Unfortunately, the first thing you have to do is completely wipe the hard drive on the PC and start over again. But this time, before you give the PC to the public, you install Deep Freeze on it.
Deep Freeze is a product that completely rolls back any changes made to a PC every time it reboots. This is good for when a patron makes unwanted changes to the PC, like changing the background, or for when a PC gets infected. It is not so good for when you need to update the PC, because that will be removed too.
Deep Freeze runs in two modes: frozen and thawed. When its frozen, any changes made are removed at the next reboot. When its thawed, you can do your updates and they will stick.
I have been using Deep Freeze for more than a decade and am very impressed with it. I think you should use it too, or a product like it, to keep your public PCs running well.
Windows Steady State has a similar component but Microsoft does not make a version of Steady State for Windows 7. There are other paid products as well such as DriveShield and Centurion Guard, but I haven't used those so cannot comment on them.
- I purchase the Enterprise version, which means I have a central console from which I can switch all my PCs from frozen to thawed with just a few clicks. This console also allows you to update the Deep Freeze configuration, to startup and shutdown the PCs, send screen messages to the PC, and more.
- Deep Freeze is also sold in a Standard edition, which installs on a lone PC and is managed only at that PC.
- When I get a PC configured for the public, the last thing I will do is install Deep Freeze on it. Then I let the public use it only in the frozen mode. When I have to do updates, I wait until the library is closed, boot the PCs in thawed mode, and do all the updates on each PC. Then I freeze the PC again before I let the public use it.
- Deep Freeze is not a restriction tool. It is a recovery tool. It doesn't stop patrons from doing bad things to your computer, it just allows you to recover easily when they do. You have to use something like Group Policy, or a Local Policy, or Winselect to impose restrictions.
- Deep Freeze has what is called a "Maintenance Mode" which is simply a configuration feature that will make the PC boot thawed if it is ever on at a certain time. For example, if you always do your updates after you close Tuesdays at 6 PM, you can set the PCs to automatically turn on and thaw themselves every Tuesday at 6 PM and then freeze again at 9 PM.
- Deep Freeze is not perfect. It does not protect against Master Boot Record infections, but these are rare anymore. I have had a few problems with it, mostly due to a PC getting turned off when it shouldn't during a windows update, but the company has a good fix for this and their tech support has been very helpful when I have called.
