New install questions
-
- Senior Member
- Posts: 851
- Joined: Sun Sep 12, 2010 3:14 pm
- Location: South Jordan, Utah
New install questions
With this latest computer I'm revisiting my setup instructions and have a few questions:
Adobe Flash - do we really need this?
Java - past discussions have said we don't need this; any new thoughts?
Lenovo tools- do these really add any value? I used to leave it on but I've found that it can dramatically increase the startup time.
Adobe Reader - the link on the web takes us to the page for the DC (distribution) option, but it actually gives us all 3 options to download: DC, 10, and 11. Do you recommend DC or 11?
Nitro Pro - Looks like an alternative to Adobe Reader and CutePDF, but appears to cost money, so I assume we might want to delete it.
SHAREit - doesn't look like something we want to use.
Windows Defender - still appears necessary to disable this.
I have a long list of other small changes I make but am starting to lean towards just sticking with the defaults. If you have any other important ones though please comment.
Adobe Flash - do we really need this?
Java - past discussions have said we don't need this; any new thoughts?
Lenovo tools- do these really add any value? I used to leave it on but I've found that it can dramatically increase the startup time.
Adobe Reader - the link on the web takes us to the page for the DC (distribution) option, but it actually gives us all 3 options to download: DC, 10, and 11. Do you recommend DC or 11?
Nitro Pro - Looks like an alternative to Adobe Reader and CutePDF, but appears to cost money, so I assume we might want to delete it.
SHAREit - doesn't look like something we want to use.
Windows Defender - still appears necessary to disable this.
I have a long list of other small changes I make but am starting to lean towards just sticking with the defaults. If you have any other important ones though please comment.
Craig
South Jordan, UT
South Jordan, UT
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: New install questions
I'd leave it out. If it's needed, it can be installed on the fly. Chrome, and I think Firefox include it, so it's really only needed for IE. These days, I'm inclined to install Chrome, set it as default, and "hide" IE. Most church sites seem to do better with Chrome - and it seems to do a good job in keeping itself updated.craiggsmith wrote:Adobe Flash - do we really need this?
Not for MLS. OpenOffice/LibreOffice might need it for some functions. But I'd probably leave it out. It's another security nightmare with all the updates.craiggsmith wrote:Java - past discussions have said we don't need this; any new thoughts?
Not sure about Lenovo, but with HP, there's a HP Support Assistant that suggests BIOS and Driver updates.craiggsmith wrote:Lenovo tools- do these really add any value? I used to leave it on but I've found that it can dramatically increase the startup time.
I thought DC is what came after 11. I can't say as I'm a fan of it, but if it's the future of Adobe reader ....craiggsmith wrote:Adobe Reader - the link on the web takes us to the page for the DC (distribution) option, but it actually gives us all 3 options to download: DC, 10, and 11. Do you recommend DC or 11?
If it's trialware, I'd uninstall it.craiggsmith wrote:Nitro Pro - Looks like an alternative to Adobe Reader and CutePDF, but appears to cost money, so I assume we might want to delete it.
Sounds like a open invite to trouble. I'd uninstall it.craiggsmith wrote:SHAREit - doesn't look like something we want to use.
Probably.craiggsmith wrote:Windows Defender - still appears necessary to disable this.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 851
- Joined: Sun Sep 12, 2010 3:14 pm
- Location: South Jordan, Utah
Re: New install questions
Thanks, I've been debating whether to make Chrome the default.russellhltn wrote:These days, I'm inclined to install Chrome, set it as default, and "hide" IE. Most church sites seem to do better with Chrome - and it seems to do a good job in keeping itself updated.
Yeah, how could I forget the hassle of keeping it up to date.russellhltn wrote:Not for MLS. OpenOffice/LibreOffice might need it for some functions. But I'd probably leave it out. It's another security nightmare with all the updates.craiggsmith wrote:Java - past discussions have said we don't need this; any new thoughts?
Yes, it is supposed to help keep your system up to date. I would like to think the church does this but probably not. I did a check and it did show an update to the Intel LAN driver. But mostly it showed updates to itself and other Lenovo software; I remember now that this was most often the case, and it was really slow. I've gone ahead and turned off a lot of things which should help although I've still gotten complaints from the clerks in the past. But I guess I'll leave it on for now and see how this version goes. It looks like only a small piece is still running in the background.russellhltn wrote:Not sure about Lenovo, but with HP, there's a HP Support Assistant that suggests BIOS and Driver updates.craiggsmith wrote:Lenovo tools- do these really add any value? I used to leave it on but I've found that it can dramatically increase the startup time.
DC appears to be an enterprise distribution version. I think I'll try it with the hopes that it's less of a maintenance headache.russellhltn wrote:I thought DC is what came after 11. I can't say as I'm a fan of it, but if it's the future of Adobe reader ....craiggsmith wrote:Adobe Reader - the link on the web takes us to the page for the DC (distribution) option, but it actually gives us all 3 options to download: DC, 10, and 11. Do you recommend DC or 11?
Thanks very much!
Craig
South Jordan, UT
South Jordan, UT
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: New install questions
I went and looked. I'm sure the place you were sent was a enterprise download spot, but "DC" stands for 'Document Cloud' - a way to share and work with PDFs in "the cloud". This immediately makes me suspicious that it may not be a good choice for church use.craiggsmith wrote:DC appears to be an enterprise distribution version. I think I'll try it with the hopes that it's less of a maintenance headache.
More info here
Also, when setting up new machines, I turn off the default admin share. I'll have to look up how to do that.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 851
- Joined: Sun Sep 12, 2010 3:14 pm
- Location: South Jordan, Utah
Re: New install questions
Interesting, hadn't heard of this. I'm not sure that there's much change for the Reader app, but the reviews on the new version in general aren't very good and if it has the same lame update behavior then I think I'll go back to 11.russellhltn wrote:I went and looked. I'm sure the place you were sent was a enterprise download spot, but "DC" stands for 'Document Cloud' - a way to share and work with PDFs in "the cloud". This immediately makes me suspicious that it may not be a good choice for church use.craiggsmith wrote:DC appears to be an enterprise distribution version.
More info here
Yeah, me too. I usually set up a Stake Clerk account instead, although maybe I could just use the default Admin account?russellhltn wrote:Also, when setting up new machines, I turn off the default admin share. I'll have to look up how to do that.
One other thing I do is turn off password memorization in browsers.
I turned off bluetooth; I got an error when trying to disable it via the system tray or properties, so I just disabled it in the network control panel.
I'm surprised these machines still come with VGA.
Craig
South Jordan, UT
South Jordan, UT
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: New install questions
OK, here's my list:
When connecting to the network, set to "Public". (I think there's also a checkbox to make all future connections "Public" as well. - check that.)
Under Network properties:
Remove:
Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
Disable: IPv6
Add restrictions using GPEdit.msc:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments
Change the system time - Remove Admin, add stake
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options >
Interactive logon: Do not display last user name - Enabled
Interactive logon: Do no require CTRL + ALT + DEL - Enabled
Computer Configuration > Administrative Templates > Network > Microsoft Peer-to-Peer Networking Services
Turn off Microsoft Peer-to-Peer Networking services - Enabled
Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile >
Allow inbound file and printer sharing exceptions - Disabled
Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile >
Allow inbound file and printer sharing exceptions - Disabled
Computer Configuration > Administrative Templates > System > Logon >
Hide entry points for Fast User Switching - Enabled
Always use classic logon - Enabled
Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies
Turn off Autoplay - Enabled
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services >
Remote Disktop Session Host > Connections
`Allow users to connect remotely using RDP - Disabled
User Configuration > Administrative Templates > Control Panel > Personalization
Enable screen saver - Enabled
Password protect the screen saver - Enabled
Screen saver timeout - Enabled 900 seconds (15 minutes)
Force specific screen saver - Enabled PhotoScreensaver.scr
Using Regedit:
Remove File Sharing
Find the key: HKEY_CLASSES_ROOT\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Export a copy
Right-click and delete it.
If you cannot delete it, please take the ownership of this key, follow these steps:
1. Right-click the key - Permissions - Advanced
2. Owner Tab, Click your user name and check the box "Replace owner on subcontainers and objects", Apply - OK.
3. Click Administrators under Group or user name, check Allow Full Control. Then Apply - OK.
Now delete that key.
Disable administrative sharing
Regedit
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
AutoShareServer - DWord 0
AutoShareWks - DWord 0
I've confirmed this will kill the admin share. Otherwise, I could probably walk into your building, and using the WiFi signal, browse the C drive of the ward computer.
When connecting to the network, set to "Public". (I think there's also a checkbox to make all future connections "Public" as well. - check that.)
Under Network properties:
Remove:
Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
Disable: IPv6
Add restrictions using GPEdit.msc:
Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments
Change the system time - Remove Admin, add stake
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options >
Interactive logon: Do not display last user name - Enabled
Interactive logon: Do no require CTRL + ALT + DEL - Enabled
Computer Configuration > Administrative Templates > Network > Microsoft Peer-to-Peer Networking Services
Turn off Microsoft Peer-to-Peer Networking services - Enabled
Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile >
Allow inbound file and printer sharing exceptions - Disabled
Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile >
Allow inbound file and printer sharing exceptions - Disabled
Computer Configuration > Administrative Templates > System > Logon >
Hide entry points for Fast User Switching - Enabled
Always use classic logon - Enabled
Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies
Turn off Autoplay - Enabled
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services >
Remote Disktop Session Host > Connections
`Allow users to connect remotely using RDP - Disabled
User Configuration > Administrative Templates > Control Panel > Personalization
Enable screen saver - Enabled
Password protect the screen saver - Enabled
Screen saver timeout - Enabled 900 seconds (15 minutes)
Force specific screen saver - Enabled PhotoScreensaver.scr
Using Regedit:
Remove File Sharing
Find the key: HKEY_CLASSES_ROOT\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Export a copy
Right-click and delete it.
If you cannot delete it, please take the ownership of this key, follow these steps:
1. Right-click the key - Permissions - Advanced
2. Owner Tab, Click your user name and check the box "Replace owner on subcontainers and objects", Apply - OK.
3. Click Administrators under Group or user name, check Allow Full Control. Then Apply - OK.
Now delete that key.
Disable administrative sharing
Regedit
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
AutoShareServer - DWord 0
AutoShareWks - DWord 0
I've confirmed this will kill the admin share. Otherwise, I could probably walk into your building, and using the WiFi signal, browse the C drive of the ward computer.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Member
- Posts: 51
- Joined: Fri Nov 07, 2014 3:57 pm
- Location: Riverside, California, USA
Re: New install questions
The church doesn't replace operational monitors, and there are a lot of VGA only monitors out there! I'm sure VGA support was one of the requirements for new clerk computers.craiggsmith wrote:I'm surprised these machines still come with VGA.
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: New install questions
Depends on your FMG. Mine replaced them - but then they were mostly CRTs. I'm not expecting replacements on the next round.rsidwell wrote:The church doesn't replace operational monitors,
I think most "desktops" still have the VGA port, just for comparability. I think you can use that to create a dual-monitor setup - one VGA and one Display Port.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 2859
- Joined: Sun Jul 01, 2007 6:06 pm
- Location: Plattsmouth, NE
Re: New install questions
I thought the installation instructions told us to set the network to "Work". I believe that allows peer-to-peer sharing of printers, without the dangers of Public.russellhltn wrote:When connecting to the network, set to "Public". (I think there's also a checkbox to make all future connections "Public" as well. - check that.)
Dana Repouille, Plattsmouth, Nebraska
-
- Senior Member
- Posts: 2859
- Joined: Sun Jul 01, 2007 6:06 pm
- Location: Plattsmouth, NE
Re: New install questions
Good idea, and you need to do that for each Windows account (if you use more than one).craiggsmith wrote:One other thing I do is turn off password memorization in browsers.
I once went into a clerk's office to do a random tune-up and inspection. I discovered I could run Chrome, go to lds.org, and was immediately logged in as the bishop. I turned off the "remember password" feature, and deleted all saved passwords. Then I told the bishop and the ward clerk what I had done. They both looked a bit sheepish.
Dana Repouille, Plattsmouth, Nebraska