• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Locking down a public Win7 Home Premium 64-bit PC?

VirtualLarry

VirtualLarry

No Lifer
Was toying with the idea of setting up a public PC for people to use here. But I want to make certain that it is locked-down, without the ability to install or run programs that aren't pre-installed by me. If I have to, I guess I could install XP Pro, with SRP. That would be the most straightforward to me, because I know how to do that. I'd just have to burn an XP license, which are in precious short supply these days.

The other alternative, besides installing Win7 Ultimate, would be to use the Parental Controls feature of Win7 Home Premium. I have heard that you can use this feature to create a "whitelist" of applications, and therefore, lock down your system. I would very much like to learn how to do this.

Does anyone know of any good guides on the subject?

The other question is, how to set up programs like Firefox, and AIM, such that they don't save user information like passwords and such directly onto the public user account, so that people's accounts don't get hacked. (Hopefully, user-mode keyloggers would be prevented by the whitelist .exe approach.)

Surely, someone else must have done this already somewhere?
 
VirtualLarry said:
Was toying with the idea of setting up a public PC for people to use here. But I want to make certain that it is locked-down, without the ability to install or run programs that aren't pre-installed by me. If I have to, I guess I could install XP Pro, with SRP. That would be the most straightforward to me, because I know how to do that. I'd just have to burn an XP license, which are in precious short supply these days.

The other alternative, besides installing Win7 Ultimate, would be to use the Parental Controls feature of Win7 Home Premium. I have heard that you can use this feature to create a "whitelist" of applications, and therefore, lock down your system. I would very much like to learn how to do this.

Does anyone know of any good guides on the subject?

The other question is, how to set up programs like Firefox, and AIM, such that they don't save user information like passwords and such directly onto the public user account, so that people's accounts don't get hacked. (Hopefully, user-mode keyloggers would be prevented by the whitelist .exe approach.)

Surely, someone else must have done this already somewhere?
Click to expand...

Start by creating a standard user with UAC on at its maximum so any attempt to install, uninstall, change systems settings are blocked. You can then make exceptions for the programs which should be allowed to be started by the standard user.

You can also setup Internet Explorer 9 with the security functions you want which will also be protected by UAC.

Then you could disable control panel or various items for that user.
 
You could use a bootable linux distribution via a cdrom drive.
Knoppix is the most popular and works with almost any hardware.
Remove the hard drive from the computer.
Nothing at all will be saved between boots, as there is no writable media in the computer.
Simple, secure, and free.
 
You want a kiosk. Kiosk modes are what things like internet cafe would use.
google windows kiosk and you will get all kinds of tips and software.
 
lopgok said:
You could use a bootable linux distribution via a cdrom drive.
Knoppix is the most popular and works with almost any hardware.
Remove the hard drive from the computer.
Nothing at all will be saved between boots, as there is no writable media in the computer.
Simple, secure, and free.
Click to expand...

I came up with that idea too, except I was thinking of getting an adaptor, to mount a USB flash drive inside the computer, and to take out BOTH the HD and DVD drive (would I have to take out the DVD drive, if I lock down booting in the BIOS to the USB drive and put a BIOS password on?).

You can use Unetbootin to put a Linux ISO onto a flash drive and boot it like a liveCD.

http://www.amazon.com/StarTech-Motherboard-4-Pin-Header-USBMBADAPT/dp/B000IV6S9S
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top