Hi John, Nice to see a fellow Wisconsinite on here!
Many of the libraries in the WVLS system do just what you're thinking about doing. That is, they utilize Deep Freeze to maintain systems' states but also utilize fairly open configs for patron computers. Standard local user accounts vs admin accounts are about the closest thing to GPO they do for limiting system config manipulation. I'm sharing this because it is our current state. However, we're also investigating change, looking to extend AD services to many/most of our small rural library members, and working on exploring a more library-integrated/embedded model for our technology services. So we're actually considering mixing a bit of lightweight GPO usage along with Deep Freeze, and a standard set of configuration images to simply re-image a computer if something happens to it in spite of Deep Freeze and/or GPO constraints. Our largest member, MCPL, is leveraging the Faronics Antivirus licensing our system maintains, but they are actually eschewing Deep Freeze entirely on their patron computers and doing some extensive lock down through GPO. I know that doesn't really give you a solid sense of "the right" direction. Bottom line, if moving away from GPO and relying more on Deep Freeze feels right to you and/or the technology support staff you have access to, then it's probably the right move. I'm probably just as curious as you to see what others have to share regarding their own preferences and/or successful strategies. Good luck! Joshua Klingbeil - IT Director Wisconsin Valley Library Service *I have learned that when I am able to empty my mind of * * preconception, predisposition, and prejudice... * *... what remains is possibility!* *It's easy to answer "No! And here's why not..." It's empowering to answer "Yes! Now let's figure out how..."* On Tue, Jun 7, 2016 at 12:12 PM, John Klima <jkl...@waukesha.lib.wi.us> wrote: > This is cross-posted on LITA-L. Apologies if you're seeing this twice. > > We're in the process of making some updates to our public computers and I > thought I would survey the crowd to see what people are doing to lock up > access to the 'guts' of the computer. > > The computers are all running Windows 7 and have MS Word and Excel > installed on them. Obviously IE is on the computers and we've also > installed Chrome because IE gave us some weird issues. We use MyPC and > Papercut for computer reservation and printing respectively. We're > currently using group policy to control what the patron can do on the > computer. All the machines have DeepFreeze on them and the computers reboot > when the patron logs out of MyPC. We've given some thought to opening the > machines up and relying on DeepFreeze to 'fix' any changes that happen to > the system but that makes me nervous. > > What types of things are you doing with your public computers? > > John Klima > Assistant Director > Waukesha Public Library > 262-524-3688 > jkl...@waukesha.lib.wi.us<mailto:jkl...@waukesha.lib.wi.us> > > The opinions expressed are mine and do not necessarily represent those of > the Waukesha Public Library or the City of Waukesha. > -- <http://facebook.wvls.org> <http://twitter.wvls.org>