Promising Practices for Public Access Computers, Part 3

This is the third in a series of posts on how libraries with limited resources can provide a reliable and safe public computing environment consistent with the tenets of Intellectual Freedom. If you missed the previous post on browser privacy or the post on setting up a guest account, you may want to check those out first.

rebootRestoreRxLogo

In this installment, we’ll learn how to install and configure Reboot Restore Rx, a freeware program that allows you to create an ideal state your computer will return to every time it’s rebooted. This helps ensure stability against anything your library patrons might do to it, and also helps protect their privacy by deleting any documents they may have inadvertently saved on one of your public access computers. This is a much more aggressive and thorough approach than the one we took using CCleaner, but it’s also a more involved setup process and makes future software updates slightly more cumbersome. As with previous posts, this is not an enterprise solution, and is best suited for smaller libraries with few public access terminals.

Once you’ve downloaded the program’s installer, the obvious next step is to run it. The installation process is pretty familiar until you get to this screen:

installPartitionSelectScreen

Note that your screen will look different, depending on how many hard drives you have and how they are partitioned.

You can select any or all of your partitions at this point, but in most cases you’ll simply want to select C: (checked by default) and any other lettered drives before clicking Next.

At the end of the install process, you’ll need to reboot.

Pretty painless, right? Well, there is a bit more to it than that. First, you’ll want to take steps to prevent your more savvy and mischievous patrons from disabling it. To ensure that the following changes will stick, we want to disable Reboot Restore Rx from the Shield Tray. Right click the following icon from your icon tray:

shieldTrayIcon

Then uncheck Restore on Reboot. Excellent! Now we need to prevent Shield Tray from loading at startup. An easy way to do this is using autoruns (previously discussed here). You’ll want to run Autoruns as administrator (right click it then select Run as administrator). Next, click on the binoculars and search for shield tray (or scroll through the list until you find it). Uncheck the box next to Shield Tray and then close out of Autoruns.

uncheckShieldTray

Now there won’t be a tantalizing switch for miscreant or curious patrons to toggle.

The path to the switch will still be open to them, though, so you’ll have to take extra precautions against the particularly tenacious (or those who’ve read this article). What we want to do next is lock off the Guest account’s access to the RestoreRebootRx folder. Here’s how to proceed (note: you should be signed in as an administrator). Here’s how to proceed:

  1. Open up your file tree (click the folder icon; if you don’t have one, click the Start orb, then documents)
  2. Navigate to Computer -> Local Disk (C:)
  3. Right click the RebootRestoreRx folder (you may have to scroll down to find it) then click Properties
  4. Click on the Security tabsecurityTab
  5. Click Edit
  6. Click Add
  7. In the Enter the object names to select text box, type in guest and then click Check NamescheckNames
  8. You should now see the proper path for the guest user account in the text box (something like COMPUTER-NAME\Guest); click OK
  9. Now, select the Guest account on the Permissions for RebootRestoreRx screen
  10. Check Read & execute in the Deny column (this will automatically deny List folder contents and Read, as well) guestPermissions
  11. Double check that it says Permissions for Guest above the selection box before proceeding, then click Apply
  12. Click Yes
  13. Click OK

Voila! The guest account can no longer deactivate Reboot Restore Rx without an administrative password. Good stuff. Finally, we want to reactivate Reboot Restore Rx. This is a bit trickier, since we likely no longer have Shield Tray in our icon tray (it will still be there if you haven’t rebooted since changing the autoruns. To get it back (for the current session), click on the Start orb, then type shieldtray into the search box. Execute the shieldtray program this discovers and it will be back in the tray. Now simply right click its icon from the tray, and click Restore on Reboot. This will give you the following notification:

updatedBaseline

Click OK (as though you had a choice). That’s it! I do wish you had the option to reject changes at this point, but presently you’ll have to rely on a system restore point for that.

Now you also know how to make any future changes (re: software updates) stick, so that you won’t waste time restoring to an outdated state: load the Shield Tray, deactivate the service, make the changes, reactivate the service, reboot).

Reboot Restore Rx is not a bulletproof means of preventing computer tampering, but it will alleviate a huge percentage of your routine computer lab problems. Reboot Restore Rx is easy to install and manage, allows easy updates to other software and the restore baseline, and it’s freeware. Of the free solutions I’ve tested, this is by far the most user-friendly and the least prone to crashing (I never managed to break it). Hat tip to the How To Geek for his excellent article on this program.

Advertisements

One response to “Promising Practices for Public Access Computers, Part 3

  1. Pingback: Increasing Security on Public Access Computers with EMET | Field Notes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s