Good morning.
This weekend I configured a BTOP desktop PC for the North Lake County Public Library District in Polson. Since many of us are doing similar configurations, I thought this would be a good time to describe the steps I take to configure such a PC.
I had to setup 6 of these PCs. What I did was to configure one of them just the way I want it, and then create an image of that PC and copy that image to the other PCs. If you have more than a few PCs, it is a great time saver and it makes sure there is a consistent experience on each of the PCs so deployed.
What I describe here is simply how the master PC is configured. I do not describe the imaging procedure, or the restrictions I apply on a public. I use imagex and group policies respectively for these tasks. Both these tools are built into the Microsoft environment.
The accompanying document is not meant to be a step by step recipe for configuring the PC. It is simply a rather cryptic list of tasks, somewhat in the order they should be done. It requires a bit of familiarity with Windows 7, Microsoft domains, and installing applications. It is meant to be a fairly complete list of what needs to be done, but I confess that I have probably forgotten a task or two. I occasionally add a bit of explanation.
The public logon is named “inet” and the administrator’s logon is “acme”. If this process is done on a network with other PCs turned on, I always turn on “Block all incoming traffic” in the Sharing Center to minimize the chance of getting infected. Then unblock this before creating the image.
I use Deep Freeze on all public PCs at my day job and for all my clients. IMHO it is the most cost effective PC management money a library can spend. There is other “freezing” software, but I use this. Deep Freeze provides an area it calls Thawspace. Thawspace is a place that is not wiped when a PC is rebooted. I use it as the default location for “My Documents” so that patron documents can survive a reboot. I then use an automated procedure to delete contents of this folder on a regular basis, daily or weekly.
Some of these items are specific to the way I manage the environment so may not be appropriate to your environment, but you can use it as a starting point.
Here is the list.
| Configuration of NLCPLD BTOP Optiplex 980 Public PC - March 12, 2011 | |
| W7 Pro 64 bit OS | |
| Set PC name and temporary user during initial startup configuration | |
| Set TCP/IP config for IPV4; Turn off IPV6 off | |
| Set local admin password and enable | |
| Join domain; add inet (the public user) to local administrators group | |
| Confirm that Device Manager shows no problems | |
| Set virtual memory to 2xRAM | |
| Logon as inet | |
| Install Office 2007 Pro Plus - Run all - no Outlook icon on desktop | |
| Install MS Math 3.0, MS Streets & Trips | |
| Install Adobe Reader-Flash-Shockwave; Install Java | |
| Install Firefox, Google Earth, Picasa, Itunes/Quicktime | |
| Place icons for auto repair, ibistro, infotrac on desktop | |
| Place items on desktop: MS games folder (add in programs & Features), snipping tool, notepad | |
| Keep Roxio Creator on desktop | |
| Install Spybot, fprot | |
| Do all Microsoft and application updates | |
| Turn off all automatic updates (MS, java, adobe reader) | |
| Activate windows Set remote registry service to delayed start Add acme & inet to Remote Desktop Users Turn on file/print sharing | |
| Confirm remote access to remote registry, file system, RDP | |
| BIOS settings: password; WOL; no energy saving; boot order | |
| Remove initial user and associated profile | |
| Install Printers | |
| Set default web/search in ie &ff, screen saver/power | |
| Populate icons on desktop and set icon location, do initial start of all apps, set background, set ie to default browser | |
| Make sure volume control is available in systray; test sound with headphones Confirm flash drive can be removed gracefully | |
Logon as acme (The administrative user) | |
| Create c:\port and set permissions to allow only acme access | |
| Set default web, folder options, background, printer, screen saver, power, | |
| Install Deepfreeze and thaw | |
| Log back into inet | |
| After DF install: set mydocs to T: (only T in list), T icon on desktop, my docs icon on desktop | |
| Run disk cleanup, defrag, and chkdsk | |
| Confirm ARP Poisoning is working | |
| Run fprot/spybot scans | |
| Log back into acme | |
| Remove inet from local administrator group | |
| Leave deep freeze unfrozen | |
| Sysprep to oob experience; do not generalize | |
| Capture the image with imagex | |
No comments:
Post a Comment