Administering a PC in a Vacation Rental Home?

mrn121 asks: "Some relatives of mine are preparing their beach house for rental, and they have asked me to assist in setting up some of the on-site technology. One of my ideas was to add a computer with high-speed internet access to the house, but security issues may be overwhelming. I have administered campus computing labs in the past, so I am familiar with locking systems down, but I am curious about what level of security readers might suggest, and how to go about achieving an appropriate balance between security and usability for such an application. On one hand, I don't want renters to clutter the computer with software and useless bookmarks, but on the other hand, I don't want the system to be utterly useless. One major difference between this computer and a lab computer is that I will not have access to the machine for the entire summer, while the house is being rented."

Don't bother locking it down

[mcgroarty]

I say don't bother to lock it down. They're on vacation -- let them use it however they like. And without physically securing the thing, there's not much you can do about some bored kid's hostile pranks for the next guest. What I'd do is to get one of those cheap $30 IDE removable hard drive kits and a second drive, then use Norton Ghost or even a Linux install with a script using "dd" to make an image of the normal drive's install on the removable drive.

If you make the removable drive have boot priority, you can even make it an automated process, where the vacationers or the rental agent are told they can restore the computer to "fresh state" themselves by sliding the drive in, turning the key, powering up, waiting for it to do the copy, then shutting down, unlocking the drive bay, and putting the drive away again.

Aside from that, set up Windows update to install automatically, use a DSL/cable router box that blocks pretty much everything inbound, and hope for the best.

Re:Don't bother locking it down

[Vaevictis666]

Better than a removable drive would be a "hidden" hard drive partition. Get Windows (or whatever) installed onto partition 1, and have partition 2 non-visible from windows. Then boot into either Dos or a live cd (I highly recommend Bart's PE Builder for a live win xp cd) and take a ghost image of partition 1 and save the image on the hidden partition 2. Then as backup maybe make a CD set or something.

You shouldn't be worrying about what goes on while they're there, but after the rental ends just pop over with the live cd, restore the disk image, and it's fresh for the next rental.

Knoppix

[Col.+Klink+(retired)]

I'd leave it completely diskless and put a Knoppix CD in.

Why bother with a PC?

[TrebleJunkie]

If I were you, I'd go *only* as far as supplying a broadband connection, a cable/DSL router (which should block *most* crap by default) with DHCP enabled, a hub/switch (if necessary) in a closet somewhere. Then, in plain view, ethernet wall jack and a one-page sheet of instructions on how to make it work with *their* computer. Maybe a spare ethernet cable or two.

The way I figger it, if they can afford to rent a beach house, they can probably afford their own laptop if they wanna get some work done. And the most you'll have to do to service it *should* be to tell them to recycle the power on the router or cable modem, and you don't have to worry about the PC.

Lock the main computer in a closet

[Marxist+Hacker+42]

Along with a good Wifi firewall, and rent the place out as "WiFi enabled high speed internet access". That way, you can just give the WAP passwords to the rental agent, and people are responsible for their own machines.

No security. And Ghost the fucker.

[Elwood+P+Dowd]

Configure it with a largeish partition for ghost files. Install Windows on the other partition and configure it however much or little security you'd like. Enable the firewall. Install automated spyware & virus protection. Do windows update.

Ghost the machine as it is, properly configured, to the ghost partition. Later, after they've fucked everything up, you can restore from the ghost file.

Isn't that how you ran your labs?

"Securing" a public access terminal.

[dinodrac]

My prefered method of securing a computer in this situation would be a Boot ROM that quickly restores the system to a pristine state every time its rebooted. Look at some of the solutions offered by Rembo, such as BpBatch.

Properly set up, the loader in the boot rom can validate the user-accessible partition against a reference copy on a hidden partition, then syncronize it rapidly in a manner similar to that of rsync. The renter has nearly unrestricted use of the system, but the second they reboot, its a clean system. If you want to be less anal, you could configure it so the wipe is only performed "on demand", or performed at the request of an off-premises master server, allowing the renter to store files while they are there, and have them wiped when they leave.

How the professionals do it.

[Spudley]

An internet cafe I know achieves this very simply: Every night after they close, they just restore every PC to it's original state from a backup on a hidden partition.

Takes them practically zero time or effort -- all they have to do is open the admin program, enter a password, and click 'Okay'. No disks or tapes to insert, and users can do anything the like to the machine during the day. (well... it might be awkward if they managed to delete the backup program, but I don't think that's happened yet.. and anyway, they keep proper backups too, just in case)

Let's ask the metaquestion

[pedantic+bore]

Who rents a beach house so that they can use the computer? When my family rents a beach house, spending time in front of a computer is the last thing on my mind.

From your point of view, putting a computer in a beach house could be a headache anyway, for physical reasons. Everything in a rental property takes a beating. I'd just get a wireless router, hide it in a locked closet, and maybe put a few ethernet jacks where your guests can find them. Let them bring their laptops if they're geeky enough.

You might also make them sign something saying that they're responsible for whatever gets downloaded during the time they're in the house. That way, if you have a guest who downloads something that attracts the wrong sort of attention, maybe they'll get in trouble instead of you.

Re:Let's ask the metaquestion

[warpSpeed]

Who rents a beach house so that they can use the computer? When my family rents a beach house, spending time in front of a computer is the last thing on my mind

I Do.

I run my own buisness, so I never really get a vacation from email. Also the whole family loves going to the beach, except me. What can I do? I bring my laptop and tons of books magazines, etc. In the past I have used dialup while at the beach (oh the horrors!). DSL access in the beach house would simply be "heaven". Wireless access would be a real bonus (but I can bring my own WAP) I can hang out during the day reading and responding to email and drinking beer.

Now that is a vacation.

Environmental concerns

[YrWrstNtmr]

UPS. Depending on where this is, beach houses suffer from enough storms and power outages to make this a necessity.
Sand and water. This is at the beach. Little Jimmy will start pecking away with sandy fingers. A weatherproof keyboard, at the very least. Sealed cabinet for the case, maybe.

Personally, I'd just give them access, and not the actual PC.

WebTV

[YrWrstNtmr]

Can't use it for much, but hey...at least they can't screw anything up with it.