Protecting Small Business PCs in a Shared Environment

By Ronald Pacchiano | Posted December 20, 2010

The biggest challenge to keeping a small business computer secure, reliable and functional is the people who operate it. People are notorious for not following instructions, opening virus infected emails, browsing questionable websites and installing unauthorized software onto their systems.

Resolving these issues can be challenging, time-consuming and, at times, expensive. These situations are challenging enough when dealing with one person on a single PC. However, in some small businesses, several people share a single PC, which increases the speed and frequency of computer problems. And if your company has groups of shared PCs, the potential for problems can increase exponentially.

 Small Business Security for PCs in Shared Environments

Some of the more common places you'll find shared PCs include classrooms, libraries, community centers, conference rooms, medical offices and hotels. Since shared PCs need to be used by large number of people for a variety of different tasks, it’s not uncommon for these machines to have significantly weaker security restrictions than those found on your average office PC.

In a classroom for instance, students might need to install software. Unfortunately, this capability could also give them the freedom to modify system settings, change the desktop appearance or inadvertently infect the system with malware or viruses. Another concern for PCs in a shared environment is privacy, as one person’s Internet history, saved documents, and cached Web pages could be found and accessed by all subsequent users.

SteadyState, an Elegant but Endangered Utility

Ideally though, in a shared computing environment, administrators want to limit a user’s ability to change settings, particularly those settings that could compromise the reliability and safety of the computer for other users. While these might appear to be conflicting goals, Microsoft has a rather elegant solution to this dilemma for XP and Vista systems -- a free utility called SteadyState.

SteadyState allows system caretakers to configure and lock down a Windows PC, yet users can still do whatever they need to do and change whatever they want. Once the user finishes working with the PC, the entire system, simply rebooting the system returns the PC back to its original clean, fully-functional configuration.

The utility's effectiveness and uncomplicated implementation makes it easy for the technical support staff or even non-technical people charged with maintaining the PCs within the shared environment, such as owners, teachers and office managers, to keep those systems operational and safe. 

While SteadyState is an ideal solution for both Windows XP and Vista systems, it does not support Microsoft’s newest operating system, Windows 7; and Microsoft does not plan to make it a version for Windows 7. What's worse, the company plans to discontinue the product altogether come the end of the year -- the application won’t even be available for download. If you’re still using XP or Vista, you can download SteadyState while it’s still available.

If you've already upgraded to Windows 7, but would still like to take advantage of the features found in SteadyState, Microsoft created a 26 page document entitled Creating a Steady State by Using Microsoft Technologies. This guide will essentially walk you through a series of manual modifications you can make to your system that would lock it down in a fashion similar to SteadyState. However, it isn’t necessarily going to be easy.

The steps involved can be somewhat intimidating and should in no way be performed by non-technical personal, as you need to modify group policies, block applications and even employ tools from the Microsoft Deployment Toolkit. Although I applaud Microsoft for offering some type of alternative, I suggest you consider the following option.

Returnil System Safe 2011

Returnil System Safe 2011 is new type of system protection and security tool with three primary capabilities. The first is anti-virus and malware scanner; the second is System Restore, similar to the version included with Windows. The third capability is Virtual Mode, Returnil’s standout feature.

When you activate Virtual Mode, Returnil creates a persistent, virtual environment for users to operate in, completely isolating it from the real machine. When Virtual Mode is running, people can install applications, delete files, change system settings, and even cause a massive infestation. Yet as soon as you reboot the system, all of their sins are eradicated and the system is clean, reliable and ready for the next user.

Virtual Mode operates completely behind the scenes, and doesn't slow down regular Windows operations while it's running. It's truly an impressive piece of software.

Should you actually need to install an application or to update the system, you can disable Virtual Mode for the installation and then reactivate it once the updates have been completed. Another thoughtful feature is that Returnil lets you create a Virtual Disk which can be used to store files while Virtual Mode is active. So when you reboot the system, those files will still be accessible.

Returnil has a straightforward user interface that's easy to navigate, and the software is free for non-commercial use. Commercial users can try it free for 30 days, but will need to purchase a minimum of five licenses at about $40 a piece if they decide to keep it. In spite of this restriction, this is still an excellent product and well worth the expense, especially if you support a lot of shared PCs.

A More Affordable Utility

However, should the thought of shelling out almost $200 dissuade you, then Comodo Time Machine might be what you’re looking for. Comodo Time Machine does not automatically restore the system the way Returnil does, instead it operates very much in the way of Microsoft’s own System Restore utility, allowing administrators to quickly restore their computers to an earlier point in time.

Unlike Microsoft’s version, which can be somewhat hit-or-miss and doesn’t modify any user data, Comodo’s snapshots are much more comprehensive, containing a complete record of your entire system, including the registry, critical operating system files and user-created documents. The interface can be a bit confusing when using the advanced view, but overall, it’s pretty straightforward.

And unlike Returnil, you can access the Comodo interface on boot-up, outside of Windows, allowing it to perform a restoration even if you can't start Windows. And Comodo’s biggest advantage: it is 100 percent free to use at home or in the office.

Ronald V. Pacchiano is a systems integrator and technology specialist with expertise in Windows server management, desktop support and network administration. He is also an accomplished technology journalist and a contributing writer for Small Business Computing.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date