An unusual situation.

I support a Resident Community which makes available to its residents (who don't own a PC of their own) 3 PC's (Win10 Pro) installed in a "common area".

Someone bent on playing pranks has been corrupting the computers by deleting programs and/or "resetting" the computers to factory settings, forcing a re installation of the OS and the programs (Word, Excel, etc....)

I have resorted to a program called "Deep Freeze"  which returns a computer to the state it was in at Log In, regardless what was done.  The program is password protected.

Somehow "someone" has gotten around the program and continues to perform their mischief,

Question:  Has anyone encountered a similar situation and found a remedy?  Please help!

Thanks,

Biggles
Biggles1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Have I seen this?  No.

Can you put a much stronger password on Deep Freeze?   Would that stop the attacker from breaking Deep Freeze?
0
JohnBusiness Consultant (Owner)Commented:
Also, I assume the residents are Standard Users (not Admin). Please make sure of that.
1
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
What John said.

If you correctly set capabilities of users, they'll be unable to change anything.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

masnrockCommented:
I have resorted to a program called "Deep Freeze"  which returns a computer to the state it was in at Log In, regardless what was done.  The program is password protected.

Somehow "someone" has gotten around the program and continues to perform their mischief,
Now I have to ask some questions:
1) How strong is the password for Deep Freeze?
2) What sort of rights are on the account that the users have access to?
3) How strong is the password of the administrator account on the machine?
4) Did you lockdown the BIOS (they may very well be using a bootable device to tinker with the administrator account)
5) Have you considered utilizing Kiosk Mode for those machines?
0
Vadim RappCommented:
Surveillance camera might help.
0
McKnifeCommented:
Please read about the limitations of Deepfreeze and tell me if those could apply to your setup: https://en.wikipedia.org/wiki/Deep_Freeze_(software)
0
Biggles1Author Commented:
From masnrock:

Now I have to ask some questions:
1) How strong is the password for Deep Freeze?
Answer: 9 Characters mix of letters and numbers (all lower case)
2) What sort of rights are on the account that the users have access to?
Answer:  User
3) How strong is the password of the administrator account on the machine?
Answer: 10 Characters mix of letters and numbers (all lower case) one special character
4) Did you lockdown the BIOS (they may very well be using a bootable device to tinker with the administrator account)
Answer:  No.  But I should try that!
5) Have you considered utilizing Kiosk Mode for those machines?
Answer:  No!  Excellent Idea!!!!  How do you do that?
0
JohnBusiness Consultant (Owner)Commented:
Deep freeze: Try a password with upper, lower characters, a special character, and a number.

User is fine so they are not administrators.

Admin password: same advice as Deep freeze password.

Make sure you are using UEFI with Secure Boot ON.  That prevents others from starting the machine.
0
McKnifeCommented:
Please respond to all suggestions so we have a clear picture.
As for kiosk mode: question is, what you want to do with that machine. A secure setup that no one can temper with needs modern apps (like the edge browser) in order to use windows' assigned access feature.
0
Biggles1Author Commented:
I researched Kiosk mode and I have de3cided against it.

Next I will try locking down the BIOS.  For that I have to go onsite.  I will inform you all when I do that.
0
JohnBusiness Consultant (Owner)Commented:
Kiosk mode is not really helpful to residents in a community. Please keep up posted.
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
You asked, "Question:  Has anyone encountered a similar situation and found a remedy?"

John answered, "Ensure all residents are Standard Users (not Admin)."

So... you can use John's simple solution + problem is solved instantly.

Or you can use a complex/expensive/time-consuming solution like DeepFreeze... or many other equally complex/expensive/time-consuming solutions.

Standard users can't change admin level files.
0
Biggles1Author Commented:
I researched Kiosk mode and I have de3cided against it.

I have tried  locking down the BIOS, its been 48 Hours.  I also changed the password (Login as well as Bios) to something really complicated.  In thew Bios I disabled the DVD/CD so no one will be able to use a "Password breaking" software which boots from a DVD.

So Far so good.

I will keep you all informed in a couple days.
0
McKnifeCommented:
"no one will be able to use a "Password breaking" software which boots from a DVD" - then he will use USB boot, or boot a different drive if he can open the case. It would be best to encrypt the hard drive with bitlocker if that does not break deep freeze. That keeps people from breaking in and modifying data offline, changing passwords and so on - it is part of the very baseline of any security concept as all other measures fail when it comes to offline manipulation.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Biggles1Author Commented:
I also disabled booting from a USB.

Thanks everyone.  I guess this question is now closed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Installation

From novice to tech pro — start learning today.