Re: Securing Kiosks after adding MS Office apps?
From: - AJS (a)
Date: 06/23/03
- Next message: Joel proal: "Web Smart Card Enrollment failed from a distant host"
- Previous message: Lanwench [MVP - Exchange]: "Re: How can I copy multiple user profiles from one Win 2k server to another?"
- In reply to: Matt Gehrisch: "Securing Kiosks after adding MS Office apps?"
- Next in thread: Leythos: "Re: Securing Kiosks after adding MS Office apps?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Jun 2003 11:31:42 -0500
"Matt Gehrisch" <hd_883_97@yahoo.com> wrote:
>Hello,
>I work in the computer services department at a public library.
>
>We offer internet access to library patrons on about 40 internet kiosks
>throughout the library's three branches. We have been getting an increasing
>number of requests to provide Microsoft Word on these machines in addition
>to the basic internet software. For the time being, we only provide office
>software on 8 machines that are not granted internet access.
>
>We are currently using Centurion Guard and WinSelect 5.0 to secure our
>internet terminals, which are running Windows2000 Professional.
>
>I have been asked to begin researching the steps that we will need to take
>in order to secure our internet Kiosks with the addition of MS Office
>components. We would like to install the Word and Excel portions of
>Microsoft Office 2000.
>
>Specifically, we need to be able to lock out a few menu items, and only
>allow file access to the floppy drive. WinSelect has worked well for us,
>but it seems to be fairly oblivious to MS Word/Excel.
>
>Has anyone setup similar configurations in a library or school environment?
Hi Matt,
Yes, I have a private school as a client.
You can do a good job of locking down drive access with policies and XCACLS.EXE
(from the RK). Specifically, check out and use the difference between perms on
existing files, and the inherrited permissions on new files... Word
specifically requires write access to your %systemroot% folder (.\winnt by
default) for a scratch file. This is BAD.
Also, I have not seen any method of blocking specific menu items in Office
products.
And finally, regardless of how you secure the machines, I recommend making a
Ghost image of the completed, secured production machine, and regularly burning
that image back onto the PCs... This will undo anything someone has found a way
to leave or change on the machine, making them start over.
HTH,
- AJS
- Next message: Joel proal: "Web Smart Card Enrollment failed from a distant host"
- Previous message: Lanwench [MVP - Exchange]: "Re: How can I copy multiple user profiles from one Win 2k server to another?"
- In reply to: Matt Gehrisch: "Securing Kiosks after adding MS Office apps?"
- Next in thread: Leythos: "Re: Securing Kiosks after adding MS Office apps?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
