Deep freeze will not do those things.
However, Group Policy will. :) There are group policy options that will stop
all of that stuff. Some of it, you could even leave open. Reboot the machine
and any changes the customers have made are gone. We use a combination of group
policies, a mandatory profile and clean slate. We have the profile fairly open,
removing a lot of shortcuts through group policy and the other stuff (like
printers) we don’t sweat. You have to be a print operator or an admin to
add printers – the user Public is just a regular user.
Updating Adobe has always been a PITA.
However, they now have an MSI builder that you can download that will help you
create packages that you can deploy through group policy and will update during
Deep Freeze’s maintenance mode. :)
Thanks,
Gretchen Garcia
[log in to unmask]
MCLD IT Services
From: Library
NT [mailto:[log in to unmask]] On
Behalf Of Chris Cooper
Sent: Thursday, May 06, 2010 12:25
PM
To: [log in to unmask]
Subject: Re: Deep Freeze vs.
SteadyState
We are preparing to
purchase DF Enterprise on a grant for the main reason stated in this
discussion: “centrally managing” our PCs. I have been using the
Gates PAC tool / Shared Computer Toolkit / SteadyState since 2002, when we
received our first Gates grant. We are currently running Windows XP, CA eTrust
anti-virus* and PC Reservation by Envisionware (plus LPT.One print management).
I have all computers configured to run Windows and eTrust updates daily through
SteadyState’s Disk Protection tool, and it is working very well.
The only reason I am
tempted to even consider DF is because of the central management feature (92
public PCs and growing, and only one desktop support person). However, now I am
having reservations about it because it won’t help me to control the
following:
Locking down –
Add printers, control panel, task manager, change password, network places,
viewing and changing C: drive, run command, management console, autoplay CDs,
locking the workstation, keyboard shortcuts, access to certain programs, etc,
etc. I will still have to use SteadyState and touch each and every computer to
make changes. I still cannot control these computers remotely, like I could if
I were on a domain (which I am not, on this network) with SMS or Remote Desktop.
I’ve tried TightVNC but it’s a bit hoaky and unreliable.
I also cannot
centrally customize desktop icons or IE toolbars, menu items and favorites with
DF; I still can’t centrally update certain applications (like Adobe)
without a script (I really don’t do scripting), and I can’t
add/remove printers from the console. Am I right? So aside from doing what
SteadyState Disk Protection does from one location, can someone tell
me…why do I want DF?
Chris
Cooper | Library PC
Technician
Everett Public Library
(425.257.8039 | [log in to unmask]
*BTW, just between
the two of us – we went without virus protection for years because of
disk protection. But we are now using it simply to protect our patrons, not
necessarily our hard drives. We don’t want them bringing in or taking
malware elsewhere.
From: Library
NT [mailto:[log in to unmask]] On
Behalf Of Simon Heres
Sent: Monday, April 05, 2010 11:04
AM
To: [log in to unmask]
Subject: Re: [LIBNT-L] Deep Freeze
and anti-virus software
We've been using DF for about 10 years as well. Would not do
without it. But as stated elsewhere, it does not provide realtime
protection from viruses, malware, what have you, which can do their
destruction on your network before you reboot to wipe it out.
Other protection is a must. DF is only to retore a PC to
it's previous state, devoid of changes made by previous users.
Works well with updates as we schedule MS updates, AV updates, and
even scans, etc. during thaw times.
For users docs, we've created a thaw space (call Save Here), and
redirected My Documents to it for a default save location, and a shortcut to it
on the desktop, and configured all apps to save there by default as well.
We've denied users ability to save anywhere else, using GP or local NTFS
permissions (i.e. deny write to desktop). I run a script every few days to
empty the thawspace of saved files. This works very well for us.
DF admin is great. Makes working with large amount of PCs
easy. Worth the upgrade cost.
Simon Heres
Library NT <[log in to unmask]> writes:
I have to agree here. It is not a substitute by
any stretch of the
imagination. Whatever manages to get infected
can sit there and fester
for hours before a reboot. Not my idea of a
good time. ;-) Anti-virus is
a must. Having this type of software in place
has been a life saver for
us. The 2 working together allows us to open
the computers to act a
little more like a "home" computer
but yet, we can protect ourselves.
So those of you on deep freeze - it seems like
it's a pretty solid
product. What issues (if any) have you come
across with patrons saving
documents, pictures, etc temporarily on the
desktop / my documents / etc
while they are working on them?
We are currently experiencing an issue where
the patron does just that
and for an unknown reason, the system then
kicks back stating that the
file cannot be found. Yet, you can see it plain
as day where ever they
have saved it. Reboot the machine, all is well
again but the customer
has lost all their work. This is a new problem
that has cropped up in
the current version but there has not yet been
a solution that has
worked from the vendor. We're going on at least
8 months of this and
customers are getting more and more vocal about
this... Yes, you can
tell them tough cookies, but that isn't exactly
customer friendly nor
does it help the poor guy who spent an hour on
their resume only to lose
it all. We've been in contact with 2 other
sites with the same issue (a
local high school and another library somewhere
- I forget where.)
Anyone run into any AD GPO policies that makes
things difficult? :)
Thanks for the stories so far! :-D I think
we're going to set up a test
box or two. ;-) If you have more, I am
certainly willing to listen! ;)
Thanks,
Gretchen Garcia
MCLD IT Services
-----Original Message-----
From: Library NT [mailto:[log in to unmask]]
On Behalf Of GRAY,
PAUL
Sent: Monday, April 05, 2010 10:19 AM
Subject: Re: Deep Freeze and anti-virus
software
Short answer -- YES you need both -
especially if it is on a network.
Deep Freeze does a WONDERFUL job of cleaning up
any changes -
intentional or unintentional made on a machine.
Love it -- would not want to have to to my job
without it.
BUT -
Deep Freeze does NOT BLOCK anything from coming
into your computer.
Unless you reboot your system several times a
day -
Virsuses, Malware, can still invade your system
- compromise information
- spread itself to the patron's jump drive etc
before you ever have a
reason to reboot.
To me - Deep Freeze is a supplement to -- not a
substitute for standard
safety practices.
Opinions stated are my own etc etc etc
Paul H Gray
TCC NE Library
________________________________
From: Library NT [[log in to unmask]] On Behalf
Of Hartung, Steven
Sent: Monday, April 05, 2010 12:09 PM
Subject: [LIBNT-L] Deep Freeze and anti-virus
software
Can I expand Gretchen's question and ask if
anyone is using Deep Freeze
as the only solution in protecting their
machines, or if you find the
need to continue with a virus protection
software as well. Thanks.
Steven Hartung
Pamunkey Regional Library
804.537.6214 office
804.537.6389 fax
From: Library NT [mailto:[log in to unmask]]
On Behalf Of Sylvia
MacKenzie
Sent: Monday, April 05, 2010 12:58 PM
Subject: Re: [LIBNT-L] Deep Freeze
We have used Deepfreeze at our library for over
10 years and have had no
problems with it. Currently we are using
deepfreeze version 6 which
allows you to do administration from one
computer to all your public
computers.
We use it on over 100 computers. Deepfreeze
works on
as well as XP
I wouldn't recommend steady state as it is only
for XP and vista.
Microsoft won't be continuing its use on
Windows 7. We tried on
different computers and had a lot of problems
with it. It may be free
but not worth the aggravation for the problems
it caused. What steady
state is - is a really locked down guest
account so you will run into
limitations with it and problems using some of
the operating system
whereas deepfreeze doesn't do that. Faronics
offers discounts for
libraries for volume licensing. We use PC
Reservation and their print
management system and it doesn't affect it at
all. Deepfreeze also works
on 64 bit systems You can download an
evaluation from
www.faronics.com<http://www.faronics.com> if you want to test it.
Sylvia MacKenzie
Colchseter East Hants Public Library
From: Library NT [mailto:[log in to unmask]]
On Behalf Of
Vermeersch, Scott M.
Sent: Monday, April 05, 2010 1:25 PM
Subject: Re: [LIBNT-L] Deep Freeze
You may also want to look at Microsoft
SteadyState. Similar to
Deepfreeze but free.
Scott Vermeersch
Systems Analyst
Mayo Clinic Libraries
E-mail: [log in to unmask]<mailto:[log in to unmask]>
__________________________
Mayo Clinic
200
www.mayoclinic.org<http://www.mayoclinic.org/>
________________________________
From: Library NT [mailto:[log in to unmask]]
On Behalf Of Wong,
Channing
Sent: Monday, April 05, 2010 11:07 AM
Subject: Re: [LIBNT-L] Deep Freeze
We use deep freeze with library online and
trend micro. It works fine in
that setup. If any problems or virus warnings
come up staff can just
restart the machine and it'll be like nothing
has happened.
The only real issue is scheduling updates to be
done as the machines are
frozen. This includes windows updates or any
software installed
including trend. There is a scheduler to setup
update times. It is a
good product. They will to unifying their
management console eventually
so I'm told so you can admin all their software
from one panel.
On Apr 5, 2010, at 9:00 AM, "Gretchen
Garcia - LIBRARY"
<[log in to unmask]<mailto:[log in to unmask]>>
wrote:
Good morning LibNT! ;-) I am curious about your
stories (good and bad)
about using Deep Freeze in your environment.
Especially if you have your
public machines on a domain and use any sort of
PC access management
system (We are using SAM.) We are currently
running XP and using Trend
Micro as our Anti-virus.
We seem to be running into walls using our
current solution and we're
not getting the response we would like from the
vendor.
Any and all stories (again, good, bad and ugly)
would be appreciated.
;-) Thanks much!
Thanks,
Gretchen Garcia
MCLD IT Services
[log in to unmask]<mailto:[log in to unmask]>
"There are 10 types of people in this
world. Those who understand binary
and those who don't." =)
Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm