Loading ...
Sorry, an error occurred while loading the content.

Re: [fhctech] Indexing and Java

Expand Messages
  • Russell Hltn
    The only problem with that, is I believe 5.11 is not secure and could open the Indexer s computers to malicious websites and other problems. It looks like
    Message 1 of 13 , Nov 30, 2007
    • 0 Attachment
      The only problem with that, is I believe 5.11 is not secure and could
      open the Indexer's computers to malicious websites and other problems.

      It looks like stepping up to 5.13 can get you around the
      vulnerabilities - hopefully without introducing the problems that 6.x
      causes the Indexing program.

      http://secunia.com/product/4228/?task=advisories_2007

      Just for kicks, you may want to scan your computer for vulnerable software:
      http://secunia.com/software_inspector/




      On Nov 30, 2007 5:37 PM, Merlin R Kitchen <mkitchen@...> wrote:
      > Having both versions of Java usually leads to problems. We have users
      > who have problems remove all versions 5 and 6 of Java and then reload the
      > indexing program--reloading puts back Java version 5.11
      >
      > It is possible to tell the computers not to update. Click Start- Control
      > Panel-Java -then click on Updates-revove check mark from "automatic check
      > for updates" and then click on Never.
      >
      > Merlin Kitchen
      > FamilySearch Indexing support
      >
    • Bill Henderson
      It seems that this battle gets fought every year or so. Deep freeze is cheap, tested, and does the job (read Lynn Shaws reply). If it ain t broke don t fix
      Message 2 of 13 , Dec 1, 2007
      • 0 Attachment
        It seems that this battle gets fought every year or so.  Deep freeze is cheap, tested, and does the job (read Lynn Shaws reply).  If it ain't broke don't fix it.
         
        Bill H.  Santa Clara FHC

        Jonathan Studer <jonokinawa@...> wrote:
        I didn't have time to research it. I just ran across it today.
        Thanks for the info.

        --- In fhctech@yahoogroups .com, "Robert C. Harrison" <gizmo.rch@. ..>
        wrote:
        >
        > Why would you want to use a beta version, there is a stable version
        here http://www.microsof t.com/downloads/ details.aspx?
        FamilyId=D077A52D- 93E9-4B02- BD95-9D770CCDB43 1&displaylang= en
        >
        > RCH
        >
        > ----- Original Message -----
        > From: Jonathan Studer
        > To: fhctech@yahoogroups .com
        > Sent: Thursday, November 29, 2007 11:22 AM
        > Subject: [fhctech] Windows SteadyState - Possible future
        Deepfreeze Replacement?
        >
        >
        >
        > I ran across this today and thought I'd share. The software is
        still in Beta so be warned.
        > I haven't tried it yet, but thought I'd pass it along incase
        someone else has time and wants to try it.
        > You can download it here:
        http://www.microsof t.com/downloads/ details.aspx? FamilyId= 4DE91D3A-
        69F4-4D7B-94B1- C69B8BE029F4& displaylang= en
        >
        > I have nothing against Deepfreeze, I just always keep my eye out
        for new utilities that can make life a little easier.
        >
        > Here's an excerpt from the intro to the documentation.
        >
        > Introduction to Windows SteadyState
        >
        > Windows® SteadyStateT helps make shared computers easier to set
        up and maintain for administrators, and more reliable and consistent
        for computer users. By using Windows SteadyState, you can more
        effectively:
        >
        > -- Defend shared computers from unauthorized changes to their
        hard disks.
        > -- Restrict users from accessing system settings and data.
        > -- Enhance the user experience on shared computers.
        >
        > These capabilities make Windows SteadyState beneficial in
        situations where a computer is used by multiple people, such as
        schools, public libraries, community technology centers, and Internet
        cafés.
        >
        > Protecting Shared Computers
        > A unique challenge exists for shared computer environments.
        Microsoft software is designed to offer users a great degree of
        flexibility in their ability to customize their experience and to
        make changes to their computer settings. However, in a shared
        computer environment, administrators will typically not want to
        provide the full set of customization and change capabilities because
        doing so could allow changes to be made that affect the health of the
        computer and the experience for other users. On a shared computer,
        privacy and uniformity are very important elements of the maintenance
        and use of the system. Windows SteadyState helps an administrator
        protect a shared computer against unwanted changes.
        >
        >
        >
        >
        >
        > ------------ --------- --------- --------- --------- --------- -
        ----------
        >
        >
        > No virus found in this incoming message.
        > Checked by AVG Free Edition.
        > Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date:
        11/29/2007 11:10 AM
        >



        Get easy, one-click access to your favorites. Make Yahoo! your homepage.

      • Jonathan Studer
        Thanks everyone for your feedback. I m going to look into using Deepfreeze. Right now I use a combination of local Group Policy settings and folder redirection
        Message 3 of 13 , Dec 3, 2007
        • 0 Attachment
          Thanks everyone for your feedback. I'm going to look into using
          Deepfreeze. Right now I use a combination of local Group Policy
          settings and folder redirection to keep things from getting saved to
          our machines and things from getting changed. I have all the my
          documents folders set to be redirected to a share on our 'server'.
          The desktop is also redirected to the server share and is set to read-
          only so it can't be modified.
          I restrict writing to the root of the C drive as well.
          Our machines are setup to auto login to this restricted user account.

          I don't have any problems with users changing things so I guess I'm
          lucky there. I configured this setup when the universal XP DVD's were
          released from FHC Support and I haven't had to rebuild or correct any
          problems since. I configured my setup and made an image of it. Now,
          when I setup a new machine I just drop the image one it, run the
          landesk config and viola. (I periodically refresh the image). We're
          ready to go. we currently have 15 machines in 2 centers, and 4 more
          machines on there way to a third center. I'm also pretty lucky that
          all of these machines have identical hardware. I work in IT and was
          able to get all these machines donated to us.

          Anyway, just thought that I would share a little about our setup.
          Thanks again for the input.

          -Jon
        • Russell Hltn
          ... I thought about doing that but didn t for two reasons: PAFInsight saves a file to My Documents and it s not designed to be multi-access. That is, I
          Message 4 of 13 , Dec 3, 2007
          • 0 Attachment
            On Dec 3, 2007 8:10 AM, Jonathan Studer <jonokinawa@...> wrote:
            > I have all the my
            > documents folders set to be redirected to a share on our 'server'.

            I thought about doing that but didn't for two reasons: PAFInsight
            saves a file to "My Documents" and it's not designed to be
            multi-access. That is, I wouldn't make all the computers point to a
            common "My Documents".

            Secondly, patrons may not realize that by placing a file in "My
            Documents" temporally they are placing the file where any other user
            at the center can see it. Given that a PAF file can contain names,
            birth dates and mother's maiden name, I didn't want to surprise the
            patron that's trying to be careful with their family's information.


            > The desktop is also redirected to the server share and is set to read-
            > only so it can't be modified.

            Hmmm. So you have a common Desktop? I hadn't thought about that. I
            think I can reset the Patron Desktop to be "read only" without having
            to move it to the server.

            One thing I did do is separate Patron from the "All Users" for the
            Start Menu. I then created my own Start Menu for Patron. So they
            don't see those "uninstall" icons, or any other icon I don't want them
            to see. Plus I don't have to go clearing unwanted icons after I
            install a software package.


            But probably the most important thing I've done is set Patron to be
            just a User, not "Power User" as shipped from SLC. This severely
            limits what the patrons can do with the machine.
          • Jonathan Studer
            ... This was definitely a concern for us too. I talked to the director and we decided that the staff would just inform everyone when they come in that if they
            Message 5 of 13 , Dec 3, 2007
            • 0 Attachment
              > I thought about doing that but didn't for two reasons: PAFInsight
              > saves a file to "My Documents" and it's not designed to be
              > multi-access. That is, I wouldn't make all the computers point to a
              > common "My Documents".
              >
              > Secondly, patrons may not realize that by placing a file in "My
              > Documents" temporally they are placing the file where any other user
              > at the center can see it. Given that a PAF file can contain names,
              > birth dates and mother's maiden name, I didn't want to surprise the
              > patron that's trying to be careful with their family's information.

              This was definitely a concern for us too. I talked to the director
              and we decided that the staff would just inform everyone when they
              come in that if they save something to the My Documents folder it is
              visible to everyone. Having it centralized has really helped a couple
              of people that seemed to only have their PAF file on a floppy disk
              and the disk became corrupt. I can think of at least 5 people that
              were able to grab a slightly older version of their PAF file and were
              very grateful for us having. We just leave all the paf files in that
              central location. It has also helped with someone that found several
              census pages and downloaded them as .jpg's file and then left the
              center forgetting to copy it to her flash drive. The next day she
              came back very stressed that she had lost the images, but to her
              great excitement we had them.

              >
              > > The desktop is also redirected to the server share and is set to
              read-
              > > only so it can't be modified.
              >
              > Hmmm. So you have a common Desktop? I hadn't thought about that.
              I
              > think I can reset the Patron Desktop to be "read only" without
              having to move it to the server.
              >
              > One thing I did do is separate Patron from the "All Users" for the
              > Start Menu. I then created my own Start Menu for Patron. So they
              > don't see those "uninstall" icons, or any other icon I don't want
              them
              > to see. Plus I don't have to go clearing unwanted icons after I
              > install a software package.

              I have also done this, It just keeps everything really simple. The
              only things on the start menu for Patron is IE, the typical research
              databases, and Open Office.

              >
              > But probably the most important thing I've done is set Patron to be
              > just a User, not "Power User" as shipped from SLC. This severely
              > limits what the patrons can do with the machine.

              This is very good practice. I have done that as well.

              I have also setup a web page with links to all the usual websites. I
              then embedded this as an Active Desktop on the Patron Desktop. The
              page is hosted by IIS on the 'server'. I just update or add links and
              refresh the desktop and they show up.

              Another thing we do is leave the computers on all the time. We have
              the monitors set to turn off after 5 minutes of inactivity and have
              the hard disk spin down after 1 hour of inactivity. Then, I have a
              script that runs every night to reboot all of the Patron machines to
              ensure that when the staff comes in the next day everything is reset.
              We have a really busy center that is open 5-6 days a week and leaving
              the machines on really makes my life a great bit easier.

              In my 'spare time', I'm working on a script that will allow me to
              logoff the current user (Patron) and login an service account that
              will then execute a windows update and reboot the machine to have it
              autologin as Patron saving me from having to do this manually.
              My 'spare time' has been few and far between lately as being a
              Scoutmaster takes most of my time.

              One last time saving step that I do involves the DSL Modem and the
              PIX firewall. It seemed like I was getting calls at least bi-weekly
              from the staff telling me that the 'Internet was down' (to which I
              promptly reply, Call Al Gore). The resolution was to power off the
              powerstrip that the modem and firewall were connected to and turning
              it back on. It resolved the problem immediately.
              To keep this from happening, I bought an inexpensive digital light
              timer. I set it to power off at 1:00 AM and power back on at 1:15 AM.
              I did this about 6 months ago and they haven't had the problem since.

              With all these things I've been able to set up the center so I only
              go in once a month. (a week after patch Tuesday) to install Microsoft
              updates if they didn't auto install.

              -J.S.
            • Russell Hltn
              ... I don t see how keeping My Documents on the local machine changes any of the success stories. I m sure any computer user understands that anything left
              Message 6 of 13 , Dec 3, 2007
              • 0 Attachment
                On Dec 3, 2007 11:51 AM, Jonathan Studer <jonokinawa@...> wrote:
                > This was definitely a concern for us too. I talked to the director
                > and we decided that the staff would just inform everyone when they
                > come in that if they save something to the My Documents folder it is
                > visible to everyone. Having it centralized has really helped a couple
                > of people that seemed to only have their PAF file on a floppy disk
                > and the disk became corrupt. I can think of at least 5 people that
                > were able to grab a slightly older version of their PAF file and were
                > very grateful for us having. We just leave all the paf files in that
                > central location. It has also helped with someone that found several
                > census pages and downloaded them as .jpg's file and then left the
                > center forgetting to copy it to her flash drive. The next day she
                > came back very stressed that she had lost the images, but to her
                > great excitement we had them.
                >

                I don't see how keeping "My Documents" on the local machine changes
                any of the success stories. I'm sure any computer user understands
                that anything left behind after they are done with the machine could
                be looked at by others, but to communicate that "My Documents" isn't
                private even temporarily is something that's probably beyond most
                people's computer abilities.



                > I have also setup a web page with links to all the usual websites. I
                > then embedded this as an Active Desktop on the Patron Desktop. The
                > page is hosted by IIS on the 'server'. I just update or add links and
                > refresh the desktop and they show up.
                >

                I've re-pointed the "Favorites" to the server and Patron only has read
                rights. Not unlike what you've done. Since I don't have a true
                server version of Windows, I have to watch the number of connections I
                make to our server. I'm not sure as I can add IIS without causing
                problems with the licensing.



                > One last time saving step that I do involves the DSL Modem and the
                > PIX firewall. It seemed like I was getting calls at least bi-weekly
                > from the staff telling me that the 'Internet was down' (to which I
                > promptly reply, Call Al Gore). The resolution was to power off the
                > powerstrip that the modem and firewall were connected to and turning
                > it back on. It resolved the problem immediately.


                Never had that problem. We leave it on 24/7. It also located well
                away from the patrons so no one can tamper with it.
              Your message has been successfully submitted and would be delivered to recipients shortly.