CC3 Privileged users
Major headache heading my way. I've got network-build netbooks bought/owned by the pupils.
Each pupil is a privileged user of their own machine, in order to be able to edit the proxy settings in IE when they go home.
However, i'm seeing more and more alerts for conficker etc coming from .exes in their temp internet folders...
Is there a way I can edit the priveged user to stop .exes from being run on the machines and still allow them to edit the proxy settings in IE.
I want to try and lock down these machines as much as possible, but can see I'm going to struggle as it's "their" machine....
How about giving them limited access and installing a proxy changer:
Internet Explorer Quick Proxy Changer
Only advice but if you want to allow network access why don't you build them as standalone for home use with mandatory profile which only allows them access to change IE settings and use the RM connector app (about £20 per client) from their desktop to access the network shares.
Or create another RM profile for the network and fasten that down.
Cannot really think of another way but I am sure other people will have done this already and will have lots of advice which you can follow. :)
My approach to the proxy problem is to implement [ame="http://en.wikipedia.org/wiki/Wpad"]WPAD[/ame] on my network and then leave the proxy settings on 'Automatically detect settings'.