Is it possible to have a setup that promts for a username and password everytime a mapped drive is accessed, even though the drive is already mapped from the logon script? Idealy on specific drives.
This is in the interest of security, such as if a student accesses a teachers computer while not locked (when will they learn?!) and not in the room it would limit network access.
Set the drives as encrypted?
That's all I can think of at the moment. I'm sure there's other, simpler ways to do it with less overhead.
I wasn't aware you could do this on networked drives. Although if so encryption wouldn't be necessary, just some sort of domain authentication would suffice.
No. Windows will always use the last credentials provided.
Thinking about it, if your teachers are leaving the computers unlocked I suspect it wouldn't really help.
If you were to set this up they'd just log into the drives and leave them open for later convenience. Staff training's probably a better way, and a five minute lockout policy on the accounts. Maybe several policies, applied according to number of offenses?
a similiar thing to what i had to do in a previous post.
A teacher in a class used a lower level account with shortcuts to scripts that mapped a drive (basic "net use x"), they then had to enter their "higher" level account info (one was surnameinitial the other was initialsurname) that was a member af the higher level staff group that had access to the shard area/drive in question. Also higher level of logging on that area..
Not quiet what your after but similar?
I agree with jamesb. Lockout policies would be much better. Staff tend to use the least amount of effort. Having to enter a username/password everytime they opened a mapped drive would cause them to leave them opened and allow pupils to access them anyway.
Go with Jamesb suggestion of different lockouts and train all staff to lock the machine(also change time of lockout depending on if an IWB is connected)
The lockout policy is something I have considered but was always met with grievances about being locked out when displaying power points and playing vids etc. Has anyone dealt with this?
I understand your point about them wanting the convenience of leaving it open but I would put a short timeout period on drives to address this. Maybe I should look down a different route.
But you are always going to get teachers (you know the type!) who won't change their ways no matter what...
I don't think timing out the drives would make your life easier, if only due to the grief it might cause.Originally Posted by SuperHans
For the power points and so on then you could assign the computers linked up to projectors or IWBs to a separate OU with a longer timeout, maybe the length of a lesson, or five minutes less.
We have a GPO assigned windows lock, as suggested above.. We do get a few staff complain about it cutting into powerpoints and videos, but I just respond back with it's for security reasons, and I will not change it. We have it set to 30 minutes, and I tell them we should really have it set at 15 minutes. If they want to show a video/slideshow, then they can move the mouse every 20 minutes.
It's obstructive, but if you tell them why, they do understand... I tell them I can quote from the Data Protection Act if they want... (which isn't true, but don't tell anyone).
I have thought that a way round is it have the GP assigned policy, but create a shortcut to change the registry, but then I want this to timeout, or be reset after they have stopped watching the video, as there is no way they will click this back. We have looked at an application that ran software when returning from hibernate/standby, but it was junk, and after a while it corrupted the BAT file it was supposed to be running.
I still dont think this is a technical issue, I think it is a staff trainnig issue. All staff should be locking their computer if they leave their desk. As staff they will normally have access to private pupil data. As a result a lockout is only in place as a backup incase they forget to lock their workstation and are away for longer than they expected. In schools this can easily be the case if a teacher gets caught up with the kids.
Try updating your AUP to state that all workstations should be locked if you leave it unattended. Then work with members of staff to arrange a suitable time period before a screenlock will trigger.
As people have said above, you will always get staff complaining, but once you explain the reasons for doing so they will normally agree.
Another thing to consider is that if a member of staff is logged on, all actions on that computer will be logged as staff. If a pupil then uses the computer and send emails or deletes work, the only proof of someone doing it will point to a teacher.
+1.
.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks