[WEB4LIB] OPAC Security Revisited

Andrew Mutch amutch at waterford.lib.mi.us
Thu Feb 28 17:37:54 EST 2002 

Laurie,

I'll admit up-front that I have less experience with Windows2000 than others on
the list. However, from what I know, it sounds like your tech might be taking
the hard way to lock down your computers.

First, the preferred way to lock down Windows2000 is using Group Policy in
combination with a Windows2000 server and Active Directory.  Absent Active
Directory, you can still use Group Policy to lock down just about every bell and
whistle on Windows2000.  Through the MMC, you can access the Group Policy, which
provides a nice interface that shows you whether a settings is enabled or
disabled and even more helpful, it defines what the setting does.

In response to your questions:

1) There is a setting in the Group Policy Administrative Template that will hide
all icons on the desktop including "My Computer". There's also registry hacks
that do this. He should check out:

http://www.winguides.com/

2) Probably not but I'll defer to others on this.

3) Use the shift key.

"When using the automatic login feature it is possible for a user to hold the
Shift key to bypass the login sequence and enter a username and password."

From:

http://www.winguides.com/registry/display.php/946/

which describes the registry edit to block this option so your tech should make
sure that he leave this backdoor open.

4) We have one computer with JAWS and some other adaptive technology. We don't
allow access to the Accessability options but haven't had any requests for it
either.

I would highly recommend that your tech also check LIBNT-L.  Here's the
archives:

http://listserv.utk.edu/archives/libnt-l.html

He probably will want to sign up for that too if he has not already.  Someone on
that list has probably already solved any problems he will encounter.

Good luck!

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI

Laurie Schladweiler wrote:

> We have about 60 new computers coming in. Library is separate from and near
> large academic computing center so we want tight security in order to limit
> use to internet, Library catalog and online database searching. (Everything
> else is available in computing center). We have Compaq D300's
> (minitowers)with TFT (flat screen) monitors and our technician is working
> with TWEAKUI(sp?) and policy editor (server level), Win2000Pro. He is stuck
> on a few last items:
>
> 1) In the past we could hide "My Computer" from Desktop on WinNT and Win98
> but cannot find a way on Win2000Pro.
> 2) Library staff would prefer not to use any screensavers. Do we still have
> to in order to prevent screen damage even with the new models?
> 3) We'd prefer to use auto logon but he doesn't know how, with the above
> tools, to "get in" for admin access with auto logon. We use Pharos
> Pay-for-Print and if a student shuts down and logs in incorrectly the next
> person can't print. (Password is blank on logon screen, but they have to
> click O.K. instead of cancel). Do we have to write a special script or could
> we use these tools?
> 4)Also, curiosity, we have an assitive tech station with software for
> hearing and vision impared students, etc. Wondering, do those of you who do
> lock down leave "Accessibility" options open and if so, do you have many
> patrons who use or even know to look for them?
>
> Thank you in advance-- to the list or me personally would be fine if you can
> spare a minute and have an idea for us.
>
> Laurie Schladweiler
> West Campus Library
> Pima Community College
> Tucson, AZ 85709
> 520-206-6821
>
> _________________________________________________________________
> Join the world’s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com

More information about the Web4lib mailing list