Classroom Computers

=============
From Email to a client
=============

I’ve finally compiled my list of suggestions for helping to secure them and streamline the process of setup. This will help insure consistency of the laptops which will provide a much better classroom experience. Hopefully, the computers will be running XP, but these recommendations will work for Vista as well.

Implementing all of this will take quite a bit of time to get it setup. However, the long-term benefits greatly outweigh the short-term expense.

*Assumes all computers running the same (or very very similar hardware).

==============
Initial Preparation – before any use by a student or faculty
==============

Cost: FREE (except time & software licenses)

  • All computers must have any “junk” software removed.
  • Default applications must be installed – Firefox, MS Office, PDF Creator, OpenOffice.org, AVG, Adobe Reader, Picasa, Google Earth, Virtualbox, Thunderbird, etc.
  • All class specific applications must be installed – typing software, etc
  • TCP/IP set to OpenDNS.

===============
Imaging of Computers
===============

Cost: FREE or $100/computer

Imaging of the computers is very critical. This insures that you have a full and complete bit by bit backup of your systems. In a worst-case scenario, it can save tons of time. Also, after the class is over, the computer can be returned to “ready to go” state for the student.

The basic step is your setup 1 computer just how you want it (known as the master). It has all the software and drivers installed needed. Once you have this master setup, then you can image all the other computers (known as slaves) to the master.

The advantage is time. Rather than have to go to each computer and set them all up individually, you create them all at once by using a master/slave setup on your network. The master computer is running the server version of the imaging software and distributes its image to all the slaves on the network.

Free – There are free open source solutions out there that work really well although they aren’t as intuitive as the proprietary options.

http://www.clonezilla.org  – best open source for networked imaging

http://ping.windowsdream.com – best for single machine imaging

$100 / computer – these are software that I’ve used in the past extensively and work well.

Acronis True Image Echo Workstation
http://www.acronis.com/enterprise/products/ATICW/

Norton Ghost
http://www.symantec.com/norton/ghost

===========
MS Steady State
===========

Cost: FREE (except setup time)

Note: Runs on 32-bit XP, Vista only

Microsoft has released a product called Steady State. Once installed, it uses imaging technology to return a computer to an exact state every time the computer is restarted. This means that after setting up a computer initially, the computer will be returned to that state after every reboot.

This software can be incredibly useful to make sure that a computer is always in a clean workable state for the classroom. Unlike relying totally on imaging (which requires the master/slave process each time), Steady State returns the computer to a proper state after reboot – automatically. The computer can much more easily be locked down for internet access, etc.

Windows SteadyState in the Classroom
http://www.microsoft.com/windows/products/winfamily/sharedaccess/seeit/classroom.mspx

Windows SteadyState Disk and System Protection
http://www.microsoft.com/windows/products/winfamily/sharedaccess/whatis/diskandsystemprotection.mspx

FAQs
http://download.microsoft.com/download/f/c/6/fc6955de-0765-46fc-b2a9-47b4d4bcd160/SteadyState_2.5_Technical%20FAQ_updated.pdf

==============
Network Access and Protection
==============

Cost: Service – FREE (except setup time), Router – $60

All computers should be using OpenDNS for security and robustness. This is easily setup in the tpc/ip settings; however, ideally the classroom computers should be running on a separate subnet from the main building network. They need to be behind their own router that we can control.

We should immediately purchase a WRT54GL, flash it with DD-WRT firmware, and install it on the building network. Then we setup the student laptops to connect to it only.

WRT54GL
http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190

DD-WRT Firmware
http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT%3F

OpenDNS
http://www.opendns.com/smb/solutions

==================
Educating Users
==================

One of the most important steps in this process is educating the users/students on basic safety and security. Fortunately, I have a couple of blog posts that help address this. During the class itself we also spend quite a bit of time discussing simple security issues.

Layered Security Basics
http://smartergeekcom.wpengine.com/blog/2008/03/layered-security-basics.asp

Simple Rules for Your Computing
http://smartergeekcom.wpengine.com/blog/2008/01/simple-rules-for-your-computing.asp

Why did I get infected in the first place?
http://smartergeekcom.wpengine.com/blog/2008/07/why-did-i-get-infected-in-first-place.asp

Myspace and Antivirus 2009
http://smartergeekcom.wpengine.com/blog/2008/12/myspace-and-antivirus-2009.asp