Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
I've been busy visiting my friends down east in Halifax for the eastern stop of the IO tour (more on that visit later). I always mention to the audience whenever I speak that I am looking for stories to share with the greater Canadian IT Professional community. I encourage you to email me your post suggestions / complete posts and I will put them up.
One came in a while ago from Todd Lamothe, a member of the Ottawa Windows Server UserGroup study group who just recently passed his first exam as a result of participating in the group. Congrats Todd!
I met Todd at an Ottawa event and also through the Ottawa UG. He wrote to me in order to share his experiences with implementing the Shared Computer Toolkit in his workplace. This is rather timely, since last week (or was it the week before) the Shared Computer Toolkit turned 1. The Beta of V2 is getting ready to go. Vista support? Stay tuned!
have a read!
I just wanted to share my experience using the Microsoft Shared Computer Toolkit with you.
I just started a new position the first week of August with the County of Lennox and Addington in the Information Services Department and my first project was to roll out 30 new computers for our branch libraries which are used mainly for library patron’s to look up library books and use the Internet. I remembered reading on your blog back in April or May about the Microsoft Shared Computer Toolkit and I thought I would give it a try. The libraries had been using Deep Freeze and Disk Sherriff to protect against disk changes, but there was no operating system lockdown as the computers are stand-alone computers.
I built my computer up with the operating system and installed any desired software then downloaded the toolkit. The toolkit walked me through step by step what I needed to do lock down the computer and enable disk protection.
Basically you install the toolkit on the computer you want to lock down. If you wish to use the Disk Protection which prevents unauthorized changes to files on the hard disk, you must have free space at the end of the partition totaling 1GB or 10% of the windows partition, whichever is greater and the disk type must be basic. (There are some other rules as well, the manual spells them all out)
Then log in a with the user account you plan to use as your shared computer user. Open up all the programs you plan on making available to this user, accept all EULA and configure the programs how you want them to run. Add any printers or other devices you need the user to access. Log out and back in with the account you used to install the toolkit. You can then if you want configure the Users Start Menu and the All Users Start Menu.
Next lock down the profile of the user that will be using the shared computer. It has some recommended restrictions. I used most if not all of the recommendations. Then log back in as the restricted account and see if everything still works the way you expect. At this point in the process, I sys-prepped. Once I was done I logged back in as the toolkit admin and locked down the hard drive. This needed a couple of reboots and there I was all done and going.
It was really straightforward and easy to setup and implement. I also followed the advice of the guide and moved the swap file and log files to a non-protected storage. This way I could see the history of the logs without them being overwritten by disk protection on reboot. A nice feature for when you enable Disk Protection, you can set it up to reboot at a specified time with protection off so that antivirus updates and windows updates can download and install automatically. This really helps me out as I don't need to visit all the computers (which are in 10 locations) on regular basis to provide updates.
Once you do get this up and going, it is important to remember to lock out the ability to boot off any removable media (cdrom, USB key, floppy, etc.) as that is a way users can get around this security. But definitely a great tool for schools, libraries, information kiosks, I could even see it use on production line computers; basically anywhere you have computers that you don’t want getting messed up.
Rick, I am glad you blogged about it otherwise I might not have even been aware of its existence.
Todd Lamothe, MCPSystems AdministratorInformation Services, County of Lennox & AddingtonBlog: http://todds.typepad.com
I am proof that study groups do work. For those in Ottawa who are interested, go to www.owsug.ca and check out the certification section in the forums. We are only on the 4th chapter in the 70-291 MS Press book so if you want to join, drop an email to firstname.lastname@example.org but do so quickly.
I am also looking forward to seeing version 2.0 of the toolkit at the end of the month. I'll let you know how it works out.
I should clarify my last comment. When I say if you want to join, I mean YOU the IT pro's in the Ottawa area, or anywhere close enough to make the drive to Ottawa. I make a 2 hour trek from Napanee each week for the study group and there is a car pool happening from Brockville.
Enjoyed reading your article.Wish I knew more about Home XP.I've been working hard to get the program Installed. I have a 2001 Gateway inbeded ME.The system is very fickle.So far I've made (4) tries and (8) errors and corrupt files.I have not TOTALY removed (ME).I can still the program,when I have to work.