+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47
Windows Thread, Allow staff to unlock workstations logged in as a student in Technical; No that won't work. that will just enable the shutdown button on the logon screen. Thanks anyway...
  1. #16

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,827
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    No that won't work. that will just enable the shutdown button on the logon screen.

    Thanks anyway

  2. #17
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Surely there is a way to allow standard users to unlock workstations using Windows
    No that's the problem with using a business OS in education i suppose if it was that easy for non admins then it would be a security concern.


    You say stopping students locking is not an option, why? If you don't mind me asking.

  3. #18

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,827
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Due the number of students wrecking others work. Students will often need to leave there computer. They say it’s a pain to log them off (I can’t blame them really) and will just leave them. We did originally have it set so they can’t lock them but due to popular demand from teachers, students and mainly SLT we allowed this.

    To be honest its not to much of an issue us unlocking the workstations. Just would be more convenient for staff to be able to unlock them right away and more convenient for us not having to do it.

  4. #19
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    We had the same issue but in the end it was easier to tell them to save and logoff (depends on how long it takes to logon where you are).

    What about picking areas e.g. 6th form and using loopback to add staff users to the admins group, not ideal but it limits the security issue.

  5. #20

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Can you isolate the group of kids who are leaving their machines locked when they shouldn't (I'm guessing that you need some students to lock their machines but others are doing it out of badness or stupidity).

    If so, you could have a group policy which applies to that group of users and prevents them from locking the machine. I'd guess the problem with this is that it happens only after the event and it doesn't stop "bad" pupils from locking the machines of "good" pupils etc.

    the other thing I can think of is a web page which would allow a teacher to enter a machine name (or pick it from a list). The web page would use admin level credentials to connect to the machine and log it off.

  6. #21
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22
    Can you not just tell the staff to keep the power button held in? I know I know, not good.

  7. #22

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    224
    Thank Post
    15
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    If you delegate the permission for staff to change passwords: Change their password, make a note on their account, and when they come to get their password reset let them know why it was changed and tell them not to do it in the future!?

  8. #23

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Well reading through this thread I can see there being three options:

    1. Although you said it wasn't an option, disallow users from locking their workstation altogether but just a screensaver (easiest option). Pupils should get in the routine of logging off.

    2. Add the teacher group only to the local administrators group, however as I already mentioned anything unsaved is lost at logoff.

    3. Take a look at delegating teachers control over administering pupil passwords. You could create a custom MMC snap-in although this is probably the most complex method.

    Now although locking computers may be popular with pupils, I'm pretty sure the reason it's got out of control is you have loads of machines to unlock everyday (possibly). For the time and hassle involved option 1 would be the way to go, unless teachers are willing to have a go at option 3?

  9. #24
    conehead's Avatar
    Join Date
    Jan 2008
    Posts
    189
    Thank Post
    30
    Thanked 13 Times in 10 Posts
    Rep Power
    16
    How about creating a specific account teachers can use for this purpose?

  10. #25
    bizzel's Avatar
    Join Date
    Jul 2007
    Location
    Cambridge
    Posts
    654
    Thank Post
    102
    Thanked 204 Times in 72 Posts
    Rep Power
    51
    Quote Originally Posted by conehead View Post
    How about creating a specific account teachers can use for this purpose?
    Sounds like a good plan so long as the password is kept secret.

  11. #26
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    3. Take a look at delegating teachers control over administering pupil passwords. You could create a custom MMC snap-in although this is probably the most complex method
    I'm having a monday moment, how does that help?


    EDIT

    Ah in responce to rob_f, i must of missed that post.

  12. #27


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    Not a great way i know but what about an account just for this task, with admin rights and a script which runs in the background and logs the user off again should a member of staff try to log on with them/.

  13. #28

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,827
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by mrforgetful View Post
    Can you not just tell the staff to keep the power button held in? I know I know, not good.
    Thats what i am trying to avoid

    Quote Originally Posted by rob_f View Post
    If you delegate the permission for staff to change passwords: Change their password, make a note on their account, and when they come to get their password reset let them know why it was changed and tell them not to do it in the future!?
    That is an option but then it will need reseting again

    Quote Originally Posted by conehead View Post
    How about creating a specific account teachers can use for this purpose?
    Good idea. i could either lock down the account, make it so it can't logon any computers (will this actually let them unlock the machine though) or i could create a script to log the right off as soon as they login.

    That will be the way forward if I canít manage to give teachers the right to unlock machies with there own credentials.

  14. #29
    theeldergeek
    Guest
    Quote Originally Posted by FN-Greatermanchester View Post
    Due the number of students wrecking others work. Students will often need to leave there computer. They say itís a pain to log them off (I canít blame them really) and will just leave them. We did originally have it set so they canít lock them but due to popular demand from teachers, students and mainly SLT we allowed this.

    To be honest its not to much of an issue us unlocking the workstations. Just would be more convenient for staff to be able to unlock them right away and more convenient for us not having to do it.
    Any good?

    Mr. Database Ľ Force User Logoff after a Period of Inactivity

  15. #30
    stratisphere's Avatar
    Join Date
    Apr 2007
    Posts
    295
    Thank Post
    33
    Thanked 87 Times in 31 Posts
    Rep Power
    30
    To be honest, you asked for a more Microsoft way of doing this... letting a "normal" user be able to unlock a desktop goes against the idea of having normal level accounts.

    As far as I know, there is no true microsoft way to do what you ask.

    If i had to solve this, my first concern would be to NEVER give any other users other than technical staff administrator access. Network nor local. you are just asking for trouble. Sure current staff may be trustful, but what if down the road one member of staff as a paddy or something?

    Anyway, if I were to solve this, I'd create a program which would effectivly lock the desktop. Then a member of staff from their end would run another program which would speak to the first and unlock/log off.

    But before all that, you need to decide something. Do you:
    a) give teachers access to force a logoff but not allow them to simply unlock the user's desktop (this method is by far the most secure, but can result in lost work if it's not saved.)
    b) give teachers access to unlock the desktop which would drop them back into the user's account. (This is by far the most insecure method. Personally, I wouldnt even think about it. You are still then depending on the member of staff to save that user's work).

    Obviously I dont know anything about your site or situation. But please, for security reasons alone, considure the fact that all you need is one annoyed member of staff (or privileged user) to set the whole thing on fire. It's down to the common question. Security or convenience?

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. How to find out which machine a student logged onto, & when
    By indiegirl in forum How do you do....it?
    Replies: 32
    Last Post: 16th March 2012, 01:17 PM
  2. Adobe Student / Staff Software
    By rlculver in forum General Chat
    Replies: 5
    Last Post: 29th June 2007, 10:56 AM
  3. Allow non-administrator accounts to unlock a pc
    By richard in forum How do you do....it?
    Replies: 17
    Last Post: 11th March 2006, 10:36 PM
  4. New Staff & Student Induction
    By pete in forum School ICT Policies
    Replies: 4
    Last Post: 6th March 2006, 10:24 AM
  5. Monitoring of Staff and Student files and emails
    By mark in forum School ICT Policies
    Replies: 12
    Last Post: 12th July 2005, 12:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •