Good morning.
This weekend I configured a BTOP desktop PC for the North Lake County Public Library District in Polson. Since many of us are doing similar configurations, I thought this would be a good time to describe the steps I take to configure such a PC.
I had to setup 6 of these PCs. What I did was to configure one of them just the way I want it, and then create an image of that PC and copy that image to the other PCs. If you have more than a few PCs, it is a great time saver and it makes sure there is a consistent experience on each of the PCs so deployed.
What I describe here is simply how the master PC is configured. I do not describe the imaging procedure, or the restrictions I apply on a public. I use imagex and group policies respectively for these tasks. Both these tools are built into the Microsoft environment.
The accompanying document is not meant to be a step by step recipe for configuring the PC. It is simply a rather cryptic list of tasks, somewhat in the order they should be done. It requires a bit of familiarity with Windows 7, Microsoft domains, and installing applications. It is meant to be a fairly complete list of what needs to be done, but I confess that I have probably forgotten a task or two. I occasionally add a bit of explanation.
The public logon is named “inet” and the administrator’s logon is “acme”. If this process is done on a network with other PCs turned on, I always turn on “Block all incoming traffic” in the Sharing Center to minimize the chance of getting infected. Then unblock this before creating the image.
I use Deep Freeze on all public PCs at my day job and for all my clients. IMHO it is the most cost effective PC management money a library can spend. There is other “freezing” software, but I use this. Deep Freeze provides an area it calls Thawspace. Thawspace is a place that is not wiped when a PC is rebooted. I use it as the default location for “My Documents” so that patron documents can survive a reboot. I then use an automated procedure to delete contents of this folder on a regular basis, daily or weekly.
Some of these items are specific to the way I manage the environment so may not be appropriate to your environment, but you can use it as a starting point.
Here is the list.
Configuration of NLCPLD BTOP Optiplex 980 Public PC - March 12, 2011 | |
W7 Pro 64 bit OS | |
Set PC name and temporary user during initial startup configuration | |
Set TCP/IP config for IPV4; Turn off IPV6 off | |
Set local admin password and enable | |
Join domain; add inet (the public user) to local administrators group | |
Confirm that Device Manager shows no problems | |
Set virtual memory to 2xRAM | |
Logon as inet | |
Install Office 2007 Pro Plus - Run all - no Outlook icon on desktop | |
Install MS Math 3.0, MS Streets & Trips | |
Install Adobe Reader-Flash-Shockwave; Install Java | |
Install Firefox, Google Earth, Picasa, Itunes/Quicktime | |
Place icons for auto repair, ibistro, infotrac on desktop | |
Place items on desktop: MS games folder (add in programs & Features), snipping tool, notepad | |
Keep Roxio Creator on desktop | |
Install Spybot, fprot | |
Do all Microsoft and application updates | |
Turn off all automatic updates (MS, java, adobe reader) | |
Activate windows Set remote registry service to delayed start Add acme & inet to Remote Desktop Users Turn on file/print sharing | |
Confirm remote access to remote registry, file system, RDP | |
BIOS settings: password; WOL; no energy saving; boot order | |
Remove initial user and associated profile | |
Install Printers | |
Set default web/search in ie &ff, screen saver/power | |
Populate icons on desktop and set icon location, do initial start of all apps, set background, set ie to default browser | |
Make sure volume control is available in systray; test sound with headphones Confirm flash drive can be removed gracefully | |
Logon as acme (The administrative user) | |
Create c:\port and set permissions to allow only acme access | |
Set default web, folder options, background, printer, screen saver, power, | |
Install Deepfreeze and thaw | |
Log back into inet | |
After DF install: set mydocs to T: (only T in list), T icon on desktop, my docs icon on desktop | |
Run disk cleanup, defrag, and chkdsk | |
Confirm ARP Poisoning is working | |
Run fprot/spybot scans | |
Log back into acme | |
Remove inet from local administrator group | |
Leave deep freeze unfrozen | |
Sysprep to oob experience; do not generalize | |
Capture the image with imagex | |
No comments:
Post a Comment