Desktop Configuration and Cloning Instructor: Chuck O’Shea [email protected] An Infopeople Workshop Fall-Winter 2006 This Workshop is Brought to You by the Infopeople Project Infopeople is a.

Download Report

Transcript Desktop Configuration and Cloning Instructor: Chuck O’Shea [email protected] An Infopeople Workshop Fall-Winter 2006 This Workshop is Brought to You by the Infopeople Project Infopeople is a. 

Desktop Configuration and Cloning
Instructor:
Chuck O’Shea
[email protected]
An Infopeople Workshop
Fall-Winter 2006
This Workshop is Brought to You by the Infopeople Project
Infopeople is a federally-funded grant project supported
by the California State Library. It provides a wide
variety of training to California libraries. Infopeople
workshops are offered around the state and are open
registration on a first-come, first-served basis.
For a complete list of workshops, and for other
information about the project, go to the Infopeople
website at infopeople.org.
Introductions
• Name
• Library
• Position
• What is your experience with adding software,
configuring administration functions?
Packet
•
•
•
•
•
Agenda
PowerPoint
Exercises
Handouts
CD
Class Assumptions
• You are comfortable with basic
computer skills
• You have installed and configured
software
• You are are the person at your library
who will be configuring your Public
Access Computers
• You will be using Windows XP
What kinds of computer
issues arise when
offering computers to
the public?
How do you handle
these problems
currently?
Workshop Goals
• Help you understand the issues in
making computers accessible to the
public
• Share a solution
– create a hard drive image set up for public
access computing
– clone it
If Working with a Used Computer
• Need to clean up the hard drive
– don’t know how it’s been used
– registry could be hiding things
– get rid of personal files/programs
• Restore depends on manufacturer
• Want to do more than just reinstall OS
To Create a Secure Public Access
Computer
We are assuming
you have a new
computer with a
clean install of
Windows XP or
have restored the
hard drive of a
used computer.
1.
2.
3.
4.
5.
6.
7.
8.
Install Updates
Install Apps
Tighten System
Customize Profile
Use Shared Computer Toolkit
Change BIOS
Create Image
Clone
Step #1 - Install Updates
• Download and run Service Packs and
updates so you are running the most
current version of the OS
• less vulnerable to security risks
• bug fixes
• take advantage of new technology
Step #2 - Install Applications
• For example
• Microsoft Office
• Virus & Spyware Protection
• Printer Drivers
• Public Browser
• Media Players
Public Browser
• Features:
– easy configuration
– URL tracking
– popup restriction
– auto clearing of cache and cookies
• Installation
• Configuration
Public Browser Configuration
Public Browser Overrides
• What are they?
• What do they do?
• Shift/Alt/Control/Insert
Exercise #1
Install & Configure Public Browser
Step #3 - Tighten System for Public
Access
• Remove unnecessary programs
• Remove unnecessary features
• Disable unnecessary services
Removing Unnecessary Windows
Components for Public Access
•
•
•
•
•
Fax
MSN Explorer
Outlook Express
Networking Services
Windows Messenger
What about games?
Exercise #2
Removing Unnecessary
Windows Components
for Public Access
Remove Unnecessary Features for
Public Access
• Remote desktop
• System restore
• Fast user switching
• Offline files
• Hibernation
Exercise #3
Removing Unwanted Features
for Public Access
Disable Unnecessary Services for
Public Access
•
•
•
•
•
•
Distributed link transaction
Secondary logon
Task scheduler
Terminal services
Telephony
Wireless zero configuration
Exercise #4
Disable Unnecessary
Services for Public Access
Computers
Step #4 User Profile
• A user profile defines customized desktop
environments, such as individual display and
network and printer connections settings.
• With profiles, the system administrator can
set access for different users:
–
–
–
–
Desktop shortcuts
Windows preferences
Printers
First-time settings
For PAC You Need Two Profiles
• Administrator
– install and uninstall software
– configure settings
– create and delete users
• Limited
–
–
–
–
run programs
access the Internet
create files and folders
Public
• Adults
• Children
Create Public Account
• Creating a Public account for shared
access with limited access
• Account will be shared by all public
users
• Account will be a Limited Account that
will not allow user to perform
administrative functions
Configure the Public User Profile
• Log on as local user
• Run all programs installed for the first
time
– Examples
• configure Office programs
• Windows Media Player
• Adobe Reader
• Configure settings
Exercise #5
Create a User Account and
Configure the “Public Profile”
Customize All Users Start menu
• Changes made to All Users Start Menu affect
everyone that uses that computer.
• Most programs install Start menu shortcuts in
the All Users profile
• To customize “All Users” Start Menu
– Login as administrator
– Remove unwanted Icons
– Add programs to Start Menu
Step #5 - Use Shared Computer Toolkit
• Free from Microsoft
– download the latest version
– get product support
– view demos
http://www.microsoft.com/windowsxp/
sharedaccess/default.mspx
Microsoft Shared Computer Toolkit
• Only works on Windows XP
– protects windows partition (drive c:)
– allows you to restrict users
• easy access to computer settings
• profile manager
– easy access
– more options
• easily change Accessibility options
Hive Cleanup Service
• Prompted to get when you install
Shared Computer Toolkit
• Eliminates log off problems
• Must be installed and running to work
SCT Step 1 – Prepare Disk
• Prepare the disk for Windows disk
protection
– requires unallocated space
– we will use Symantec’s Partition Magic 8.0
to create an unallocated partition
• minimum of 1GB up to 10% of disk space
• space used for temporary files
Partition Magic
• Allows you to:
– merge partitions
– create new partitions
– resize partitions
• Run it from the CD
– does not need to be installed
Exercise #6
Download and Install Shared
Computer Toolkit, Install Hive Cleanup
Service, and Run Partition Magic
SCT Step 2 – Set Security Settings
•
•
•
•
•
•
•
•
•
•
Prevent account names from being saved
Force passwords to be secure
Prevent Windows for caching credentials with profile
Prevent creation of files and folders on Windows Drive*
Prevent logon to locked profiles
Remove cached copies of locked profiles
Remove Shut Down and Turn Off Computer options
Prevent MS Office document from opening in IE
Use Welcome screen*
Remove administrator from Welcome screen*
* Recommended
SCT Step 3 – Create Public Account
• We’ve already done
SCT Step 4 - Configure the Public User
Profile
• We’ve already done
SCT Step 5 - Restrict Local User Profile
• Set and lock to prevent permanent changes
by user
– change general settings
– recommended restrictions
– optional restrictions
– lock profile
• Once changed and locked, must be unlocked
to alter settings
General Settings
•
•
•
•
•
•
•
IE Homepage
Proxy
Proxy Exceptions
Session Times
Restrict Drives
Lock Profile
Restart at Logoff
Locking a Profile
• The following are items that are not kept
between logons when a profile is locked:
• Internet history and cookies
• Favorites
• Files stored on the desktop
• Desktop wallpaper
• Changes to program settings
• Accessibility changes
• Start menu changes
Recommend User Restrictions for Public
Access Computers
– Start Menu restrictions
– General Windows restrictions
– IE restrictions
– MS Office restrictions
– Software restrictions
Optional User Restrictions Include
Additional…
• Start Menu restrictions
• General Windows XP restrictions
• Internet Explorer restrictions
• Software restrictions
Exercise #7
Setting User Restrictions
SCT Step 6 - Testing the Public User
Profile
– Check
• Desktop
• Screen saver
• Programs availability
– Check Accessibility Tools
•
•
•
•
Visuals
Sound
High contrast
Keyboard and mouse
– Check Menus
SCT Step 7 - Windows Disk Protection
• Protects the Windows operating system and
program files from being permanently
changed on a Windows partition.
• User changes will stay until the next restart
• Admin can make permanent changes
– add new programs
– modify registry
– add user account
Options for setting Windows Disk
Protection
• Clear Changes
– clears all changes with each restart
• One Restart
– retain changes for one restart
• Indefinitely
– keeps files through multiple restarts
• Save Changes
– write changes to C:
Windows Disk Protection Settings
• Set schedule for critical updates
• Set schedule for antivirus updates
Exercise #8
Turn on Disk Protection
What’s the BIOS?
• Acronym for basic input/output system, the
built-in software that determines what a
computer can do without accessing programs
from a disk
• On PCs, the BIOS contains all the code
required to control the keyboard, display
screen, disk drives, boot order, date and time,
and a number of miscellaneous functions
Step #6 - Change BIOS
• Access the BIOS during bootup by
pressing and holding the F2 key
• Change Boot Sequence
– Internal HDD
– Only Internal HDD Bootable
Use Passwords for Security
• Admin Password
• System Password
– NOT recommended
– requires password to boot
• Internal HDD Password
– NOT recommended
– travels with hard drive even if removed from computer
• Password Changes
– Set to “Permitted”
You MUST set an Admin password to
keep people from changing BIOS
settings.
Exercise #9
Change the BIOS
Yesterday We Created Our Public Access Image
• Installed Public Browser
• Removed programs, services, and features
• Partitioned disk
• Installed HIVE and the Microsoft Shared
Computer Toolkit
• Created profiles
• Set security with SCT
• Changed the BIOS
Clone
• We spent a full day creating an image
• Now we want to make our other 20
computers identical without spending a
day on each one
• So, you clone it
Benefits of Cloning
• Easy to set many computers
• When the computer goes bad
– restore computer by replacing image
Cloning - Requirements
– Image and clone must have identical
hardware
– Need different images for computers with
different hardware
What now?
• Sysprep vs. New SID
– What is Sysprep
– When to run
How Do You Keep Your Computers
Current?
• Create an updated image
• Re-image all computers
In the Ideal World
• Have a reference computer
– no one uses it
– update and patch regularly
– update programs as needed
• Create new image from reference
computer
• Re-image all computers
Exercise #10
Making It Happen
Evaluation Form
infopeople.org/workshop/eval/