Windows System Security [was: Re: hard drive size requirements......]
- Tom, et al.,
We've taken several steps to enhance system security.
We use Iconlock to lock and restore Windows desktop shortcuts. The My
Computer icon is hidden behind the taskbar and other system icons, e.g.
Network Neighborhood and Recycle Bin, are hidden by TweakUI. We also use
TweakUI to prevent drives from being displayed in My Computer.
We've set up three users: patron, staff, and sys administrator, with a full
set of personalized items and used the System Policy Editor to set patron
property restrictions. These restrictions include removing the Find and Run
commands from the Start Menu and disabling the Control Panel.
We've also disabled auto-insert notification on the CD
Although we havn't found a need for additional security there are many
options. You can specify a set of allowed Windows applications with the
System Policy Editor. The 'cancel login' problem can be overcome with the
Registry modification at http://www.security-tips.com/003.htm. You could
also employ a commercial several security product, e.g. Sentry98, to provide
greater security than is available through Windows.
> I agree. For one thing, there are far too many members that have computeris
> knowledge to the point where they could easily disable a Windows system,
> destroy the data stored locally, and set up a situation where the system
> would have to be rebuilt. I tend to watch computer operations in the two
> FHCs that I handle as a computer specialist and am very explicit in what
> permitted and what is not. When I find someone has been "exploring," I letbe
> them know that it is not permitted and that all the features that are to
> used in the FHC are readily available from the Desktop.I
> I had to be very blunt with one individual that was trying to convince the
> (then) director of the center that he could set up this wonderful system.
> told him the system was as we wanted it and that he was not to exploreadd
> further, that we did not have funds to expend nor were we authorized to
> software and hardware to the system.