Humm.

We have over 300 machines froze in our domain and they seem to work
pretty good.

What problems are you referring to?  Maybe the guy that manages them
here can offer a solution.

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, April 01, 2009 1:34 PM
To: NT System Admin Issues
Subject: RE: Internet cafe setup

 

There's also an app called "Deep Freeze" from Faronics. It's pretty
good, but doesn't work well in a domain situation. What it does is
creates a virtual disk that gets reset each time, unless the desktop is
unlocked.

 

  

 

From: Fogarty, Richard R CTR USA USASOC
[mailto:rick.foga...@us.army.mil] 
Sent: Wednesday, April 01, 2009 1:19 PM
To: NT System Admin Issues
Subject: RE: Internet cafe setup

 

There is an administrative mode where one can apply the necessary
patches and virus defs...

 

From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] 
Sent: Monday, March 30, 2009 6:09 PM
To: NT System Admin Issues
Subject: RE: Internet cafe setup

 

Will SteadyState restore to the original disk image?  Where I'm going is
if a user gets all infected and pwnd during their session, will it get
completely restored?  Then if so, how does it handle software patches?

 

Bill 

 

 

From: Gavin Wilby [mailto:gavin.wi...@gmail.com] 
Sent: Sunday, March 29, 2009 3:24 AM
To: NT System Admin Issues
Subject: Re: Internet cafe setup

 

Seconded for Steady State, I use it a lot for this.

 

Machine reboots at log off and resets itself - usually I just allow IE
and msn messenger and a 30 minutes timeout.

On Fri, Mar 27, 2009 at 2:27 AM, Ben Nordlander <
bennordlan...@gmail.com> wrote:

You might take a look at microsoft steadystae too if u do go windows.

-BenN

        On Mar 26, 2009 9:53 AM, "Ben Scott" <mailvor...@gmail.com>
wrote:

        On Thu, Mar 26, 2009 at 11:07 AM, James Rankin <
kz2...@googlemail.com> wrote: > My initial idea, in ...

         I'd only use a VM if I wanted the users to be have relatively
free
        reign on the machine during their session -- that way I could
roll it
        back after.  If you just want a web browser, I think it's prolly
        easier to just configure a restricted user.  That way they can't
even
        muck around with stuff *during* their session.
        
         I'd use something like LTSP (Linux Terminal Server Project) or
        ThinStation.  I'd set-up one server to push DHCP, boot files,
and (if
        needed) network file systems out to the clients.
        
         I'd use a user account on the client's that's got a mostly
read-only
        user home directory.  (Unlike Windows, Unix will generally work
even
        if the user's home directory isn't owned or writable by them.)
        
         I think the only things that the user would *need* to be able
to
        write to would be /tmp/ and the browser cache directory
(typically
        something like $HOME/.mozilla/firefox/default/cache/).  I'd
suggest
        having them use USB flash drives if they want to be able to
write or
        save files.
        
         If you have to provide a writable directory, just grant write
to
        $HOME/Desktop or something like that.  And warn them their work
won't
        be saved between sessions.
        
         I'd configure conservative browser settings, and then lock them
        against changes.  With Firefox, this is done by changing the
        user_pref() or pref() directive to lock_pref().  Possibly use a
kiosk
        mode configuration.
        
         I'd mount the home and /tmp partitions with the "noexec"
option, so
        if the user did manage to download a program, the system would
refuse
        to execute it.  It should be possible to tell the auto-mounter
to add
        "noexec" to any USB drives as well.
        
        -- Ben

        ~ Finally, powerful endpoint security that ISN'T a resource hog!
~ ~ <http://www.sunbeltsoftware.co. <http://www.sunbeltsoftware.co./> ..

 

 




-- 
Gavin Wilby,
Twitter: http://twitter.com/gavin_wilby
GSXR Blog: http://www.stoof.co.uk

 

 

 

 

 

 

 

 

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.285 / Virus Database: 270.11.35/2034 - Release Date:
04/01/09 06:06:00

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

<<image001.jpg>>

<<image002.jpg>>

Reply via email to