If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.
You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

PubComputersStand

Page history last edited by PBworks 16 years ago

Standards for Patron Computers

(draft)

Notes on Setting Up Public Computers

Hardware

Desktop:

-At least a mid-tower (due to our lack of air conditioning and persistent thermal issues with smaller machines)

-At least 2.5 MHz processor

-At least 512 MB of RAM

-At least 40 GB hard disk space

-Floppy Drive

-CD/DVD/CD-RW/DVD+-RW/Double Layer Drive

-At least 6 USB, including 2 on front

-Audio input and output plugs on front

Monitor:

-flat panel

-17 inches or better

Mouse:

-Optical

-Scroll Wheel

Wireless card

Connection to both printers, except on children's profiles

Software:

-Windows XP Professional

-Microsoft Shared Computer Toolkit with Windows Disk Protection

-Antivirus Software

--LiveUpdate configured to run autonomously

-Office Suite

-Photo Editor, such as Gimp

-Drawing/Painting software

--Inkscape

-Publishing software?

--Scribus

-HTML Editor/Advanced Text Editor?

--NoteTab Light

--NVU

--HAPedit (Syntax highlighting and other features for dynamic web design using PHP and/or ASP)

-All Media Formats Supported

--Windows Media Player up to date

--Real Alternative

--QuickTime/iTunes (Apple packages these together; access to the iTunes Music Store would also be a plus.)

-Mozilla Firefox as an alternative browser

-All Key Plugins for both IE and FF

--Flash (Now owned by Adobe, it plays Shockwave files as well.)

--Adobe Reader

--Java Runtime Environment (6.1)?

-Games

--Windows Games Accessible

--Free games installed

-PDF-creating software, like CutePDF (it is FREE for commercial use!!)

-7ZIP

-CD/DVD burning?

--ISO Recorder (by Alex Feinman -- easy, fast, and free. Despite what the home page says, it will write DVD's in XP)

-All Software fully installed and configured-no "license" screens

-.wps->.doc converter

Security/Privacy:

-Restricted access to hard drives; all other drives allowed

-Browsers set to discard all private data (passwords, cookies, history, forms, cache, downloads)

-Public profiles locked for editing

-Other security options in MS-SCT:

-Getting Started security settings -- all EXCEPT:

--Remove Shut Down and Turn Off Computer logon options

--Prevent MSO documents from opening within IE

--Use the Welcome Screen

-Recommended User Restrictions -- all EXCEPT:

--Remove Shut Down button

--Prevent access to IE menu options (?)

-Optional Restrictions: none.

System settings:

-Library logo and "go to desk for help" as background.

-Personalized menus turned OFF.

-http://acpl.lib.wy.us as homepage for both IE and FF

-NOTE: NO LONGER NEEDED: "Last 10% of hard drive must be unpartitioned, unformatted free space."

-Since Solid State no longer needs the unpartitioned space, we are keeping notes here as to how to recover the unpartitioned space when upgrading to Solid State.

-"HKEY_USERS.DEFAULTControl PanelDesktopScreenSaveTimeOut" should be set to 6000 or more; this will prevent the logon screensaver from interfering with updates.

-Automatic updates (for all programs) and Hibernation should be turned off.

-Power settings set to "Presentation."

-MS-SCT updates on Mondays at 8:00 PM, including antivirus updates.

-Automatic shutdown every day at closing time. A warning should appear five minutes before shutdown. The only exception is Monday, when computers will shut down an hour after updates begin, with no warning.

-Automatic logon at startup

-Sound set to a volume appropriate for headphones.

-Include PowerSchool, Wyoming Workforce, and UW Mail in browser favorites

-Member of "PUBLIC" workgroup

-Ability to easily save online images to a disk. NOTES: Right-Clicking is currently disabled, which makes this more difficult. Also, IE7 doesn't seem to work (at least not consistently) with the feature where you hover the mouse and it gives you a "save" button in the corner of the image.

Steps for setting up a new computer for patron use

Erase the hard drive, so there aren't any residual Windows installations. You could use Active@Killdisk.
Reboot with Windows XP media in the drive. Don't just install to the main partition. Instead, create a partition that's just under 90% of the disk size, and install to that. For an 80GB drive, 68000MB is a good size. If this is done properly, Windows Disk Protection won't need any other preparation.
Finish installing Windows XP; log in as administrator.
Install Symantec Antivirus.
Install network drivers.
Connect to a network and run LiveUpdate on Symantec Antivirus. Configure LiveUpdate to run in Express mode, beginning and ending automatically.
Completely update Windows at update.microsoft.com
Change the workgroup name to PUBLIC before restarting
Install any remaining drivers (video, audio, chipset, etc.)
Install Microsoft Office
Change the name of the administrative account
The remaining steps will depend on what kind of computer you're setting up.

For children's computers:

Add one user account for children and one for catalog access. No passwords. Give them administrative access for now.
Copy the "children's computers" folder from the server
Create a folder called "books" in the Windows folder. Put the Living Books folders in there. (That's the only place these programs will run from under the Shared Computer Toolkit.)
Put the Magic School Bus stuff in the Program Files folder.
Install each of the Magic School Bus programs (there should be seven.)
Go to "common files." Move the task objects into the "scheduled tasks" folder in the control panel. Set the password for each one.
Move the batch files to the main hard drive root. If the main HD is anything other than C:, you'll have to change the batch files and the scheduled tasks to reflect that.
Install CutePDF
Copy kidsart to the system profile's pictures folder (windowssystem32configsystemprofileMy DocumentsMy Pictures) You may have to create the folder.
Change the default logon screensaver to ssmypics.scr -- you can do this in the registry. The key to edit is HKEY_USERS.DEFAULTControl PanelDesktopSCRNSAVE.EXE
Change TCP to use ScrubIT's DNS servers (http://scrubit.com)

In the 'catalog' account:

Set up Internet Explorer's security settings (be sure not to save browsing history or AutoComplete information); set the home page to http://wyld.state.wy.us/alby
Put a shortcut to IE in the startup folder
Set up the black&white printer and make it the default

In the 'children' account:

Unzip the desktop shortcuts to the desktop.
Add Bookflix link to the desktop:

http://proxy.lib.wy.us/login?url=http://bkflix.grolier.com

Set CutePDF as the default printer -- this will prevent the kids from accidentally printing.

In both accounts:

Have a copy of "ACPL logo" in the My Documents folder, and set it to the Desktop background
Have a copy of the kidsart folder in My Pictures, and set the screensaver to "My Pictures Slideshow" (be sure to clear the setting for "On Resume, display Welcome screen")
Set the power scheme to Presentation and ensure that hibernation is turned off
Change the Start menu to Classic; clear the settings "display run" and "use personalized menus"
Open every desktop shortcut to make sure the programs and shortcuts work

Finally, log in as administrator and do the following:

Install UPHClean-Setup
Install Microsoft Shared Computer Toolkit
Set up the MSCT security settings (Step 2). Check all except remove shut down options.
Open user restrictions; restrict and lock both user profiles. Restrict the system hard drive. Make sure to prevent Internet access for children's accounts.
Turn on Windows Disk Protection. Make sure updates are scheduled for Monday at 8 PM, and that the antivirus script is set to lu.bat

For Internet Terminals and YA Computers:

Add a user account called "all" with no password. Give it administrative access for now.
Copy the "Patron Standard Installs" folder from the server.
Install each of the programs in that folder. Firefox, GTK+, and GhostScript should be installed first, since they are required for other programs' installations. To install HAPedit, move the whole folder to Program Files.
Go to "common files." Move the task objects into the "scheduled tasks" folder in the control panel. Set the password for each one.
Move the batch files to the main hard drive root. If the main HD is anything other than C:, you'll have to change the batch files and the scheduled tasks to reflect that.

In the "all" account:

Move the kidsart folder to the "My Pictures" folder. Move the ACPL logo to the "My Documents" folder.
Set up both printers, with the black and white one as the default. The color printer driver was one of the programs we installed earlier; just use "Have Disk" and navigate to wherever you unzipped the drivers to. The "Brother HL-2060" driver included in Windows works for the black and white printer.
Change the display properties: Set the Desktop background to the ACPL logo. Set the screen saver to "My Pictures slideshow." Set the power scheme to "Presentation" and disable hibernation.
Change the Start menu to Classic; clear the settings "display run" and "use personalized menus"
Unzip the "Desktop Shortcuts" to the desktop and arrange them.
Run and configure all programs.
Internet Explorer and Firefox should have Wyoming Workforce Services, UW Mail, and PowerSchool Parent Logon bookmarked. The browser settings should be geared toward maximum privacy. Disable browser history, autocomplete, and caching. Set Firefox to clear all private data every time it closes. The home page should be acpl.lib.wy.us for both. Make sure Flash, PDF, and Java content are viewable.
Where possible, tell programs not to automatically download updates.
Windows Media Player may disappear from the desktop the first time you open it. Be sure to replace it.

Finally, log in as administrator and do the following:

Install UPHClean-Setup
Install Microsoft Shared Computer Toolkit
Run "control userpasswords2" and disable "Users must enter a username and password." After applying settings, set it to automatically log in as all.
Set up the MSCT security settings (Step 2). Check all except "Remove Shutdown" and "Use the Welcome Screen" options.
Open user restrictions; restrict and lock both user profiles. Restrict the system hard drive.
Turn on Windows Disk Protection. Make sure updates are scheduled for Monday at 8 PM, and that the antivirus script is set to lu.bat

For catalog computers:

Add a user account called "all" with no password. Give it administrative access for now.
From the Patron Standard Installs folder, copy ONLY the "common files" folder and the "kidsart" folder.
Move the task objects into the "scheduled tasks" folder in the control panel. Set the password for each one.
Move the batch files to the main hard drive root. If the main HD is anything other than C:, you'll have to change the batch files and the scheduled tasks to reflect that.

In the "all" account:

Move the kidsart folder to the "My Pictures" folder. Move the ACPL logo to the "My Documents" folder.
Set up both printers, with the black and white one as the default. The color printer driver was one of the programs we installed earlier; just use "Have Disk" and navigate to wherever you unzipped the drivers to. The "Brother HL-2060" driver included in Windows works for the black and white printer.
Change the display properties: Set the Desktop background to "none". Set the screen saver to "My Pictures slideshow." Set the power scheme to "Presentation" and disable hibernation.
Change the Start menu to Classic; clear the settings "display run" and "use personalized menus"
Adjust settings for Internet Explorer. The browser settings should be geared toward maximum privacy. Disable browser history, autocomplete, and caching. The home page should be wyld.state.wy.us/alby. Make sure Flash, PDF, and Java content are viewable.
Save a copy of the catalog page as a web archive, and put it in the Startup folder.

Finally, log in as administrator and do the following:

Install UPHClean-Setup
Install Microsoft Shared Computer Toolkit
Run "control userpasswords2" and disable "Users must enter a username and password." After applying settings, set it to automatically log in as all.
Set up the MSCT security settings (Step 2). Check all except "Remove Shutdown" and "Use the Welcome Screen" options.
Open user restrictions; restrict and lock both user profiles. Restrict the system hard drive.
Turn on Windows Disk Protection. Make sure updates are scheduled for Monday at 8 PM, and that the antivirus script is set to lu.bat

Note on Gateway Computers: We can install all of the same software on the Gateway computers, including Windows Disk Protection. However, the current BIOS settings won't allow booting from any device except the hard drive. I haven't been able to guess the CMOS password, so the easiest way to enable changes to BIOS is to log into Windows as an administrator and erase the CMOS password. We can use CmosPwd in kill mode. Free download and documentation at:

http://www.cgsecurity.org/wiki/CmosPwd

We use the free version of this to erase/format hard drives:

http://www.killdisk.com/

To image hard drives:

http://www.runtime.org/dixml.htm

More detailed step-by-step:

http://www.habibbijan.com/?page_id=7

To handle differences in hardware:

http://www.runpcrun.com/move-windows-xp-to-new-system-or-motherboard

A handy bootable Windows environment:

http://www.nu2.nu/pebuilder/

Windows internal security features: