Documents  
An Overview of the Microsoft Shared Computer Toolkit   
Chris Peters describes and compares two tools for securing shared or public access computers running Microsoft Windows operating systems, the Microsoft Shared Computer Toolkit and the Public Access Computer Security Tool.
Author:
Chris Peters
Date Posted:
6/14/07
Topic Pages:
Security
Workstation Protection
@2006 Chris Peters
Tags: desktop pacs public access computers security

 What is the Shared Computer Toolkit (SCT)?
The Microsoft Shared Computer Toolkit  (SCT) is a free software tool that can make the lives of librarians easier by protecting their public access computers against the kinds of accidental or malicious changes that are inevitable when you let patrons use your computers.

The SCT does this in two basic ways. First it restricts what the patron can access on the computer. They are blocked from accessing all system settings and from browsing the hard drive. You can specify just the applications and tasks you want to allow.

Secondly, the SCT has two different ways to wipe away any changes or files a user may have left. At each logout, all normal traces of a user, like temporary files, Internet history and files saved to the desktop are deleted from the profile. Additionally, even if something defeated the profile security, at each computer restart any changes at all made on the hard drive are erased.

These measures create a secure computer that is protected from the user, but can still allow such activities as the use of USB flash drives and CD burners if desired. Even the ability for the user to permanently save files is possible by configuring a separate hard drive partition for that purpose.

The SCT was inspired by the Gates Foundation’s Public Access Computer Security Tool. With the SCT, Microsoft has taken the Gates tool and improved upon it by adding more features (notably, Windows Disk Protection) and improving usability. Moreover, Microsoft plans to provide ongoing support and development for the SCT, whereas development of the Gates Security Tool ended in 2004 and it is not supported.

Microsoft’s Shared Computer Toolkit (SCT) vs. the Gates Foundation’s Public Access Computer Security Tool (PAC Tool)

Advantages of the Shared Computer Toolkit

  • With the SCT, installation and removal are faster and easier.
  • The SCT includes Windows Disk Protection, a utility which is similar to Centurion Guard or DeepFreeze.
  • It’s easier to download critical operating system updates and virus updates.
  • The SCT includes session timers.
  • The SCT allows access to certain programs that are difficult to use with the PAC Security Tool.
  • The SCT is fully compatible with Windows XP, Service Pack 2. 
  • The SCT will be compatible with the next Windows operating system (code-named Vista).
  • Microsoft will continue to develop the SCT, while development of the PAC Tool ended in 2004. 

Advantages of the Public Access Computer Security Tool

  • The PAC Tool works with Windows 2000 Professional (the SCT only works with Windows XP SP2 and later machines).
  • It’s easier to specify which IE toolbar buttons to add or remove when using the PAC Tool. 

Prerequisites
Here’s what you’ll need to install and run the SCT on your PAC.

System Requirements

  • Windows XP Service Pack 2 or later (Professional, Home or Tablet versions). 
  • Your hard drive must be formatted using NTFS.

Other Requirements

  • When you download the toolkit, you will be required to validate your copy of Windows using the Windows Genuine Advantage Validation Tool.
  • The Windows Disk Protection feature requires unallocated hard disk space equal to 1 GB or 10% of your system partition (i.e. your C:\ drive), whichever is larger.  You can, however still use the other features of the SCT without Windows Disk Protection.
  • You must install the toolkit in an administrative account.
  • For more information, see Chapter 1 and Chapter 2 of the SCT Handbook. 

About unallocated hard drive space

As mentioned above, Windows Disk Protection requires unallocated (blank space that is not part of a drive partition) hard disk space equal to 1 GB or 10% of the size of your Windows partition. Because almost no computer comes configured this way, this will be the primary obstacle to installing the SCT on existing computers. This requirement means that you will need to either use disk partitioning software to rearrange your hard drive partitions, or else reformat your entire hard drive and reinstall Windows in order to use this feature.

While you can still install and use the SCT’s other features without it, Windows Disk Protection is one of the most compelling functions of the SCT, and you are well advised to use it if at all possible. For most this will be a matter of planning and extra time setting up at least the first computer.

Learning More About the Toolkit
To learn more about using the Shared Computer Toolkit, start by taking a look at the WebJunction article, Securing Library Computers with the Microsoft SCT . It offers guidance through the process of setting up a PAC suitable for library use. There are also more articles and How To's being written for the SCT to be found in WJ's Security section .

The documentation that comes with the SCT describes it pretty well. A Getting Started utility is included that walks the user through the eight basic steps of setting up the SCT.   

Other resources.

Note: In June 2007, Microsoft issued a further update to these tools, called Windows SteadyState. Read Chris' overview of SteadyState.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.


Contribute to this topic
Do you have an article, presentation, or other content to share on this topic?
You can post it on this topic page. Find out more about submitting documents in the Member Center.
Ratings You must be signed in to rate this item
Average (0 Votes)
Comments