I have got a group of kids who have started to pull the rj45 cable out, as soon as their password has been authenticated on the windows logon screen. this stops any gpo's and scripts from running, allowing them local admin rights to the workstations.
has anyone had any similar problems?? what can i do to stop them from doing this?? i'm sure i have read something regarding this here but i cant find it anywhere.
thanks in advance.
I know this was a problem with RM CC3 for a while, which they solved. Not sure how.
One stop-gap measure might be to write a script which runs locally on logon and logs machines off if connection to the server is lost.
There's a 'wait for network' option under Admin templates in group policy. This will delay displaying the desktop until policy has been applied and scripts have finished running.
We had that problem at one school we support. In this situation, the PC loads the Default User profile as a temporary profile, so we copied a script (via Group Policy startup script) to the Default User Start Menu\Programs\Startup folder that immediately shuts down the workstation. Result: when the student pulls the cable, the PC immediately shuts down, and keeps doing it untill they log in on the network. :twisted:
Of course we than had to deal with complaints from the teachers (who watched it all happen) that the students couldn't then log in
yep thats the fixOriginally Posted by _Bob_
russ
hi ian : is there any chance of getting a copy of that script?
Bob: i have been through my gpo seetings and the 'wait for network' does seem to be enabled however it still logs them on with local admin rights.
This little trick seems to be going round the school like wild fire now i have just had a whole class logged on like that?
Hmm this should work. I think it will require group policy loopback processing to be enabled though. You'll probably want to set it to 'merge' to stop it over writing any current user settings.
No problem. Copy the line below into a script called rm.bat, in the Netlogon share on your DC:
shutdown /r /f /t 0
Then add a Startup script to the Machine settings part of a Group Policy that covers the affected PCs, which includes the following line:
copy \\<ServerName>\netlogon\rm.bat "C:\Documents and Settings\Default User\Start Menu\Programs\Startup"
where <ServerName> is the name of your DC. You will need to reboot to get the policy to apply.
I would like to pass credit for this fix to my collegue Mark, who is the one who actually came up with it.
Quick warning .. Don't use IanB script if you have roaming profiles that are created when the use first logs in... could make for interesting support requests ..:twisted: "have you tried switching it on and off again... what it does it by itself now.."
The GPO does not fix the problem here. It still happens even though applied.
Any ideas why?
BTW How did they get local admin rights as that done happen here.
Thats odd. Ours definately won't allow access to the desktop until scripts and policy are applied. I know this as i screwed up a login script a while back and got lots of compaints when the desktop failed to load.
oh yes! i have a great solution for this problem.
1. login as a test pupil then logout
2. login as admin and copy the test pupil profile to default user profile
3. copy the the new default profile on to a share on the server
4. create a script to xcopy the default profile on server to all workstations at logon
5. now when the little sods pull the cable out it will still have all the restrictions in place from the default user profile. so they cant do any thing different.
av' some of that u little sods!! lol
I'm getting the same issues, tho not just from the RJ45 - we have major network issues - so they end up getting the default deskop rather then our redirected desktop, and the shutdown solution sounds excellent - as does the one by MManjra!
Will need to test these out - cheers guys!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote