Software for Patron Computers
Software installed:
System/public user settings:
- Connected to Printer
- Black and white printer named "black&white"
- Set as default printer
- except on children's PCs-see note for that
-
All programs preconfigured for the public user-no "nag screens" or autoupdates in the way.
-
Open every desktop shortcut to make sure the programs and shortcuts work
-
Experiment thoroughly with the public profile before locking it down. It's much harder to change after when you have to unlock it, turn off disc protection etc. first and then turn it back on.
Kids art screensaver (optional)
- Art JPEGs from Kids art contest at library
- Copy kidsart to the system profile's pictures folder (windowssystem32configsystemprofileMy DocumentsMy Pictures) You may have to create the folder.
- Change the default logon screensaver to ssmypics.scr -- you can do this in the registry. The key to edit is HKEY_USERS.DEFAULTControl PanelDesktopSCRNSAVE.EXE
Special stuff for children's computers:
- Create a folder called "books" in the Windows folder. Put the Living Books folders in there. (That's the only place these programs will run from under the Shared Computer Toolkit.)
- Put the Magic School Bus stuff in the Program Files folder.
- Install each of the Magic School Bus programs (there should be seven.)
- Change TCP to use ScrubIT's DNS servers (http://scrubit.com), with OpenDNS' servers as a backup
- This blocks porn
- Our OpenDNS account is set up to do this custom, ScrubIt does this by default
In the 'catalog' account:
- Make the CutePDF printer, not the black&white printer, the default printer for the patron user. This prevents a lot of mistaken prints coming from those computers.
Security/Privacy:
- Set browsers set to discard all private data (passwords, cookies, history, forms, cache, downloads)
Steadystate Settings:
- Privacy Settings
- Do not display user names in the Log On to Windows dialog box—YES.
- Prevent locked or roaming user profiles that cannot be found on the computer from logging on—YES
- Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer—YES
- Security Settings
- Remove the Administrator user name from the Welcome screen (requires pressing CTRL+ALT+DEL twice to log on to accounts not listed)—YES
- Remove the Shut Down and Turn Off options from the Log On to Windows dialog box and Welcome Screen—NO
- Do not allow Windows to compute and store passwords using LAN Manager—YES
- Do not store user names or passwords used to log on to Windows Live ID (requires restart of the computer)—YES
- Prevent users from creating folders and files in drive C:\—YES
- Prevent users from opening Microsoft Office documents from within Internet Explorer—YES
- Prevent write access to USB storage devices (requires restart of the computer)—NO
- Other Settings
- Turn on the Welcome screen—YES
- Schedule software updates- YES schedule TBD
- We are working on getting an internal update server setup so we can set which updates to install manually
- Protect the hard disc-YES
- User settings
- Lock the profile once it's all set
- Medium settings EXCEPT
- YES-Restrict access to C drive (or whatever the HD is)
- NO-Prevent All Users items from showing in the Start Menu
- NO-Prevent Printing in IE
- NO-Prevent right-click in IE
Notes:
- Word processor-specific computers are set up similarly, but with internet access disabled, and internet-specific programs not installed/not on desktop.
- When "cloning" (Ghost etc.) discs, Disk Protection needs to be turned off, and the user probably needs to be unlocked, unless something has changed with Steadystate since last I heard, before doing the copy. Otherwise, it won't come out usable, or the user will be messed up.
Securing Public Access PCs Without Shutting Out Users
-Interesting article
MaintainIT project for Public Access Computers
-Useful Library IT website
Comments (0)
You don't have permission to comment on this page.