Monday, March 14, 2011

Configure a Public PC

Good morning.

This weekend I configured a BTOP desktop PC for the North Lake County Public Library District in Polson. Since many of us are doing similar configurations, I thought this would be a good time to describe the steps I take to configure such a PC.

I had to setup 6 of these PCs. What I did was to configure one of them just the way I want it, and then create an image of that PC and copy that image to the other PCs. If you have more than a few PCs, it is a great time saver and it makes sure there is a consistent experience on each of the PCs so deployed.

What I describe here is simply how the master PC is configured. I do not describe the imaging procedure, or the restrictions I apply on a public. I use imagex and group policies respectively for these tasks. Both these tools are built into the Microsoft environment.

The accompanying document is not meant to be a step by step recipe for configuring the PC. It is simply a rather cryptic list of tasks, somewhat in the order they should be done. It requires a bit of familiarity with Windows 7, Microsoft domains, and installing applications. It is meant to be a fairly complete list of what needs to be done, but I confess that I have probably forgotten a task or two. I occasionally add a bit of explanation.

The public logon is named “inet” and the administrator’s logon is “acme”. If this process is done on a network with other PCs turned on, I always turn on “Block all incoming traffic” in the Sharing Center to minimize the chance of getting infected. Then unblock this before creating the image.

I use Deep Freeze on all public PCs at my day job and for all my clients. IMHO it is the most cost effective PC management money a library can spend. There is other “freezing” software, but I use this. Deep Freeze provides an area it calls Thawspace. Thawspace is a place that is not wiped when a PC is rebooted. I use it as the default location for “My Documents” so that patron documents can survive a reboot. I then use an automated procedure to delete contents of this folder on a regular basis, daily or weekly.

Some of these items are specific to the way I manage the environment so may not be appropriate to your environment, but you can use it as a starting point.

Here is the list.

Configuration of NLCPLD BTOP Optiplex 980 Public PC - March 12, 2011

W7 Pro 64 bit OS

Set PC name and temporary user during initial startup configuration

Set TCP/IP config for IPV4; Turn off IPV6 off

Set local admin password and enable

Join domain; add inet (the public user) to local administrators group

Confirm that Device Manager shows no problems

Set virtual memory to 2xRAM

Logon as inet

Install Office 2007 Pro Plus - Run all - no Outlook icon on desktop

Install MS Math 3.0, MS Streets & Trips

Install Adobe Reader-Flash-Shockwave; Install Java

Install Firefox, Google Earth, Picasa, Itunes/Quicktime

Place icons for auto repair, ibistro, infotrac on desktop

Place items on desktop: MS games folder (add in programs & Features), snipping tool, notepad

Keep Roxio Creator on desktop

Install Spybot, fprot

Do all Microsoft and application updates

Turn off all automatic updates (MS, java, adobe reader)

Activate windows

Set remote registry service to delayed start

Add acme & inet to Remote Desktop Users

Turn on file/print sharing

Confirm remote access to remote registry, file system, RDP

BIOS settings: password; WOL; no energy saving; boot order

Remove initial user and associated profile

Install Printers

Set default web/search in ie &ff, screen saver/power

Populate icons on desktop and set icon location, do initial start of all apps, set background, set ie to default browser

Make sure volume control is available in systray; test sound with headphones

Confirm flash drive can be removed gracefully

Logon as acme (The administrative user)

Create c:\port and set permissions to allow only acme access

Set default web, folder options, background, printer, screen saver, power,

Install Deepfreeze and thaw

Log back into inet

After DF install: set mydocs to T: (only T in list), T icon on desktop, my docs icon on desktop

Run disk cleanup, defrag, and chkdsk

Confirm ARP Poisoning is working

Run fprot/spybot scans

Log back into acme

Remove inet from local administrator group

Leave deep freeze unfrozen

Sysprep to oob experience; do not generalize

Capture the image with imagex

No comments: