I need some suggestions

Ok so im a local libray for my cotage and have been asked to do some security updates (small libary VERY unsecure) I plan to disable the run, disable batch files and disble cmd, this is just some very basic security, but what other sugestions do you have for me?

what setup do you have?

network / OS / Remote Admin Tools / number of pc's etc etc etc

being a library for public use it will be windows, XP probably, but yeah, we need more info before we can really help.

You see thats the thing theres barly anything. Its a smalll library 7 computers 5 public 2 private, they have an anti virus called "Ca security center" and thats basicly it, im only here one or two periods of time a year (usally a week) so it cant take a while, they have very little money so i cant get them to buy programs, and they are very non computer literat. I was thinking of Generating a clean Image of one of the harddrives and getting them to re-image it every month or two as i found something like 5 stored passwords on each computer and files dataing back to 2003 in there documents but i dont think they have the know how to do it.

Basicly im only trying to stop low level things such as batch ect as the knowledge base in the surrounding area would be fairly low. every little bit helps.

get a decent firewall but due to limited funds dont but it instead google "hacking library" excl quotes click 1st link goto security apps and theres lniks to trials and key codes. Must have if they are computer illiterate as its the less able computers users that thinks like smiley central are aimed at.

Do the computers have ip filters to stop people going on things they shouldn't??

You could always pin a notice up or something saying that any user who mis behaves oin the computers gets castrated or something.

Yea, i have to use non-warze/cracked programs as the dont want to break the law. They do not have a netnanny program as the bord ruled not to.

-edit-

I have disabled Command prompt and batch files now im going to disable the run command, but im runnning out of time anything else i could do quickly? The other question i have is, how would i make it so regedit is off limits to everyone except the admin?

that should be fine for now, set the accounts as public accounts (can do it via control panel) and ofcourse change admin pass if its not default. (same with your router, make sure you change the pass on that and also WEP encyrpt it).

apart from that you dont really need to do much else. as you said only small things you need to stop, and its a small community which decreases the chances of anything evil happening.

so you should be fine, any problems that pop up, leave a message on the forums and we'll suggest further fixes.

www.zonelabs.com <– free excellent firewall.

AVG anti virus is also free, and very good.

Yea i thought this would probly be good enough, and i mean every little bit helps so im just doing what i can, thanks.

crap, good idea forgot to do it for command.com…. And yes i have restricted acsess to many parts of the harddrive.