[WEB4LIB] Re: security programs

[Mike Nyerges]

I'll add a vote for this as well. When we initially migrated to a Windows 95
desktop we used Foolproof to secure the desktop in the library and our computer
labs--about 100 PCs.

In some ways Foolproof was easy to install and administer, with desktop
security configurations determined by files stored on our network servers.
(We're a Novell 4.11 shop). Still, to work on a desktop, using the full
functionality of the Windows desktop, you needed to turn the security off and
then turn it back on when you had finished working. We seemed to be doing this
fairly frequently. These machines are real workhorses and run anything from C++
to Microsoft office apps to Internet sessions running Netscape 3.0 and 4.5.
We're busy.

So we abandoned Foolproof as our desktop security program and now rely on
System Policies. We get the desktop we need on login based on who we are.  And
we also opted for a more open desktop that doesn't block the downloading of
files and the installation of programs--with the Internet a locked desktop
didn't make sense. Why block helper apps, plugins, etc.?

Of course, we have also switched to Ghost to clone our desktops when they
wobble out of control. But we've have had far fewer problems with our desktops
and no vandalism! Before, we even had the real savvy hacker open the Windows
cache in a hex editor and discover the Foolproof passwords--they were there
unencrypted!

In the library, I drop fresh partition images down on our 25 PCs every 4 or 5
weeks. I work this into my regular work over a couple of days. Should be
multicasting the images, but haven't gotten around to setting this up. First
time is the costliest time. VSN!

Actually, I have an article about this in the March issue of Computers in
Libraries. Wouldn't go back to way it was!

Mike Nyerges
Library Media Specialist
Canandaigua Academy Library
http://www.canandaigua.k12.ny.us/academy/library/
Mailto:MNyerges at wfmail.canandaigua.k12.ny.us

Genevieve Engel wrote:

> At 12:59 PM 3/31/99 -0800, Kyle Harriss wrote:
> >Advocating the abandonment of aftermarket "security"
> >programs:
>
> I'll second this.  Possibly security programs have recently gotten much
> more capable and easier to use, but I found ours to be more trouble than it
> was worth.  I dumped the security program on the Win 95 kiosk stations.  I
> use Microsoft's Poledit to secure the stations.  (I also went into the
> mouse settings and set the right mouse button to ordinary click/select,
> same as the left mouse button.  No Netscape Wallpaper problems on those
> stations!)
>
> In the training room which has additional software available to patrons,
> I'm rolling out Win NT and applying file- and directory-level security in
> addition to using Poledit to put security settings in the registry.
>
> I use Ghost to replicate an entire hard drive.  This speeds up the NT
> rollout and also leaves me with a handy disk image in case a user does
> manage to goof things up.
>
> I use NT's "at" command to start up a schedule service that runs a batch
> file early each morning.  The batch file replaces the Netscape bookmarks,
> clears out My Documents, etc.
>
> Genny Engel
> gengel at sfghdean.ucsf.edu