Windows Thread, Kids Avoiding Logon Policy Settings in Technical; We've just found out kids in the school are avoiding logon settings and getting unrestricted internet acess by logging onto ...
13th July 2009, 02:44 PM #1
Kids Avoiding Logon Policy Settings
We've just found out kids in the school are avoiding logon settings and getting unrestricted internet acess by logging onto the computer so a local profile is created, logging off then unplugging the network cable, logging on to be told their roaming profile is not available but instead a local profile will be used. Then once logged on the cable goes back in and suddenly they can load up IE and have access to the connections tab where they can see the proxy settings, can create and delete files on the C: drive but fortunately not delete existing files.
So has anyone come across this before and can suggest the best way to combat it? We are thinknig have delprof to delete all local profiles at log off, setting policy refresh to something like every 1 or 2 minutes, or some kind of thing to stop logon if no active network connection is detected?
Any suggestiong would be welcomed!
13th July 2009, 02:53 PM #2
13th July 2009, 03:03 PM #3
- Rep Power
Usually, a GPO setting on the roaming profiles section to stop the logon process if an error occurs will work how you want it.
In the machine policy section under user administrative...system...user profiles...
'Log users off when roaming profile fails'
13th July 2009, 05:18 PM #4
- Rep Power
Do you use mandatory profiles ?
Originally Posted by farquea
It's going back along way but I'm sure that if you have a mandatory profile NTUser.man inside a folder whose name ends in .man, then a user cannot logon without their profile being read from the network.
Ah, found a reference, look for super-mandatory profiles - [ame="http://en.wikipedia.org/wiki/Roaming_user_profile"]link[/ame].
13th July 2009, 05:28 PM #5
On your router block access to port 80 for everything other than you poxy server.
That way if your proxy server is bypassed no internet access will be allowed.
13th July 2009, 05:34 PM #6
I agree this is the way forward. Also we use a script to detect if the group policy has been bypassed. The group policy settings dont always work depending on when the cable is unplugged.
Originally Posted by Jon
We set a wallpaper for all users. All the script does is it runs from the local machine and looks to see if the wallpaper settings have been set in the registry.
13th July 2009, 06:03 PM #7
Why don't you just see if the proxy settings have been set?
Originally Posted by FN-GM
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings]
Problem with Jon idea is what happens if the proxy server dies? How would staff, for example, get onto the internet to download the exams results. It is however, the only 100% sure they'll go though the proxy server.
13th July 2009, 06:16 PM #8
The proxy settings also lie in the defualt profile. So it wouldn't work on our system.
Originally Posted by matt40k
On our system if the proxy server goes down no user gets internet access.
13th July 2009, 06:43 PM #9
I agree with ICTSM's method. This'll stop them using this technique, if you use roaming profiles of course
13th July 2009, 07:08 PM #10
Also if you set the 'delete profiles at logoff' option (can't tell you where it is off hand) and make sure that the number of cached logins to be saved is set to zero on the security settings, this will stop them from logging in without the network cable plugged in even if they have just logged in a few seconds ago, they'll be no details saved.
It's an old trick that students have been using for years in the schools I've worked in. We have a super mandatory profile on our new network (going live from september) which won't let them login unless the network is connected. Changing to mandatory profiles is surprisingly easy and I recommend it for anyone running a vanilla type windows network.
By alonebfg in forum Windows
Last Post: 14th November 2007, 03:39 PM
Last Post: 12th November 2007, 05:52 PM
By robinhood in forum Learning Network Manager
Last Post: 6th October 2007, 12:14 PM
By Samson in forum Windows
Last Post: 20th March 2007, 09:40 AM
By mattpant in forum Windows
Last Post: 15th September 2005, 08:30 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)