+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
School ICT Policies Thread, Getting stick for locking down staff laptops in School Administration; We recently rolled out a few dozen new staff laptops. With SMT approval and various bits of policy'ing we rolled ...
  1. #1
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30

    Getting stick for locking down staff laptops

    We recently rolled out a few dozen new staff laptops. With SMT approval and various bits of policy'ing we rolled these out locked down. This allows staff to do almost anything conceivable on their laptops apart from installing software. (Cue "I can't install my printer/broadband/dildo at home!!!!111")

    I am starting to get a bit of stick because staff are complaining they can't install stuff and the laptops are pointless. Of course I agree we will install any software they want providing it's all above board etc, and in any case most of their software runs directly off CD. OK so this is making me a little unpopular (afterall we aren't here to make friends are we?) but how can I say I am managing these laptops if we're letting staff install all kinds of crap on them? Conversely I know it's frustrating and perhaps it does affect their T&L - so what's a guy to do?

    In the last company I worked for, they didn't even let their MD install software on his laptop - but they had very specific application requirements that didnt change unless a big roll out was happening.

    bah, I don't know. I guess I just want a little advise on how to deal with it all. I love my job but this is the only issue really getting me down (sounds stupid I know) I might be a bit wet behind the ears but I think it would be bad to back down on this as it will just open the floodgates. As I say SMT are in approval (but then again I havent got round to locking down their laptops - yet) They have supported me by saying stuff like some staff have been here for years, don't like change, etc.. All I am trying to do is run the network like any business would do

    Yours

    Frustrated :twisted:

    PS I wasn't sure if this is in the right forum, if not feel free to move

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,927
    Thank Post
    1,337
    Thanked 1,778 Times in 1,103 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Getting stick for locking down staff laptops

    I have to admit that we are fairly relaxed here ... we give staff a local account as well as the locked down domain account. They get used to using one for work and one for home. They have local admin rights on the laptop as the 'home' user but with the caveat that they have to look after the machine.

    We do have a number of lusers each year who infect their machine (easily spotted thanks to ePO) or plain bugger it up .. but rarely the same person twice.

    An alternative is to give them a virtual machine on the laptop that they have complete control over.

    We can manage it here as we have the support staff ... and the benefits of having staff that are becoming happier with IT ... outweighs the problems.

    For us it means that staff are more likely to be able to tell students what to do when they need help / advice but the staff are more confident ... but this has taken a number of years to get to this point.

    Above all ... we have it in the laptop contract that the laptop may be seized and checked at any point for unlicensed software (causing a number of staff to look for open source solutions) or general health checks. We also have the warning that laptops are only to be used for work purposes due to it being a taxable perk if used for personal stuff.

  3. #3
    Grommit's Avatar
    Join Date
    Sep 2006
    Location
    Weston-super-Mare
    Posts
    1,335
    Thank Post
    31
    Thanked 54 Times in 31 Posts
    Rep Power
    24

    Re: Getting stick for locking down staff laptops

    We give the laptops to the staff with the local administrator account and they can do what they want..

    But they cannot put it onto the School network... not even the internet...

    Every one of our classrooms has a PC, all department offices have PC's as well as the staffroom.. so there is no need for them to have the laptops on the network..

  4. #4

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123

    Re: Getting stick for locking down staff laptops

    Giving someone a laptop they can take home but then can't connect to the school network seems like a complete waste of time.

    I could be completely wrong, but I'd guess they're given the laptop so that they can work at home. They then bring the laptop into work the next day and want to print out files; copy files for students to use etc and you say "no".

    We have an approach similar to Grumbledook and this seems like the most reasonable. We will wipe/reinstall a machine if a user causes problems but we don't see it as our job to make life difficult for teachers (or other staff)

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Getting stick for locking down staff laptops

    Teachers using our laptops get a local login that has local admin rights. They can also login to the network normally if they want. Laptops come in regularly for 'servicing'. If there's any need, we'll re-image them. If the laptop attempts to do anything naughty on the network it gets blown away by our NAC box (Packetfence).

  6. #6

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    16

    Re: Getting stick for locking down staff laptops

    We have a policy here that covers anything connecting to our network. The security settings are the same, restricted access to install programs and use floppys etc. I inform the staff who are interested in buying laptops that they will have the same restrictions as desktop PC but with the ability to be used anywhere in the school.

    There are very few staff who need a laptop in order to be able to work at home and continue in school. Those who do work at home do so by email or bring it in on a USB pen. It may be different for larger schools who have a team of IT support, but here there is only me, and I dont have the time to check what is installed on laptops that i do not controll. If the teacher wants local access to it, it does not go on the network and comes under their controll when it comes to licenses etc. If there is a problem, it will be remiaged with the software it had on it when it was purchased. Any other software will only go on if it comes with licenses.

  7. #7

    Join Date
    May 2006
    Posts
    1,315
    Thank Post
    101
    Thanked 25 Times in 18 Posts
    Rep Power
    25

    Re: Getting stick for locking down staff laptops

    We have a similar approach to grumbledook as well. Local user with admin rights with the option of logging onto the network if they wish.

    I wish they didn't have the option of logging onto the network though because no-one can seem to get their head around the idea of two separate user accounts... one local and one domain. It causes so much confusion for the teachers that most only ever use the local account nowon their laptops.

  8. #8

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,905
    Thank Post
    1,186
    Thanked 1,057 Times in 749 Posts
    Rep Power
    328

    Re: Getting stick for locking down staff laptops

    All staff have laptops and they have local admin rights as they only use them for internet at school. I have imaged them all using Acronis and it takes only minutes to get them back to brand new.

    As they all have remote access via TS they don't really use the laptops that much, they tend to use them as a personal desktop at home rather than buying their own. Using them this way allows the Staff to evaluate software and other things which is very helpful to them as they are locked down tight on the network.

  9. #9
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22

    Re: Getting stick for locking down staff laptops

    We too have them set up with a local Admin account for them to use and also possible to log on to the network with their normal restricted account which can access C drive to get to files they did at home using the other account.

  10. #10
    ruggie_uk's Avatar
    Join Date
    Jun 2007
    Location
    Creswell and Sheffield
    Posts
    30
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Getting stick for locking down staff laptops

    I only have the one login for them but I give each teacher's network login local admin rights on their own laptop.
    It has worked pretty well so far as I insist on a half termly inspection and upgrade session.
    We had a training session to instruct them on what is risky behaviour and to be honest it has worked pretty well. They are using judgement as to what is ok to install and anything they are unsure about they are bringing to me. I'm happy at this and it is a nice middle ground between being helpful to them and still maintaining as much control as is realistically practical.

  11. #11

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    144

    Re: Getting stick for locking down staff laptops

    our staff users all have local power user rights to their laptops thanks to a handy script which adds the local group memberships at startup. This allows them to install printers and other hardware, but not software we still do that for them so we can audit what's being installed.

    Sometimes we will grant a user local adminstrator rights for a short period of time if they have things like home broadband software they need to install with the laptop at home, this is easily managed by group memberships in AD.

    Mike.

  12. #12
    OutLawTorn's Avatar
    Join Date
    Jul 2007
    Location
    Sydney, Australia
    Posts
    216
    Thank Post
    8
    Thanked 8 Times in 8 Posts
    Rep Power
    32

    Re: Getting stick for locking down staff laptops

    At one of the schools i work at, Year 7 students and some teachers have their own laptops. They have a domain account that has user rights (gets their printers/etc installed via group policy) then a local account with full access. Generally we haven't had too many problems with their domain accounts, since its the "home" accounts that get full of junk.

    We then have an image of the laptops (since the hardware is the same on all of them) that includes windows, office, virus scanner and other school related software using altiris/ghost and if they have a problem with any aspect of the software it just gets reimaged. They have been told to keep backups of any work and files elsewhere, so if they lose anything its on them.

  13. #13
    ReverentCreature's Avatar
    Join Date
    Apr 2007
    Location
    Kent, UK
    Posts
    88
    Thank Post
    4
    Thanked 6 Times in 5 Posts
    Rep Power
    16

    Re: Getting stick for locking down staff laptops

    The laptops I have given out are "Romaing workstations" and so are literally the same as their classroom workstations. I given them temporaty admin rights ONLY for if they want to add their home wireless connection into Control Panel or want to install their home printer.

    Some staff have complained that they cant do things but I just remind them that the statement they signed states that they will not use their laptop as a personal computer and that its illegal for staff to install stuff that they did not purchase!

  14. #14
    Jake's Avatar
    Join Date
    Jan 2006
    Location
    Sunny South Coast
    Posts
    954
    Thank Post
    11
    Thanked 12 Times in 10 Posts
    Rep Power
    21

    Re: Getting stick for locking down staff laptops

    We pretty much just gave up, teachers were installing masses of games on their laptops, some even put porn on there, or rather they said their son/daughter/niece/nephew did...yeah? and what were they doing using it anyway..its a laptop for the teacher, not for the teacher to freely lend out to whomever they want to use it.

    After multiple occurrences of it happening, no punishment being dished out and several heated conversations about why they cant do what they want with "their" (sorry...I thought it was the schools and you were just borrowing it) laptops. We just gave up, now they get admin rights and are free to do whatever they, or as is more likely their son/daughter/niece/nephew, want to do with it. We find that most just use the laptops as a free computer for their kids anyway

  15. #15

    Join Date
    May 2007
    Posts
    131
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Getting stick for locking down staff laptops

    Do any of you install software firewalls on the laptops?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Staff laptops at home
    By button_ripple in forum Hardware
    Replies: 15
    Last Post: 3rd January 2008, 10:55 PM
  2. Replies: 14
    Last Post: 2nd December 2007, 02:57 PM
  3. BSF and staff laptops?
    By tosca925 in forum BSF
    Replies: 1
    Last Post: 11th August 2007, 12:42 PM
  4. Staff laptops and access to the C Drive.
    By Jake in forum How do you do....it?
    Replies: 21
    Last Post: 20th March 2007, 02:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •