Administering a PC in a Vacation Rental Home? 97
mrn121 asks: "Some relatives of mine are preparing their beach house for rental, and they have asked me to assist in setting up some of the on-site technology. One of my ideas was to add a computer with high-speed internet access to the house, but security issues may be overwhelming. I have administered campus computing labs in the past, so I am familiar with locking systems down, but I am curious about what level of security readers might suggest, and how to go about achieving an appropriate balance between security and usability for such an application. On one hand, I don't want renters to clutter the computer with software and useless bookmarks, but on the other hand, I don't want the system to be utterly useless. One major difference between this computer and a lab computer is that I will not have access to the machine for the entire summer, while the house is being rented."
Don't bother locking it down (Score:5, Interesting)
If you make the removable drive have boot priority, you can even make it an automated process, where the vacationers or the rental agent are told they can restore the computer to "fresh state" themselves by sliding the drive in, turning the key, powering up, waiting for it to do the copy, then shutting down, unlocking the drive bay, and putting the drive away again.
Aside from that, set up Windows update to install automatically, use a DSL/cable router box that blocks pretty much everything inbound, and hope for the best.
Re:Don't bother locking it down (Score:3, Insightful)
Re:Don't bother locking it down (Score:1)
Re:Don't bother locking it down (Score:1)
Re:Don't bother locking it down (Score:5, Interesting)
You shouldn't be worrying about what goes on while they're there, but after the rental ends just pop over with the live cd, restore the disk image, and it's fresh for the next rental.
Re:Don't bother locking it down (Score:2)
Let your customers do whatever they want, then just reimage the pc for the next guys.
Re:Don't bother locking it down (Score:2)
WWW???? (Score:2)
Re:WWW???? (Score:5, Insightful)
As for protecting what damage the computer can do to the rest of the world, there are also easy OS agnostic solutions you did not realize- mainly a firewall. blocking all outgoing/ingoing ports except port 80 should keep anyone protected. Unless someone needs VPN access to their job, it is reasonable to only restrict them to the web. Yeah if someone knowledgable really wants to get around the system, they can... but who really rents a vacation house when they can go to a library. Its all about being reasonable- He probably has no idea who he is going to be renting to either... There is a threat of an axe murderer renting it and burying bodies in the basement, does that mean you recommend putting video surveilence down there?
Your idea of screening tenants to see what computer background they have is silly. hes renting a vacation house with a computer, not a computer with a vacation house.
It is posts like this that really make me want a (-1, stick up ass) moderation.
Re:WWW???? (Score:1)
Re:WWW???? (Score:1, Flamebait)
NEWSFLASH: programmers are as likely to take a vacation as much as anyone. You don't need to be a programmer to get admin access to a box you have physical access to. Any dumbass teenager with a book and an interest in computers can compromise your system. The point is, you can't assume who's going to be there. Security through obscurity ain't the answer, genius!
that choices #1-5 wil
Re:WWW???? (Score:1)
Windows XP (Score:3, Informative)
Re:Windows XP (Score:1)
Re:Windows XP (Score:2)
Knoppix (Score:5, Interesting)
Why bother with a PC? (Score:5, Interesting)
The way I figger it, if they can afford to rent a beach house, they can probably afford their own laptop if they wanna get some work done. And the most you'll have to do to service it *should* be to tell them to recycle the power on the router or cable modem, and you don't have to worry about the PC.
Re:Why bother with a PC? (Score:1)
I will definately second leaving instructions behind, the people we rented from didn't leave directions and I ended up calling the ISP to get everything set up (ended up having to use a static IP and such). In the long run I left instruction
Re:Why bother with a PC? (Score:1)
you're still screwed (Score:3, Insightful)
Re:you're still screwed (Score:2)
Locked-tight Linux distrib (Score:2)
Re:Locked-tight Linux distrib (Score:2)
Dig cam access software to empty the camera disk (and then burn to CD)
A few games for rainy days
Lock the main computer in a closet (Score:5, Interesting)
Image the Machine... (Score:1)
Norton Ghost (Score:1)
Re:Norton Ghost (Score:1)
Use ghost or a similar product? No, don't.
A decent image is going to take the system 15 minutes to boot everytime. If it's sysprepped, it will take 30 minutes.
If a person is doing work and the power blinks, there goes all of their work. Oh, of course you can tell them to use a floppy disk or USB key, but that's making to too complicated.
Also, if you are using XP and you restore from a syspreped ghost, you will have to reactivate the system within 60 days or suffer the consequences, and you
Multiple options (Score:3, Informative)
Or, you could do as another poster suggested and just make an install image for periodic recovery using Ghost.
Or, you could just figure that any renters who *need* a computer will be able to provide for themselves.
No security. And Ghost the fucker. (Score:4, Interesting)
Ghost the machine as it is, properly configured, to the ghost partition. Later, after they've fucked everything up, you can restore from the ghost file.
Isn't that how you ran your labs?
Re:No security. And Ghost the fucker. (Score:2)
From the article:
Re:No security. And Ghost the fucker. (Score:3)
Re:No security. And Ghost the fucker. (Score:1)
Ack, I should certainly home not!
Sure, restoring a disk image occasionally might work okay for a single PC in
a rental situation, but it would be a maintenance nightmare in a lab. With
multiple PCs in the room and multiple people using each one per day (and on
occasion multiple people per hour), you could end up hiring two or three
full-time restore-monkeys just to reghost the suckers.
No, for a lab situation you want diskless thin clients that boot off the
network thin c
Why not just a guest account? (Score:3, Insightful)
Buy a mac and follow these instructions: (Score:3, Insightful)
You do what for a living?
If you're stuck on windows... (Score:2)
"Securing" a public access terminal. (Score:2, Interesting)
Properly set up, the loader in the boot rom can validate the user-accessible partition against a reference copy on a hidden partition, then syncronize it rapidly in a manner similar to that of rsync. The renter has nearly unrestricted use of the system, but the second they reboot, its a c
Dyndns.org, yiPost, VNC, and hidden ghostpartition (Score:3)
How the professionals do it. (Score:5, Interesting)
Takes them practically zero time or effort -- all they have to do is open the admin program, enter a password, and click 'Okay'. No disks or tapes to insert, and users can do anything the like to the machine during the day. (well... it might be awkward if they managed to delete the backup program, but I don't think that's happened yet.. and anyway, they keep proper backups too, just in case)
Re:How the professionals do it. (Score:1)
Re:How the professionals do it. (Score:1)
Let's ask the metaquestion (Score:5, Interesting)
From your point of view, putting a computer in a beach house could be a headache anyway, for physical reasons. Everything in a rental property takes a beating. I'd just get a wireless router, hide it in a locked closet, and maybe put a few ethernet jacks where your guests can find them. Let them bring their laptops if they're geeky enough.
You might also make them sign something saying that they're responsible for whatever gets downloaded during the time they're in the house. That way, if you have a guest who downloads something that attracts the wrong sort of attention, maybe they'll get in trouble instead of you.
Re:Let's ask the metaquestion (Score:2, Insightful)
To check the weather forecast, the tides, to figure out what that sandpiper-ish bird with a hooked bill is, to order new books from Amazon, to view pr0n when you can't get anywhere with the girls on the beach, to get a recipe for tom yam gai when you left your cookbooks at home...
Re:Let's ask the metaquestion (Score:5, Insightful)
Re:Let's ask the metaquestion (Score:4, Insightful)
Re:Let's ask the metaquestion (Score:4, Interesting)
I Do.
I run my own buisness, so I never really get a vacation from email. Also the whole family loves going to the beach, except me. What can I do? I bring my laptop and tons of books magazines, etc. In the past I have used dialup while at the beach (oh the horrors!). DSL access in the beach house would simply be "heaven". Wireless access would be a real bonus (but I can bring my own WAP) I can hang out during the day reading and responding to email and drinking beer.
Now that is a vacation.
Re:Let's ask the metaquestion (Score:2)
Re:Let's ask the metaquestion (Score:2)
Yeah right! Are you married? Something about maintaining domestic bliss, which is far more important then a sunburn.
Re:Let's ask the metaquestion (Score:2)
Re:Let's ask the metaquestion (Score:2)
Re:Let's ask the metaquestion (Score:2)
That must have been one long telephone cord.
Re:Let's ask the metaquestion (Score:2)
What? You actually want some of those modern impositions? Which ones?
Oh, wait, I ta
Re:Let's ask the metaquestion (Score:2)
I merely offer my advice, as a reknowned expert on such matters. You are free to ignore it. Slashdot postings impose no binding obligations; just because you read my words does not mean that you are required or even expected to agree.
If you really know of a good French jazz station, please post its frequency (and URL).
Re:Let's ask the metaquestion (Score:2)
> station, please post its frequency (and URL).
La Radio TSF: 89.9, Paris. http://tsfjazz.com
-kb
What kind of admin ARE you.. (Score:4, Insightful)
As others have suggested, create limited user accounts. Make sure they've got all they need for web surfing, movie watching, music and so on, and lock everything else down, and just leave them a limited-space directory to save stuff into. If you're afraid they may need more software, just create a crap e-mail account for 'support requests' and use the remote desktop/ssh with admin privileges to install new software if you deem it to be ok.
Re:What kind of admin ARE you.. (Score:2)
If you were going to use dyndns.org (they are great, I use 'em and recommend them to everyone), or a similar service for remote admin anyway, what about enabling apache, and hacking up a simple frontend to gphoto2 or something with a php site, or even just a simple frontend to ftp back to a server you controll, so that visiters can effortlessly create a web blog of their vacation with photos for all their
Deep Freeze (Score:1)
You can then basically map your thawspace to My Documents, and give the tenants a place to store their downloads. The only drawback I have seen is signficant slowdown on older machines.
Whay will they really be doing? (Score:2)
For example, you should be able to install Windows XP Pro and create a user acocunt with very limited rights. Give them access to Internet Explorer, Word (or AbiWord), and some other basics. Other than that, keep pretty much everything else locked down.
Also, leverage XP's Remote Desktop so you can connect as Administrator to tweak or fix things.
No, they
Forget the computer... (Score:3, Insightful)
Don't bother putting a computer up. Get a decent, cheap 802.11g wireless router, and perhaps hook up a couple of jacks for hardwire LAN access.
If somebody wants a computer on their vacation, let them bring their own.
Recovery methods... (Score:1)
One simple method I can think of uses two hard disks;
Boot disk with backup image (read-only)
Basic OS with a few apps (no login)
That way, the cleaning crew or the management company can repair the computer after the renters leave by selecting "Wipe clean and restore computer".
The hard part (for you): Check the pinouts on the IDE cable to the read-only d
Sounds like... (Score:1)
...a can of worms best left unopened.
Renter starts computer. Renter logs onto Kazaa. Renter shares thousands of files off his/her iPod. RIAA traces back the IP. You get sued/extorted by the RIAA.
Just one of far too many potentially nasty scenarios. A quick mental benefit/risk analysis says, to me at least, it just isn't worth it.
You're on vacation (Score:3, Funny)
2. Put the following BASIC program on a boot floppy
10 PRINT "TURN OFF THE COMPUTER AND GO OUTSIDE YOU LAZY SHIT"
20 GOTO 10
This may be more work than you want.... (Score:3, Informative)
Some ideas... (Score:1)
2. Only providing net access is a much, much better idea. People who want a computer at the lake will probably have their own machine, and will just want access.
Provide cable/DSL and wireless or wall jacks, and instructions for configuring a PC/Mac to use the network. Physically lock the network equipment (router/switch/firewall) up.
3. Have the owner include a lease clause about network access rules and responsibilities. You're in essense
Web terminal (Score:2)
Since you won't have access to it for the summer, this is really the only way to guarantee people can't break it. Also, lessen the chance some jerk will give you an imprompty 'downgrade'.
Environmental concerns (Score:3, Interesting)
Sand and water. This is at the beach. Little Jimmy will start pecking away with sandy fingers. A weatherproof keyboard, at the very least. Sealed cabinet for the case, maybe.
Personally, I'd just give them access, and not the actual PC.
WebTV (Score:4, Interesting)
I've rented a lot of beach houses... (Score:3, Insightful)
Anybody really wanting to access the internet on their beach vacation has the equipment to do so anyway. Seriously, laptops are common among business travellers, and all netheads have them or something like them.
If you want to advertise high speed internet access, few people will be expecting there to be an actual computer there. An ethernet jack hooked to a cable modem (out of sight.. like in a closet or wall or other locked area) is good enough. If you want to provide wireless, drop an access point back there hooked to the cable modem as well. Beyond that, I wouldn't put in one single bit of equipment. No computer, no monitor, nothing. Maybe a power protector on the cable modem/access point, but that's it.
Leave an instruction sheet on how to hook up their ethernet or 802.11b wireless (use a 802.11b access point, as the cable modem is slower than 11 mbits and b is cheaper/more compatible) and wash your hands of it. Nobody expects an entire configured system to be there, realistically. If you go to a nice hotel with connectivity, you don't get a computer in the room, you get a place to hook up your computer and that's it. That's expected. Leaving a whole system there just invites people to rewire the thing to hook up *their* system.
Addendum: (Score:2)
You can easily test if your high speed ISP does lock in.. Have
Re:I've rented a lot of beach houses... (Score:2)
Well (Score:2)
If you (Score:1)
Knoppix (Score:1)
two steps (Score:2)
Ghost the disk between renters.
Get a simple firewall that blocks ports both ways; restrict what can come and go. Use your judgement, try to allow games and anything that might be helpful if some poor worker has a business emergency on vacation, but not much else.
Probably the easiest way... (Score:3, Informative)
Xandros (Score:1)
Totally insecure. (Score:1)
It would be a lot less trouble to just offer a ethernet and WiFi hookup and let guests use their own laptop.
Deep Freeze and locks. Lots of locks with cables. (Score:1)
Hardware Solution (Score:1)
It can be set up to reload the partition every reboot, every day, or on scheduled times. It has a "flash" version that saves up to 1G of changes to the OS/Partition or you can just have a complete backup on the same drive that it copies over.
The ones ive used are:
http://www.lodestar.co.uk/ [lodestar.co.uk].
Site looks a bit outdated, but they work fine. I have a couple of t
Every rental addition helps (Score:1)
Another aspect is that most improvements increase the rental value. I helped them finish an addition to the kitchen which made it possible for 8 people to eat dinner at the same table. Rental fees are higher, and the renters are HAPPIER!
I just don't get people who insist that since THEY don't want a computer on vacation, NOBODY SHOULD BE ALL
here's an idea (Score:1)
lock it down
give each resident their own user account so activities can be traced.
mount
use one of those net anomynisers (a proxy hosted somewhere else, so if they do anything bad, you wont get done for it.
install gnome or KDE and give them nice desktop icons so its not too different from windows (like "check email" for whatever mail app you choose, etc)
Just make sure you get a deposit (Score:2)
And hope they don't do anything worse..
Do not provide a PC (Score:2)
Don't give 'em a PC, just a pipe (Score:2)
Knoppix on a write protected CF card w/ USB key (Score:2)
The added benefit is that each member of party renting the house can get their own key and have their own configuration and files.
Glutton for Punishment (Score:1)
You can spend quite a lot of time creating legal paperwork to cover your ass beforehand but unless you are/will be an ISP/hotel it's not really worth it businesswise.
Lock it down - physically (Score:2)
Have a firwall/gateway PC in a locked cupboard with a UPS.
Have RJ45 sockets throughout the house for tenants to plug their own laptops into.
You could make a diskless (boot-from-LAN) LTSP client available for tenants who don't bring their own computer. Once they get past the xdm(or kdm or gdm) login screen (guest login username and password supplied when they pick up the keys for the house) they will get a customised desktop with an icon labeled "Surf the web" - anyone who has used a
If you won't be there, you'll need more automation (Score:2)
Well, here's the thing:
Knoppix and other CD boot distro's basically take a long time to boot. If for some reason the CD fouls due to condensation or something else, the system just won't boot.
The people will also not be able to download PDF files/etc if they are bigger than the temp space available from memory.
With a boot CD, you are basically going to want/need more ram and a fast CD drive to make it bearable.
The same issues of boot times and downloadables applies to Ghost/disk state keepers. If people