securing a public workstation under windows 9x l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Securing a Public Workstation Under Windows 9x PowerPoint Presentation
Download Presentation
Securing a Public Workstation Under Windows 9x

Loading in 2 Seconds...

play fullscreen
1 / 54

Securing a Public Workstation Under Windows 9x - PowerPoint PPT Presentation


  • 536 Views
  • Uploaded on

Securing a Public Workstation Under Windows 9x VUGM-1999 Rider University Libraries Edward Corrado & Dr. Sharon Yang Edward M. Corrado, MLS Unix Administrator/ Library Systems Manager - Rider University Libraries MLS, Rutgers University-1997 BA, Mathematics, Caldwell College-1992

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Securing a Public Workstation Under Windows 9x


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
securing a public workstation under windows 9x

Securing a Public Workstation Under Windows 9x

VUGM-1999

Rider University Libraries

Edward Corrado & Dr. Sharon Yang

edward m corrado mls
Edward M. Corrado, MLS
  • Unix Administrator/ Library Systems Manager - Rider University Libraries
  • MLS, Rutgers University-1997
  • BA, Mathematics, Caldwell College-1992
  • ecorrado@rider.edu
sharon yang
Sharon Yang
  • Systems Librarian at Rider University
  • DLS, Columbia University-1997
  • MS, Columbia University-1988
outline of the presentation
Outline of the Presentation
  • Purpose of the presentation
  • Presentation
    • Batsh
    • System Policy Editor
    • TweakUI
    • Netscape
outline of the presentation5
Outline of the Presentation
    • Fortres 101
    • Winselect
    • Everybody’s Menu Builder
    • Ghost
  • Conclusion
just a reminder
Just a Reminder!
  • The presentation is about the security of a workstation, not that of a server.
  • The presentation is about our experience at Rider. It is not intended to be an in-depth training session on security software. This is an overview of the tools we use.
  • What we do to secure a Voyager OPAC may be different from what you do. What we do may not be necessarily the “best” way for your situation .
the purpose of the presentation
The Purpose of the Presentation
  • Present the issue of security on a public workstation
  • Share our experience at Rider
  • Introduce new tools
this is what we do for a voyager opac workstation
This is what we do for a VoyagerOPAC Workstation
  • Batsh Program
  • Windows System Policy Editor
  • Netscape
bios cmos password settings
Bios (CMOS) password settings
  • To prevent changing of system settings
  • to prevent the setting of (unknown to you) passwords
  • can be used with settings to prevent booting from floppy
bios cmos password boot
Bios (CMOS) password - boot
  • Prevent unauthorized booting of PC
autoexec bat
Autoexec.bat
  • Can be used to automatically copy files that patrons may have changed when the computer is started
    • bookmarks
    • wallpaper
    • etc.
what is batsh exe for
What is BATSH.EXE for?
  • To run WINDOWS commands from a text file. Line by Line. Like BATCH (.BAT) files in DOS, but with some WINDOWS specific commands, and not all the DOS features.
what o s s does batsh exe run on
What O/S’s does BATSH.EXE run on?
  • Windows 3.1
  • Windows 95
  • Windows NT
  • Windows 98 ?
how and why rider university uses batsh exe
How and why Rider University uses BATSH.EXE?
  • BATSH.EXE replaces EXPLORER shell on OPAC computers (both Windows based Voyager and Netscape)
  • This lessens the potential security hazards that the Explorer shell has.
  • Can also be used to map network drives
  • The Price is Right -- Freeware!
why not just use the application as the shell
Why not just use the application as the shell?
  • Harder to change between applications
  • Windows will not shut down correctly with most applications as a shell
batsh on voyager workstation
Batsh on Voyager Workstation

Batsh scripts are used to automatically launch any program we chose on startup

The batsh script does not allow patrons from exiting a program. If they try, they will be prompted for a password. If the wrong password is entered, or a password isn’t entered in a set amount of time, batsh will automatically re-launch the program.

where is batsh exe
Where is BATSH.EXE?
  • Written by Thomas Nyffenegger
  • http://www.fmi.ch/groups/ThomasNyffenegger/Group.html
  • On various freeware sites on the Net:
  • http://www.winsite.com
  • Our batsh scripts will be made available
what is system policy editor
What is System Policy Editor?

System Policy Editor is a program

that comes on the Windows 95/98

CD-ROM when you buy the OS. It is

used to control a user’s desktop

environment. In Rider library we

use it to lock down a public access

workstation such as a voyager

OPAC terminal. It does the job

successfully.

where is system policy editor
Where is System Policy Editor?

System Policy Editor for Windows 95 is located on Windows 95 CD-ROM

in D:\admin\apptools\poledit. System Policy Editor for Windows 98 is

on Windows 98 CD-ROM in d:\tools\reskit\netadmin\poledit. System

Policy Editor for Windows NT comes in the

server software package.

slide20
http://www.microsoft.com/Windows95/downloads/contents/WUAdminTools/S_WUManagementTools/W95PolicyEditor/Default.asphttp://www.microsoft.com/Windows95/downloads/contents/WUAdminTools/S_WUManagementTools/W95PolicyEditor/Default.asp

System Policy Editor for Windows 95

Or you can download System

Policy Editor for Windows 95 from

the Microsoft web site at the

above URL. It is easier if you search

the key words “system policy editor”

at the web site.

ht tp www microsoft com products msoffice project prk text appa htm
http://www.microsoft.com/products/msoffice/Project /PRK/text/appa.htm

System Policy Editor for Windows 98

You can download it for Windows

98 at the above URL. It is easier if

you search the web site by key

words “system policy editor”.

what do we use it for
Workstation security

Customize your desktop according to your wishes

Hide various icons as needed

Hide the DOS prompt

Not allow users to change any settings and configurations

Only allow users to use public workstations for designated library purposes

What Do We Use It for?
how do we use policy editor
How do we use Policy Editor?

For Windows 95

  • Create a directory on C:\ drive
  • Copy all the files from the Windows CD to that directory
  • Start the program c:\directory\Poledit.exe
  • Delete the directory where all the policy files are located
  • Or you can run it from a CD drive or network drive as you want
how do we use policy editor24
How do we use Policy Editor?

For Windows 98

  • Go to Control Panel and install System Policy Editor in Add/Remove Programs
  • Run Poledit from Windows Run Box
  • Set up the system policies
  • Either remove the System Policy Editor or hide it after the setup
how do we use policy editor25
How do we use Policy Editor?

Disable Display Icon in the Control Panel

This is what you may do if you don’t

want users to change your display

settings in the control panel such

as color schemes, refresh rates,

resolution. You may not want users

to change the background, screen

savers, Window font, either.

how do we use policy editor26
How do we use Policy Editor?

Disable Network Icon in the Control Panel

This is how you disable Network

icon in the control panel. Network

icon has all the communication

settings for the network. You

should not allow users to play with

them freely.

how do we use policy editor27
How do we use Policy Editor?

Disable Password Icon in the Control Panel

This is how you disable Password

Icon in the Control Panel. Users

can change windows password

here.

how do we use policy editor29
How do we use Policy Editor?

Disable Printing settings

It is important to disable printing

configurations.

how do we use policy editor30
How do we use Policy Editor?

Disable System Icon in the Control Panel

This is how you disable System

Icon in the Control Panel. System

Icon contains important

information about hardware and

related settings. You should not

allow users to have access to it.

how do we use policy editor31
How do we use Policy Editor?

Customize your desktop

environment by

supplying your own

customized settings

how do we use policy editor32
How do we use Policy Editor?

Some other policies that you can set up

Those are some of the

configuration parameters in

System Policy Editor that we use

very often.

how do we use policy editor33
How do we use Policy Editor?

In Rider Library Electronic Computer Lab we used a

single system policy file from a central location for all the

client computers. First we created a single policy file on

one computer. Then we placed that policy file on our server.

We configured each client computer to point to the location

of the policy file on the server. When users log on to the

network, the system policies from the file will take effect.

what is power toy tweakui
What is Power Toy TweakUI?

TweakUI is a program that you can

download from Microsoft web site

at http://www.microsoft.com

/windows95/downloads/. It is

part of Windows Power Toys Set.

Some of its features enable us to

do things that System Policy Editor

cannot help us to do. We use it in

combination with System Policy

Editor to lock down a computer.

how do we use tweakui
How do we use TweakUI?

TweakUI is a useful tool to help

us automatically logon to

our network. It saves us a lot of

time as we have more than thirty

public terminals to turn on each

morning.

how do we use tweakui36
How do we use TweakUI?

System Policy Editor can hide all

the drives in My Computer, but that

is not what we want. We only want

to hide network drives. TweakUI

can help us to do it. All you have to

do is to set up System Policy Editor

first and then set up TweakUI as

shown on this slide.

netscape security38
Netscape Security
  • Preferences
    • Most settings are under Preferences
    • Controlled by Prefui32.dll
    • C:\Program Files\Netscape\Program\ Communicator\Program\Prefui32.dll
    • Delete or Rename
netscape security39
Netscape Security
  • Netscape Client Customization Kit (CCK)
    • Preset preferences including bookmarks, home page, etc. when doing an install
    • lock in preference settings (home page, cache, proxy settings, etc.)
    • http://home.netscape.com/partners/distribution/custom/product.html
netscape security40
Netscape Security
  • Misson Control Dektop
  • Third Party Security software:
    • Ikiosk
a rider voyager workstation
A Rider Voyager Workstation

To summarize:

  • Batsh: Launch Netscape and Webvoyage or Voyager Windows Client on startup and prevent any unauthorized exit
  • Netscape: Webvoyage and Internet resources
  • Policy Editor: restrict access to Windows settings
what is fortres 101
What is Fortres 101?

Fortres 101 is a desktop security

software for Window NT, Windows

95, and Windows 98. You can find

information about it at http://

www.fortres.com. It is easy to

use and well documented. It

offers many options that System

Policy Editor and TweakUI don’t

have.

how does fortres 101 work
How does Fortres 101 work?
  • Erase a user’s name from logon
  • disable any icons on desktop
  • Put a password on icons
  • Central Control Service
  • Restrict URLs
  • Protect files and drives
  • manage group security
what is winselect kiosk
What is Winselect Kiosk?

Winselect Kiosk is another

security software. We use it to

secure Netscape and Internet

Explorer.

what is everybody s menu builder
What is Everybody’s Menu Builder?

Everybody’s Menu Builder is a

menu system. It provides both

security and nice appearance

to a public workstation.

where is everybody s menu builder
Where is Everybody’s Menu Builder?

You can find information about it

at http://www.carl.org/emb.

norton ghost
Norton Ghost
  • No security is foolproof
  • Backups, Backups
  • We use Ghost
  • Also use it to clone groups of computers to save time
  • http://www.ghost.com
conclusion

Conclusion

Securing a Public Workstation under Windows 9x

Dr. Sharon Yang and

Edward Corrado

VUGM 1999

overview
Overview
  • Batsh.exe
  • Windows Poledit
  • TweakUI
  • Netscape Security
    • Prefui32.dll
    • CCK
  • Third Party Software
  • Backups!