Best method of Locking down computers (theft prevention)

Similar Messages

• What is the best way to lock down an iMac?

  What is the best way to lock down an iMac to a desk?

  Run a cable through the hole in the stand and lock it to the desk. There are lots of security products out there to do this, here is a good sample to look for:
  imac security lock cable

• Best Practise to lock down server 2012 for Junior Admins

  We require locking down the desktop for junior admins. Essentially we would like for them to only access specific tools and applications.
  Below are examples of specific tools they would require access to however, if we want to block out everything else then what is the best way to go about that? I would image a combination of group rights? how best to handle this?
  Examples
  All Programs->Accessories->System Tools->System Information. then export report.
  "ipconfig /all
  go to Run and then type "systeminfo" and capture all data.

  You can use security group and delegation of administration model.
  http://technet.microsoft.com/en-us/library/cc755982(v=WS.10).aspx
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Best method to "scroll down" in a BDC?

  I'm trying to write a BDC where the incoming data may or may not take up more than 1 screen's worth.  In other words, I may have to have the BDC scroll down once or I may have to have the BDC scroll down more than once.
  Is there a best practice for handling this?  Do I have to count the number of rows I have and program to hit down arrows accordingly?
  Thanks!

  Hi,
  There could be two ways.
  1. After entering the records have the OK_CODE 'P+' every time.
  This will ensure that your subsequent lines are always placed on Line 2 of the table control. This will relieve you the headache of having to count the rows and use that logic.
  2.If available use the button to append new rows.. This implies every row you enter is a new row. It is equaly helpful.
  Regards,

• RD Session Host lock down best practice document

   
  Hello,
  I am currently working on deploying an RDS Farm. My farm has several RD Session host servers. Today I learned that you can do some bad things to the RD Session hosts, if a user presses
  CTRL + Alt + End when having a open session. I locked all of this down using different GPOs which include disabled access task manager, cmd, locking the server, reboot and shutdown etc.
  However, this being sad how would I know what else to lock down since I am new to this topic. I tried to find some Microsoft document about best practices what should be locked down but I wasn’t
  successful and unfortunately a search in the forum did not bring up anything else.
  With all the different features and option Windows Server 2008 R2 has I do not even know where to start.
  Can some please point me into the right direction.
  Thank you
  Marcus

  Hi,
  The RD Session host  lock down best practices of each business is different, every enterprise admin can only to find the most suitable for their own solutions based on their IT infrastructure.
  I collected some resource info for you.
  Remote Desktop Services: Frequently Asked Questions
  http://www.microsoft.com/windowsserver2008/en/us/rds-faq.aspx
  Best Practices Analyzer for Remote Desktop Services
  http://technet.microsoft.com/en-us/library/dd391873(WS.10).aspx
  Remote Desktop Session Host Capacity Planning for 2008 R2
  http://www.microsoft.com/downloads/details.aspx?FamilyID=CA837962-4128-4680-B1C0-AD0985939063&displaylang=en   
  RDS Hardware Sizing and Capacity Planning Guidance.
  http://blogs.technet.com/iftekhar/archive/2010/02/10/rds-hardware-sizing-and-capacity-planning-guidance.aspx
  Technical Overview of Windows Server® 2008 R2 Remote Desktop Services
  http://download.microsoft.com/download/5/B/D/5BD5C253-4259-428B-A3E4-1F9C3D803074/TDM%20RDS%20Whitepaper_RC.docx
  Remote Desktop Load Simulation Tools
  http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3f5f040-ab7b-4ec6-9ed3-1698105510ad
  Hope this helps.
  Technology changes life……

• How do I lock down an iPad from having certain apps removed?

  Hello,
  We are a Microsoft-based enterprise that has purchased iPad 2 devices as a means of reducing costs of wireless services as well as integration with the 3G adapter (to reduce damage and theft). While I have had great success with the iPhone Configuration Utility and an MDM server, I need to ensure that users cannot remove the Find My iPad App which we use to track employees and ensure they do not lose or steal the device (since they can't remove the battery).
  What can I do to lock down this app from being removed and also, I want to give these employees access to load whatever they wish on these iPad units. We control their access through a VPN to a Microsoft Terminal Server and with Microsoft Exchange but I don't want iTunes and the CEO's credit card being used to purchase apps. Any ideas anyone? I know that this can be done and if not, it will be done by me.
  Brian Tate
  Information Technology Manager
  Grand Texas Homes Inc
  http://www.grandhomes.com

  I'm not sure about the apps, but to prevent theft, you'll also need to disable the power button and the ability to restore the ipad. You might also want to superglue in your Sim card because if they remove that, it wont be tracked unless they connect to WiFi.
  Also, I'm not so sure it is an app on the iPad. I think it is built into the mail, calendar and contacts options if you have a Mobile me account.  http://www.apple.com/ipad/find-my-ipad-setup/

• Would like to know how to Completely Lock-down Windows 7 OS

  I don't have a general question..
  It's more like specifics about how to lock down windows 7 computers..
  Here's a little background information...
  I have two computers, both with win 7(Pro, and home prem).
  A family member can somehow bypass all bios and all windows security services... Everytime I go to work or school, he will power on my desktop and somehow 'hack' into the OS and install keyloggers or viruses so he can obtain my banking or other personal information.
  He also unlocks and deletes all the passwords so he can have access whenever he wants..
  Can someone please tell me how to do a complete lockdown? This is getting extremely annoying.. I've done everything that I can do; Also considering on switching my major to some sort of computer security. I'm starting to lose my mind over these months.. All
  help is appreciated.
  I've password protected BIOS
  I've disabled administrator accounts, i've put password on the admin and the guest user; locked the option to change passwords..
  All help is appreciated. Thank you all in advance.

  Hi,
  If you are using Windows 7 Professional, Ultimate, or Enterprise, you can use the Local Group Policy Editor to change policies that affect the security of your computer. Please check if the following policies meet you requirements.
  [User Configuration\Administrative Templates\Windows Components\Windows Explorer]
  Enable these two polices:
  Prevent access to drives from My Computer
  Hide these specified drives in My Computer
  For your reference:
  Lock Down PCs with Windows 7:
  http://technet.microsoft.com/en-us/windows/gg983426.aspx
  Also, restrict Which Programs a User Can Run. You can set rules in AppLocker in the Group Policy Editor that prevents all programs from being run.
  In addition, temporarily Lock Your Computer if Someone Tries to Guess Your Password
  If you share your computer with other family members or allow your friends to use it, you should have a password on your Windows account so no one else can log into it. However, someone may try to guess your password and log into your account. If this happens,
  you can temporarily lock your computer.
  You should also periodically change your password.
  If you suspect, you family member using a tool to bypass your password. You may use Malicious Software Removal Tool (http://www.microsoft.com/security/pc-security/malware-removal.aspx)
  to remove it.
  Hope it helps.
  Regards,
  Blair Deng
  Blair Deng
  TechNet Community Support

• What is the best method of backing up my digital files (catalog) in the Photoshop Elements Organizer

  What is the best method or service for backing up my digital files (catalog) in the Organizer from Photoshop Elements 12. Since there no longer is  the automatic  Elements sync available I do not know what to choose. I have tried to back this up using my external drive, but I cannot find the digital images per se. I see the entire program but not the catalog of pictures. Also, I have a windows operating system and Adobe  Revel offers no edit capabilities with this OS.

  I'm in a similar situation including movies I've purchased from iTunes...
  Here's my setup:
  I have all my iTunes data (music, movies, etc.) as well as about 10 GB of photos stored on a nework storage device that uses RAID-5 with SATA disks. This is basically a little toaster-sized NAS machine with four hard drives in it (www.infrant.com). If one of these drives dies, I get alerted and can insert a new one without missing a beat since the data is stored redundantly across all drives. I can also just yank out any one of the four drives while the thing is running and my data is still safe (I tried this after I bought it as a test).
  That's how I prevent problems with a single disk... Redundancy
  Now onto "backups"...
  Nightly, my little RAID toaster automatically backs itself up to an attached 250GB USB drive. However, these backups are only of my critical data... documents, photos and home movies... I don't bother backing up my "Hollywood" movies since I can live without them in a disaster.
  ... I actually don't permanently store anything I care about on a laptop or a desktop. It all goes on the NAS box (Network Sttached Storage) and then my other computers use it as a network drive. It's attached via Gigbait to my main computer and via wireless to most everything else.
  My achilles heel is that I don't store anything outside of my house yet. If I was smart, I'd alternate two USB drives attached to my NAS box and always keep one of them somewhere else (Safe Deposit Box?).
  ...and that's just one way to do it.
  -Brian

• Forward facing locked down machines... kiosk?

  Hey everyone,
  So I have done a lot of research on this topic, but have yet to find an end-all solution to my conundrum. I have many machines in my network that are forward facing and public use reference terminals that connect to a database of books and things. These
  machines are not and should not be used to casual internet browsing so we have manually locked them down. These machines currently run IE10 Win7x32. The windows side locking down is no problem. But we are having a BIG issue with the current way we allow specific
  sites and lock out all others. 
  In our system, we have an abundance of allowed sites for quick research purposes that these machines are allowed to access. Still technically reference information. For the sake of argument, we have about 25 sites including the main database site that should
  be allowed through a proxy or other filtering system. Currently, we have this proxy based with exceptions built into IE... however, there is around a 255 char limit on that input box (for whatever reason).
  So that brings me to my current solution that is not quite working correctly. I have configured a .PAC script and stored it on a server that these machines can access and an msi for IE10 branding using the IEAK for IE10. This .PAC script does not seem to
  be working the way it should. I got the idea from a site I didn't save, but the basic idea is below:
  function FindProxyForURL(url, host)
  // variable strings to return
  var proxy_yes = "PROXY 255.255.255.255:8080";
  var proxy_no = "DIRECT";
  if (shExpMatch(url, "*.google.com")) { return proxy_no; }
  // Proxy anything else with yes
  return proxy_yes;
  So, my understanding is this would run when sites are accessed, if it matches the if statements it passes and if it doesn't, it defaults to proxy_yes which doesn't exist and thus doesn't load. The ADMX configures the proxy itself and everything should be
  great. 
  My main question: is there a better way to allow sites through to a machine WITHOUT loading the pages first. A simple whitelist/blacklist doesn't necessarily work because it, as far as I understand, still loads the pages but does not display them. Currently,
  it looks like IEAK is the only way to correctly manipulate these settings in internet explorer 10+, unless I'm getting that wrong. It doesn't seem like the list from our previous installation from GP is being overridden using this method, and it doesn't
  apply to new machines connected to the policy. Of course, I know it is applying because other functions, like the content rating system that I accidentally left on, have caused some problems in the past. 
  We will be upgrading these machines to newer optiplex models and installing Windows 8, so if there is a more effective solution that only works in windows 8, I am willing to try it. 
  Thanks in advance for the help, you guys are always awesome! 

  Hi,
  >>Currently, it looks like IEAK is the only way to correctly manipulate these settings in internet explorer 10+, unless I'm getting that wrong.
  In addition to IEAK 10, to configure proxy for IE 10 on Windows 7, if our most up-to-date domain controller is Windows Server 2012 or R2, we can use Group Policy Preferences
  Internet Settings extension to configure the proxy setting. Besides, we can also choose to install Remote Server Administrative Tools on a Windows 8 or 8.1 client and manage group policy settings from this client.
  Moreover, another way is that we can try using Group Policy Preferences Registry extension to configure the proxy settings for IE10 on Windows 7.
  Regarding this point, the following thread can be referred to as reference.
  Proxy settings not applying to IE above 8
  http://social.technet.microsoft.com/Forums/en-US/3b0f54d7-7293-49dc-9e3f-e8799c20265b/proxy-settings-not-applying-to-ie-above-8?forum=winserverGP
  Best regards,
  Frank Shen

• T400 Docking station not a secure lock down.

  There is a rash of theft currently where I work. It seems that the docking station will release a laptop even though it is locked down. I am wondering if the cable lock should attach to the laptop instead of the docking station. That will be a pain to do with as many meetings that we go to.
  Has anyone else seen this problem or know of a better solution? Is there a known problem with a mechanical issue with the dock station? Other then the obvious of installing cameras.

  If security is a concern, I would lock the laptop instead of the docking station. From what I understand, when you lock a docking station, it prevents the mechanical arms on the pad from allowing the laptop to be removed; however, these mechanical arms (plus the docking station locking mechanism) provide nowhere near the security that a Kensington-style lock does. For maximum protection, I would recommend locking BOTH the docking station and the laptop with a flat key or combination computer lock (dual/twin-headed locks are available). A final note - a thief will probably be much more reluctant to rip out the lock from the computer than the docking station.

• Need suggestion on locking down student imacs

  Hello, I just inherited a handful of computer labs. 8 imacs each spread out between 5 schools. 3 labs have internet access and 2 labs do not. Since I'm a complete noob when it comes to Mac OS Security what would someone recommend as my first step to locking down the computers. The students have tons of shortcuts on the desktop,downloaded mp3's, movies, myspace, facebook etc..It's a mess. Is there any 3rd party software that can manage desktops or can Mac OS do it all?
  Thanks

  Oh another Internet one I forgot...
  http://www.netnanny.com/mac?pid=3&gclid=CLmq6-zMzpkCFRFMagoduSShtQ
  Parental Controls in Leo...
  http://www.apple.com/macosx/features/parentalcontrols.html
  For even more control you can do Get Infos from the finder on the files/folders and change permissions so they can't write, only read, or no access.

• Locking down multiple PDF's at a time

  We want to lock down multiple PDFs at once, meaning we do not want people to be able to save the files or copy text in the PDFs.  When we turn it on one at a time we go to File- Properties- Security tab and change the security method to Password security and so on. We would love to find a way to change that on multiple PDFs at a time. I have done searches for how to do this and they say to click on advanced- Document processing- Batch processing. I am using acrobat 9 Standard and I am not able to see batch processing. Do I need to upgrade to Pro? Or is there a different way to accomplish this task that I am missing?
  Thanks

  I have upgraded to PRO and I still only see this. When I did the install I told it to do a complete install. Is there a plug-in that I need to have for this to work? Any other ideas would be helpful.
  I

• When bouncing- what's best method for smallest file size/highest quality?

  I am in the process of embedding 3 mp3's into a PDF to submit as a portfolio. The PDF also has text, and two scores included, and with the 3 embedded mp3's it can't be more than 10mb.
  So my question is: When bouncing a project out of Logic, what is the best method for getting the smallest file size, but retaining the best audio quality? And once it's out of Logic and it is an mp3 or other type of audio file, is there a best format for compressing it further, and still maintaining the relative quality?
  I bounced out the three projects into wav's. Now I am using Switch for Mac to compress them down to smaller Mp3's. I basically need them to be about 3 mb each. Two of the recordings sound OK at that size, but they are just MIDI(one project is piano and string quartet, the other is just piano- all software instruments. The recording that combines MIDI and Audio and has more tracks (three audio tracks and 10 Midi/software instrument tracks)and sounds completely horrible if I get it under 5 mb as an mp3. The problem is that I need all three to equal around 9mb, but still sound good enough to submit as a portfolio for consideration into a Master's program.
  If anyone can help I would really appreciate it. Please be detailed in your response, because I am new to logic and I really need the step by step.
  Thank you...

  MUYconfundido wrote:
  I am in the process of embedding 3 mp3's into a PDF to submit as a portfolio. The PDF also has text, and two scores included, and with the 3 embedded mp3's it can't be more than 10mb.
  So my question is: When bouncing a project out of Logic, what is the best method for getting the smallest file size, but retaining the best audio quality?
  The highest bitrate that falls within your limits. You'll have to calculate how big your MP3's can be, then choose the bitrate that keeps the size within your limit. The formula is simple: bitrate is the number of kilobits per second, so a 46 second stereo file at 96 kbps would be 96 x 46 = 4416 kbits / 8* = 552 kBytes or 0.552 MB. (*8 bits = 1 Byte)
  So if you know the length of your tracks you can calculate what bitrate you need to keep it within 10 MB total.
  I consider 128 kbps the lowest bearable bitrate for popsongs and other modern drumkit based music. Deterioration of sound quality is often directly related to the quality of the initial mix and the type of instruments used in it. Piano(-like) tones tend to sound watery pretty quickly at lower bitrates, as do crash and ride cymbals. But don't take my word for it, try it out.
  And once it's out of Logic and it is an mp3 or other type of audio file, is there a best format for compressing it further, and still maintaining the relative quality?
  You can only ZIP the whole thing after that, but that is just for transport. You'll have to unzip it again to use it. And no, you cannot compress an MP3 any further and still play it.
  I bounced out the three projects into wav's. Now I am using Switch for Mac to compress them down to smaller Mp3's.
  That is silly, you could have done that in Logic, which has one of the best MP3 encoders built in. And how good encoders are will especially come out at bitrates around or below 128, which you might be looking at.
  I basically need them to be about 3 mb each.
  So, one more scrap of info we need here: how long are those three pieces, exactly? I'll calculate the bitrate for you - but please bounce 'm directly out of Logic as MP3's. They will very probably sound better than your WAV-conversions made with Switch.
  !http://farm5.static.flickr.com/4084/4996323899_071398b89a.jpg!
  Two of the recordings sound OK at that size, but they are just MIDI(one project is piano and string quartet, the other is just piano- all software instruments. The recording that combines MIDI and Audio and has more tracks (three audio tracks and 10 Midi/software instrument tracks)and sounds completely horrible if I get it under 5 mb as an mp3. The problem is that I need all three to equal around 9mb, but still sound good enough to submit as a portfolio for consideration into a Master's program.
  Length of the piece? And does the .Wav bounce you have sound OK?

• How To: Lock a folder to prevent it being deleted but still access it?

  How can I lock a folder to prevent it from being moved or trashed but still have access to move/add folders within that folder?
  The scenario is that we have a daily jobs folder and a final jobs folder. The daily jobs folder was accidently moved into an active job folder. I want these folders locked down so this cannot happen but when I use the lock feature nothing can be moved in or out of that folder.
  Under OS9 the locked box specifically said "cannot move, rename or delete this item" yet you could add or delete items to that folder all day long.
  If I try this with OSX I need to authenticate each bloody time! I just want to lock a folder down and have it accessable by anyone, anywhere, anytime without the need to type a password 80 times a day. HELP ME PLEEZE
    Mac OS X (10.4.3)  

  Read only access will prevent the addition or removal of items in the folder you set the permissions on; the folders below that one have different access settings, which can be less restrictive than those for the folder you set it on.
  For example, if folder A contains B and C, and B allows Read & Write access but A allows Read Only access, items can be added and removed from B, but B itself cannot be moved out of A, and other items cannot be moved in to or out of A. If a folder your account has Read access to is inside a folder which your account doesn't, you can use the Finder's Go to Folder command in the Go menu to navigate to it if its path is known.
  (15304)

• Best method for secure Internet ?????

  OK,
  So I wasn't sure where to put this post, so I figured I would start with the system I am using and go from there.
  The Problem:
  I am trying to set up a secure method in which I can use Internet services as I make my way from non-secure places throughout the day studying for school. In any given day I might find myself at 3-5 different locations, studying. I often have my computer with me and would like to be able to use it it without the worries of open line surfing.
  I have read (not completely understood) the VPN concept and think that it might provide what it is I am looking for.
  Before I went spending the money for an aftermarket plan that provides me a VPN, I thought I would look into setting up my own VPN off of my home connection. Although I am not sure if all I need is an internet line (IP Address) - or do I need an actual computer connected to the Internet at home.
  I might be completely wrong here in my thoughts of using the VPN, so please provide any thoughts or suggestions.
  Brief Recap:
  We have a MBP & iBook G4. We would like to be able to use either of them when we are out in public non-secure areas. Is there a way - and if yes, What is the best method to use to make this happen.
  Thanx,
  -Al-
  MBP   Mac OS X (10.4.7)  

  Qanuk,
  VPN provides a method of connecting to a home or business network securely. From some remote location, VPN creates a secure "Tunnel" whereby you can join your home network and use network resources. This would allow you to "share" files, printers, etc. between computers not just on your network locally, but across the internet, regardless of where you are connected.
  If your intention is not to share your network's resources across the internet, but to "surf" normally, you don't need to use VPN. With normal internet use, you are already as secure as you need to be. It is true that there is a potential for "snooping" inherent in using open wireless networks, but this is only a potential, not a real problem.
  The question is, "what will someone else be able to find?" Well, if you send an email, there is a potential that someone could intercept that email and read it. Big deal. There is also the possibility that someone could determine what websites you are visiting. Again, big deal.
  In order to do this "snooping," that someone would have spend a great deal of resources and time learning to use the tools necessary to do this snooping, then spend the time using them while you are on the same network. Why would someone do this in order to collect very mundane information from you? It's just not going to happen.
  Now, in any cases where you might actually be transmitting data useful to a "snooper," such as the transmission of credit card information, you will undoubtedly be doing so using a secure browser connection. In such cases, a secure connection is made between your browser and the server to which you are connected (your bank's server, the retailer's server, etc.). No snooping is possible in these cases.
  As for your computer, itself, you are protected by the best firewall in the industry. No one is going to be able to "hack" your computer while you are connected to the same network, as long as you have your firewall turned on, and especially if you have no running services.
  In short, you are already as secure as you need to be; surf away.
  Scott