none
SteadyState & Library Public Surf Stations RRS feed

  • Question

  •  

    I have two questions

     

    1. I need some expert advise for using SteadyState in a library public surf station environment. We have domain environment and hence should I be using group policy to lock down the pc's or use steady state instead.

     

    2. How do we make sure that our network is secure for any sort of hack attempts from public surf stations. I know it's a very broad question but any sort of guideline about network design would be beneficial.

     

    Thanks.

     

    Malik. 

    Monday, February 4, 2008 11:23 PM

Answers

  • Hi Malik,

     

    Thank you for the post.

     

    Please note that most of the settings and restrictions available in Windows SteadyState are also available through the Group Policy template

    (SCTSettings.adm) provided with Windows SteadyState. When considering the installation of Windows SteadyState on shared computers that are connected to a domain network, Group Policy is more effective than using Windows SteadyState for restricting multiple user accounts across numerous computers on a domain network.

     

    For the second question, the security of a domain is very important. However, as it is related to many aspects such as ISA server, IPsec, group policy and anti-virus programs, it is hard to describe it briefly. Thank you for your understanding.

     

    If you would like to learn more about domain security, please refer to the following site:

    http://www.microsoft.com/windowsserver2003/technologies/security/default.mspx

     

    Hope it helps.

     

    Best regards,

    Tim Quan

    Microsoft Online Community Support

     

    Wednesday, February 6, 2008 7:45 AM
  • We have our public stations running in a network separate from our staff ones.  They are only
    accessible to each other to the extent each is accessible from the Internet in general.  That
    means we don't have access to our domain, and we didn't create one for the public stations.
    Both groups are firewalled, and of course have the local firewall enabled.

    I suppose making infrastructure adjustments would be extreme if you currently have a flat
    network, but if you already have it segmented, isolating public from staff would make sense
    unless both need some resources that can't be accessed from the Internet.

    My impression from my first venture into using Steady State on our domain is that domain
    policies take precedence.  In that environment our main justification for using Steady State
    is disk protection.  With Steady State we can use diskprotection and still get automated
    updates to Windows and our antivirus, which we couldn't get with other solutions.
    Monday, February 11, 2008 6:26 PM

All replies

  • Hi Malik,

     

    Thank you for the post.

     

    Please note that most of the settings and restrictions available in Windows SteadyState are also available through the Group Policy template

    (SCTSettings.adm) provided with Windows SteadyState. When considering the installation of Windows SteadyState on shared computers that are connected to a domain network, Group Policy is more effective than using Windows SteadyState for restricting multiple user accounts across numerous computers on a domain network.

     

    For the second question, the security of a domain is very important. However, as it is related to many aspects such as ISA server, IPsec, group policy and anti-virus programs, it is hard to describe it briefly. Thank you for your understanding.

     

    If you would like to learn more about domain security, please refer to the following site:

    http://www.microsoft.com/windowsserver2003/technologies/security/default.mspx

     

    Hope it helps.

     

    Best regards,

    Tim Quan

    Microsoft Online Community Support

     

    Wednesday, February 6, 2008 7:45 AM
  • We have our public stations running in a network separate from our staff ones.  They are only
    accessible to each other to the extent each is accessible from the Internet in general.  That
    means we don't have access to our domain, and we didn't create one for the public stations.
    Both groups are firewalled, and of course have the local firewall enabled.

    I suppose making infrastructure adjustments would be extreme if you currently have a flat
    network, but if you already have it segmented, isolating public from staff would make sense
    unless both need some resources that can't be accessed from the Internet.

    My impression from my first venture into using Steady State on our domain is that domain
    policies take precedence.  In that environment our main justification for using Steady State
    is disk protection.  With Steady State we can use diskprotection and still get automated
    updates to Windows and our antivirus, which we couldn't get with other solutions.
    Monday, February 11, 2008 6:26 PM