We
are preparing to purchase DF Enterprise on a grant for the main reason stated in
this discussion: “centrally managing” our PCs. I have been using the Gates PAC
tool / Shared Computer Toolkit / SteadyState since 2002, when we received our
first Gates grant. We are currently running Windows XP, CA eTrust anti-virus*
and PC Reservation by Envisionware (plus LPT.One print management). I have all
computers configured to run Windows and eTrust updates daily through
SteadyState’s Disk Protection tool, and it is working very
well.
The
only reason I am tempted to even consider DF is because of the central
management feature (92 public PCs and growing, and only one desktop support
person). However, now I am having reservations about it because it won’t help me
to control the following:
Locking
down – Add printers, control panel, task manager, change password, network
places, viewing and changing C: drive, run command, management console, autoplay
CDs, locking the workstation, keyboard shortcuts, access to certain programs,
etc, etc. I will still have to use SteadyState and touch each and every computer
to make changes. I still cannot control these computers remotely, like I could
if I were on a domain (which I am not, on this network) with SMS or Remote
Desktop. I’ve tried TightVNC but it’s a bit hoaky and
unreliable.
I
also cannot centrally customize desktop icons or IE toolbars, menu items and
favorites with DF; I still can’t centrally update certain applications (like
Adobe) without a script (I really don’t do scripting), and I can’t add/remove
printers from the console. Am I right? So aside from doing what SteadyState Disk
Protection does from one location, can someone tell me…why do I want DF?
Chris
Cooper |
Library PC Technician
Everett
Public Library
(425.257.8039
| [log in to unmask]
*BTW,
just between the two of us – we went without virus protection for years because
of disk protection. But we are now using it simply to protect our patrons, not
necessarily our hard drives. We don’t want them bringing in or taking malware
elsewhere.
From: Library NT
[mailto:[log in to unmask]] On Behalf Of Simon
Heres
Sent: Monday, April 05, 2010 11:04 AM
To:
[log in to unmask]
Subject: Re: [LIBNT-L] Deep Freeze and
anti-virus software
We've been using DF for
about 10 years as well. Would not do without it. But as stated
elsewhere, it does not provide realtime protection from viruses, malware,
what have you, which can do their destruction on your network before you reboot
to wipe it out.
Other protection is a
must. DF is only to retore a PC to it's previous state, devoid of
changes made by previous users.
Works well with updates
as we schedule MS updates, AV updates, and even scans, etc. during thaw
times.
For users docs, we've
created a thaw space (call Save Here), and redirected My Documents to it for a
default save location, and a shortcut to it on the desktop, and configured all
apps to save there by default as well. We've denied users ability to save
anywhere else, using GP or local NTFS permissions (i.e. deny write to desktop).
I run a script every few days to empty the thawspace of saved files. This
works very well for us.
DF admin is great.
Makes working with large amount of PCs easy. Worth the upgrade cost.
Simon
Heres
Biola University
Library
La Mirada,
CA
Library
NT <[log in to unmask]>
writes:
I have
to agree here. It is not a substitute by any stretch of
the
imagination.
Whatever manages to get infected can sit there and fester
for
hours before a reboot. Not my idea of a good time. ;-) Anti-virus
is
a must.
Having this type of software in place has been a life saver
for
us. The
2 working together allows us to open the computers to act
a
little
more like a "home" computer but yet, we can protect
ourselves.
So
those of you on deep freeze - it seems like it's a pretty
solid
product.
What issues (if any) have you come across with patrons
saving
documents,
pictures, etc temporarily on the desktop / my documents /
etc
while
they are working on them?
We are
currently experiencing an issue where the patron does just
that
and for
an unknown reason, the system then kicks back stating that
the
file
cannot be found. Yet, you can see it plain as day where ever
they
have
saved it. Reboot the machine, all is well again but the
customer
has
lost all their work. This is a new problem that has cropped up
in
the
current version but there has not yet been a solution that
has
worked
from the vendor. We're going on at least 8 months of this
and
customers
are getting more and more vocal about this... Yes, you can
tell
them tough cookies, but that isn't exactly customer friendly
nor
does it
help the poor guy who spent an hour on their resume only to
lose
it all.
We've been in contact with 2 other sites with the same issue
(a
local
high school and another library somewhere - I forget where.)
Anyone
run into any AD GPO policies that makes things difficult?
:)
Thanks
for the stories so far! :-D I think we're going to set up a
test
box or
two. ;-) If you have more, I am certainly willing to listen!
;)
Thanks,
Gretchen
Garcia
MCLD IT
Services
-----Original
Message-----
From:
Library NT [mailto:[log in to unmask]] On Behalf Of
GRAY,
PAUL
Sent:
Monday, April 05, 2010 10:19 AM
Subject:
Re: Deep Freeze and anti-virus software
Short
answer -- YES you need both - especially if it is on a
network.
Deep
Freeze does a WONDERFUL job of cleaning up any changes -
intentional
or unintentional made on a machine.
Love it
-- would not want to have to to my job without it.
BUT
-
Deep
Freeze does NOT BLOCK anything from coming into your
computer.
Unless
you reboot your system several times a day -
Virsuses,
Malware, can still invade your system - compromise
information
-
spread itself to the patron's jump drive etc before you ever have
a
reason
to reboot.
To me -
Deep Freeze is a supplement to -- not a substitute for
standard
safety
practices.
Opinions
stated are my own etc etc etc
Paul H
Gray
TCC NE
Library
Hurst,
Tx
________________________________
From:
Library NT [[log in to unmask]] On Behalf
Of Hartung, Steven
Sent:
Monday, April 05, 2010 12:09 PM
Subject:
[LIBNT-L] Deep Freeze and anti-virus software
Can I
expand Gretchen's question and ask if anyone is using Deep
Freeze
as the
only solution in protecting their machines, or if you find
the
need to
continue with a virus protection software as well.
Thanks.
Steven
Hartung
Pamunkey
Regional Library
804.537.6214
office
804.537.6389
fax
From:
Library NT [mailto:[log in to unmask]] On Behalf Of
Sylvia
MacKenzie
Sent:
Monday, April 05, 2010 12:58 PM
Subject:
Re: [LIBNT-L] Deep Freeze
We have
used Deepfreeze at our library for over 10 years and have had
no
problems
with it. Currently we are using deepfreeze version 6 which
allows
you to do administration from one computer to all your
public
computers.
We use
it on over 100 computers. Deepfreeze works on Vista and windows
7
as well
as XP
I
wouldn't recommend steady state as it is only for XP and
vista.
Microsoft
won't be continuing its use on Windows 7. We tried
on
different
computers and had a lot of problems with it. It may be
free
but not
worth the aggravation for the problems it caused. What
steady
state
is - is a really locked down guest account so you will run
into
limitations
with it and problems using some of the operating system
whereas
deepfreeze doesn't do that. Faronics offers discounts for
libraries
for volume licensing. We use PC Reservation and their
print
management
system and it doesn't affect it at all. Deepfreeze also
works
on 64
bit systems You can download an evaluation from
www.faronics.com<http://www.faronics.com> if
you want to test it.
Sylvia
MacKenzie
Colchseter
East Hants Public Library
Truro
NS Canada
From:
Library NT [mailto:[log in to unmask]] On Behalf
Of
Vermeersch,
Scott M.
Sent:
Monday, April 05, 2010 1:25 PM
Subject:
Re: [LIBNT-L] Deep Freeze
You may
also want to look at Microsoft SteadyState. Similar to
Deepfreeze
but free.
Scott
Vermeersch
Systems
Analyst
Mayo
Clinic Libraries
E-mail:
[log in to unmask]<mailto:[log in to unmask]>
__________________________
Mayo
Clinic
200
First Street SW
Rochester,
MN 55905
www.mayoclinic.org<http://www.mayoclinic.org/>
________________________________
From:
Library NT [mailto:[log in to unmask]] On Behalf Of
Wong,
Channing
Sent:
Monday, April 05, 2010 11:07 AM
Subject:
Re: [LIBNT-L] Deep Freeze
We use
deep freeze with library online and trend micro. It works fine
in
that
setup. If any problems or virus warnings come up staff can
just
restart
the machine and it'll be like nothing has happened.
The
only real issue is scheduling updates to be done as the machines
are
frozen.
This includes windows updates or any software installed
including
trend. There is a scheduler to setup update times. It is
a
good
product. They will to unifying their management console
eventually
so I'm
told so you can admin all their software from one panel.
On Apr
5, 2010, at 9:00 AM, "Gretchen Garcia - LIBRARY"
<[log in to unmask]<mailto:[log in to unmask]>>
wrote:
Good
morning LibNT! ;-) I am curious about your stories (good and
bad)
about
using Deep Freeze in your environment. Especially if you have
your
public
machines on a domain and use any sort of PC access
management
system
(We are using SAM.) We are currently running XP and using
Trend
Micro
as our Anti-virus.
We seem
to be running into walls using our current solution and
we're
not
getting the response we would like from the vendor.
Any and
all stories (again, good, bad and ugly) would be
appreciated.
;-)
Thanks much!
Thanks,
Gretchen
Garcia
MCLD IT
Services
[log in to unmask]<mailto:[log in to unmask]>
"There
are 10 types of people in this world. Those who understand
binary
and
those who don't." =)
Email
Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm