Mac OS in a Lab

jmu1 wishes to get to the core of the following issue: "I run a medium sized lab of Mac OS 8.6/9.x machines. They all have (shudder) FoolProof as an attempt of keeping the systems usable. Unfortunatly, it is quite easy to bypass the software, or even to remove it using AppleScript, etc. What I want to know is, what is a usable solution for securing a lab of Macs?"

Netboot

[SandSpider]

Okay, let's try that again, this time with more information.

Netboot is some nice technology from Apple. It allows you to set up a default system on some server, then have the computers on your network boot from that server. When the computer reboots, it reloads the system from the image on the server, rather than from something on the hard disk. It is very difficult for a user to change the information on the server. It's not impossible, but we all know that undefeatable security doesn't exist.

But NetBoot was made for exactly this sort of situation, so it's definitely worth checking out.

=Brian

revrdist/Assimilator

[mbrubeck]

My school used Assimilator to manage its Mac labs. This is a commercial program by Peter N. Lewis of Anarchie fame. It works by synchronizing all lab computers to a disk image stored on a server. I like this because it leaves the computer fully functional -- users can download or run whatever they want while they're using the computer, and at the end of the day (or end of week, or whenever the admin feels like it), the disk is restored to a pristine image. It doesn't provide the same level of restrictions as FoolProof, but I consider that a good thing.

revrdist is a free (public domain) program with the same basic function. Its setup is a bit more involved and it doesn't have all of Assimilator's features, but it's a well-tested program that definitely works. Use it if you can handle the extra administration and prefer a free solution. The reverdist home page also has links to other Mac administration programs.