An unusual situation.

Biggles1
Biggles1 used Ask the Experts™
on
I support a Resident Community which makes available to its residents (who don't own a PC of their own) 3 PC's (Win10 Pro) installed in a "common area".

Someone bent on playing pranks has been corrupting the computers by deleting programs and/or "resetting" the computers to factory settings, forcing a re installation of the OS and the programs (Word, Excel, etc....)

I have resorted to a program called "Deep Freeze"  which returns a computer to the state it was in at Log In, regardless what was done.  The program is password protected.

Somehow "someone" has gotten around the program and continues to perform their mischief,

Question:  Has anyone encountered a similar situation and found a remedy?  Please help!

Thanks,

Biggles
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Have I seen this?  No.

Can you put a much stronger password on Deep Freeze?   Would that stop the attacker from breaking Deep Freeze?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Also, I assume the residents are Standard Users (not Admin). Please make sure of that.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
What John said.

If you correctly set capabilities of users, they'll be unable to change anything.
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Distinguished Expert 2018

Commented:
I have resorted to a program called "Deep Freeze"  which returns a computer to the state it was in at Log In, regardless what was done.  The program is password protected.

Somehow "someone" has gotten around the program and continues to perform their mischief,
Now I have to ask some questions:
1) How strong is the password for Deep Freeze?
2) What sort of rights are on the account that the users have access to?
3) How strong is the password of the administrator account on the machine?
4) Did you lockdown the BIOS (they may very well be using a bootable device to tinker with the administrator account)
5) Have you considered utilizing Kiosk Mode for those machines?
Surveillance camera might help.
Distinguished Expert 2018

Commented:
Please read about the limitations of Deepfreeze and tell me if those could apply to your setup: https://en.wikipedia.org/wiki/Deep_Freeze_(software)
Biggles1Founder/CEO

Author

Commented:
From masnrock:

Now I have to ask some questions:
1) How strong is the password for Deep Freeze?
Answer: 9 Characters mix of letters and numbers (all lower case)
2) What sort of rights are on the account that the users have access to?
Answer:  User
3) How strong is the password of the administrator account on the machine?
Answer: 10 Characters mix of letters and numbers (all lower case) one special character
4) Did you lockdown the BIOS (they may very well be using a bootable device to tinker with the administrator account)
Answer:  No.  But I should try that!
5) Have you considered utilizing Kiosk Mode for those machines?
Answer:  No!  Excellent Idea!!!!  How do you do that?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Deep freeze: Try a password with upper, lower characters, a special character, and a number.

User is fine so they are not administrators.

Admin password: same advice as Deep freeze password.

Make sure you are using UEFI with Secure Boot ON.  That prevents others from starting the machine.
Distinguished Expert 2018

Commented:
Please respond to all suggestions so we have a clear picture.
As for kiosk mode: question is, what you want to do with that machine. A secure setup that no one can temper with needs modern apps (like the edge browser) in order to use windows' assigned access feature.
Biggles1Founder/CEO

Author

Commented:
I researched Kiosk mode and I have de3cided against it.

Next I will try locking down the BIOS.  For that I have to go onsite.  I will inform you all when I do that.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Kiosk mode is not really helpful to residents in a community. Please keep up posted.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You asked, "Question:  Has anyone encountered a similar situation and found a remedy?"

John answered, "Ensure all residents are Standard Users (not Admin)."

So... you can use John's simple solution + problem is solved instantly.

Or you can use a complex/expensive/time-consuming solution like DeepFreeze... or many other equally complex/expensive/time-consuming solutions.

Standard users can't change admin level files.
Biggles1Founder/CEO

Author

Commented:
I researched Kiosk mode and I have de3cided against it.

I have tried  locking down the BIOS, its been 48 Hours.  I also changed the password (Login as well as Bios) to something really complicated.  In thew Bios I disabled the DVD/CD so no one will be able to use a "Password breaking" software which boots from a DVD.

So Far so good.

I will keep you all informed in a couple days.
Distinguished Expert 2018
Commented:
"no one will be able to use a "Password breaking" software which boots from a DVD" - then he will use USB boot, or boot a different drive if he can open the case. It would be best to encrypt the hard drive with bitlocker if that does not break deep freeze. That keeps people from breaking in and modifying data offline, changing passwords and so on - it is part of the very baseline of any security concept as all other measures fail when it comes to offline manipulation.
Biggles1Founder/CEO

Author

Commented:
I also disabled booting from a USB.

Thanks everyone.  I guess this question is now closed.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial