Locking down machines in Tanzania.
December 29, 2008 7:49 AM   Subscribe

Windows Steady State
Free and re-images the PC at time of your choice (daily or per session) I believe.
posted by jstarlee at 7:58 AM on December 29, 2008

repost:

What jstarlee said. Or some other means of complete restoration. You can probably automate the entire process, or at least reduce it to less than 5 commands / pointnclicks. This prevents the ongoing interruption of fixing little broken things here and there. It also gives each participant greater access, which is ultimately ideal. Breaking apps and the OS is part of the joy and offers much for learning. Too much admin control in learning environments can be a real drag. Instill structure as part of the curriculum (eg, must have working system to complete final assignment) but not globally enforced. Give the particpants a chance to explore and break stuff --fix with automation not troubleshooting.

Apps that help keep xp together: ccleaner, avg anti-virus, privoxy. I also suggest "adjust for best performance" with xp (cp -> advanced -> performance).
posted by ezekieldas at 8:17 AM on December 29, 2008

I wouldnt install any programs to add security, I would take away rights and then explicity give them access to what they need. No app can provide security, you need to take away rights from the user. This is called the principle of least privilege and is sometimes abbreviated as LUA for least-privileged user account. Theres a great msdn blog about LUA here.

The first thing you should do is make accounts for the users and put them in the users group, not the administrators group. This right here takes away all their rights to make system changs, install most software, etc.

Then I would fire up group policy editor gpedit.msc from run and start disabling whatever they dont need. Disable task manager, remove control panel, remove desktop icons, etc. There are guides on the internet on more items and their location.

The downside with this approach is that some software doesnt like to be run without administrator priveledges. In this case you'll have to give the user group the ability to read or write wherever the application needs to read or write. Nowadays this is pretty rare, but it still comes up.

On preview: Windows steadystate just reapplies an image at a set schedule. That doesnt give you uniformity or security. Its just a quick way to re-install windows to your liking. Betwee re-imaging your users still have full admin powers and can still run trojans, mess up your configuration, etc. You can use steadystate with LUA, but it really shouldnt be needed.
posted by damn dirty ape at 8:28 AM on December 29, 2008

goback, by norton?
posted by uspommie at 10:50 AM on December 29, 2008

I think it depends on what you mean exactly when you say "foolproof" the computers.

If you mean, you want to be able to let kids mess around with them, but be able to restore them to their original state when they're done, so that the next time they log in the computers are back where they started, then I'd second the recommendation for SteadyState.

If, on the other hand, you want to let kids use the computers for a significant period of time, and keep them safe while they're using the computers, damn dirty ape is (once again) right on the money. The key is to not run as administrator, just like you wouldn't run as root on Unix. My favorite LUA link is nonadmin.

Keep in mind, in the first case, if a problem arises, SteadyState will restore the computer to its original state, losing all sorts of stuff that may be important to you or your kids. SteadyState is great for things like computer labs, where that's exactly the result you want, but it isn't great for ongoing use of a computer by a specific person.
posted by me & my monkey at 1:21 PM on December 29, 2008

For the users, look at the software on the Open Disc.
posted by PueExMachina at 4:45 PM on December 29, 2008

« Older I just want to mask off part o...   |   Who was *right* about the rece... Newer »