Re: Public Machine Access

[Mark Rogowski <m.rogowski () UWINNIPEG CA>]

Regarding power, we have instructed Lab Admins to leave systems run
overnight on the maintanence days.  Another option would be to activate
Wake-on-LAN but that's a different can of worms - something we have not
yet moved to.

Deep Freeze Enterprise does not actively keep tabs on workstation
licenses.  The Enterprise "server" is mainly used for discovery,
identification, freeze/unfreeze, and running some custom scripts you may
have AFAIK.  Communication is initiated by the server and not the
workstation.  You must therefore have a clear communication path between
the two, which includes ICMP (ping).  This was the only communications
issue we had when deploying the Enterprise product - knowing the
direction of communication.  Our server communicates with various labs
across a number of subnets.


Mark Rogowski
IT Security
Technology Solutions Centre
University of Winnipeg
Ph: (204) 786-9034

> > > FlaggMD () HIRAM EDU 01/23/06 1:17 PM >>>
 We do something similar with Driveshield, but what if the machine is
off?

Does Deep Freeze require a licensing server?

Does Deep Freeze work well across multiple subnets?

We have had issues with Drive shield with the Licensing server and
multiple subnets.

I would like users not to have Admin access but that is a battle we
have
lost.


Martin D. Flagg
Network Engineer/Administrator
-
When you want nothing you are seldom lacking.



-----Original Message-----
From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU]
Sent: Monday, January 23, 2006 2:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Public Machine Access

We use Deep Freeze as well, and Zenworks for updates.

Theresa Semmens, CISA
IT Security Officer
North Dakota State University
IACC 210C
Ph: 701-231-5870
E-mail: theresa.semmens () ndsu edu

"Opportunity is missed by most people because it is dressed in
overalls
and looks like work."  Thomas Edison


-----Original Message-----
From: Mark Rogowski [mailto:m.rogowski () UWINNIPEG CA]
Sent: Monday, January 23, 2006 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Public Machine Access

We use Deep Freeze from Faronics - works VERY well:

http://www.faronics.com/index.asp

Students can do anything they want to systems to polute them.  Once
rebooted, the system goes back to normal.  open lab systems have been
configured to automatically reboot after 30 minutes of non-use.  This
ensures that the machine is clean when someone needs it.  Students are
notified to save any and all work to network drives and not the local
system.

Patches are deployed when they are tested ok.  An 'unfreeze' period
occurs weekly and is automatic (e.g. every Tuesday morning at 3:00am
machines get unfrozen to accept any changes made to the system config).

The machines are configured to check for updates during this unfreeze
period and install them if they are there.  After a couple of hours,
the
systems are told to reboot in a frozen state.

So far, its working for us....

hth,



Mark Rogowski
IT Security
Technology Solutions Centre
University of Winnipeg
Ph: (204) 786-9034

> > > FlaggMD () HIRAM EDU 01/23/06 12:20 PM >>>
We are constantly fighting with out "lab" computers, we currently
allow
them admin privileges then rebuild the machine upon every reboot.
Dealing with Microsoft patches has been a nightmare.  We also have
laptops that we lend out and that causes another set of issues.

What tools are you using?

Any inexpensive tools available?


Martin D. Flagg
Network Engineer/Administrator
Hiram College
-
When you want nothing you are seldom lacking.