Educause Security Discussion mailing list archives
Re: Public Machine Access
From: Mark Rogowski <m.rogowski () UWINNIPEG CA>
Date: Mon, 23 Jan 2006 14:02:29 -0600
Regarding power, we have instructed Lab Admins to leave systems run overnight on the maintanence days. Another option would be to activate Wake-on-LAN but that's a different can of worms - something we have not yet moved to. Deep Freeze Enterprise does not actively keep tabs on workstation licenses. The Enterprise "server" is mainly used for discovery, identification, freeze/unfreeze, and running some custom scripts you may have AFAIK. Communication is initiated by the server and not the workstation. You must therefore have a clear communication path between the two, which includes ICMP (ping). This was the only communications issue we had when deploying the Enterprise product - knowing the direction of communication. Our server communicates with various labs across a number of subnets. Mark Rogowski IT Security Technology Solutions Centre University of Winnipeg Ph: (204) 786-9034
FlaggMD () HIRAM EDU 01/23/06 1:17 PM >>>
We do something similar with Driveshield, but what if the machine is off? Does Deep Freeze require a licensing server? Does Deep Freeze work well across multiple subnets? We have had issues with Drive shield with the Licensing server and multiple subnets. I would like users not to have Admin access but that is a battle we have lost. Martin D. Flagg Network Engineer/Administrator - When you want nothing you are seldom lacking. -----Original Message----- From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU] Sent: Monday, January 23, 2006 2:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Public Machine Access We use Deep Freeze as well, and Zenworks for updates. Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison -----Original Message----- From: Mark Rogowski [mailto:m.rogowski () UWINNIPEG CA] Sent: Monday, January 23, 2006 12:37 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Public Machine Access We use Deep Freeze from Faronics - works VERY well: http://www.faronics.com/index.asp Students can do anything they want to systems to polute them. Once rebooted, the system goes back to normal. open lab systems have been configured to automatically reboot after 30 minutes of non-use. This ensures that the machine is clean when someone needs it. Students are notified to save any and all work to network drives and not the local system. Patches are deployed when they are tested ok. An 'unfreeze' period occurs weekly and is automatic (e.g. every Tuesday morning at 3:00am machines get unfrozen to accept any changes made to the system config). The machines are configured to check for updates during this unfreeze period and install them if they are there. After a couple of hours, the systems are told to reboot in a frozen state. So far, its working for us.... hth, Mark Rogowski IT Security Technology Solutions Centre University of Winnipeg Ph: (204) 786-9034
FlaggMD () HIRAM EDU 01/23/06 12:20 PM >>>
We are constantly fighting with out "lab" computers, we currently allow them admin privileges then rebuild the machine upon every reboot. Dealing with Microsoft patches has been a nightmare. We also have laptops that we lend out and that causes another set of issues. What tools are you using? Any inexpensive tools available? Martin D. Flagg Network Engineer/Administrator Hiram College - When you want nothing you are seldom lacking.
Current thread:
- Public Machine Access Flagg, Martin D. (Jan 23)
- <Possible follow-ups>
- Re: Public Machine Access Mark Rogowski (Jan 23)
- Re: Public Machine Access Valdis Kletnieks (Jan 23)
- Re: Public Machine Access Valdis Kletnieks (Jan 23)
- Re: Public Machine Access Mark Rogowski (Jan 23)
- Re: Public Machine Access Valdis Kletnieks (Jan 23)
- Re: Public Machine Access Mark Rogowski (Jan 23)
- Re: Public Machine Access Theresa Semmens (Jan 23)
- Re: Public Machine Access Flagg, Martin D. (Jan 23)
- Re: Public Machine Access Joel Rosenblatt (Jan 23)
- Re: Public Machine Access Mark Rogowski (Jan 23)
- Re: Public Machine Access Cal Frye (Jan 23)
- Re: Public Machine Access Gary Flynn (Jan 23)
- Re: Public Machine Access Cal Frye (Jan 23)