The ConfigTerminal routine for 3.0 tries to lock down the systems (XP or Win7) to meet PA-DSS compliance. We cannot guarantee that everything needed to be locked down actually gets locked down (certain things might be enabled on a particular terminal that the script is unaware of, etc) so you need to check how the script actually works in the field every now and then. We also have the script installing antivirus, the hasp driver, acrobat reader, flash, and air. You can add more to this if you like via creation of new batch files (we do not support this, but any tech competent in batch files should have no issues).
Some of what the lockdown portion does (all of this you should already have been doing by had in 2.x):
Enable Windows Firewall
(allow onePOS to use ports 80, 443, 10001, 10002, 30001, 30002, 30003)
Disable unneeded services
(DHCP, Distributed Link Tracking Client, Error Reporting Service, Fast User Switching, Help and Support, Network Location Awareness, Print Spooler, Protected Storage, Remote Registry, Secondary Login, Server, Shell Hardware Detection, SSDP Discovery, System Restore Service, Task Scheduler, TCP/IP Netbios Helper, Terminal Services, Themes, WebClient, Windows Search, Wireless Zero Config, and Workstation)
Create onePOS user, no Administrator account
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment