| Author |
 Topic  |
|
|
reynolds
Welcome Newcomer
USA
3 Posts
Status: offline |
 Posted - 05/31/2012 : 6:26:51 PM
|
Am intrigued by the idea of being able to "roll my own" kiosk security and avoid DeepFreeze. However, I'm not sure I can make it secure for us, due to requirements for our environment. You see, we require that the kiosk user login session be able to run as Administrator. Our users need to be permitted to install whatever software they wish (with the understanding that their changes will get removed upon reboot.)
Your PPT doesn't mention detail about how to automate rollback, but I think this is how it would be done (in startnet.cmd or partly by calling rollback.cmd):
* wipe old snapshot.vhd
* initialize new snapshot.vhd
* add bootsequence bcd entry to specify one-time boot from snapshot.vhd
All fine and good. However, I've been unable to come up with a scheme to prevent evil-hacker-who-knows-bcdedit from simply changing the bcd store to have the computer boot directly from image.vhd. They do that, reboot, and voila! computer becomes simply a wide-open administrator free-for-all.
Then there's all the mischief they could do during WinPE boot. I figure I could disable keyboard and mouse drivers in WinPE to get around that.
Then there's how to prevent hackers from assigning a drive letter to the System Reserved partition and just modifying startned.cmd to not wipe snapshot.vhd (or whatever they like.)
So how would I make this secure? Somehow super-obscuring the drives where image.vhd/snapshot.vhd and WinPE are kept? Maybe only way is to boot from PXE? (Too bad for me, since we're spread across many shared subnets and so PXE is not an option.)
So this idea is *so* intriguing, but maybe I should quit wasting the Washington state taxpayers' $$$ looking at this and resign myself to DeepFreeze?
|
|
|
reynolds
Welcome Newcomer
USA
3 Posts
Status: offline |
Posted - 06/27/2012 : 7:06:02 PM
|
| Just pinging back in hopes someone more crafty than me will read this and offer a solution. I'd so love to ditch stupid deepfreeze ... won't any other deepfreeze-haters help me out? |
 |
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 07/09/2012 : 3:21:58 PM
|
Unfortunately there's really not a way, as any halfway bright soul can find the drives from the command prompt. Besides, what's the worst that happens? You have to
1) Boot the system from the USB stick.
2) delete snapshot.vhd
3) copy your master image.vhd back onto the big drive
And you're done. Is that really a bad scenario? |
Mark
tweetin' at mminasi |
|
|
|
waiteit
Welcome Newcomer
United Kingdom
4 Posts
Status: offline |
Posted - 07/11/2012 : 07:40:49 AM
|
Hi,
In your previous post you noted that an automatic rollback may be possible using:
* wipe old snapshot.vhd
* initialize new snapshot.vhd
* add bootsequence bcd entry to specify one-time boot from snapshot.vhd
Did you manage to rewrite the .cmd files to accomplish this? |
|
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 07/11/2012 : 09:18:59 AM
|
Hi Craig --
I didn't say that, Mike did.
What SteadierState does right now is that WHEN you choose the automatic rollback feature it does those things.
The question I've gotten -- it's an interesting one -- is how to set up SS so that there's no boot menu, and EVERY reboot is a rollback. I'm not sure yet how to do it, and I'm too jammed up time-wise to do a lot of thinking about it just yet. |
Mark
tweetin' at mminasi |
|
|
|
waiteit
Welcome Newcomer
United Kingdom
4 Posts
Status: offline |
Posted - 07/11/2012 : 09:21:18 AM
|
| Sorry Mark, I didn't mean in your previous post personally, I was just curious as to whether anyone had managed to modify the system in such a way. |
|
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 07/12/2012 : 1:34:50 PM
|
| The problem that I have when I take a ten minute break and start mapping out the state machine is how to do it without a pile of semaphore files and reboots that end up needing three reboots.<g> One of these days maybe! |
Mark
tweetin' at mminasi |
|
|
|
waiteit
Welcome Newcomer
United Kingdom
4 Posts
Status: offline |
Posted - 07/14/2012 : 07:13:57 AM
|
I can imagine - think my recommendation is to just choose restore when its necessary to do so - see if they powers that be will go with that, if not, I guess we'll have to go commercial.
Thanks for your help!
Craig |
|
|
|
reynolds
Welcome Newcomer
USA
3 Posts
Status: offline |
Posted - 10/04/2012 : 7:23:46 PM
|
Hadn't checked in here in awhile, thought I'd do so today. Much delighted that Mark and others carved time out to reply.
To answer waiteit, no, never did go as far as setting up automatic reboot to base image. I think Mark might be right that shouldn't be hard (just a few startnet.cmd commands in WinPE), but actual reboot procedure might be tedious three-reboots. Still, most reboot time is the actual Windows boot, and only one of those...
Also agree with you, Mark, that we could decide to tolerate the occasional hacker and simply dump the image back onto hacked machines. I bet once hackers got bored with breaking our boxes they'd lay off. We'd probably need to put some sort of "I'm still ok and not hacked" check in there somewhere so a machine doesn't sit a long time with keystroke sniffers sending everyone's passwords off to somewhere.
At this point, we've already paid our yearly deepfreeze tithe, so we probably won't look at this again until next June. Who knows, maybe we'll find a reason we hate DeepFreeze even more and will think of switching to nice, clean, roll-your-own steadier state. In the meantime, thanks, Mark, for your neat contribution. |
|
|
| |
Topic |
|
security
