I’m technical director for a play my wife is directing for her middle school. We’ll be using digital scenery provided by Broadway Media, and played back using their app, Stage Player. It is essentially a slide-show program using animated (and copyright-protected) content.
I’ll be running lights during the show, so one of the students will be operating the Windows 10 laptop that will control the scenery. And during the rehearsal process over the next few weeks, he’ll probably be alone with the computer. (He won’t be taking it home.)
The kid is not a troublemaker, and I have no reason to think he would get up to no good with the computer. But he is as trustworthy as any average middle-schooler, so I think it prudent to take some precautions. (I had been hoping he used Apple devices at home, in which case I probably wouldn’t have gone as far, but no, his family uses Windows.)
Perhaps some Dopers who are more computer-savvy than I am can either assure me that what I’ve done is sufficient, or suggest some additional steps I can take to protect the computer, the show, the school, and my wife’s reputation.
I’ve been using PCs professionally for decades, but I know I don’t know everything. In fact, I had never used Group Policy settings before this week, so I’m pleased I’ve been able to figure it out and do what I’ve done so far.
(FYI, if you were going to suggest using Kiosk mode, I looked into it, but it doesn’t support the Stage Player program. There are other reasons it probably wouldn’t be a convenient solution.)
What I’ve done so far:
Created a standard User, with no Administrator rights, and loaded the Stage Player software on it.
I’ve changed the settings for Chrome and Edge so that only an administrator can launch them. I have a disguised shortcut to Firefox (my preferred browser) so that I can go online myself if I need to.
Using MMC, I created a Local Group Policy for Non-Administrators that provides the following restrictions under Administrative Templates:
Control Panel:
Settings Page Visibility is set to show only Display options, because the PC output will be driving a projector, and we’ll need to be able tweak those settings.
Likewise, Show Only Specified Control Panel Items is set to Display only.
System:
Prevent access to the command prompt
Prevent access to registry editing tools
Start Menu and Taskbar:
I’ve modified quite a few of these settings. See the screenshot.
This may all be overkill, but better safe than sorry. As far as what I am worried about/trying to prevent, just imagine yourself as a clever middle schooler and what you might try to do if you had a laptop and nothing better to do.
Anything else I should do?
Thanks.