We loan laptops and looked into the kiosk solutions originally and ruled them
out as too expensive. (And from what I remember they generally just use
Deepfreeze-like software to wipe them anyway). We shied away from the
deep-freeze like option because we could imagine situations where patrons lost
data because they didn't plug the laptop in in time. It seems like there should
be a Deepfreeze where it's triggered on demand instead of by a restart, but at
the time I couldn't find one.
So one of my guys came up with a technique where the laptops had a separate
partition with an image of the OS partition saved to it. So when the laptop
came back the circ staff would plug in a USB with a live version of Linux on
it. There was a button on the linux desktop that would run a script that would
use clonezilla to reimage the OS partition from the other partition on the
laptop. As I'm writing this, it is sounding very Code4lib-ish.
In the end I decided the time we spent on maintenance for these got to be too
much. He was spending too much time when it was time to do windows updates
because it involved reimaging the OS back to the second partition after the
updates (He had to put a hold on all of them and as they came back they would
get cycled to IT and back into circulation). Also there were too many physical
repairs as well. So I just told them that if they want to circulate laptops, we
have to switch to using cheaper Chromebooks.
So now, the Chromebooks come back and get power-washed and that's it. And no
repairs, just replacements.
Brent
Iowa City Public Library
-----Original Message-----
From: Code for Libraries <CODE4LIB@LISTS.CLIR.ORG> On Behalf Of Hammer, Erich F
Sent: Friday, March 10, 2023 12:33 PM
To: CODE4LIB@LISTS.CLIR.ORG
Subject: Re: [CODE4LIB] Securing Loaner Laptops
Mike,
I brought this up on the LABMGR listserv a couple years back, and there was
enough discussion that someone arranged for a virtual panel discussion (that I
was unfortunately unable to attend).
The general consensus was that because of the zeroth rule of security ("Without
physical security, there is no security."), laptops pretty much have to be
wiped between users. If you are going to wipe it anyway, you may as well give
the user admin rights so they can do what they need.
We haven't gotten back into lending laptops mostly for budgetary reasons, but
if we do, that is the model we will be following. I don't know if we will try
to establish our own procedure, or go with a laptop "vending machine" kiosk.
My understanding is that those are designed to wipe and re-image the machines
when they are returned.
Erich
On Friday, March 10, 2023 at 12:58, Mike Paulmeno eloquently inscribed:
> To All:
> I have a question for the group. Does anyone here
> work at an institution which lends laptops out? Our campus is going
> to implement such a program. The impetus is coming from IT and the
> student government, but the library will be involved as the plan is to use
> self-checkout machines.
> We're wondering how other institutions secure the laptops themselves.
> Do you wipe them after each use or just use something like Deep
> Freeze/lock the devices down so people can't install anything?
>
> Best,
> Mike
>
Michael Paulmeno Systems Librarian Lucy Scribner Library, 210 Skidmore
College (518) 580-5505 mpaul...@skidmore.edu<mailto:mpaul...@skidmore.edu>
He/Him/His
