Started writing a guide on this actually after doing both sets of parents recently... stil WIP but below is probably a good start...
Foreword
My outline requirements were:
• Prevent modification to Windows which could allow potentially unsafe code to execute whilst still allowing ‘core’ programmes to run as normal (i.e. iTunes, internet, MS Office etc.)
• Automate ‘cleanup’ operations which are never performed (such as cleaning temp files, defrag HDD etc.) behind the scenes
• Improve windows experience for ‘older’ family members so that it was more like a tablet
• Do all of the above with free / included in OS tools
OS Requirements
Windows 7 (may work for others) – Professional or higher
Software Used
NB: I’m not going to cover slipstreaming, unattended setups etc. so have the installers pre-downloaded on a USB or something – makes things a lot quicker! If you’re interested in these topics, have a look
here as a starting point.
• WinRar (or equivalent)
• CCleaner + CCenhancer (optional)
• SmartDefrag
• Chrome
• iTunes/Spotify
• Flash
• Java
• Rainmeter with Omnino
• Windows security essentials
• MS Office (if you have it) or OpenOffice / LibreOffice
(1) Install Windows
Run through standard Windows installation and setup. This will create a new (admin by default) user account.
Personally, I prefer to backup to an external HDD any key pictures / music etc. before starting this process. This allows me to just wipe the existing HDD and minimises any issues from previous OS creeping into the new one.
Cleanse existing drive (optional)
When presented with the “where do you want to install Windows” screen, click on “Advanced” and then delete all of the existing partitions.
You should now have the entire drive as “unallocated”
Click “New” and create a partition with default options. This will generate a “System Reserved” and “Primary” partition. Install Windows to the Primary.
(2) Initial admin actions
We now have a vanilla Windows install with a single, admin by default, user account.
Create shortcuts
As we are going to be using these regularly, place 4 shortcuts on the desktop for:
• Group Policy Management
o C:\Windows\System32\gpedit.msc
• System Configuration
o C:\Windows\System32\msconfig.exe
• Local Security Policy
o C:\Windows\System32\secpol.msc
• Users and Accounts
o C:\Windows\System32\lusrmgr.msc
Install default programmes
Let’s install the default programmes (as listed above).
• Deselect any option such as “create shortcut” or “check for updates” as we will do this ourselves.
• Select any option such as “install for all users”
Specific selections made
CCleaner (optional)
After install, run CCleaner and select as an option “Windows Error Reporting”. I do this personally as the dumps tend to be huge.
SmartDefrag
When SmartDefrag gives you options at the end to install additional rubbish, select “Skip” for both screens.
Run SmartDefrag after install and ensure “Load automatically at Windows startup” is selected in the settings.
Setup admin scripts
We will now create some batch scripts to automate a lot of the work behind the scenes so create a folder called “AdminScripts” in the administrators Documents.
CCleaner
This script will run CCleaner in the background based on the default settings we determined earlier.
1. In the AdminScripts folder create a new .txt document called “CCleaner-auto.txt”
2. Edit this and add a line:
@"C:\Program Files\CCleaner\CCleaner.exe" /AUTO
3. Save the file and rename the extension to “.bat” rather than “.txt”
Set scripts to execute
Loadup “Group Policy Management” and navigate to User Config >> Windows >> Scripts
CCleaner
Double-click on “Logoff”, click “add” in the dialog that appears, click “browse” in the following dialog and find the CCleaner script we created earlier.
Leave the script params blank, click “ok”, click “ok” again and exit back to the Group Policy Management screen.
We have now setup CCleaner to run and clean the system whenever a user logs off (this also includes system shutting down).
Disable annoying updates
To stop Java and Google popping up on the users taskbar telling them to update, open up “System Configuration” and select the “Startup” tab.
Find the items for “Google Update” and “Java Platform Updater” and disable them by unchecking the tick-box.
Create Users
Let’s create the users for the PC now.
1. Open up “Users and Accounts” and select “Users”
2. Right-click and select “New User”
3. Insert the details of the user being created, I have selected the following options for ease of use: “User cannot change password” and “Password never expires”
Now we need to (briefly) grant the user administrator rights whilst we perform the initial setup.
4. Switch to the “Member Of” tab and click “add”
5. In the free text box that appears, type in “Administrators” (case sensitive) and click “Check Names”
6. This should change the text to represent COMPUTERNAME\Administrators
7. Click “ok” to create the user
8. Restart the PC
(3) User customisation
Having restarted we should now have the option of logging in as the new user
Login as the user and we can customise the experience.
Hide non-basic view options
1. Open up a windows explorer window and hit “Alt” to bring up the menu
2. Select Tools >> Folder Options
3. Switch to the “view” tab in the dialog that appears and ensure the following:
a. “Don’t show hidden files, folders or drives” = Selected
b. “Hide empty drives in the Computer folder” = Selected
c. “Hide extensions for known file types” = Selected
d. “Hide protected operating system files” = Selected
Install Rainmeter etc. and customise for user
WIP . . .
(4) Final admin actions
WIP, but essentially:
- install
Teamviewer Host for remote assistance as needed . . . .
- customise security policy to only allow programmes installed now to operate and go through firewall (using AppLocker etc.)
- remove admin rights from new user
- hide the default administrator account
use Grp Policy >> Computer >> Windows >> Security >> Local >> Security)
see "interactive logon" flags for "Last User Name" and "Ctrl + Alt + Del"