Are you on a computer with Windows 11 that is locked down?
Are you on a computer with Windows 11 that is locked down?
Good afternoon. I work in IT for a big library. We use a program called Smartshield to stop people from making permanent notes on our computers. It creates a temporary drive and saves all the changes there. When the computer turns back on, everything gets wiped clean and is ready for the next person. Most of the time it works great, but sometimes 1% go wrong. When that happens, the computer keeps spinning until someone manually restarts it. With over 800 computers, this causes about 8 to break down every month just because Windows patches have changed things. Every single one needs to be unprotected manually before updates can work, even if you log in as an admin account. I had a plan to swap that out for a Windows program instead. The steps are: only let the library patron accounts read and run on the C drive, move all library folders and files like pictures or downloads to a D drive where they can write freely. Then when someone logs off, a script wipes the D drive so no changes stay behind. That way we wouldn't have to stop updates just because computers aren't protected; it would all work automatically without stopping anyone. Does anyone think there are problems if I give library users only read and run permission on the C drive? I assume important Windows tasks will still happen even with those lower permissions. I wanted some advice before I start testing the new plan.
With over 800 computers, that means around 8 of them need to be restarted every month just because of a Windows patch. Your method won't stop this from happening. Windows will always get updates anyway. Have you considered Kiosk mode? You can set up one app on a single device using Windows Pro, Enterprise, and Education editions. learn.microsoft
We already have Kiosk mode set up for our catalog stations so people can only look at the catalog site. I thought before that we could only pick one app for kiosk mode, but now we choose Edge for this job. On normal computers, many apps come pre-installed on the desktop and are fine to use. Sometimes we have to install special off-the-shelf apps, like software just for school tests taking, and those might not work well with Kiosk Mode. We set up our user logins using a domain account that limits which subnets they can reach. I forgot about guest accounts at first (after checking again, they are totally different from what I thought!). The last one I used was on Windows 7 lol. New Guest Accounts in Windows 11 look like they might work. I'll try testing tomorrow to see if I can merge it with the subnet rules and other stuff my boss wants me to do. Thanks USAFRet and kerberos_20!