CAVEAT: The information provided herein is most likely exactly correct, HOWEVER use it at your own risk: we assume no risk or liability. Do your own evaluation and make your own choices.
In previous articles we have revealed our approach to identifying what resources are needed in the public training computer lab, how to select, purchase, and assemble components to build the needed computer hardware, and how to install the operating system(s) onto that hardware so that it can be used. In this article we review additional programs which should be installed, needed configuration steps to make that hardware maintainable from one central computer, and settings to keep that hardware operating in a real world environment full of Internet criminals who would install malware to ruin the lab for everyone.
In this series of articles we have installed both Linux and Microsoft Windows 10 Operating Systems (O/S). Each operating system has it’s own configuration needs. Since Microsoft Windows is quite common, has fewer steps, and is more likely to be the O/S of choice for many public computer labs, I will discuss Microsoft Windows configuration first, then Linux configuration.
Microsoft Windows 10
Accounts / Passwords
Before you begin, it is wise to decide, in advance, on what accounts you will use. Will you be using a cloud account such as Microsoft Office 365 with each user having their own, unique, login credentials? Will you use a local login instead of an Internet based Microsoft account? What will be the login names and passwords on the local accounts? Will these be the same on every computer or unique?
Unique Personal Accounts for All
If you provide each individual with their very own, personal, unique Office 365 account, you will need to obtain enough accounts to cover all of your users. Public charities can obtain these accounts directly from Microsoft, for free, provided that they are already validated as a tax exempt IRC section 501(c)(3) public charity and meet Microsoft’s criteria for organizations to which Microsoft is willing to donate.
Visit Microsoft for Nonprofits at https://www.microsoft.com/en-us/nonprofits to get an account. You must then be verified through TechSoup.org, so if you do not yet have an account on techsoup.org get that first.
To be approved for donations through TechSoup (once you have an account with them) there is an approval process that requires a few days. Please see https://www.techsoup.org/joining-techsoup/registration.
Read the donation criteria from the donors of interest (example, Microsoft) BEFORE you register. Pay close attention to the details, as each donor has their own conditions, and ensure that the information you enter during registration is true and clearly shows your organization’s compliance with those rules. As an example, you must be listed on the IRS web site as a tax exempt public charity. For an example please see https://apps.irs.gov/app/eos/allSearch.do.
Benefits of having a unique account for each public computer lab patron are that the patron will have an account that is their own, and they can continue to use that account on their home computer and mobile devices, and not mess up other people’s accounts. Office 365 includes all the downloadable Office software which comes with your Office 365 seats.
Hindrances to providing each patron with their own account involve account maintenance and legal liability. You must obtain an account seat for each patron, then create each patron’s account, then oversee use of all those accounts to keep your organization’s Office 365 seats working, in compliance with Microsoft rules, and free of abusers who use their account, provided to them by your organization, for illegal purposes. The Office 365 is amazing (even awesome) as a business tool, but administrating it requires some time, learning, and technical aptitude. This approach still would leave you hanging if you required administrative access to one computer, for example to fix something a patron broke.
The Same, Standardized accounts on all computers
One can create a few accounts in Office 365 and then use those on all computers. Our experience with this approach was that since everyone is logging in with that one account everyone uses the same desktop and the same resources. We thought that this would be a great approach as we would merely set it all up once and have everything covered. What happened instead was one person clicked something that downloaded a virus, and by the end of the first day all the computers were full of that same virus because they all connected to that some account. Kind of like all family members using the same tooth brush: everyone gets the same diseases.
Assigning specific, standardized, local accounts on all computers avoided this problem but volunteer staff and management really need their own personal accounts.
Optimized Hybrid Approach
The approach we have settled into using is to create Office 365 accounts for staff and managers, with two local accounts on every computer: Manager (to perform computer maintenance) and Walk Up User (for patrons and normal use). These accounts are on every computer with a laminated sheet beside each computer with color pictures, circles, and arrows showing how to login as Walk Up User. How to login as Manager is not disclosed. The password for the Walk Up User on every computer is “let-me-in”. If you do not need to teach patrons how to log in (a basic computer job skill) then you can also set the Walk Up User account to simply login without a password.
Trainees assigned to us for an extended time are each given their own Office 365 account, which they login to using a web browser: they do not use their account as a “Windows account”. When the trainees move on then their Office 365 account is deleted. Mail in trainee’s account is set to automatically delete after two weeks. Much training is available from Microsoft on administrating Office 365.
Create Accounts
In our article on installing the O/S we recommended that you use the name Manager when asked by the install process (see “Completing the Install” in Building the Community Computer Lab – The Software. Now login and create another account. I will refer to it as ‘Walk Up User’ or ‘usr’ but you can choose whatever login you desire to be used for patrons on all the computers.
To get to the LOCAL user login screen instead of an Internet Microsoft Account (which is not practical for a public lab for the previously disclosed reasons) first you must click “I don’t have this person’s sign-in information“. Then on the next screen you must click “Add a user without a Microsoft account“. Simply fill in the needed login name, and password information on the page. In example, ‘Walk Up User’ and ‘let-me-in’.
Administrator Account and deterring hacking
Microsoft creates an Administrator account for you but it is initially disabled. The problem is that exploitation can access this account and then use it to install malware on your lab workstations. That it is disabled helps, but the best policy is to change the password to something other than the default setting. To do this is more technical than simply adding a user account, but the menu search box makes it simple enough. In the menu search box type “computer” and when Computer Management appears click the Run as Administrator item in the right hand column.
In the tree at the left side of the window which opens, click Local Users and Groups to see the branches. Next click the branch Users. The center column will fill with the list of users on the computer, and the top one, the one called Administrator, is the one of interest. Click Administrator at the top of the center column and then under Administrator in the right most column click More Actions. The top of the popup menu that then appears will be Set Password: click it. A box will appear with a warning. Click Proceed. Another box will appear with two boxes for the password to be typed twice. Type the Administrator password exactly the same way in both boxes.
Again in the far right column, under More Actions, select Properties. A screen will open which contains a check box for Disable this account. That box will presently be checked. Un check it to enable the Administrator account. Click OK. The Administrator account will now work and use the login name Administrator and whatever password you specified. Smile. You gotta love Microsoft.
Scheduled Program Executions
Computers activate many programs automatically on a schedule. In our situation there were occasionally uncooperative patrons who refused to leave when we need to close. These individuals are sometimes combative, placing our staff in an unnecessarily stressful situation. Automation was used to simply resolve this problem: we added a task to automatically, and with great prejudice, shut down the computers at closing time, and keep them shut down even if the difficult patron restarts the computer over and over again. It allowed a peaceful resolution as our staff no longer need advise patrons that we are closing – the computers do so with indefatigable precision. The staff can simple say “Oh yeah they’re programmed to do that.”
To implement this simple peacekeeping safety measure two scheduled tasks were created, and can be easily disabled or re-enabled by the administrator as situations require. First is the one which forces the computer to shut down immediately at closing and will continue to shut down the computer as often as it is restarted until we open again. You experienced this in college and it works appropriately in a public computer lab. The second task is a message we start half an hour before closing that warns of the impending facility closing and suggests the patron save any work and log off. Of course they ignore this but it continues to appear anyway.
To set up the schedule, again use the menu search icon, and type in “schedule”. Enter the Scheduler by clicking Run as Administrator in the right hand column when the Task Scheduler appears above. The task scheduler will open.
At the far right column, click Create Task to create a task. In the box that appears, type a name for the task, such as Daily closing shutdown. Then click the Change User or Group button and change the user to Administrator. Do this by typing Administrator into the Object Name box and then clicking the Check Names button. The box contents will change to add the (cryptic) designation of the computer, a slash, and Administrator. Click OK.
Now on the first tab, at which you should still be looking, change the boxes at the bottom as shown: Run whether user is logged in or not, Run with highest privileges, and configure for Windows 10. Then click the next tab (Triggers) and at the bottom click New to designate when to run this shutdown task.
Look at the picture in the slide show above: Daily, start time (when you want the computers to shut down), repeat the task every 5 minutes for 1 hour, stop the task if it runs longer than 1 hour, and it’s enabled. Then click the next tab, Actions, and at the bottom of that new tab New, to add an action for the task to perform, in our case to shutdown the computer.
In the program box put C:\Windows\System32\shutdown.exe and in Arguments put /s /t 5 /c “Daily LAB Closing”. The /s is for shutdown and power off, he /t 5 is for five seconds delay, and the /c is a comment so that the computer actually performs the shutdown.
The next two tabs offer additional constraints which do not apply to our 120VAC line powered desktops, but make such changes as you think appropriate to your situation. Finally click OK, and a box will appear asking you to enter the Administrator password. Do so and the task is now scheduled. It will start every day at closing time and repeat itself time and time again every time that the patron turns the computer back on, for one hour. “The best military action is no military action” -Sun Tzu. The best way to deal with a violent patron is not to have violence.
To warn the patron to save their work and log off, add a second scheduled task, a message, in similar fashion. Set the trigger to repeat every day at half an hour before daily closing time and repeat every 5 minutes for 30 minutes. Stop it if it is still running after 30 minutes.
For the command use C:\Windows\System32\msg.exe and for the arguments use something like * /W ‘The LAB is about to close. Please save your work and log off. The LAB will open tomorrow at the usual time.’ Note the single quotes.
Additional Software
Before you do anything more, be sure you have enabled the free Microsoft Windows Defender Security Center that is provided with your Windows 10 operating system. For instructions read the Microsoft article at https://answers.microsoft.com/en-us/windows/forum/windows_10-security-winpc/how-to-enable-and-use-the-built-in-windows/0682bf04-b8d2-4646-9dfb-e5823a5e2117.
To install software one normally just uses the Microsoft Store app. Open the app by clicking the little shopping bag on the task bar, or browsing to it in the menu.
Find the program(s) you want in the store and click to install.
In other news, you can get Microsoft Office from TechSoup.org, and it dos not cost the $499 price tag connected to the Microsoft Store. This is because Microsoft donates much software to public charities, and uses TechSoup.org as the means of distribution. TechSoup.org charges an “administrative fee” for each software donation that you get through their service. When you buy (“get a donation of”) software through TechSoup.org, you will receive an email with instructions on how to download and install the software.
Software can also be downloaded from web sites selected by the owners. Examples are the Mozilla Fire Fox web browser (download from https://www.mozilla.org/en-US/), the Thunderbird email client (https://www.thunderbird.net/en-US/), and the Google Chrome Web Browser (https://www.google.com/chrome/).
Browser Settings
In all of the browsers you have installed, you may wish to set their home page to your organization’s web site. We also include links on our home page that help our patrons quickly reach the other web sites that they need to use: the Indiana DWD WIN system, Microsoft Office 365, and Indiana Career Connect are three examples.
This is a basic install for Windows, and it is a long article so I will end it here. In the next article I intend to discuss these same topics as applies to the Linux install.
You must be logged in to post a comment.