Tech Forum

I have seen a couple of posts on the forum that indicate that rather than use deep-freeze, some STSs lock-down FHC computers. My FHC director is getting tired of user initiated configuration changes to the FHC computers and has asked me to implement deep-freeze, but I would prefer to use the lock-down approach. I would appreciate any insights from anyone who uses this approach. Is it as simple as setting up patron as a standard user? Or are there some other user privileges that need to be either locked down or elevated, and do you also need to adjust acl permissions on certain disk folders? Any insights any one can give me would be helpful. Thanks!

By default a FHC computer comes configured with a Patron (Limited in what can be done) and an Administrator account. Both password protected. I would consider that if your computers don't have these two accounts, then they have either not been configured correctly, or they been left in the Administrator account for day to day operation, which leaves them wide open for tinkering!

The first question is what are you running on the computers. Back when we were running things like IGI, PAF and a lot of programs, it took a lot of tinkering. But I think our current computers just have the patron as a just a "user" (not super user).

What sort of changes are they making?

Oops, I guess I just assumed patron was an administrative user (just as clerk is on clerk computers). They are currently standard users. The computers are all running Win 7 enterprise. The FHC director want all 6 computers to look exactly alike to patrons, They don't want different desktop backgrounds or icons, or different browser configurations / customizations, and they don't want patrons saving their passwords etc. in the browsers. I will need to re-image them all to get them at a good starting point as well as look into further limiting what changes the standard user can make and maybe some shutdown or startup scripts to wipe out browser caches or profiles. Any other suggestions? On the re-imaging side, does anyone have experience or recommendations relating to cloning systems -- I'm not looking forward to going through the time consuming windows 7 updates with 6 machines.

If they are all the same make and model, then as suggested elsewhere by russelhltn, use a program called Clonzilla. This program can use a suitable size memory stick, to clone an image.
I'm sure he will be able to add more information on this!

While I haved used clonezilla, I've not used it in a FHC setting. I think there's a standard image you can download from The church that would save a lot of time.

As for the changes, I'd make a list and find ways to lock then. For example, you can remove the patron's ability to modify the desktop.