I've often had the problem of setting up public access terminals. I've tried all sorts to stop users blatting the box, installing spyware / trojans / activex controls and in almost every case the customer (I work for a consultancy) has wanted the boxes security relaxed so users can install the latest version of flash or any other activeX component (Read: pron dialler)
We've looked at Citrix and TSE use in these scenarios but the main problem is if one user breaks the box the box is dead. The costs are also huge compared to linux options.
However the final solution we came to was to use Recovery Cards. They're cheap pci devices which restore the harddisk to its original state every reboot. They do it instantaneously too which means if a user kills a box it will be fixed by a reboot - unless they physically damaged the box!
So we built a Client PC with W1nd0ws and installed Office and a few other apps for the company and then locked the boxes down using a combination of.exe deletion and a local policy file. Once we were happy with the build we imaged it to the other terminals, stuck the PCI cards into the systems and enabled the 'Protected Mode'
Each of us was then frustrated when we tried to kill the box as a user would. As soon as we were happy we'd deleted every file in existance we rebooted and bingo...
The Client that we did the installation for has had one box of 12 go down with a dead drive in the past 2 years. They've all had critical patches updated at some point but they're all alive and well below current SP levels. They've all had virus outbreaks, porn diallers, spyware, trojans etc etc installed but one reboot later and they're fixed.
They are on a seperate VLAN to the rest of the network though which is why they don't care too much about patch levels.
You and find one of these things here - sorry for the e-bay ad but it was easy to find the picture. I don't know the people selling it either so buyer beware.
Slashdot Mirror
Not being horrible or anything... but
"The companies are suspected of colluding to restrict sales of recordings "
Well duh! How long did it take to figure this one out???
I've often had the problem of setting up public access terminals. I've tried all sorts to stop users blatting the box, installing spyware / trojans / activex controls and in almost every case the customer (I work for a consultancy) has wanted the boxes security relaxed so users can install the latest version of flash or any other activeX component (Read: pron dialler) We've looked at Citrix and TSE use in these scenarios but the main problem is if one user breaks the box the box is dead. The costs are also huge compared to linux options. However the final solution we came to was to use Recovery Cards. They're cheap pci devices which restore the harddisk to its original state every reboot. They do it instantaneously too which means if a user kills a box it will be fixed by a reboot - unless they physically damaged the box! So we built a Client PC with W1nd0ws and installed Office and a few other apps for the company and then locked the boxes down using a combination of .exe deletion and a local policy file. Once we were happy with the build we imaged it to the other terminals, stuck the PCI cards into the systems and enabled the 'Protected Mode'
Each of us was then frustrated when we tried to kill the box as a user would. As soon as we were happy we'd deleted every file in existance we rebooted and bingo...
The Client that we did the installation for has had one box of 12 go down with a dead drive in the past 2 years. They've all had critical patches updated at some point but they're all alive and well below current SP levels. They've all had virus outbreaks, porn diallers, spyware, trojans etc etc installed but one reboot later and they're fixed.
They are on a seperate VLAN to the rest of the network though which is why they don't care too much about patch levels.
You and find one of these things here - sorry for the e-bay ad but it was easy to find the picture. I don't know the people selling it either so buyer beware.