• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Deploy Windows 7 for office computers: restrict users

D

DragonReborn

Senior member
Hey all, I want to setup my computers for the office (6-8 of them) but I want to make sure they are ultra-clean and stay that way. I really only want the computers able to browse the internet and never install anything or change any setting.

I would love to make one image and then deploy it to all the other systems (i will buy identical computer hardware).

would love to hear recommended Win7 settings for office environment.

thanks!
 
Hi Dragon,

This is quite a large topic on this, but heres some suggestions:

For the deployment, I would look into the Microsoft Deployment Toolkit. They just released version 2012 to use, it works pretty well. Basically you create a shared drive (it will walk you through this) on one computer, then you burn a CD and boot from it on all of your client computers. This will install windows, drivers, updates, etc. You can also combine it with Windows Deployment Services if you have a Windows Server 2008/2008r2 machine so you can just network boot them. MDT is a free tool, download it maybe in a VM or something and give it a go.

As far as restrictions, look into group policy and using it in a domain. You'd need a domain controller (so a server OS is required, not sure what you have), and you can restrict what everyone has access to. Its too difficult to get into here I think (there are entire books on this), but you should be able to start googling around for it (look for something like "locking down windows 7 via group policy) and being able to find the things you need.
 
I would just a comment about protection from user changes., We have a 9-station classroom - all 9 machines networked and dual boot. We install Faronics "Deepfreeze" to protect the systems from student changes. It restores each machine to our specified standard on reboot. For system maintenance and upgrades, we have two designated "techs," and they have the password needed to turn Deepfreeze off, make changes, and turn it back on. This allows students to save, save as, etc., etc., that is automatically eliminated on reboot.

http://www.faronics.com/enterprise/deep-freeze/
 
With MDT and only 6-8 systems, you can set the machines up to exactly how each user would like it, then capture an image of each machine to your shared drive (deployment share). If a user then installs something you don’t approve of, you can re-image the machine to the original state, after saving their documents. Or you can use Windows Easy Transfer or the User State Migration Tool (USMT) to capture user settings and files. USMT works with MDT, and you can setup a Task Sequence to capture the user data, re-image the machine, and then put the data back automatically. The USMT user guide is here and the MDT download is here.
Identical hardware is not necessary with Windows 7. When you sysprep your master machine to make your image, sysprep removes the drivers as a part of the process. To learn more about imaging and deploying with Windows 7, please visit the Deliver page of the Springboard Series on TechNet. Here you will find many articles and videos to help you.

Hope this helps,
David
Windows Outreach Team – IT Pro
 
definitely have to research the "shared drive" and how that works. basically, i'm trying to avoid the whole "re-imaging" if there is a problem. i want to restrict them so the problems that can occur are minimal to non-existent.
 
Hey Dragon, the deepfreeze idea is a good one.

Also, how about thin clients? If they aren't going to keep any data on them, could be a good option. I use thin clients from IGEL technologies quite a bit, they're quite nice, and the users can't do a thing on them. Plus, if you have just one machine acting as a "server" (it can just be a desktop/laptop or whatever), you can have a template image so if you need to make any changes, you just go in to your server, change the config, hit apply, and all of them change immediately. Definitely worth a look if you dont' need the storage capabilities and customization of full desktops.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top