I have never tried the disk imaging solution .. does the imaging solution
update itself when new applications are installed and/or computer gets new
users ? 

For me:

Only a select few have local admin rights - 



Norton Corp Edition

Windows Firewall

I still want to limit the size of local profiles (we do not use
network/roaming profiles - this may change ..) I know this can be done with
group policy

The log on the sonicwall will also help reveal suspicious phoning home

Still - 

-----Original Message-----
From: School Information Technology Discussion
[mailto:[log in to unmask]] On Behalf Of Craig Lyndes
Sent: February 13, 2008 11:03 AM
To: [log in to unmask]
Subject: Desktop Security

Dear Folks,

I know that this topic has been on the list recently (I have been 
lurking).  However at my new job I have observed that their attempt at 
desktop security has some negative consequences that I would like to 
fix.  They are currently using Windows Domain Logins with profiles that 
on their older, slower machines make boot-up take up to 5 minutes 
(creating a new profile for each student) and clutter up the hard drives 
with old profiles.

Cut to the chase - Are there any schools out there that are using Disk 
Imaging as a part of their desktop security system? 

What I am proposing is to have some computers where the users have full 
access to the local machine.  They can install plugins, change the 
desktop, do whatever they wish with the computer.  If something happens 
to the machine that causes it to become compromised then the computer is 
reimaged from a standard image stored on the network.  If you are using 
an imaging solution, which one, what are its benefits and how much does 
it cost?  Are there any repercussions to having unlocked desktops (not 
everywhere, but where appropriate and requested)?

Question #2 - What are people using for desktop security that is 
installed locally on the computer, not a server/login based solution?

I am not enamored with Windows servers and am thinking of going open 
source for network resources.  This would require the machines that need 
to have the desktop managed have something locally installed.  I am 
familiar with Deep Freeze, which seems to work very well.  I've also 
struggled with Fortress, which I found to be very good at disabling the 
machine upon which it is installed, and therefore a less than ideal 
solution.  What are people using?  We are using Icon Lock successfully 
on the Win 98 machines (approx 1/3 of the machines still).

Thanks In Advance
Craig Lyndes
Franklin Central SU