<div dir="ltr">Jim,<div style><br></div><div style>1: I'm actually rolling out some patron workstation changes at one of my libraries myself. The workstations were originally Win7 + Deep Freeze...essentially all stand-alone, albeit with access to a networked share. They were not members of an Active Directory domain.</div>
<div style><br></div><div style>The changes I'm rolling out include making the Win7 patron computers part of a domain to make management easier. They also still have DF on them. I've used Group Policies to lock them down a bit and to auto-configure a lot of things. They're not locked down "tight as a drum", but they're not wide open either (as they were). We're still relying on DF as the bottom-line return to a known state.</div>
<div style><br></div><div style>You're going to run into a problem about 30 days (I think...been a while) after you've left Deep Freeze enabled on your workstations. The workstations will drop off the network and won't connect to AD until the machine account password is reset. There's a policy setting to remedy that (this is straight from my own notes, so adjust as needed, but I expect you should be able to find the policy):</div>
<div style><br></div><div style><br></div><div style>Server Manager: Features → Group Policy Management → Forest: AD forest → Domains → Group Policy Objects → Group Policy: All Workstations → Edit → Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Security Options → Domain member: Maximum machine account password age = 999<br>
</div><div style><br></div><div style>Comment: This policy is required for workstations with Deep Freeze installed. If a workstation that is a domain member remains frozen longer than this setting, then it will lose its connection to the domain until the machine account password is reset.</div>
<div style><br></div><div style><br></div><div style>I can try to export the Win2008 group policy and e-mail it directly to you, if you like. You can then import it and sort through what I've done.</div><div style><br>
</div><div style>2: I've not done this myself, but it seems you might have some options here. You could make the DF installations stand-alone and not centrally managed. Or, in my own typical WiFi setup, the access points (WAPs) don't actually hide the wireless devices behind Network Address Translation (NAT). The WAPs themselves don't provide DHCP, DNS, or any services to the wireless devices, nor do they hide the wireless devices behind NAT. It's as if the wireless devices are hard-wired to the network. The WAPs (and all of the devices wirelessly connected to them) are behind a firewall, which isolates them from all other wired devices and the Internet. DHCP, DNS, etc. are provided by the firewall. In that vein, permitting the DF clients to access the DF server console should be just a matter of creating the appropriate firewall exceptions.</div>
<div style><br></div><div style><br></div><div style>3: I have no experience with PCReservation, but if session reset isn't working correctly, perhaps you could set a scheduled task in Windows to auto reboot x number of minutes after idle. That's what I've done on the patron computers at the library I mentioned in #1. After machine sits idle for 15 minutes, a one-minute warning pops up and then, if still idle, the computer reboots. DF resets it and it's ready for the next patron.</div>
<div style><br></div><div style><br></div><div style>HTH, </div><div style>Chad</div><div style><br></div><div style><br></div><div style><br></div><div class="gmail_extra"><div>______________________________<br><b>Chad Neeper</b><br>
<font size="1">Senior Systems Engineer</font><br><br><b>Level 9 Networks</b><br><font size="1">740-548-8070 (voice)<br>866-214-6607 (fax)</font><br><br><font size="1"><i>Full LAN/WAN consulting services -- Specialized in libraries and schools</i></font><br>
</div>
<br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 10:35 AM, Mann, James H. <span dir="ltr"><<a href="mailto:JMann@gcpl.lib.oh.us" target="_blank">JMann@gcpl.lib.oh.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="">GCPL is at long last going to deploy Win 7 public computers and move away from Steady State to Deep Freeze.<u></u><u></u></p><p class="">I have two areas that I’d appreciate some help with:<u></u><u></u></p>
<p><u></u><span>1.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'"> </span></span><u></u>Could anyone share how they locked down the computer using either local policies or group policies prior to locking it down with Deep Freeze?<u></u><u></u></p>
<p><u></u><span>2.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'"> </span></span><u></u>Could anyone who is using wireless for circulating laptops explain how they got Deep Freeze to work through the wireless access point?<u></u><u></u></p>
<p class="">And finally, is anyone having any luck with having PCReservation restart public computers between sessions?<u></u><u></u></p><p class="">TIA<u></u><u></u></p><p class=""><u></u> <u></u></p><p class=""><span style="font-size:13.5pt;font-family:Forte;color:rgb(31,73,125)">Jim Mann</span><span style="color:rgb(31,73,125)"><u></u><u></u></span></p>
<p class=""><span style="color:rgb(31,73,125)">Technology Coordinator<u></u><u></u></span></p><p class=""><span style="color:rgb(31,73,125)">Greene County Public Library<u></u><u></u></span></p><p class=""><span style="color:rgb(31,73,125)">76 E. Market St<u></u><u></u></span></p>
<p class=""><span style="color:rgb(31,73,125)">Xenia OH 45385<u></u><u></u></span></p><p class=""><span style="color:rgb(31,73,125)"><a href="tel:937%20352%204000%20x1210" value="+19373524000" target="_blank">937 352 4000 x1210</a><u></u><u></u></span></p>
<p class=""><i><span lang="EN" style="color:rgb(31,73,125)"><a href="http://www.greenelibrary.info/" target="_blank"><span style="color:blue">Discover. Learn. Grow.</span></a></span></i><span lang="EN" style="color:rgb(31,73,125)"><u></u><u></u></span></p>
<p class=""><span style="color:rgb(31,73,125)"><a href="mailto:jmann@gcpl.lib.oh.us" target="_blank"><span style="color:blue">jmann@gcpl.lib.oh.us</span></a><u></u><u></u></span></p><p class=""><a href="http://www.facebook.com/greenelibrary.info" target="_blank"><span style="font-size:12pt;color:rgb(31,73,125);text-decoration:initial"><img border="0" width="38" height="38" src="cid:image001.jpg@01CE09D5.9C6BAF30" alt="cid:image001.jpg@01CC67C9.EA681980"></span></a><a href="http://twitter.com/#!/greenelibrary" target="_blank"><span style="color:rgb(31,73,125);text-decoration:initial"><img border="0" width="33" height="38" src="cid:image002.jpg@01CE09D5.9C6BAF30" alt="cid:image002.jpg@01CC67C9.EA681980"></span></a><a href="http://www.youtube.com/greenelibrary" target="_blank"><span style="color:rgb(31,73,125);text-decoration:initial"><img border="0" width="38" height="38" src="cid:image003.jpg@01CE09D5.9C6BAF30" alt="cid:image003.jpg@01CC67C9.EA681980"></span></a><a href="http://www.flickr.com/photos/greene-library" target="_blank"><span style="color:rgb(31,73,125);text-decoration:initial"><img border="0" width="40" height="38" src="cid:image004.jpg@01CE09D5.9C6BAF30" alt="cid:image004.jpg@01CC67C9.EA681980"></span></a><u></u><u></u></p>
<p class=""><u></u> <u></u></p></div></div><br>_______________________________________________<br>
OPLINTECH mailing list<br>
<a href="mailto:OPLINTECH@lists.oplin.org">OPLINTECH@lists.oplin.org</a><br>
<a href="http://lists.oplin.org/mailman/listinfo/oplintech" target="_blank">http://lists.oplin.org/mailman/listinfo/oplintech</a><br>
Search: <a href="http://oplin.org/techsearch" target="_blank">http://oplin.org/techsearch</a><br>
<br></blockquote></div><br></div></div>