[mraaron012]

Hello to all. This is my first post. I read about this site in a recent issue of PC Magazine. I have a question about how to lock down (if possible) an OPAC terminal in a library.

I work in a good sized public library in Massachusetts. Our card catalogues are now set up so they can be accessed via the Internet. We have numerous computer stations within the library specifically used for this purpose. Our Computer Technician, using Microsoft Management Console, has managed to disable certain features that would allow people to access other websites. It still hasn't worked. The Explorer Bar on the View menu on IE 6 can still allow patrons to search the Web. We have Internet Stations that the public can use. Mostly, we have those individuals who wish to view pornography or things of that nature.

Can anyone recommend anyways to go about dealing with this situation. I have recommended a few things to our Technician, but he doesn't see this as a major problem as the rest of the staff.

Thanks in advance.

Aaron

 

[Krelian]

Have you ever considered using a HOSTS file? A HOSTS file is a small file named "HOSTS" with no extension that sits in your windows directory and redirects addresses.

For example:

127.0.0.1  [url]www.someporn.com[/url]
127.0.0.1  [url]www.something-really-bad.com[/url]
127.0.0.1  [url]www.hacking-time-baby.com[/url]

That would redirect all of those sites straight to 127.0.0.1, which is local. Instead of the web content it would generate a 404 message.

I've attached a HOSTS file with the extension .txt to this post, you can download it and look at it. It contains only a few examples, but you can always delete and edit the stuff inside and make your own. In fact, if you do a search online, I'm sure you can find a well updated adult blocking specific HOSTS file.

Just remember to leave this one:
localhost 127.0.0.1

Also, every line with a # at the beginning is comented out and ignored.

For example:

#
#This is text explaining that hosts files are really neat!
#

Remember, don't add "http://" to anything, only in the format of..

smut.pornsite.com
or
*.pornsite.net

..those are some examples.

Also, one more thing to note... the HOSTS file must follow these three guidelines:

1.) It must have no extension, just "HOSTS"
2.) It must be "HOSTS", not "HOST"
3.) It must be in UPPERCASE

If you have any questions or need further explaining, don't hesitate to ask!

 

[Bob Cerelli]

It seems like it would be very difficult to keep that hosts file current. Also, this is an easy one for people to simple delete or edit.

If there are only specific sites you want to access and only those sites, there are simple 3rd party programs like Cybersitter that are very easy to set up for this. I have several customers that only want a limited number of approved web sites to be accessed and this seems to work well for them.

I'm sure there are others but this is just one I found, understood and liked.

 

[Krelian]

If people had access to the windows directory, and the ability to delete windows files, I believe I would be more worried about that then I would people looking pornography. But I agree, doing it with the hosts file is a bit technical. Cybersitter is a good choice.

 

[mraaron012]

I appreciate the advice some of you have given.

The host file idea is good, but it's impossible to keep it current.

I have also tried various Tweak programs, but they all seem to be similar. Even if we could block the explorer bar, which is located under the View menu on IE, that would be ideal.

Again, thanks for all of your advice. It is appreciated.

 

[Bob Cerelli]

Another program I've used in conjuction with Cybersitter is Windows Security Officer. It is pretty good a locking down the computer to only those apps you allow. Again there are many out there. It is just one I liked. Spytech also would allow you to do this as well.

 

[sekirt]

You can customize the toolbar and remove buttons not wanted. Take out the address bar, etc; Use full screen IE window. But anyone with some experience can put them back in.

Click VIEW and choose customize...or right click on the tool bar. Uncheck items, etc;

sekirt

 

[Bob Cerelli]

That is why you typically need some 3rd party programs list those listed previously to really be able to lock down Windows.

Although MS has been making claims about how easy this would be since NT 5 (remember that OS), it really has never been that simple or complete without them.

 

[mraaron012]

Ideally, we would have purchased a third party program to help us with our problem. The thing is that Massachusetts has been in a fiscal crisis for the past few years and there isn't any money for us to spend.

I found this last year, from webjunction.org Message boards. Our library has computers from the Bill Gates Foundation(along with his wife), and each computer has a tool called a Public Access Configuration tool. It's a tool used for security. One poster had this advice. If you could, please tell me if this would work or not.

http://www.webjunction.org/do/MessageBoard?method=getMessages&forumId=2136&topicId=50807

the name of the poster is 'maria', and it's the second reply on the post.

 

[mraaron012]

what are your opinions on the last post?

 

[Bob Cerelli]

It looks like that software uses the Group Policy Editor to limit site access. What operating system do you have on the clients.

Never heard of the "Gates PAC configuration tool" so can't really make any recommendations either way. Have you searched the Internet for the name of the package and the word "review" afterwards.

 

[mraaron012]

It looks like that software uses the Group Policy Editor to limit site access. What operating system do you have on the clients.

Never heard of the "Gates PAC configuration tool" so can't really make any recommendations either way. Have you searched the Internet for the name of the package and the word "review" afterwards.

Well, the clients have XP.

The Gates Tool is something we already have had for a while now. It works pretty good. But the poster in the link recommended setting a false proxy server. Would this work? Again, I want to limit net access to one site, with it being our library's card catalogue.

 

[Bob Cerelli]

What version of XP. My understanding it that the Home version does not have a Group Policy Editor like the Pro version. You might want to double check that it works with both.

 

[mraaron012]

What version of XP. My understanding it that the Home version does not have a Group Policy Editor like the Pro version. You might want to double check that it works with both.

We have it on the XP Professional.

What I want to put it on is Windows 2000 Professional.

 

[mraaron012]

anyone with any more ideas or suggestions?

 

[Guest]

Just a wild brainstorming idea for folks more advanced than I to contemplate:

Suppose you were to hack the registry and change the default search URL to some benign non search site. Then when users open the View menu and click on Explorer Bar>Search would they then get an error?

Or alternatively could you use the HOSTS file to redirect the default search URL to the local machine?

P.S. In Javacool's SpywareBlaster program, in the tools menu, under the Browser Pages tab, you can highlight the addresses in the pane below and then click on "More Info On Item" to identify which URL is associated with the search function in IE6 and then once you have identified the default search URL, you can click on the "Change" button and change the address. I assume this performs the same function as if you were to hack the registry to make those changes except it is a whole lot easier. Just change the address to some benign page that has no clickable links. HeHe, maybe you can even change the address to your own card catalog address.

And the best thing if it works is that it is all free$.

 

[mraaron012]

FINALLY, I have found a program that fits our needs!

http://www.snapfiles.com/get/ierestrictions.html

It blocks out the Explorer Toolbar and prevents people from accessing the Internet.

Now, we have a problem with this program cooperating.

I have tested it out on the Staff computer and it works like a charm. However, our computer technician is having problems getting the OPAC computers (again, used to search our system's card catalogue which is online) to get the program to work.

He has our computers "secure" using Microsoft Management Console. Could this be why the program we want to work isn't working? Can anyone offer any advice as to how to get this working?

I can see the mountain top, but we haven't reached it yet.

Thanks for all of your help thus far.