[blacksheep]

Someone shoot the caretaker

Just fixing my laptop trolley, lots of problems but mostly pupils have worked out they can tinker with the wlan settings. Its because I have the network icon in the system tray down. They have all worked out that they can get on the caretakers network and go where they want. This then leaves the school setting messed up :-(

I told him he needs to switch on encryption but not as if he cares and I dont fancy going over and setting up his xbox, a couple of pc's etc. as hes always trying to chuck me out early in the hols (and I book hours for overtime with looadss of work waiting)

Looks like I am going to have to make it impossible to alter the settings

[AlexB]

Seems pretty simple to me, get an old/scraped machine (with wireless, laptop?). Install a torrent downloader, make sure it is set to unlimited upload/download, get 5-10 very big legit (yes they do exist! full versions of various mmorpgs comes to mind) torrents, connect the laptop to his router and set the torrents off, either he'll get fedup and set encryption or even if he doesn't then the connection should be that hopeless that the kids will stop bothering with it.


Think of it as education by brute force

[FN-GM]

Quote:

Originally Posted by AlexB

Seems pretty simple to me, get an old/scraped machine (with wireless, laptop?). Install a torrent downloader, make sure it is set to unlimited upload/download, get 5-10 very big legit (yes they do exist! full versions of various mmorpgs comes to mind) torrents, connect the laptop to his router and set the torrents off, either he'll get fedup and set encryption or even if he doesn't then the connection should be that hopeless that the kids will stop bothering with it.


Think of it as education by brute force

Also make the laptop a DHCP server with a random IP range. That way he will get odd addresses

[AngryTechnician]

This is not a technology issue, it's a management issue.

Presumably the caretaker is in a school residence. If so, then what he does in the property is still the school's business, and I think there is a strong case for the headmaster (or another senior manager) to insist he sorts this out.

This lax attitude to security is placing children in the school at risk and exposing the school to potential legal problems when a student one day accesses something they shouldn't, or a parent complains they have been looking at porn in school. This should not be seen any differently to behaviour such as leaving a pile of dirty mags outside in his garden where the kids can reach them.

[localzuk]

Aruba wireless equipment has a tool which can 'kill' a signal of a rogue AP... So, if you feel like investing in that, you could...

[plexer]

If it's no secure it probably also has the web gui for the router with it's default insecure password.

You could secure it for him and tell him what the wpa key is.

Alternatively disable the wireless from the gui and then change the default password.

Ben

[Dom_]

As plexer said, just log in and lock him out, he can reset it - but do it a few times and he'll catch on

[blacksheep]

LOL.. some good plans here.

I have been aware of it for a few weeks but it really took the biscuit when I seen how many school Laptops have been on there.

If I tryed to tell him hes the sort of guy (think p'ed off bitter caretaker) that would tell me to ... off

I have had up and downers in the past about things.

Maybe ill try the gentle approach for this week and see how it goes.

Our new acting head will go a bit mad so will try to explain things

Also I think I need to use GPO to lock down the wireless settings a bit more as a normal user seems to be able to add network and alter settings (you know theres never time to make things water tight). Although this would miss the point if I only did this!!

Ill let you all know of the developments

[blacksheep]

Just asked him "I wont do it because last time I turned it on <sons name> couldnt get on the Internet"

Interesting technical insight there so I offered to set it up for him and he seems more receptive. 6 Clients though.

[AlexB]

Quote:

Originally Posted by blacksheep

Also I think I need to use GPO to lock down the wireless settings a bit more as a normal user seems to be able to add network and alter settings (you know theres never time to make things water tight). Although this would miss the point if I only did this!!

On this thought, anyone know a way to set wireless settings with encryption + password in the GPO, by default I think you cannot set a password and the only other available option is 11x authentication...

I've gone down both routes in the past and I can't say I'm happy with either as when computers lose their GPO settings they lose their wireless settings too, which means they can't connect back to the network to pickup the GPO again!

What I've started doing is pre domain machines have appropriate wireless settings configured. Then the GPO overwrites with the same settings so even if it loses the GPO it will revert to the pre GPO wireless settings and is able to grab the GPO again. Downside here is I can't change wireless settings on APs and GPO without losing the fallback connection!

Any thoughts?

[blacksheep]

Quote:

On this thought, anyone know a way to set wireless settings with encryption + password in the GPO, by default I think you cannot set a password and the only other available option is 11x authentication...

Did hope I could set a policy to enforce a particular wireless network connection. Tryed creating a policy but I can still search for a new one. Havent spent a lot of time on this so if anyone knows of anything?

I just hiding the connection icon does for most things, although if you switch wlan off you can see it again. Need to look at this.

Im almost thinking Why should I bother doing this to all the school laptops, not until I can sort [yet another] management issue out about setting up wireless network on the premises.

Also - Do you guys allow pupils to bring in laptops? The odd one wasnt a problem but its gone quite busy here which will obviously slow down the existing LAN as they fight for bandwith. I had a laptop jumping all over the place yesterday although she was like 5 metres from the access point, turned out to be other non-school laptop nearby! Been picking up a lot of 'adhoc' type network activity.

[blacksheep]

Quote:

This is not a technology issue, it's a management issue.

Have implemented some GP settings, so after putting them back on you cannot see the wlan network icon, but you can when it first connects. So if you disable and re-enable wireless using the hardware button on the front you can see the icon for about 10 seconds or so. If you click this you can see any found networks. However this is far as I am going as I have to leave problems occur here a lot of the time.. and there are other pressing issues to sort out.

However I have stated the issues and the fact that there are pupils with there own laptops around the school and they now have a nice insecure hotspot but the only response ive got is "do you want me to say something". So of course I have gone with that but I wont expect much more unless something bigger happens.

To me this is quite dissapointing response really as I try to do the best job I can for the kids sake a lot of the time. The downside of some non-technical managers I suppose.

What you guys think? I dont see why I should bother going after it myself now.

[Ric_]

Quote:

Originally Posted by blacksheep

What you guys think? I dont see why I should bother going after it myself now.

You should simply put in writing the child safety issues caused by piggy-backing on the unfiltered access and also the security implications associated with outsiders being able to connect your network to the Internet via this AP using a simple network bridge. Also detail how many times you have had to fix the settings problem and how m,uch time you would estimate that this has taken.

These should be copied to your head and the child protection officer (usually an assistant or deputy head).

You should also force the use of a proxy via GPO and prevent access to change the settings - that way they shouldn't be able to get a direct connection to the net.

[sparkeh]

Quote:

Originally Posted by Ric_

You should simply put in writing the child safety issues caused by piggy-backing on the unfiltered access and also the security implications associated with outsiders being able to connect your network to the Internet via this AP using a simple network bridge. Also detail how many times you have had to fix the settings problem and how m,uch time you would estimate that this has taken.

These should be copied to your head and the child protection officer (usually an assistant or deputy head).

You should also force the use of a proxy via GPO and prevent access to change the settings - that way they shouldn't be able to get a direct connection to the net.

+1
This isn't an issue that you should be looking for a technical solution for, its a management problem that the management should be dealing with.

[grumpy_git]

Am I being exceptionally thick here - why does the caretaker have his own wireless network? Surely the IT dept (i.e. you) are responsible for & in charge of all such things within the school?