Leaving your old PC in a public space may seem like a sure-fire way to make it someone else’s old PC. But if you take the time to secure it properly, you can get a lot of mileage out of turning it into a dedicated public-access machine. Setting up an old PC for public use is an easy way to give aging hardware a second life. And putting a PC in the common area of your home, your local school, or your place of business provides convenient Internet access for visitors and gives you a great tool for sharing media, accepting job applications at the office, or helping customers share information with your business.
But before you get carried away with the idea of bringing free computer access to the people, you need to take some security measures to protect both the device and your private network. You need ensure that people who use your kiosk can’t monkey with system settings, add or remove applications, or download malware. You should also help protect your users from themselves, by preventing them from accidentally saving documents, browser passwords, or personal information to your public PC.
Fortunately, with the right software, setting up a secure public PC is a cinch. Depending on what you want to offer in the kiosk, you may even be able to rely on Windows’ built-in features instead of installing extra software. The trick is to figure out who will be using your public PC and what they’ll be using it for.
Assigned Access in Windows 8.1
The free Windows 8.1 update adds an Assigned Access feature to the Pro, Enterprise, and RT editions of Microsoft’s troubled operating system. If you update your PC to Windows 8.1 you can use Assigned Access to lock down your Windows 8 PC or tablet so that public users can access only a particular Windows Store app. If you’re setting up a public PC with a single purpose—say, for browsing the Web with Internet Explorer—or a single app, this is a quick, easy way to secure it and prevent users from accessing other apps and settings.
So far, Microsoft has released only limited details about the Assigned Access feature, and since it’s not available in the Windows 8.1 Preview, I can’t guarantee that the final 8.1 update will include it. To this point, however, it appears that you can limit access to Windows Store apps only in the new Windows 8 interface. Consequently, if you need to limit access to a traditional desktop application or provide general access to Windows, you’ll probably need to adopt another approach.
Making Windows work for you
If you can’t wait for Assigned Access to come with Windows 8.1, or if doesn’t provide the functionality you need, you can turn to other features built into Windows Vista (and later) for improving security on your kiosk PC.
These features don’t provide nearly as much power to restrict and control access as third-party options do, so people using your public PC could download documents or even malware. Moreover, inattentive or poorly informed people can put their own privacy at risk by saving files to your PC and leaving the browser history intact.
On the positive side, Windows makes it easy for you to quickly restrict application and Web usage without spending a dime. This is probably an acceptable solution if you trust the people who will be using this PC or if you plan to keep a fairly close eye on your users.
First, create a standard Windows account for public use, and make sure that you set a complex password on the PC’s Administrator account. Next, log in to that Administrator account and enable Parental Controls for restricting program and Web usage. PCWorld recently published an article on childproofing your PC, and many of the tips and tricks that appear there also apply here. Of course, if you’re using the Ultimate or Enterprise edition of Windows 7 and have some tech support experience, you can dig into the AppLocker, an application-control system introduced with Windows 7. But the AppLocker uses incredibly complex and technical application execution rules and exceptions. Digging into the AppLocker for the first time can be a humbling experience, so tread carefully and use this guide to Windows 7 security features as a reference.
Once you’ve configured Windows for maximum security, use the built-in Windows backup utilities to save the configuration. That way, you can restore everything if your public PC ever suffers a catastrophic failure and you need to restore it from a backup.
You can use Windows 7 to create a system image via the Control Panel’s Backup and Restore. In Windows 8 you can create and use the Refresh and Reset features to roll your PC back to its previous, presumably pristine state, and you can create a custom refresh state using the recimg.exe tool.
Install kickass kiosk software
Many third-party programs can turn public PCs into dedicated information kiosks—and you can use the same software that big businesses use to repurpose an old PC with far more security and control than Windows provides. Though each piece of software has its own quirks and peccadilloes, nearly all of them protect a system against permanent tampering and preserve both your privacy and the privacy of whoever uses your PC. Some programs even feature automatic restore functionality that wipes away any changes and user cache when at log-off or rebooting.
If you have a little money to spend, consider using the $55 Kiosk Software. If you’re operating on a stricter budget, try the excellent Netkiosk, a free utility that you can use to lock down a PC for public use in a small business, a big house, or a local school.
Use OpenDNS to block naughty sites
Repurposing an old PC as a public kiosk is a great way to share Internet access with your community. If you plan to offer general Web access on the kiosk, however, you should enable some sort of Web filtering. No matter what you plan to use the PC for, chances are you don’t want a someone accidentally—or on purpose—accessing websites that aren’t safe for work.
If you use Windows’ Parental Controls, you can easily to limit Web browsing to a whitelist of sites that you’ve authorized as acceptable for public consumption. But if you aren’t using Parental Controls, consider using OpenDNS to filter out inappropriate destinations. You can apply this free service to your entire network by editing the DNS address on your router, or you can apply it to specific PCs and devices by editing their individual DNS addresses. Blocking inappropriate content with OpenDNS requires a bit of advanced networking know-how, but you can get started with the company’s excellent guides for using FamilyShield to filter Web traffic.
Easily the simplest OpenDNS option, FamilyShield offers preconfigured adult-content filtering. The OpenDNS Home service lets you customize the filtering and security settings, but it requires you to create an account and install a program on at least one PC on the same network. For either service, OpenDNS provides great step-by-step instructions for editing the DNS address of your router or PC.
Don’t forget to practice good security
No matter how you choose to set up your PC, pay attention to the security of the network it’s running on. Whether you’re setting up a general-use PC for a hotel lobby, a local elementary school, or even your spare bedroom, chances are you don’t want the public poking around in your local network. If your wireless router has a guest Wi-Fi access feature, enable it and connect the kiosk PC to the guest network to keep it isolated from your main private network. If you’re repurposing the PC for business use in an office that has multiple business-class routers, create VLANs and/or multiple SSIDs to segregate the public computers from the private workstations. Regardless of which option you choose, take care to classify the network as Public in Windows (which you’re prompted to do the first time you connect), to disable sharing and network discovery.
Keep the physical security of your kiosk and network in mind, too. Mount the PC or tablet in a secure position to prevent theft. If you’re using an old laptop, you can repurpose common laptop antitheft devices to protect the PC while it’s out in public. Use heavy-duty tape or plastic to block access to unused ports, and use cords to prevent visitors from tampering with them. But don’t get too carried away with locking down your PC: The point is to repurpose hardware that you might otherwise trash to serve as a public PC that anyone can use—and whether your DIY project ends up in a business or in a local school, it won’t serve its purpose if people can’t use it to be productive on the Internet.