New Project Ideas Thread, Student Account Management in EduGeek Projects; Hi gang, Me and my Bro have been working on a project for my school and I would like to ...
29th October 2009, 07:54 PM #1
Student Account Management
Hi gang, Me and my Bro have been working on a project for my school and I would like to show you all some screen shots.
Basically the way I have the system setup at my school is we store all the student username and passwords on a spread sheet. One of the most demanding jobs if dishing out username and passwords to students who have forgotten after a summer break etc.
So what I intend to do is allow staff access to the student username passwords through a secure webpage, which means this lowers the number of kids at my door asking for account information, stops students form going for a wonder in the corridor, and if you are like me and dont know half the kids names by face then this will improve student account security.
to access the system staff have to enter there network username/passwords followed by a secret word of the week or day which only staff will know.
from here they then select the students year of intake and then select the student name. this then does a search of the database and presents the username password to the teacher.
The system is set to time out (which is set in the admin control pannel) no matter if the teacher is using it or not the system will time out and prompt for a login on next request.
The system will have security logs of who logged in stamped by a date and time. this is just a small part of whats been done.
plans after the first release is...
creation of student accounts
access to student account work space
and any other suggestions from edugeek members.
Like I say this is just some brief screen shots as we are still developing it.
29th October 2009, 07:56 PM #2
ps this will be available hopefully to edugeek, but I would like some people to help with beta testing
29th October 2009, 08:00 PM #3
We just delegated rights so certain staff can reset and unlock locked out accounts then made a custom MMC
29th October 2009, 08:02 PM #4
We have a system in place to enable and disable accounts, every school is diffrent
Originally Posted by FN-GM
29th October 2009, 08:07 PM #5
come to think of it we will be looking at enabling and disabling accouts too
29th October 2009, 08:20 PM #6
Sorry that you say reset passwords and unlock locked out accounts
29th October 2009, 10:17 PM #7
I'm not sure how comfortable with unencrypted access to student passwords - I think it would make more sense if staff can change passwords only and not be able to view existing passwords.
I take it staff can not see other staff passwords?
I may have got the above wrong, but the project looks good from the screenshots.
29th October 2009, 10:29 PM #8
30th October 2009, 11:01 PM #9
So are you doing lookup against LDAP or Active Directory ?
I always think the the best way is to reset the students password. Rather than being able to view the existing one.
I think reset the password to something generic and set the "change password on next login" is best strategy. This then allows the students to know that there account is secure.
I really don't like the idea of sharing passwords, most people use the same password for multiple accounts i.e hotmail, facebook etc. Do we really want teachers knowing these ? It could cause all sorts of issues.
30th October 2009, 11:52 PM #10
Originally Posted by budgester
our username password policy is very strict to the point where they tend to forget the login info I don't like the idea of giving the teacher rights to setting a password.
Eventually we will have the sytem setup with ldap which will work best for most schools and allow the systems administrator the ability to allow the teacher to enable doable and change passwords. Right now we are building a secure cms. Like I say first draft and ideas are most welcome
30th October 2009, 11:55 PM #11
Just out of interest, why?
I don't like the idea of giving the teacher rights to setting a password.
31st October 2009, 12:47 AM #12
Originally Posted by budgester
I always tell staff [and students] that we do not know what their current passwords are set at and that we cannot find out what they are. I would not like staff and students to pressure our Network Support Department to deploy a solution which would show what current passwords are set at. The potential for confidentiality breach and all that follows does not bear thinking about. I would not supply a solution on a network that I am responsible for which would allow for the decode of any users' current password.
This is just how I feel. If others disagree I am sorry.
31st October 2009, 01:31 AM #13
I agree to, surely resetting a password is allot more secure than viewing it.
31st October 2009, 01:54 AM #14
How Are Passwords Found Out?
Just out of interest ... how does your system know the user's password? I was under the impression that AD passwords used one way encryption.
Does your system therefore just store a separate list of user's passwords (much in the same way as the spreadsheet method)? If it does, when a user changes their password (for example at the "change password on next login" prompt, how does your system stay in sync?
31st October 2009, 09:55 AM #15
Sorry, a bit off topics, what are you using to write your web interface? ASP.Net?
Last Post: 4th June 2011, 04:14 PM
By cookie_monster in forum Windows Server 2008
Last Post: 13th May 2009, 03:05 PM
By m2d2 in forum Network and Classroom Management
Last Post: 1st February 2008, 10:41 AM
By Gatt in forum Windows Vista
Last Post: 2nd April 2006, 10:51 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)