Chris, Any particular reason not to be on a domain? It seems that it would be a ridiculously easy investment to justify the cost of a box running Windows server to allow you to use Active Directory and Group Policy to do all of the things you listed below. I manage around 90 public and staff computers at two locations on two networks and I can't imagine doing that without the tools available throught a Windows domain controller. Andrew Mutch Libra ________________________________ From: Library NT [mailto:[log in to unmask]] On Behalf Of Chris Cooper Sent: Thursday, May 06, 2010 3:25 PM To: [log in to unmask] Subject: Re: Deep Freeze vs. SteadyState We are preparing to purchase DF Enterprise on a grant for the main reason stated in this discussion: "centrally managing" our PCs. I have been using the Gates PAC tool / Shared Computer Toolkit / SteadyState since 2002, when we received our first Gates grant. We are currently running Windows XP, CA eTrust anti-virus* and PC Reservation by Envisionware (plus LPT.One print management). I have all computers configured to run Windows and eTrust updates daily through SteadyState's Disk Protection tool, and it is working very well. The only reason I am tempted to even consider DF is because of the central management feature (92 public PCs and growing, and only one desktop support person). However, now I am having reservations about it because it won't help me to control the following: Locking down - Add printers, control panel, task manager, change password, network places, viewing and changing C: drive, run command, management console, autoplay CDs, locking the workstation, keyboard shortcuts, access to certain programs, etc, etc. I will still have to use SteadyState and touch each and every computer to make changes. I still cannot control these computers remotely, like I could if I were on a domain (which I am not, on this network) with SMS or Remote Desktop. I've tried TightVNC but it's a bit hoaky and unreliable. I also cannot centrally customize desktop icons or IE toolbars, menu items and favorites with DF; I still can't centrally update certain applications (like Adobe) without a script (I really don't do scripting), and I can't add/remove printers from the console. Am I right? So aside from doing what SteadyState Disk Protection does from one location, can someone tell me...why do I want DF? Chris Cooper | Library PC Technician Everett Public Library <http://www.epls.org/> (425.257.8039 | [log in to unmask] <mailto:[log in to unmask]> *BTW, just between the two of us - we went without virus protection for years because of disk protection. But we are now using it simply to protect our patrons, not necessarily our hard drives. We don't want them bringing in or taking malware elsewhere. From: Library NT [mailto:[log in to unmask]] On Behalf Of Simon Heres Sent: Monday, April 05, 2010 11:04 AM To: [log in to unmask] Subject: Re: [LIBNT-L] Deep Freeze and anti-virus software We've been using DF for about 10 years as well. Would not do without it. But as stated elsewhere, it does not provide realtime protection from viruses, malware, what have you, which can do their destruction on your network before you reboot to wipe it out. Other protection is a must. DF is only to retore a PC to it's previous state, devoid of changes made by previous users. Works well with updates as we schedule MS updates, AV updates, and even scans, etc. during thaw times. For users docs, we've created a thaw space (call Save Here), and redirected My Documents to it for a default save location, and a shortcut to it on the desktop, and configured all apps to save there by default as well. We've denied users ability to save anywhere else, using GP or local NTFS permissions (i.e. deny write to desktop). I run a script every few days to empty the thawspace of saved files. This works very well for us. DF admin is great. Makes working with large amount of PCs easy. Worth the upgrade cost. Simon Heres Biola University Library La Mirada, CA ________________________________ Library NT <[log in to unmask]> writes: I have to agree here. It is not a substitute by any stretch of the imagination. Whatever manages to get infected can sit there and fester for hours before a reboot. Not my idea of a good time. ;-) Anti-virus is a must. Having this type of software in place has been a life saver for us. The 2 working together allows us to open the computers to act a little more like a "home" computer but yet, we can protect ourselves. So those of you on deep freeze - it seems like it's a pretty solid product. What issues (if any) have you come across with patrons saving documents, pictures, etc temporarily on the desktop / my documents / etc while they are working on them? We are currently experiencing an issue where the patron does just that and for an unknown reason, the system then kicks back stating that the file cannot be found. Yet, you can see it plain as day where ever they have saved it. Reboot the machine, all is well again but the customer has lost all their work. This is a new problem that has cropped up in the current version but there has not yet been a solution that has worked from the vendor. We're going on at least 8 months of this and customers are getting more and more vocal about this... Yes, you can tell them tough cookies, but that isn't exactly customer friendly nor does it help the poor guy who spent an hour on their resume only to lose it all. We've been in contact with 2 other sites with the same issue (a local high school and another library somewhere - I forget where.) Anyone run into any AD GPO policies that makes things difficult? :) Thanks for the stories so far! :-D I think we're going to set up a test box or two. ;-) If you have more, I am certainly willing to listen! ;) Thanks, Gretchen Garcia MCLD IT Services [log in to unmask] -----Original Message----- From: Library NT [mailto:[log in to unmask]] On Behalf Of GRAY, PAUL Sent: Monday, April 05, 2010 10:19 AM To: [log in to unmask] Subject: Re: Deep Freeze and anti-virus software Short answer -- YES you need both - especially if it is on a network. Deep Freeze does a WONDERFUL job of cleaning up any changes - intentional or unintentional made on a machine. Love it -- would not want to have to to my job without it. BUT - Deep Freeze does NOT BLOCK anything from coming into your computer. Unless you reboot your system several times a day - Virsuses, Malware, can still invade your system - compromise information - spread itself to the patron's jump drive etc before you ever have a reason to reboot. To me - Deep Freeze is a supplement to -- not a substitute for standard safety practices. Opinions stated are my own etc etc etc Paul H Gray TCC NE Library Hurst, Tx ________________________________ From: Library NT [[log in to unmask]] On Behalf Of Hartung, Steven [[log in to unmask]] Sent: Monday, April 05, 2010 12:09 PM To: [log in to unmask] Subject: [LIBNT-L] Deep Freeze and anti-virus software Can I expand Gretchen's question and ask if anyone is using Deep Freeze as the only solution in protecting their machines, or if you find the need to continue with a virus protection software as well. Thanks. Steven Hartung Pamunkey Regional Library 804.537.6214 office 804.537.6389 fax From: Library NT [mailto:[log in to unmask]] On Behalf Of Sylvia MacKenzie Sent: Monday, April 05, 2010 12:58 PM To: [log in to unmask] Subject: Re: [LIBNT-L] Deep Freeze We have used Deepfreeze at our library for over 10 years and have had no problems with it. Currently we are using deepfreeze version 6 which allows you to do administration from one computer to all your public computers. We use it on over 100 computers. Deepfreeze works on Vista and windows 7 as well as XP I wouldn't recommend steady state as it is only for XP and vista. Microsoft won't be continuing its use on Windows 7. We tried on different computers and had a lot of problems with it. It may be free but not worth the aggravation for the problems it caused. What steady state is - is a really locked down guest account so you will run into limitations with it and problems using some of the operating system whereas deepfreeze doesn't do that. Faronics offers discounts for libraries for volume licensing. We use PC Reservation and their print management system and it doesn't affect it at all. Deepfreeze also works on 64 bit systems You can download an evaluation from www.faronics.com<http://www.faronics.com> if you want to test it. Sylvia MacKenzie Colchseter East Hants Public Library Truro NS Canada From: Library NT [mailto:[log in to unmask]] On Behalf Of Vermeersch, Scott M. Sent: Monday, April 05, 2010 1:25 PM To: [log in to unmask] Subject: Re: [LIBNT-L] Deep Freeze You may also want to look at Microsoft SteadyState. Similar to Deepfreeze but free. Scott Vermeersch Systems Analyst Mayo Clinic Libraries E-mail: [log in to unmask]<mailto:[log in to unmask]> __________________________ Mayo Clinic 200 First Street SW Rochester, MN 55905 www.mayoclinic.org<http://www.mayoclinic.org/> ________________________________ From: Library NT [mailto:[log in to unmask]] On Behalf Of Wong, Channing Sent: Monday, April 05, 2010 11:07 AM To: [log in to unmask] Subject: Re: [LIBNT-L] Deep Freeze We use deep freeze with library online and trend micro. It works fine in that setup. If any problems or virus warnings come up staff can just restart the machine and it'll be like nothing has happened. The only real issue is scheduling updates to be done as the machines are frozen. This includes windows updates or any software installed including trend. There is a scheduler to setup update times. It is a good product. They will to unifying their management console eventually so I'm told so you can admin all their software from one panel. On Apr 5, 2010, at 9:00 AM, "Gretchen Garcia - LIBRARY" <[log in to unmask]<mailto:[log in to unmask]>> wrote: Good morning LibNT! ;-) I am curious about your stories (good and bad) about using Deep Freeze in your environment. Especially if you have your public machines on a domain and use any sort of PC access management system (We are using SAM.) We are currently running XP and using Trend Micro as our Anti-virus. We seem to be running into walls using our current solution and we're not getting the response we would like from the vendor. Any and all stories (again, good, bad and ugly) would be appreciated. ;-) Thanks much! Thanks, Gretchen Garcia MCLD IT Services [log in to unmask]<mailto:[log in to unmask]> http://www.mcldaz.org "There are 10 types of people in this world. Those who understand binary and those who don't." =) Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm