Prevention of file creation, etc
Hello everyone - I'm new here but I think this is a place that could certainly help me. I work for a public library system. We have several hundred public internet computers at multiple locations. Currently we use mandatory roaming profiles, that way if something gets hosed up, etc, a reboot fixes the profile. In the past I've followed some guidelines to prevent file creation on computers. One person recommended essentially making everything hidden in the root of C:, discouraging people from messing around with it. At the same time, this still allows people to create new folders. I also have another problem, which is programs installed under appdata (yes, like Chrome does). I'd really prefer for people not to do this either.
Overall, I don't really want people putting stuff on the computers, we sell flash drives in case they don't have their own and they can put files on those. At the same time, I feel for people who maybe are working on a word doc and then want to email it, but save it first, which is why I've never completely locked down the machines. I would appreciate some suggestions on how to lock down the computers better without making them unusable for the customer. All of our public computers are Windows 7 64 bit.