May 17, 2005

WinXP image doc template

Target __ Mac __ PC __ Staff __ Public

Path: K:\IMAGES\STAFF\GHOST\[filename].GHO

Description: Staff XP baseline image for [target hardware]

Start date/Date uploaded/Appr date/Appr by/Creator's initials

Who worked on the image?

What’s in this version?

--sample data --

Started on [brand/model] system with primary drive partitioned into a [size] C: and a somewhat larger D:, the D: drive formatted as FAT32 so that we can use a Win98-based boot disk to ghost from C: to D:. Onto that C: drive I installed WinXP Pro sp2 (mostly default settings) built from a campus-licensed ISO, downloaded from The product code, listed at that website and which one needs for each deployment of this image, is:


After the OS install I configured it for Biomedical Library staff and/or “Green” PCs as follows:

1. Administrator account (new password) renamed to [local admin acct]
2. Account xpuser (old password) member of Administrators and Users
3. Disabled DCOM (used by some viruses) with Start -> Run -> dcomcnfg
4. Network set to support TCP/IP only, enabled NetBIOS over TCP/IP
5. Enabled automatic Windows updates for every day at 4 pm
6. Applied all Windows Updates except a few optional ones like Journal Viewer
7. Simplified the interface a la Win2K and optimized it for performance
8. Reduced the size of the System Restore area to the minimum available
9. Removed MSN Explorer, Windows Messenger, Outlook Express, other baggage
10. In Internet Explorer, set history to one day, deleted cookies, set home page to Biomed’s, disabled automatic completion of passwords and forms, set to delete files upon closing
11. Installed campus-licensed Symantec Antivirus [version] with defaults, updated defs, tweaked to delete bad files it cannot clean and to skip network drives
12. Killed any ASP.NET or related user account(s) created in the optional .NET install
13. Installed Spybot [version] plus all available updates, immunized the system
14. Downloaded and installed FireFox [version] into its default directory
15. Downloaded and installed Acrobat Reader [version], updated to [version]
16. Downloaded and installed Macromedia Shockwave [version] player
17. Downloaded and installed Macromedia Flash [version] player
18. Changed FireFox preferences to make all cookies session cookies, to use pictures only in toolbar, to block most pop-ups, and to save neither passwords nor forms
19. Installed ActiveState Perl [version], mostly defaults
20. Installed standard plug-ins for Chime 2.6 sp5, CN3D 4, and Isis Draw 2.3
21. Installed Scifinder Scholar [version] plus U of MN file C:\SFSCHLR\ site.prf
22. Installed Beilstein Commander [version] with the latest Crossfire connection software
23. Installed UMCal 9 and tweaked settings per OIT advice
24. Installed WinSCP [version] for remote file access (uninstall where not needed)
25. Installed Office 2003 using CD from - included Word, Excel, PowerPoint, and InfoPath, all run locally, but excluded Access, Outlook, Publisher to keep this image reasonably-sized and fairly clean. We can add those apps as needed
26. Updated Office 2003 and added the Remove Hidden Data util (to clean docs over time)
27. Created custom default profile based on [xpuser], to apply to all new users of this PC
28. Changed default IP address to DHCP, but left Advanced settings in place
29. Used Sysprep 2 (see k:\systools\wxptweak\sysprep) with all options except nosidgen
30. Booted from CDROM, ghosted from C: to D: with compression
31. Rebooted, let Sysprep run, set IP address (1-2 minutes to become active)
32. Joined PC to domain, rebooted, tested, copied image from D: to K:

Please share any questions or concerns…

Bootable DVD Image Deployment Instructions:

1. Enable target CMOS to boot CD/DVD disk before hard drive
2. Use bootable DVD to wipe target, create C: and D: partitions
3. Reboot, format D: /u/v:D, then xcopy E:\*.* D: (make image local)
4. Reboot with same bootable DVD, then ghost from D: to new C:
5. Remove DVD, reboot, walk away for 10 minutes as it Syspreps
6. Enter the WinXP campus license product code ** listed above **
7. After Sysprep is done login as xpuser (old password)
8. Set the IP address and DNS and give it a minute to take effect
9. Launch Windows Update to verify the IP works and get patches
10. Update Spybot and Symantec Antivirus definitions as needed
11. Setup printers, departmental apps, other local settings as needed
12. If on a public PC, remove xpuser from the Administrators group
If on a staff PC, ask Brad or Dan to join the PC to the domain
13. Login as xpuser (public) or a domain user (staff) to test

Posted by tapli005 at 1:56 PM

May 10, 2005

Draft of Organizational Laptop Use Policy

The following is a copy of a very rough draft laptop policy from September 2004. I don't think we ever did anything specific with it, fir for future reference...
The [org] has A [brand and model] laptops available for [specify] use in room B of [building], plus a limited number of other laptops reserved for [org] staff use, but which have also occasionally helped absorb overflow demand for [blah].

This policy applies primarily to the [brand and model] laptops but could also apply to any staff laptop used within or outside the [org] for [blah] purposes. Note that all such laptop use assumes the active participation of a [org] staff member who can keep an eye on the laptops. These laptops should never be checked out to end-users nor left unsupervised in an unlocked room.

Classes normally take place at [place]. While various [org] staff teach these classes, laptop configurations will remain the responsibility of the [org] IT department.

Software Configuration:

Consistent, reliable performance of these laptops depends on the use of a standard configuration and on minimizing unauthorized changes to that configuration over time. I.S. will periodically update the standard configuration to meet evolving needs. We try to include any licensed, standard software that will typically be needed in classes. We do not include unlicensed or clearly extraneous software.

If there is a software package that an instructor believes should become part of the standard configuration, that is paid for (or free) and can be legally installed on ALL our laptops, and that we can realistically support in addition to other software in the image, we can try to add that to the next configuration (with adequate advance notice).

Software to be used beyond our standard configuration must be first approved and installed by the [org] IT department. All software to be added, either to the
standard configuration or ad hoc, must bear proof that it can be legally installed. Unapproved software and all user data will be removed without notice as laptops are patched, upon reconfiguration, or sooner depending on needs and staffing. Never leave user data on a laptop.

If any laptops sport multi-boot configurations to load a choice of operating systems (e.g. Windows and Linux) the maintenance procedures may differ but the principles remain the same for any operating systems or software
package: it must be legal, approved, installed by IT.

Our latest [abrand and model] configurations include (at least):

Windows XP sp2 with most of the common accessories,
recent patches, and a "Windows Classic" layout/style
Adobe Acrobat Reader 6.0.2
ActiveState ActivePerl 5.8
Microsoft Word 2003
Microsoft Excel 2003
Microsoft PowerPoint 2003
Mozilla FireFox (recent version) with Macromedia patches
Spybot Search & Destroy 1.3
Symantec Antivirus 9 (with automatic updates)
WinSCP 3 (mostly for software maintenance)

This list is subject to revision without notice, but we will try to maintain a good list of included software. Some or all laptops may also feature SuSE Linux or Fedora Core with all included free components loaded in a dual-boot configuration.

Hardware Configuration:

Each [bradn and model] includes the following....


When laptops are in [building] or otherwise under the care of [org] staff, the [org] is responsible for them. When any laptop is in use [other org or individual]
the [other org or individual] assumes all responsibility for the laptop.

Staff members and users from all departments agree not to install software, alter system hardware or software configurations, or otherwise violate the [larger org] guidelines for acceptable use. Any files or programs saved on the laptops will be deleted. The [org] is not responsible for damage to patron’s personal disks, for loss of data, or for files left on a laptop’s hard drive.


Well in advance of any given class, the staff member planning a class should...


Aside from periodic reconfigurations, patches to Windows and Symantec Antivirus should be automatic. IT will regularly check the laptops to see that these are being patched, to patch anti-spyware software as well, and to scan for problems and remove any non-standard data or applications. Please direct any
maintenance support questions to [org] IT staff.

User Responsibilities (very rough)...

The following provisions describe conduct prohibited under these guidelines:

1. Altering system software or hardware configurations without authorization, or disrupting or interfering with the delivery or administration of computer resources.

2. Attempting to access or accessing another's account, private files, or e-mail without the owner's permission; or misrepresenting oneself as another individual.

3. Installing, copying, distributing or using software in violation of: copyright and/or software agreements; applicable state and federal laws; or [larger org] standards

4. Using computing resources to engage in conduct which interferes with others' use of shared computer resources and/or the activities of other users, including studying, teaching, research, and University administration.

5. Using computing resources for commercial or profit-making purposes without written authorization from the [larger org].

6. Failing to adhere to individual departmental or unit lab and system policies, procedures, and protocols.

7. Allowing access to computer resources by unauthorized users.

8. Using computer resources for illegal activities. Criminal and illegal use may include obscenity, child pornography, threats, harassment, copyright infringement, defamation, theft, and unauthorized access.

Composed in September 2004, Revised xxxx

Posted by tapli005 at 8:27 AM