Page 1 of 1

Windows 7 on existing machines

Posted: Wed Jan 19, 2011 5:20 am
by aclawson
I haven't heard anything about replacement computers for our stake so I will assume it isn't planned for this year. The existing hardware seems to be working fine but I'm wondering if there are plans to allow a refresh of the machines to Windows 7? In my experience Windows 7 seems to get a bit more performance out of existing hardware and is a bit more user friendly than XP.

Recently the mission office received a handful of new machines along with a DVD to reimage to 7 and the existing machines that weren't replaced were simply upgraded to Windows 7 in place - the older machines are similar if not identical to the ones installed in the wards. The upgrade process went flawlessly (except when the church servers went down for a few hours) and took about 3 hours start to finish (including backing up existing data). FM could save a lot of money and push replacements back a ways if instead of new computers they provide additional RAM and the machines are re-imaged. Is such a path available?

One advantage that I see is Windows 7 would make it extremely easy to back up data between ward computers that are in the same building: set up an encrypted share so the clerks in the other unit can't access the files on each machine and run an automated backup of my documents to the other machine. Not quite as good as an offsite backup, but if a machine dies then you know you have a recent backup onsite for easy restoration.

Posted: Wed Jan 19, 2011 7:38 am
by crislapi
I know when I talked to LUS after receiving my first windows 7 machine, I was told that the plan was for all new machines to be windows 7. Those units that were years off of a replacement would receive a DVD to upgrade to windows 7. Where that idea stands I have no idea.

Posted: Wed Jan 19, 2011 10:07 am
by lajackson
aclawson wrote:I haven't heard anything about replacement computers for our stake so I will assume it isn't planned for this year.
Your stake Physical Facilities Rep (PFR, usually a high councilor) should be able to give you the replacement schedule, especially if you have had your computers for five or more years. Whether or not the FM Group will be able to follow the schedule, due to budget constraints, is another matter. But, start with the PFR.

Posted: Wed Jan 19, 2011 11:03 am
by russellhltn
aclawson wrote:One advantage that I see is Windows 7 would make it extremely easy to back up data between ward computers that are in the same building: set up an encrypted share so the clerks in the other unit can't access the files on each machine and run an automated backup of my documents to the other machine.

This would need to be tested. I don't know about Windows 7, but under WinXP, simply turning on file sharing would have the side effect of opening up the entire hard drive to other clerk computers - or anyone who knows the clerk login.

Posted: Wed Jan 19, 2011 11:21 am
by aclawson
RussellHltn wrote:This would need to be tested. I don't know about Windows 7, but under WinXP, simply turning on file sharing would have the side effect of opening up the entire hard drive to other clerk computers - or anyone who knows the clerk login.
The only machine that needs to have file sharing opened is the remote machine where the files are stored and it is easy enough to create a separate user account for the shared directory and explicitly deny access to all other users on the machine. Or, in the case at hand, 10 different accounts, one for each remote unit with all units having a unique storage account that they and only they can access remotely. Using a free application such as fbackup you can even schedule an automatic back up all of the files into an encrypted zip file for additional security.

The technology and tools are easy, established and proven - the only real question is one of policy.

Posted: Thu Jan 20, 2011 7:02 am
by harddrive
RussellHltn wrote:This would need to be tested. I don't know about Windows 7, but under WinXP, simply turning on file sharing would have the side effect of opening up the entire hard drive to other clerk computers - or anyone who knows the clerk login.
You can limit which directory another user can get to and how many people can log into it at one time. So if you do it right, you can lock this down.

Posted: Thu Jan 20, 2011 11:04 am
by russellhltn
My concern is what's called "Administrative Share". In XP, simply activating "File and Printer Sharing" turns it on and it can't be turned off (at least not easily). This is in addition to any shares you set up.

From what I'm reading with Windows 7, it can be turned on - if you make a registry change. So, it would appear that by default it's off even if you turn on sharing for other reasons.

So to recap, I consider File or Printer sharing of a clerk computer running XP to be a security risk. But it appears that Windows 7 is OK.