Dude, if you are semi-clueless, don't go there.

I'd get simple computers with no hard drives and boot off a Knoppix CD. For added goodness, I'd remaster Knoppix with your TOS, have it open a browser automagically, hide whatever apps they shouldn't use and, when they closed the browser, reboot.

XP isn't secure on a network. Zone Alarm and anti-virus isn't enough. You might be able to keep XP with something like Black Ice or HDD Sherrif, but unless she is looking to keep a geek on staff, it really isn't going to work.
posted by QIbHom at 9:55 AM on November 18, 2006

There's an application you can install which will return the computer to a pre-imaged state at every and any reboot. This could work for your setup - however that isn't going to stop little Timmy from getting up to mischief using a café machine, it'll just deal with the malware issues. Anyone remember the name?
posted by dance at 10:27 AM on November 18, 2006

Is it Microsoft Shared Computer Toolkit for Windows XP?
posted by dgeiser13 at 10:29 AM on November 18, 2006

Just go with a commercial solution. Most are well under 100 bucks per computer. This one is pretty cheap.

Now buy a copy of ghost, learn how to image, and reapply an image every month or so.
posted by damn dirty ape at 10:35 AM on November 18, 2006

I can't even wipe the computers because she has not inherited any discs or product keys.

Your friend will be a felon. It is illegal to run Windows XP on any computer unless you have a valid CD key for that computer. Her best bet is to see if she can get away with only providing wireless internet access and not physical access to computers. If she can, an off the shelf wireless router would do the trick. If not, she better come up with some cash quick and replace those machines with ones that have valid CD keys or she could potentially lose everything.
posted by ChazB at 10:43 AM on November 18, 2006

You'd better block port 25 on your router, wireless or not, though, unless you want spammers to be able to use your café for nefarious deeds.
posted by kindall at 10:53 AM on November 18, 2006

um, chazb is wrong ... as much as they would like to, microsoft can't label people felons for using unauthorized software ... it's a civil issue.

if you don't have the original disks, i'd recommend a linux solution for the existing machines. that, along with ghost will keep the mischief down.
posted by lester's sock puppet at 11:19 AM on November 18, 2006

Echoing what everyone else has said: if you are clueless, you're not the person: she's going to have to pay for some kind of cheap tech help, or find a friend who'll do it for free that can help. At the least, she might find some local high school/college kid willing to work cheap and for some in-kind trade (say, a free coffee a day for a month or something). But getting real tech help is unavoidable- otherwise those machines are going to topple over in a matter of days.

I think ChazB is incorrect, in that the computers are legitimately running XP since they likely came installed with it. However, the number one rule of any public kiosk like these is the ability to quickly reimage- and she can't do that if she doesn't have legal XP install disks. So she's either paying for tech help to get a Knoppix or Ubuntu install disk made, or she's paying for legit windows licenses and using something like the shared toolkit mentioned above (along with an unattended install disk/RIS)

QlbHom notes that an ideal situation is an auto-install CD with a free OS and basic utilities you'd expect in an internet cafe (browser, ability to open documents, printing), that you can pop into any machine and have it automatically get re-imaged back to "clean" state. It's not terribly hard to do, but it sounds like it's beyond your capabilities.

As for network security, the key point is that at the router (I'm guessing some simple Linksys or similar jobbie hooked up to a hub with all the PCs wired), the most important thing is to only open ports that should be open, inbound- which is likely none of them. I wouldn't worry too much at first about blocking outbound ports, but do make sure if it's a uPnP capable router that you disable this. If you've solved the problem above of being able to quickly wipe and rebuild the machines (even nightly, or by dropping your special CD into the tray and rebooting), then you don't have to worry as much about virus and the like or securing the network: you get into the mindset of not building these machines to be rock-solid bricks, but accepting that you or she will be wiping them regularly to clear out the cruft of malware and bad user behavior.
posted by hincandenza at 12:06 PM on November 18, 2006

Actually, Knoppix runs totally off the CD drive, so you don't need a hard drive (I'd take them out for security reasons), and you don't need reimaging. Nor do you need to worry about legalities and licensing fees. It has everything you need (games, browser, word processor and more) and will auto-detect all hardware.

Your only issue might be the amount of RAM in those old P2s. If they are old enough, Knoppix would be slower than me before coffee, and you'd have to use some other run off CD distro (and, there are others. DSL comes to mind.)

The only way to do this on the cheap is to use a CD-based Linux distro. Otherwise, you are in to tech support hell for you and your friend.

I do library computer support. Public Internet computers and OPACs have many of the same issues as cafe computers.
posted by QIbHom at 12:18 PM on November 18, 2006

Are running Windows XP on PIIs? That's got to be a painful experience even for Internet browsing. If they are indeed PIIs, I can't imagine they originally came with XP loaded so they could be illegal copies. Even if that's the case, your friends chances of being audited are probably equal to my chances of winning the lottery. Organizations like the BSA don't even look at companies unless they have hundreds or thousands of computers. If the previous owner installed illegal copies of XP, I would personally have a clean conscience (but that's just me).

Buy a program like Fortres which completely locks down a PC. We used to use this at work on Windows 9x machines. You specify what programs users are allowed to run, in your case only Internet Explorer, and it will lock down every part of the PC except running IE. I'm sure other programs do the same thing, but this is the only one I've actually used. In addition, I would open the computers and detach the IDE cables to the floppy and CD drive so nobody can boot to a live CD or run a program from disc.

If you and your friend are clueless\semi-clueless, this program (or something similar) might be the best investment could possibly make. It won't stop people from causing trouble, but it will at least protect your computers. I know how to properly lock down a PC and I would buy Fortres if I was in your situation. Oh, and it goes without saying that you'll need a good anti-virus and firewall.

I suppose a Knoppix disc would work, but you might have trouble even getting that going with your lack of tech skills.
posted by bda1972 at 12:41 PM on November 18, 2006

echo using ubuntu - you can even get them to ship you free CDs (though they'll be a slightly older version). personally, I'd kinda go with Xubuntu, which is Ubuntu with a different look and feel (it uses Xfce instead of Gnome) - it would probably run better on the older machines (Xfce is a good bit more lightweight than Gnome). I would additionally get the machines behind a Linksys or something and block all outgoing requests that aren't on port 80 or 443 (HTTP and HTTPS).

I'd go with the Live CDs too - and possibly even crack the case open, disconnect the hard drive and maybe set the CD-ROM drive inside the case so that people can't screw with it easily. ubuntu will/should lock the CD drive so that it can't be opened when the system's booted but that won't prevent someone from rebooting it and hitting the eject button then. (what I used to do when all my computers were crap and missing faceplates was to just shove a CD-ROM drive in it and leave it unhooked. you could do the same thing, and then shove a CD-ROM drive behind a faceplate that is still hooked up with the ubuntu CD in it.)
posted by mrg at 12:50 PM on November 18, 2006

I recommend BLAG. Installing it was a breeze and it totally replaced Windows. If you know Windows, you will know BLAG within an hour or so. It is based on Fedora and is updated regularly. In their forums you get help if you need it. The firewall comes preconfigured out of the box. Just plug it into your network and you are good to go. Updating is easy as you just click software update to launch Synaptic which runs on top of apt-get. In short you get the user-friendly experience of Windows or a Mac, Fedora hardware support, the security of Debian and one awesome distro.

XP is too insecure to use for any public computer. Getting access to cmd is a risk as is any registry editing. Also unless you got multiple licenses you are screwed because Microsoft won't let you update your software without it. So get BLAG and you will never go back.
posted by clon7 at 3:51 PM on November 18, 2006

Get "Deep Freeze".

This software will completely reinstall everything on your computer every time it reboots (and it only takes a minute or two). You don't have to worry about viruses or firewalls or anything. (I didn't even bother installing anti-virus software on the machines I set up with it)

If a customer comes to any of the employees with a problem, the answer is very simple: reboot the computer and it will be as good as new. Somebody can literally format the hard drive (for all intents and purposes it will appear that it is wiped) and on reboot all will be well in the world.

I installed deep freeze on two machines at my father in law's store over four years ago and we haven't had to touch them since. Really.

Don't bother setting up user accounts, have the machine automatically log into a default user (without admin rights, even though with deep freeze this doesn't really matter)

The Linux advice, while well-intentioned, is not really in line with what you are trying to accomplish (in my opinion). I believe that what I have suggested will give you the easiest, most trouble-free approach.

Oh, and make sure you change the default password on the router admin page, and try to limit physical access to the router if possible to prevent hardware fiddlin.

Feel free to ask any questions you have here or via email.
posted by davey_darling at 4:16 PM on November 18, 2006

I was also going to suggest the Deep Freeze type of software. With anything else, you're going to have some sort of problem eventually (hacking, virus, whatever) and it's a pain in the butt to get rid of. But with this approach, every change that's made to the computer, no matter what, is undone every time you reboot.
posted by winston at 6:17 PM on November 18, 2006

Whatever you choose, choose one of the solutions (many recommended above) wherein you can fix ANYTHING by just turning the machine off and back on.

Without a real tech on staff, this is the only level of keeping-things-running you can expect from cafe workers, after all. Be realistic.

(I'd go for $100ish thin diskless clients myself and toss those P2s, but you don't have time for this.)
posted by rokusan at 6:50 PM on November 18, 2006

We use Deep Freeze and HDD Sheriff (same kind of program) where I work, and they take a lot more to set up properly than you might think. Especially Deep Freeze, which has more options than a Linux kernel.

Dump the hard drives and Windows. Or, as someone suggested, barter for tech help with a HS or college kid who could use resume fodder.
posted by QIbHom at 6:56 PM on November 18, 2006

Reading the various comments, I think the Knoppix is a very compelling solution- you can wipe the drive itself and run off the CD, and as mrg noted you could even keep the CD/DVD drives inside the case so that users couldn't touch them. Then, the only thing needed to troubleshoot is power them off.

The only real shortcomings are
a) it's not windows, which people might not be used to (but close enough they won't care)
b) they won't be able to save stuff to drive (unless you leave the drive in, or if Knoppix allows for creating a RAM disk), and
c) you'll have to spend some time playing with it to set it up right.

But if I'm reading the Knoppix pages right, you can pretty much download the Knoppix image, burn it to a CD, pop it into the machine, and have an OS that's mostly ready to go- the work would only be in customizing the CD image to add/tweak the system. But for the purposes of your non-tech friend, this overhead now would mean a hands-free internet cafe: Burn a bunch of discs, put them in a drawer somewhere, and any new machines/existing machines can be made to run perfectly just by popping in the CD and rebooting.

You can set it to run from the HD by running one command at boot time, after which you can remove the CD (until the next reboot), but the point is the same: it seems to be the fastest completely free solution which would allow your friend to never worry about running these systems or keeping them clean/well-maintained.
posted by hincandenza at 9:09 PM on November 18, 2006

Boothbox is an ISO image that just starts a locked-down Firefox instance on the box it's inserted into - No interface, no nothing besides Firefox. It uses the Damn Small Linux distribution as a base - which is one of the smallest graphical Linux installs out there, and proably the least memory-and-processor intensive solutions offered. (I used to run DSL on a P300/128MB with fairly good results - YMMV.)
posted by Orb2069 at 2:20 PM on November 19, 2006

Boothbox looks like exactly what you need. Great find, Orb2069.
posted by blag at 6:09 PM on November 19, 2006

DeepFreeze is of course the product I alluded to earlier on in the thread. It's great.
posted by dance at 4:51 AM on November 21, 2006

This thread is closed to new comments.