How to secure a vista machine for public USB drive use

Hi Experts,

I'm setting up a laptop running win vista ultimate for a friend who will use it in a small print shop.  It'll be connected to a big Minolta office printer copier.  The shop owner will be inserting customer USB sticks and printing docs etc.

How can I minimize the likelyhood of viruses and malware getting loaded when the USB sticks are used?

UAC is enabled and I setup a none  admin user  account for him to use when printing.  It's currently running AVG 2012 and all win updates are done.  

Any tips on how to really lock this account and machine down to reduce risks when the shop owner is doing this printing from USBs?

Thanks,

HNM
HelpNearMeAsked:
Who is Participating?
 
JohnBusiness Consultant (Owner)Commented:
This is fine as a starting point. Two things:

1. I have had very bad luck with AVG and would not use or recommend it. People will have all kinds of opinions but something stronger is warranted.

2. Use the Vendor Software or Acronis (or such like) to make a recovery DVD of the system. If this is really all it does, a good backup will save tons of time when the inevitable happens.

.... Thinkpads_User
0
 
uboundCommented:
The two things I'd be most concerned about are:

1) Autorun.  Make sure this is disabled for flash drives (you can google this).
2) Clerks clicking things that look like docs, but are really programs.

For #2, I might be thinking about using Software Restriction Policies in the Local Security Policy.  With this, you can prevent any programs being run from the flash drive (or alternately, enable the running of programs, but only from c:).

I guess that brings up point #3: What if they copy the malware from the flash drive to c: for processing?  You could have a "working" directory where all in progress docs are stored, then use SR to restrict programs from running there as well.

Note that using SR only disables PROGRAMS from being executed from these locations.  It does not prevent docs from being read from or saved to other locations.

Certainly reduces the potential for mischief.
0
 
nobusCommented:
use deepfreeze : http://www.faronics.com/enterprise/deep-freeze/
every reboot, it will undo ALL changes made
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
nobusCommented:
alternatively, you also have mS Steady State :  http://download.cnet.com/Windows-SteadyState/3000-18512_4-10977409.html
0
 
uboundCommented:
I believe MS has discontinued Steady State.  But now that you have reminded me, what about Virtual PC?  It has an Undo mode.
0
 
h4x0r_007Commented:
You will be fine, but may I suggest switching to Microsoft Security essentials. Also disable AutoRun.
0
 
HelpNearMeAuthor Commented:
Thanks everyone for the suggestions!

HNM
0
 
JohnBusiness Consultant (Owner)Commented:
Thank you. I was happy to help. .... Thinkpads_User
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.