Re: Securing Kiosks after adding MS Office apps?

Discussion in 'Computer Security' started by - AJS, Jun 23, 2003.

  1. - AJS

    - AJS Guest

    "Matt Gehrisch" <> wrote:
    >Hello,
    >I work in the computer services department at a public library.
    >
    >We offer internet access to library patrons on about 40 internet kiosks
    >throughout the library's three branches. We have been getting an increasing
    >number of requests to provide Microsoft Word on these machines in addition
    >to the basic internet software. For the time being, we only provide office
    >software on 8 machines that are not granted internet access.
    >
    >We are currently using Centurion Guard and WinSelect 5.0 to secure our
    >internet terminals, which are running Windows2000 Professional.
    >
    >I have been asked to begin researching the steps that we will need to take
    >in order to secure our internet Kiosks with the addition of MS Office
    >components. We would like to install the Word and Excel portions of
    >Microsoft Office 2000.
    >
    >Specifically, we need to be able to lock out a few menu items, and only
    >allow file access to the floppy drive. WinSelect has worked well for us,
    >but it seems to be fairly oblivious to MS Word/Excel.
    >
    >Has anyone setup similar configurations in a library or school environment?


    Hi Matt,

    Yes, I have a private school as a client.

    You can do a good job of locking down drive access with policies and XCACLS.EXE
    (from the RK). Specifically, check out and use the difference between perms on
    existing files, and the inherrited permissions on new files... Word
    specifically requires write access to your %systemroot% folder (.\winnt by
    default) for a scratch file. This is BAD.

    Also, I have not seen any method of blocking specific menu items in Office
    products.

    And finally, regardless of how you secure the machines, I recommend making a
    Ghost image of the completed, secured production machine, and regularly burning
    that image back onto the PCs... This will undo anything someone has found a way
    to leave or change on the machine, making them start over.

    HTH,
    - AJS
     
    - AJS, Jun 23, 2003
    #1
    1. Advertising

  2. - AJS

    Leythos Guest

    In article <3ef72b6e$1_7@127.0.0.1>, - AJS <a smith att window products
    dit com> says...
    > "Matt Gehrisch" <> wrote:
    > >Hello,
    > >I work in the computer services department at a public library.
    > >
    > >We offer internet access to library patrons on about 40 internet kiosks
    > >throughout the library's three branches. We have been getting an increasing
    > >number of requests to provide Microsoft Word on these machines in addition
    > >to the basic internet software. For the time being, we only provide office
    > >software on 8 machines that are not granted internet access.
    > >
    > >We are currently using Centurion Guard and WinSelect 5.0 to secure our
    > >internet terminals, which are running Windows2000 Professional.
    > >
    > >I have been asked to begin researching the steps that we will need to take
    > >in order to secure our internet Kiosks with the addition of MS Office
    > >components. We would like to install the Word and Excel portions of
    > >Microsoft Office 2000.
    > >
    > >Specifically, we need to be able to lock out a few menu items, and only
    > >allow file access to the floppy drive. WinSelect has worked well for us,
    > >but it seems to be fairly oblivious to MS Word/Excel.
    > >
    > >Has anyone setup similar configurations in a library or school environment?

    >
    > Hi Matt,
    >
    > Yes, I have a private school as a client.
    >
    > You can do a good job of locking down drive access with policies and XCACLS.EXE
    > (from the RK). Specifically, check out and use the difference between perms on
    > existing files, and the inherrited permissions on new files... Word
    > specifically requires write access to your %systemroot% folder (.\winnt by
    > default) for a scratch file. This is BAD.
    >
    > Also, I have not seen any method of blocking specific menu items in Office
    > products.
    >
    > And finally, regardless of how you secure the machines, I recommend making a
    > Ghost image of the completed, secured production machine, and regularly burning
    > that image back onto the PCs... This will undo anything someone has found a way
    > to leave or change on the machine, making them start over.


    Don't forget to block the HELP menu, once they get to the System Info
    box they can open / save files and do all sorts of wonderful things.
    Most people miss that one.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Jun 24, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel Klug

    Re: Securing Kiosks after adding MS Office apps?

    Daniel Klug, Jul 8, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    845
    Daniel Klug
    Jul 8, 2003
  2. Replies:
    2
    Views:
    723
  3. The Master of The Known Universe

    Top 3 firewalls, anti-virus apps, anti-spyware apps

    The Master of The Known Universe, May 9, 2006, in forum: Computer Support
    Replies:
    10
    Views:
    1,100
    clouds
    May 13, 2006
  4. Willy David Jr
    Replies:
    3
    Views:
    2,611
    Willy David Jr
    Jan 9, 2007
  5. london1919
    Replies:
    1
    Views:
    3,100
    Lawrence Garvin \(MVP\)
    Dec 8, 2008
Loading...

Share This Page