+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 48
How do you do....it? Thread, Restrict Kids from Installing ANYTHING in Technical; Software restriction policies can be applied to specific drives so you can make an educated guess at what drive letters ...
  1. #16

    Join Date
    Jun 2005
    Posts
    223
    Thank Post
    6
    Thanked 8 Times in 8 Posts
    Rep Power
    29

    Re: Restrict Kids from Installing ANYTHING

    Software restriction policies can be applied to specific drives so you can make an educated guess at what drive letters will be assigned to usb drives, based on the spec of your machines. You can then have 'no executable' policy on these drive letters.

  2. #17

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,540
    Thank Post
    831
    Thanked 609 Times in 412 Posts
    Rep Power
    432

    Re: Restrict Kids from Installing ANYTHING

    Quote Originally Posted by gecko
    With regards to using the gpo to only allow software you have on there, all they would have to do to get around that is rename the setup file(s) to something that is allowed to run on the machine like winword or calc etc.
    Not true if you specify the full path to the file eg "C:\windows\system32\calc.exe" will only run calc in that directory, i fyou just specify "Calc.exe" then any pogram called calc will run

    Only know this cos im working on setting this feature up in my school and tested that exact scenario.

  3. #18

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    17

    Re: Restrict Kids from Installing ANYTHING

    This could be a bit of a long post, but bear with me.

    I don't know about you, but most of the unsolicited mail that appears in my pigeon-hole or inbox goes straight in the bin, but a few years ago I read one flyer that literally changed my life as a Network Manager.

    The blurb read something like - "How would you like to protect your PCs from any unauthorised deletions or installations, viruses or anything else that could harm it?" Yeah!!

    Out of curiosity I got a guy in to demonstrate his product. He set up a PC and challenged me to b*gger it up. OK - delete Windows folder, that should do it! Wrong!! Format C: Nope! He just switched the machine off and turned it on again. It was exactly as it was before I played with it. I was gob-smacked!

    What he was selling was then called a Teachers Smart Card, which has been variously named since then a PCCure Card, a Safekey Card and the latest a Reborn Card.

    We now have this device on all PCs with student access. Believe me, it works. For the last 7 years I've challenged students to crack it and so far only one has managed it (with a Linux bootable USB drive and a couple of Linux command line instructions).

    It means that we don't have to have any restrictions on the workstations whatsoever. We don't even need to run Anti-Virus software, as when you restart the machines any viruses are wiped. We do run McAfee Enterprise on the servers!

    It's a Realtek LAN card with a custom boot ROM. When the machine is set up a hidden, very non-standard partition is created on the hard-drive that somehow logs any changes to the machine. When the machine is restarted all the changes are reversed. It doesn't create a complete image, just remembers the changes, so it's really quick - no more long waits while the image is restored from the server.

    Setting up machines is easy - just create a master and clone the rest from that. Machine names and static IP addresses are created automatically if you want.

    One slight draw-back is that if you actually want to do any changes or updates you have to start each machine in Supervisor Mode, so that the changes aren't reversed. On the later incarnations you can do this remotely.

    Amazingly the company that originally imported these cards couldn't sell enough to make a profit and folded. I then managed to import them from Denmark for a while, but now they are available again in UK. I can't understand why more people don't use them.

    The latest version comes with facilities like remote shut-down or reboot, remote control etc. etc.

    So no more use for DriveImage or Ghost or any other time-consuming software restore solutions - just turn it off and turn it back on again!

    I'm happy to supply more details.

    RoyG

  4. #19

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299

    Re: Restrict Kids from Installing ANYTHING

    Were they not at BETT? I know there was at least one firm demonstrating that kind of thing near the AVG stand area?

  5. #20

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    17

    Re: Restrict Kids from Installing ANYTHING

    Quote Originally Posted by john
    Were they not at BETT? I know there was at least one firm demonstrating that kind of thing near the AVG stand area?
    Didn't notice anything yesterday.

    RoyG

  6. #21

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299

    Re: Restrict Kids from Installing ANYTHING

    I am sure it was near the AVG stand, but its so big I may be wrong as these stands merge into one. I have not got the info here, but they were very pushy

  7. #22

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    17

    Re: Restrict Kids from Installing ANYTHING

    Quote Originally Posted by john
    I am sure it was near the AVG stand, but its so big I may be wrong as these stands merge into one. I have not got the info here, but they were very pushy
    The company I buy from definitely wasn't there.

    RoyG

  8. #23
    projector1's Avatar
    Join Date
    Nov 2005
    Posts
    452
    Thank Post
    67
    Thanked 1 Time in 1 Post
    Rep Power
    18

    Re: Restrict Kids from Installing ANYTHING

    we have an issue where policies are in place but they use word's webtools to allow them access to command.com to have access to the system drive and install software

  9. #24
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,386
    Thank Post
    10
    Thanked 483 Times in 423 Posts
    Rep Power
    110

    Re: Restrict Kids from Installing ANYTHING

    Quote Originally Posted by projector1
    we have an issue where policies are in place but they use word's webtools to allow them access to command.com to have access to the system drive and install software
    You can use one of the security policies to change the permissions on this file, thats what I did.

  10. #25

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    17

    Re: Restrict Kids from Installing ANYTHING

    The problem with software solutions & policy restrictions is that you're for ever chasing your tail! Put restrictions on kids and they'll do their damndest to get round them, so you have to add more restrictions, which they see as a new challenge..........
    We are a grammar school, not full of goody-goodies, just brighter villains, and when we used policy restrictions before we started using the Reborn cards they took up the challenge to mess up the workstations and frequently succeeded.
    So take away the challenge, let 'em wipe the Windows folder, or run FDisk, see if I care! Restart the machine, problem solved. The point is that they don't bother trying any more.
    Invest £30 - buy one & try it

    RoyG

    P.S. No, I'm not on commission!

  11. #26
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,202
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    29

    Re: Restrict Kids from Installing ANYTHING

    You could use Faronics Deep Freeze that does something similar and you wouldn't have to take all the PCs apart in the process. I'm looking at Faronics and Reborn cards at the moment, mainly because I'm moving the entire setup from RM so I need something like these. Strange though, RM Connect 2.4 used to rebuild workstation images if they got changed (Much like the card or software above) whereas Community Connect 3 doesn't have this anymore and uses a b*stardised version of RIS.

    Wes

  12. #27

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,192
    Thank Post
    52
    Thanked 270 Times in 178 Posts
    Rep Power
    131

    Re: Restrict Kids from Installing ANYTHING

    Quote Originally Posted by RoyG
    So take away the challenge, let 'em wipe the Windows folder, or run FDisk, see if I care! Restart the machine, problem solved. The point is that they don't bother trying any more.
    Invest £30 - buy one & try it

    RoyG

    P.S. No, I'm not on commission!
    OK - so where do you buy them?

  13. #28

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,467
    Thank Post
    524
    Thanked 1,993 Times in 932 Posts
    Blog Entries
    23
    Rep Power
    575

    Re: Restrict Kids from Installing ANYTHING

    I think one major problem with GPO's etc is the fact the Microsoft never, ever designed it's systems with schools in mind. Had they done so they would have discovered how to really get around their security mesures. It doesn't help that many settings are replicated or overridded by others in Active Directory.

  14. #29

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    17

    Re: Restrict Kids from Installing ANYTHING

    Quote Originally Posted by SpuffMonkey
    Quote Originally Posted by RoyG
    So take away the challenge, let 'em wipe the Windows folder, or run FDisk, see if I care! Restart the machine, problem solved. The point is that they don't bother trying any more.
    Invest £30 - buy one & try it

    RoyG

    P.S. No, I'm not on commission!
    OK - so where do you buy them?
    http://www.bits.uk.com/ - talk to Dennis Champion

    RoyG

  15. #30

    Join Date
    Jan 2006
    Posts
    162
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    17

    Re: Restrict Kids from Installing ANYTHING

    Forgot to mention that on our laptop clusters we use a software version of the Reborn card called EzBack. As far as I know it's only compatible with Intel or Realtek NICs.

    I'd guess it's not quite as bullet-proof as the card, but as the little dears only get occasional access to the laptops for one lesson at a time they don't really have time for serious hacking. We've been using this for a couple of years & no-one's cracked it yet.

    RoyG

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Kids Installing Firefox
    By tomscaper in forum Windows
    Replies: 30
    Last Post: 17th October 2007, 11:29 AM
  2. Restrict Logon
    By DSapseid in forum Wireless Networks
    Replies: 7
    Last Post: 28th March 2007, 10:30 AM
  3. Restrict filetypes
    By Gatt in forum How do you do....it?
    Replies: 21
    Last Post: 22nd September 2006, 11:28 AM
  4. restrict pupils printing
    By chrbb in forum How do you do....it?
    Replies: 3
    Last Post: 6th July 2006, 07:51 AM
  5. Restrict Access To USB Devices
    By MuppetQueen in forum Wireless Networks
    Replies: 25
    Last Post: 15th December 2005, 04:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •