I want to lock down 6 PCs

Discussion in 'other security issues & news' started by mezza, Dec 11, 2007.

Thread Status:
Not open for further replies.
  1. mezza

    mezza Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    5
    Guys,

    I am looking to lock down 6 PCs for the local community centre. Any suggestions on the most secure way of doing this?

    I do not want the users to change desktop, language settings, save pictures to the destop etc?

    Any suggestions would be most grateful.

    Mez
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Limited user account + security policies + reboot-to-restore solution (Returnil, Deep Freeze, Shadow Defender, Power Shadow, etc)
     
  3. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    On my locked down pc i use faronics deep freeze and anti-executable. Deep freeze locks the pc in a permanent state, any changes made by a user are removed when the system is rebooted. Anti-executable allows me to control what programs are allowed to run, any unauthorized program a user tries to run is blocked. AE also has copy and delete protection.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Faronics Deep Freeze Standard can be installed on individual workstations (separate licence for each) -- you will have to configure the settings at each workstation.

    Using Deep Freeze Enterprise version, an Administrator can control all of the workstations (up to 10) from the Administrator Console.

    http://www.faronics.com/html/deepfreeze.asp


    ----
    rich
     
    Last edited: Dec 11, 2007
  5. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    This is probably what I'd recommend as well. Simple, no ongoing maintenance required, robust. If the budget is tight, deep freeze alone is likely fine as well.

    Blue
     
  6. mezza

    mezza Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    5
    Thanks guys for the response.

    I presume there will be no conflict with the 6 PCs when all sharing the same internet connection?

    They will not be set up as a workgroup so can only assume that the process for installing this software on one PC will be the same for the rest?

    Mezza
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I can't speak for the other software, but Deep Freeze runs on hundreds of computers on the same network with no problems at schools where I've worked. The only interaction with the network connection is that no one except the Administrator can make any permanent changes to the settings.

    Installation on each workstation is a snap - takes just a few seconds. Then, you will have to set up a password for each.

    If Deep Freeze is what you are considering, I can give you some other suggestions.


    ----
    rich
     
  8. mezza

    mezza Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    5
    Open to ideas?

    I am just about to install this deep freeze to test it out...
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    1. Assuming you are installing Deep Freeze Standard on each computer, rather than as a work group with the Enterprise version, you cannot designate a virtual partition (Thawspace) which means that unless you have set up another partition already which will not be frozen, users will have to save work on their own external media. This has worked well in situations I'm familiar with.

    2. Users will understand that they are not using their own computer, and all changes made to the system will be discarded on reboot. This includes browser history, temp files, etc.

    3. If restrictions are desired with respect to downloading games -- even if temporary for the user's session -- other measures will be needed, such as setting up software restriction policies, running as a guest account, or installing something like Anti-Executable.


    ----
    rich
     
  10. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I saw some other options for locking down pc's from horizondatasys. They've got a couple of products called drive vaccine and desktop security rx which you might want to check out.
     
Loading...
Thread Status:
Not open for further replies.