplin.org/mailman/listinfo/oplintech</a><br>
Search: <a href="http://oplin.org/techsearch" target="_blank">http://oplin.org/techsearch</a><br></div></div></blockquote></div><br>