KB article ID: 5010 (permalink)

Securing PCs and networks is a complex and continually evolving field. There are specialists who focus solely on such issues. The following advice is not guaranteed to be complete, current or accurate at all times. Instead, it is intended as a checklist you can use to ensure that local IT staff have addressed the major issues as they secure your systems.  

With regard to public access PC security

For how-to instructions, see https://www.howtogeek.com/173562/how-to-easily-put-a-windows-pc-into-kiosk-mode-with-assigned-access/

While we know of no comprehensive guide detailing ALL of the modifications that should be made to properly secure a Windows 7 Public Access terminal, some semi-complete guides can be found on Microsoft's site. These require a fair amount of reading and clicking to find everything. Check with your IT. For Microsoft's main page on this, see https://technet.microsoft.com/library/gg176676.aspx. 

There are multiple links out from their main page, and all should be checked for pertinent info:

https://technet.microsoft.com/en-us/library/gg241182.aspx

https://technet.microsoft.com/en-us/library/gg176675.aspx

https://technet.microsoft.com/en-us/library/gg176671.aspx

 

(Using LGPOs is fairly time-consuming; there are many things that will need to be set/changed. Any semi-competent IT admin should be quite capable of doing this. That said, a wrong setting could lock you out of the system completely.)

Regardless of the OS used, there are issues beyond securing/restricting a PC’s software --physical security is just as important, if not moreso. See https://www.giac.org/paper/gsec/4304/securing-public-access-computers-library-setting/107011. 

While written to help secure public access terminals in libraries, the section on "Physical Security" provides some really good tips, including:

• Restrict the right to install programs, using Group Policy Objects (GPOs).--Don’t use a “Home” version of Windows, since it won’t support GPOs.
• Make sure nobody can boot the PC from another device (thumb drive, etc.). This is done by configuring and locking down the BIOS.
• In case someone still manages to install malware, it would be best if the iSeries/AS400 user ID and password were not given out.--If you have given this out in the past, at least change the password.
• Maintain good physical security --keep the PC where you can see it if possible, and lock the cover of the PC.

With regard to the software & services offered on a public PC

For public access to case data, consider offering PC JIMS Courts logged in using your View-Only public user ID. 

For public access to case documents, consider offering PC JIMS Imaging logged in using your View-Only public access user ID.

For public access to online case information, consider offering a browser with Internet access restricted to Judici. This could also enable them to make online payments if you offer Judici E-Plea & Pay.

For public access to at-court e-filing (especially for pro-se filers), consider offering a browser with Internet access restricted to include a link to the E-Filing Service Provider (EFSP) that your court selected. Certified EFSPs are listed on eFileIL's website. 

For filers, consider a short-term desktop folder for filer's scanned documents. Folder should be set to clear at end of each filer's session.

1. Log into Imaging as an administrator. 
2. Look to Technical/Users. 
3. If your PC JIMS Courts public access user ID isn't listed, go to File/Import JIMS User IDs. 
1. Check mark the public access user ID, and click Import. 
2. By default, this user ID will be pulled into Imaging as a View-Only user. Confirm by clicking on the imported ID.