Is anyone using this combination of software? I am having a problem getting PWB to work and wanted to ask some questions.
Thanks,
Wanda
PWB and Microsoft Shared Computer Toolkit
Moderators: Tyler, Scott, PWB v2 Moderator
We use here at our Library
We use the Shared Computer Toolkit with PWB v2 here at our Library. We have SCT set up on standalone machines, as well as using the Admin template on a domain server to control machines via policy. I ran into a situation where PWB didn't work and that is if you enable the policy setting to disable Internet Explorer, it will set a no internet proxy in your proxy settings in IE (basically it points it to a non existant proxy server). Even if you clear the setting in the SCT, it leaves the proxy enabled, at least it did for me. Once I manually removed the proxy settings, PWB started working again. Just thought I would pass that along.
Jerry
Jerry
Tried this today
Scott,
It worked like you suspected. I first disabled Internet Explorer via the SCT policy as I described earlier and verified that PWB didn't work. Neither PWB nor IE would go to a web page. I then edited the PWB.ini file and added those lines, and PWB would work, but IE still would not. So in effect, using this you can disable all web browsing in IE and continue browsing using PWB.
Jerry
I have to add something to this after reading the original question. It seems that once you launch PWB with the corrected INI settings, IE works again as well. It continues working after PWB is closed. Since I used this on a machine that is updated by group policy at an interval, I will check it later to see if it disables IE again, but it will not do as I stated above, disable IE completely.
It worked like you suspected. I first disabled Internet Explorer via the SCT policy as I described earlier and verified that PWB didn't work. Neither PWB nor IE would go to a web page. I then edited the PWB.ini file and added those lines, and PWB would work, but IE still would not. So in effect, using this you can disable all web browsing in IE and continue browsing using PWB.
Jerry
I have to add something to this after reading the original question. It seems that once you launch PWB with the corrected INI settings, IE works again as well. It continues working after PWB is closed. Since I used this on a machine that is updated by group policy at an interval, I will check it later to see if it disables IE again, but it will not do as I stated above, disable IE completely.
-
Philip - Long Beach NY
- Benefactor
- Posts: 82
- Joined: Fri Feb 28, 2003 2:30 pm
Wanda,
As of now, I'm only using the SCT with PWB and Deep Freeze. I have no intention of using Windows Disk Protection (WDP). Right now I'm only using it on a couple of OPACS and so far so good. Only thing I don't like is you can't shut down the machine when logged into a public account, unless you hold the power button in. If you want to shut the pc down "properly" you have to go into an admin account and do it that way. Kind of a pain but I believe they designed it that way for libraries who might use the tool for Internet use. I am using the PAC tool on my Internet machines and I can't tell you how many times people shut down the machines only to have the next patron think the pc is 'out of order'. If they'd only RESTART the machine......well, I can dream can't I?
As far as it's security, I ran into some trouble configuring it with the SAM Time management system that we employ here. Sam has two icons that sit in the system tray and the SCT, when the restrictions are enabled, don't show the icons (or the DF icon). So, if there is a problem let say with a patron's print job I would have to log off and log into an admin account to correct it? Or to manage their time? Not good. The company response was that I could handle those situations from their web interface but I've come across a couple of instances where that wasn't an option. I was able to find another library who was running SAM also and he told me how he got around that issue, via some registry hacks. Comprise also informed me that if I wanted the icons to show in the tray I'd have to uncheck the option in the SCT that only allows programs from the programs group to run. This worked but it also allows patrons to do other things that you wouldn't want them to do, I think. So I tested these registry hacks and they seemed to work fine. Of course it's a pain so I'm debating whether to just try it with that SCT option disabled and see how it goes. Other than that, the tool works fine, blocks downloaded programs from running, even from removable drives, and takes away more "stuff" than the PAC Tool.
Hope this helps,
Phil
As of now, I'm only using the SCT with PWB and Deep Freeze. I have no intention of using Windows Disk Protection (WDP). Right now I'm only using it on a couple of OPACS and so far so good. Only thing I don't like is you can't shut down the machine when logged into a public account, unless you hold the power button in. If you want to shut the pc down "properly" you have to go into an admin account and do it that way. Kind of a pain but I believe they designed it that way for libraries who might use the tool for Internet use. I am using the PAC tool on my Internet machines and I can't tell you how many times people shut down the machines only to have the next patron think the pc is 'out of order'. If they'd only RESTART the machine......well, I can dream can't I?
As far as it's security, I ran into some trouble configuring it with the SAM Time management system that we employ here. Sam has two icons that sit in the system tray and the SCT, when the restrictions are enabled, don't show the icons (or the DF icon). So, if there is a problem let say with a patron's print job I would have to log off and log into an admin account to correct it? Or to manage their time? Not good. The company response was that I could handle those situations from their web interface but I've come across a couple of instances where that wasn't an option. I was able to find another library who was running SAM also and he told me how he got around that issue, via some registry hacks. Comprise also informed me that if I wanted the icons to show in the tray I'd have to uncheck the option in the SCT that only allows programs from the programs group to run. This worked but it also allows patrons to do other things that you wouldn't want them to do, I think. So I tested these registry hacks and they seemed to work fine. Of course it's a pain so I'm debating whether to just try it with that SCT option disabled and see how it goes. Other than that, the tool works fine, blocks downloaded programs from running, even from removable drives, and takes away more "stuff" than the PAC Tool.
Hope this helps,
Phil
Complexity is the enemy of security
-- Steve Gibson
-- Steve Gibson
Hey Guys,
Just browsing the forums and I noticed your poweroff problem Phil.
Have you tried running software like this?
http://users.pandora.be/jbosman/applications.html
I use this little freeware app on all of our computers, it can install itself on the computer as a service and receive remote poweroff/reboot commands.
We reboot trouble PCs without even getting up
and of course at the end of the day I have a batch file to shut down the whole building with a double click. Combined with Wake-On-LAN, which we use to turn on the whole building.... makes for very comfy staff 
GregP
Just browsing the forums and I noticed your poweroff problem Phil.
Have you tried running software like this?
http://users.pandora.be/jbosman/applications.html
I use this little freeware app on all of our computers, it can install itself on the computer as a service and receive remote poweroff/reboot commands.
We reboot trouble PCs without even getting up
and of course at the end of the day I have a batch file to shut down the whole building with a double click. Combined with Wake-On-LAN, which we use to turn on the whole building.... makes for very comfy staff GregP
-
Philip - Long Beach NY
- Benefactor
- Posts: 82
- Joined: Fri Feb 28, 2003 2:30 pm
GregP,
Now, that Wake-on-LAN looks interesting. I use Comprise's SAM time management module to log off, shut down and reboot ( and send messages when patrons are looking at inappropriate material). But SAM doesn't start up the pc's in the morning. I'd like to use it to turn on all the public pc's in the morning, but after reading his documentation I'm a little confused. Do I have to put the .exe on all the public pcs (making sure wake up lan is enabled and all that), and one exe on a staff pc (say, behind the reference desk) and enter all the ip addresses from behind the desk? How did you set it up?
Thanks,
Phil
Now, that Wake-on-LAN looks interesting. I use Comprise's SAM time management module to log off, shut down and reboot ( and send messages when patrons are looking at inappropriate material). But SAM doesn't start up the pc's in the morning. I'd like to use it to turn on all the public pc's in the morning, but after reading his documentation I'm a little confused. Do I have to put the .exe on all the public pcs (making sure wake up lan is enabled and all that), and one exe on a staff pc (say, behind the reference desk) and enter all the ip addresses from behind the desk? How did you set it up?
Thanks,
Phil
Complexity is the enemy of security
-- Steve Gibson
-- Steve Gibson
I've got a PowerOff batch file linked to the Quick Launch bar, so our computer shut down with only one click 
Seriously though, PowerOff is a splendid, tiny program that we use on all of our PCs. <shamelessplug> My PC Checkout system also uses PowerOff to remotely reboot or log off public Internet stations </shameless plug>
Seriously though, PowerOff is a splendid, tiny program that we use on all of our PCs. <shamelessplug> My PC Checkout system also uses PowerOff to remotely reboot or log off public Internet stations </shameless plug>
Hi Phil,
From the client PCs perspective nothing is required for WOL to work. When the PC is powered off the NIC still runs minimal power and listens on the network for a broadcast containing its MAC address (3 times in a row I think).
So to get WOL working its all done on the central PC. You need:
1) The MAC address of the target PC.
2) Software to send the message (called "Magic Packet" in the link below).
Being a big fan of freeware I use http://www.matcode.com/wol.htm.
You run (for example) 'mcgetmac public1' and get public1's MAC address then put it in a batch file with mc-wol.
eg. "mc-wol.exe 01:02:03:04:05:06"
Then you have a mc-easy job in the morning... sorry, couldn't resist.
GregP
EDIT : Don't forget that the MAC address is actually the address of the NIC, not the PC, and it is like a unique serial number from the manufacturer. If you replace the NIC or the PC as a whole the MAC address will change.
EDIT2 (Damn I'm forgetful) : If you are turning your whole network on at the same time, it can be good to put a pause in between each line in the batch file. Years ago our poor old domain server had a fit when every computer logged in at the same time (cuz we use auto-logon of course), so we had to use a program to pause for a couple of seconds before turning on the next PC. Can't remember where I got it (wait.exe) but check if you need that too.
From the client PCs perspective nothing is required for WOL to work. When the PC is powered off the NIC still runs minimal power and listens on the network for a broadcast containing its MAC address (3 times in a row I think).
So to get WOL working its all done on the central PC. You need:
1) The MAC address of the target PC.
2) Software to send the message (called "Magic Packet" in the link below).
Being a big fan of freeware I use http://www.matcode.com/wol.htm.
You run (for example) 'mcgetmac public1' and get public1's MAC address then put it in a batch file with mc-wol.
eg. "mc-wol.exe 01:02:03:04:05:06"
Then you have a mc-easy job in the morning... sorry, couldn't resist.
GregP
EDIT : Don't forget that the MAC address is actually the address of the NIC, not the PC, and it is like a unique serial number from the manufacturer. If you replace the NIC or the PC as a whole the MAC address will change.
EDIT2 (Damn I'm forgetful) : If you are turning your whole network on at the same time, it can be good to put a pause in between each line in the batch file. Years ago our poor old domain server had a fit when every computer logged in at the same time (cuz we use auto-logon of course), so we had to use a program to pause for a couple of seconds before turning on the next PC. Can't remember where I got it (wait.exe) but check if you need that too.