I would say that depends on your role in the school. If it is your responsibility to maintain the network(inc security) I would say you should have the right to discipline a pupil(but I do acknowledge that every school is different). You have mentioned that you had a "chat" with him where he wasn't helpful at all and to me he's breaking not only your AUP but also the law. (And before it goes off on a tangent I dont want to start a discipline thread) But I assume that you have disabled his account while you look at increasing the security settings?Originally Posted by dave20046
TBH, if he's being uncooperative, it's time to get plod involved. Don't take this lightly, if he's done this, what else has he done on the network which you haven't noticed/he's not admitting to? Full shutdown and secuirty audit time
TBH, if he's being uncooperative, it's time to get plod involved. Don't take this lightly, if he's done this, what else has he done on the network which you haven't noticed/he's not admitting to? Full shutdown and secuirty audit time
As I stated above (along the same lines as teejay) it's certainly parents time and technically police time especially if he continues. I'm sure most of the teachers would be more willing to do something if you mentioned data protection, of course at first they couldn't care less but when you mention protection of 'their' data e.g. SIMS or equivalent with their personal details in I'm sure that attitude would change. This of course is also why it would be a matter for the police if this kind of data was breached.
I'd look at setting up auditing on the servers / drives.
Then when shares get hammered you know which account is responsible.
That's a good idea librarian cheers
Everyone else re. getting parents involved , the kid has 'special' circumstances, I'm not allowed to discipline them don't even know if the school are.
I'm not back in til' tuesday but had a call other day to let me know the kid had got the network admin password and changed it and had caused havoc on the server. Got the admin password back (by luck) and got things stabilized over the tellingbone.
Going to have a meeting with the head, to explain that to stop the fun and games I'm going to need to get round every machine, lock it down and add measures to the server. We're just going round in circles as is.
We have students here with 'special' circumstances BUT if they're breaking the law that's NOT an acceptable solution and not the schools call. It should certainly be bought to the attention of whoever is managing the 'special' case and told if it continues it will be a police matter.
If I had my data compromised (home address, salary, social security numbers, bank account number?) and I found out that a student had hacked the system and had been allowed to continue doing it after they were discovered I'd be pi55ed.
Last edited by cookie_monster; 27th November 2009 at 11:27 AM.
Says who? I issue students punishments if I catch them doing things they shouldn't. The last 3 students I caught trying to 'hack' the system had to write a 250 word essay on "The Computer Missuse act, and the consequenses if they got caught 'Hacking' "
Now I get regular e-mails from them in school when they find things not working, or discover a new flaw in the system - as a reward they get access to some of the games sites which are blocked for most of the rest of the school, but they are warned if I see them on them in lessons, it's back to square one - works quite well that arrangement does for the time being.
Mike.
Getting stabbed most likely, this isn't a regular school I might add
If I were you, when the server breaks and nobody can do anything, I'd turn around to the head and tell him that due to 'special' circumstances, you are unable to fix it until a week on Friday (for example).
Why does it always take a disaster for people to wake up?
If there is no consequence to their actions they will never learn that it is not acceptable to break the law. I am not saying that you need to discipline them, but if your SMT aren't willing to do anything for 1 problematic student your never going to get the support you need. However if your job entails ensuring the security of the network, I would start by ensuring he doesn't have access to it until you have increased the security settings and limited his account when his access is allowed again.Getting stabbed most likely, this isn't a regular school I might add
If you are not allowed to put security measures in place or are being undermined by you SMT then I would look at leaving and getting a new job elsewhere. I also think you need to document what has hapened as anything that the student does in the furture could be investigated as to why he had access to private information. You need to ensure that you have made recommendations but they were ignored and you were restricted in actions you could take.
And I would also be tempted to take the network down "for maintenance" until you can assess any "damage" that may have been caused by the student. Sometimes people just dont take things seriously until it's too late.
If you are not allowed to put security measures in place or are being undermined by you SMT then I would look at leaving and getting a new job elsewhere. I also think you need to document what has hapened as anything that the student does in the furture could be investigated as to why he had access to private information. You need to ensure that you have made recommendations but they were ignored and you were restricted in actions you could take.
I would agree with the above, cover your back as you can be certain that when the time comes no one on SMT will step forward to cover it for you "they thought you had it all under control"
Also if their dangerous ignorance of the dangers continues I’d make a full report of your ignored recommendations and send it to the governors and the LEA. Shortly before leaving of course
Stupid idea probably, but what about shutting the server down at school closure tonight and switching it back on monday morn? Unless of course it's a 'school' without weekends. Wouldn't that lessen the immediate risk and give you some breathing space?
Just ran some quick tests:
Presumably you have set Authenticated Users or Administrators to Full Control in the share permissions?
You need to remove both of those groups and specify others such as Domain Admins, and the specific user groups defined in your AD; students, teachers etc.
Other than locking down boot devices in BIOS, I would disable their access to unnecessary drives wherever possible through group policy and by physically unplugging any optical or floppy drives. When the BIOS battery on some of our computers die, a lot of the settings are returned to factory defaults including installed drives and boot order.
Also, investigate software restrictions on USB drives, using USBDLM to fix the assigned drive letter(s).
Check all of your computers for keyloggers plugged in between the keyboard and socket on the computer.
Not sure if this has been mentioned already but is there not some way to make it remove administrator rights from users who have not been specified those rights ie
specified administrators ( whether the accounts have been renamed ie supervisor or something else )
user 1
user 2
non specified administrator users
user 3
when user 3 logs on or the computer reboots or whenever the relevant group policy(s) apply it should remove user 3 from the administrator or relevant groups so as to take away those privileges ??
Is that apart of the restricted users thing mentioned above ?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote