How to tighten up security?
I have inherited an older system that has not been maintained for a number of years, and appears to have been hacked around a bit.
Three servers running Win 2k3
1=AD plus Exchange plus plus plus plus bits
2=AD plus SMS
There are around 75 plus workstations ranging from laptops to desktops and a mixture of student and teacher configurations
The login script is using something called kixstart and is full of errors and registry hacks.
There is very little in teh way of GPO settings
The AD is poorly organised and not making efficient use of OUG's
Where do I start?
I am no expert, just well informed, so I would need a lot of asssistance.
The first thing I want to be able to do is stop students from launching any applications/scripts/batch files from anywhere accept the authorised locations such as C drive etc. How do I do that?
Second, I want to re rationalise policies/profiles and login scripts.
At the moment each logon creates a profile on teh machine which slowly fills the local machines hard drive and kills it. Would Mandatory Profiles stop this or not?
I want to be able to first lock the system down for students and also for some staff who are useless at security to protect the sytsme from hackers and wasteful malicious pranks.
Also would like to expand in the future to add student laptops with a variety of OS's and capablities
Also would like to know how subnetting could work, as we are only using one domain and if that could have subnets as we are running out of IP address!
I appreciate your help in advance