Desktop Configuration and Cloning Instructor: Chuck O’Shea An Infopeople Workshop Fall-Winter 2006

Infopeople is a federally-funded grant project supported by the California State Library. It provides a wide variety of training to California libraries. Infopeople workshops are offered around the state and are open registration on a first-come, first-served basis. For a complete list of workshops, and for other information about the project, go to the Infopeople website at infopeople.org. This Workshop is Brought to You by the Infopeople Project

Introductions Name Library Position What is your experience with adding software, configuring administration functions?

Packet Agenda PowerPoint Exercises Handouts CD

Class Assumptions You are comfortable with basic computer skills You have installed and configured software You are are the person at your library who will be configuring your Public Access Computers You will be using Windows XP

What kinds of computer issues arise when offering computers to the public?

How do you handle these problems currently?

Workshop Goals Help you understand the issues in making computers accessible to the public Share a solution –create a hard drive image set up for public access computing –clone it

If Working with a Used Computer Need to clean up the hard drive –don’t know how it’s been used –registry could be hiding things –get rid of personal files/programs Restore depends on manufacturer Want to do more than just reinstall OS

To Create a Secure Public Access Computer 1.Install Updates 2.Install Apps 3.Tighten System 4.Customize Profile 5.Use Shared Computer Toolkit 6.Change BIOS 7.Create Image 8.Clone We are assuming you have a new computer with a clean install of Windows XP or have restored the hard drive of a used computer.

Step #1 - Install Updates Download and run Service Packs and updates so you are running the most current version of the OS less vulnerable to security risks bug fixes take advantage of new technology

Step #2 - Install Applications For example Microsoft Office Virus & Spyware Protection Printer Drivers Public Browser Media Players

Public Browser Features: –easy configuration –URL tracking –popup restriction –auto clearing of cache and cookies Installation Configuration

Public Browser Configuration

Public Browser Overrides What are they? What do they do? Shift/Alt/Control/Insert

Exercise #1 Install & Configure Public Browser

Step #3 - Tighten System for Public Access Remove unnecessary programs Remove unnecessary features Disable unnecessary services

Removing Unnecessary Windows Components for Public Access Fax MSN Explorer Outlook Express Networking Services Windows Messenger What about games?

Exercise #2 Removing Unnecessary Windows Components for Public Access

Remove Unnecessary Features for Public Access Remote desktop System restore Fast user switching Offline files Hibernation

Exercise #3 Removing Unwanted Features for Public Access

Disable Unnecessary Services for Public Access Distributed link transaction Secondary logon Task scheduler Terminal services Telephony Wireless zero configuration

Exercise #4 Disable Unnecessary Services for Public Access Computers

Step #4 User Profile A user profile defines customized desktop environments, such as individual display and network and printer connections settings. With profiles, the system administrator can set access for different users: –Desktop shortcuts –Windows preferences –Printers –First-time settings

For PAC You Need Two Profiles Administrator –install and uninstall software –configure settings –create and delete users Limited –run programs –access the Internet –create files and folders –Public Adults Children

Create Public Account Creating a Public account for shared access with limited access Account will be shared by all public users Account will be a Limited Account that will not allow user to perform administrative functions

Configure the Public User Profile Log on as local user Run all programs installed for the first time –Examples configure Office programs Windows Media Player Adobe Reader Configure settings

Exercise #5 Create a User Account and Configure the “Public Profile”

Customize All Users Start menu Changes made to All Users Start Menu affect everyone that uses that computer. Most programs install Start menu shortcuts in the All Users profile To customize “All Users” Start Menu –Login as administrator –Remove unwanted Icons –Add programs to Start Menu

Step #5 - Use Shared Computer Toolkit Free from Microsoft –download the latest version –get product support –view demos sharedaccess/default.mspx

Microsoft Shared Computer Toolkit Only works on Windows XP –protects windows partition (drive c:) –allows you to restrict users easy access to computer settings profile manager –easy access –more options easily change Accessibility options

Hive Cleanup Service Prompted to get when you install Shared Computer Toolkit Eliminates log off problems Must be installed and running to work

SCT Step 1 – Prepare Disk Prepare the disk for Windows disk protection –requires unallocated space –we will use Symantec’s Partition Magic 8.0 to create an unallocated partition minimum of 1GB up to 10% of disk space space used for temporary files

Partition Magic Allows you to: –merge partitions –create new partitions –resize partitions Run it from the CD –does not need to be installed

Exercise #6 Download and Install Shared Computer Toolkit, Install Hive Cleanup Service, and Run Partition Magic

SCT Step 2 – Set Security Settings Prevent account names from being saved Force passwords to be secure Prevent Windows for caching credentials with profile Prevent creation of files and folders on Windows Drive* Prevent logon to locked profiles Remove cached copies of locked profiles Remove Shut Down and Turn Off Computer options Prevent MS Office document from opening in IE Use Welcome screen* Remove administrator from Welcome screen* * Recommended

SCT Step 3 – Create Public Account We’ve already done

SCT Step 4 - Configure the Public User Profile We’ve already done

SCT Step 5 - Restrict Local User Profile Set and lock to prevent permanent changes by user –change general settings –recommended restrictions –optional restrictions –lock profile Once changed and locked, must be unlocked to alter settings

General Settings IE Homepage Proxy Proxy Exceptions Session Times Restrict Drives Lock Profile Restart at Logoff

Locking a Profile The following are items that are not kept between logons when a profile is locked: Internet history and cookies Favorites Files stored on the desktop Desktop wallpaper Changes to program settings Accessibility changes Start menu changes

Recommend User Restrictions for Public Access Computers –Start Menu restrictions –General Windows restrictions –IE restrictions –MS Office restrictions –Software restrictions

Optional User Restrictions Include Additional… Start Menu restrictions General Windows XP restrictions Internet Explorer restrictions Software restrictions

Exercise #7 Setting User Restrictions

SCT Step 6 - Testing the Public User Profile –Check Desktop Screen saver Programs availability –Check Accessibility Tools Visuals Sound High contrast Keyboard and mouse –Check Menus

SCT Step 7 - Windows Disk Protection Protects the Windows operating system and program files from being permanently changed on a Windows partition. User changes will stay until the next restart Admin can make permanent changes –add new programs –modify registry –add user account

Options for setting Windows Disk Protection Clear Changes –clears all changes with each restart One Restart –retain changes for one restart Indefinitely –keeps files through multiple restarts Save Changes –write changes to C:

Windows Disk Protection Settings Set schedule for critical updates Set schedule for antivirus updates

Exercise #8 Turn on Disk Protection

What’s the BIOS? Acronym for basic input/output system, the built-in software that determines what a computer can do without accessing programs from a disk On PCs, the BIOS contains all the code required to control the keyboard, display screen, disk drives, boot order, date and time, and a number of miscellaneous functions

Step #6 - Change BIOS Access the BIOS during bootup by pressing and holding the F2 key Change Boot Sequence –Internal HDD –Only Internal HDD Bootable

Use Passwords for Security Admin Password System Password –NOT recommended –requires password to boot Internal HDD Password –NOT recommended –travels with hard drive even if removed from computer Password Changes –Set to “Permitted”

You MUST set an Admin password to keep people from changing BIOS settings.

Exercise #9 Change the BIOS

Yesterday We Created Our Public Access Image Installed Public Browser Removed programs, services, and features Partitioned disk Installed HIVE and the Microsoft Shared Computer Toolkit Created profiles Set security with SCT Changed the BIOS

Clone We spent a full day creating an image Now we want to make our other 20 computers identical without spending a day on each one So, you clone it

Benefits of Cloning Easy to set many computers When the computer goes bad –restore computer by replacing image

Cloning - Requirements –Image and clone must have identical hardware –Need different images for computers with different hardware

What now? Sysprep vs. New SID –What is Sysprep –When to run

How Do You Keep Your Computers Current? Create an updated image Re-image all computers

In the Ideal World Have a reference computer –no one uses it –update and patch regularly –update programs as needed Create new image from reference computer Re-image all computers

Exercise #10 Making It Happen

Evaluation Form infopeople.org/workshop/eval/