This is abit dangerous as it makes any member of staff an administrator on any staff laptop whether or not they have signed for it. This means an attacker just has to get of staff crendentials from a careless member of staff then they could mount remote attacks on any laptop. You may get some protection if the staff laptop has an operational software firewall (XP or 3rd party) with well defined exceptions. Or maybe a kid gets physical access to a teachers laptop to give a power presentation. While he's groups preparing he could do the odd runas install the odd keylogger.Originally Posted by W32/Jbot
That's on the extreme end, more likely it just increases the chances of a member of staff causing a problem on someone else's machine. They come in to cover a lesson and borrow someone's laptop for electronic registration. They may browse the web install the odd tool bar or spyware etc. User education and good manners should stop a lot of this but there is no safety net if everyone is an admin on everyone else's machine.
Does Ranger have offline logging? Once a kid has admin they own the machine in the hacker sense. They can do all the nauhgty stuff at home, even disabling the Ranger client.Originally Posted by W32/Jbot
Ultimately, a good school displinary record is probably the only defence when you have to give admin to kids and staff with varying levels of IT expertise.Originally Posted by W32/Jbot
I agree with ITWombat; also, am I right in thinking that a virus or malware that infects one staff laptop could use the logged-on teacher's credentials to infect all the others when networked? (I know we all have virus scanners, but they are only part of the solution)Originally Posted by ITWombat
If staff must have admin rights, would it not be safer to just add the laptop owner's username to the local admin group?
There are currently 1 users browsing this thread. (0 members and 1 guests)