+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, No Laptop Network Use in Technical; Hi all Need to be careful what I say here for obvious reasons. We have some issues where some staff ...
  1. #1
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    877
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    36

    No Laptop Network Use

    Hi all

    Need to be careful what I say here for obvious reasons. We have some issues where some staff do not bring their laptop into work and basically use it for personal gain.

    I don't know if this is possible - but could we lock the laptop down (possibly by a script) where after a certain time (e.g. a month) it locks the laptop/makes it unusable/changes the password of a certain username when it hasn't been on our network?

    I don't know if this is possible so please shout if it's not!


    Thanks,

    rh91uk

  2. #2

    Join Date
    Jun 2009
    Posts
    24
    Thank Post
    0
    Thanked 7 Times in 4 Posts
    Rep Power
    12
    Only thing that springs immediately to mind is to prevent profile caching so that the laptop will not logon without a connection to the network, although I'm not sure that it's fully possible. We use it in the other direction and it's been a while since I set it up.

  3. #3
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,219
    Thank Post
    159
    Thanked 147 Times in 132 Posts
    Rep Power
    103
    Hello,

    With a massive shortage of laptops within the school and staff in desperate need of a laptop as they don't have the luxury of an office too... we have the very same issue.

    I would play it with the AV, Spyware & Update card... if they don't bring it in, they wont be able to use it via VPN/Network as you'll remove access. If that doesn't work, you are in a difficult situation without the laptop in hand you wont be able to set a scheduled task to run a script.

    You could... have a script run every so often to delete the local profile or remove cached credentials after a certain time.

  4. #4
    SC-UK's Avatar
    Join Date
    Feb 2009
    Location
    London
    Posts
    569
    Thank Post
    36
    Thanked 85 Times in 71 Posts
    Rep Power
    30
    The only problem is that this will stop the laptop logging on away from the network at all. I think the OP wants the laptop to work fine away from the network for a month, and then insist on being returned to base so to speak.

    Disabling profile caching could also be "fooled". As long as the user doesn't log out or shutdown (i.e. keeps placing the laptop into standby or hibernate), it will not stop it being used away from the network.

    Tom

  5. #5
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,219
    Thank Post
    159
    Thanked 147 Times in 132 Posts
    Rep Power
    103
    The only problem is that this will stop the laptop logging on away from the network at all. I think the OP wants the laptop to work fine away from the network for a month, and then insist on being returned to base so to speak.

    Disabling profile caching could also be "fooled". As long as the user doesn't log out or shutdown (i.e. keeps placing the laptop into standby or hibernate), it will not stop it being used away from the network.

    Tom
    Don't tell them how to circumnavigate it, eager teachers with pen and paper writing this down as we speak :-P

    Presumably deleting via a VBS script on scheduled task might work (assuming they will have to restart at some point after the script has been run on 30 days away from school).

  6. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    If they are logging in with a domain account and cached credentials, you could reduce the cache time to a month, then they won't be able to log in until they have shaken hands with the domain again.


    Edit: you could also write, or have written, a small tray app that after a month bugs them in an annoying way to handshake bring the machine on site... if you ask nicely, I might be persuaded for some kind of return favour.
    Last edited by powdarrmonkey; 15th September 2009 at 09:00 PM.

  7. #7
    SC-UK's Avatar
    Join Date
    Feb 2009
    Location
    London
    Posts
    569
    Thank Post
    36
    Thanked 85 Times in 71 Posts
    Rep Power
    30
    Quote Originally Posted by dwhyte85 View Post
    Don't tell them how to circumnavigate it, eager teachers with pen and paper writing this down as we speak :-P
    Oh no, it's much worse than that. They're reading this, and then typing it up on the laptops that they have been keeping alive by my advice!

  8. #8

    Join Date
    Jun 2008
    Location
    London
    Posts
    16
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    How about making the laptop account (if it is a domain one) expire after the month, so that they will no longer have access to it. Obviously, this wouldn't work if they used the same account to logon to the network normally, but it's just a thought?

  9. #9

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by openaccess View Post
    How about making the laptop account (if it is a domain one) expire after the month, so that they will no longer have access to it. Obviously, this wouldn't work if they used the same account to logon to the network normally, but it's just a thought?
    That's an awful lot of admin overhead unlocking accounts for people all the time..

  10. Thanks to powdarrmonkey from:

    openaccess (15th September 2009)

  11. #10
    elloyd69's Avatar
    Join Date
    Mar 2009
    Location
    Worcestershire
    Posts
    88
    Thank Post
    24
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    Write a section into the staff AUP too........to ensure they bring laptops in and connect to network at regular intervals for 'security updates'......make sure all staff sign the AUP. They then have it in writing. Hopefully this will help and they will 'be required to' bring them in..........


  12. #11
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,320
    Thank Post
    40
    Thanked 142 Times in 117 Posts
    Rep Power
    53
    The only thing i can think of is to the volume licence Vista/7 as they have to be Activated every 6 months from one of your internal servers i believe.

  13. #12

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,262
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Embed a process across the school that requires daily or even lesson by lesson ICT access by staff. One that supports or is crucial to delivery on a SEF target is most effective.

    Remove all PCs from classrooms.

    Remind staff that the school furnish them with laptops.


    I believe that using a laptop for 'personal gain' is not necessarily a bad thing. We have several members of staff whose non academic activities bring in Industry skills, experience and persons into the establishment, to the benefit of our students.

  14. #13
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    21

    Smile

    It depends whether these laptops are under the LFT scheme or not.
    I know that LFT laptop users here can pretty much use their laptops as purely personal resources, if they choose not to bring them in - there's little we can do.

    In any case - it should be possible to modify the network login script in such a fashion so that workstations that login to it get a registry 'timestamp' somewhere.

    You can write a small script that can live on the laptop, runs inside of local group policy that checks the timestamp, if it's not been updated in 'x' days or whatever - then you can make it do things.

    I'd probably go down the route of - if it hasn't been brought in, enumerate and disable all network connections to start. If they have home DSL, then it will nobble it - which means they won't be able to get on the net with them - which as they haven't been in school, is probably a good thing as you can bet they haven't updated the AV etc...

    It all depends on how far you want to go and what the actual position is in terms of laptop use... are these school-allocated (read: school paid for) resources that are given to teachers in-place of workstations? Are they allocated like the Laptops For Teachers scheme?

    Az

  15. #14

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595
    LFT is done and dusted and if you have LFT machines still running then be glad. A laptop purchased by the school is the property of the school, issued out to the member of staff for work use and any personal gain is done on the back of ensuring that it is used for the benefit of the school.

    This will take a 3 pronged attack.

    1 - You must have buy-in from SLT for this as they are the people with the carrot and stick. They are the people who have agreed that staff get laptops and they are the people that have to justify to the governors and so on that the school is spending money well, in a way that has a positive impact on the education of the students (please note manglement blurb there ... an important phrase to trot out!) The agreement you get the staff to sign when the laptop is issued should set out reasonable expectations of the use and control of these machines.

    2 - Technically, you should track the times when a machine is on the network. It would be a good idea to do this via WSUS actually ... so you know it is also patched to the right levels too. Anyone who does not bring their machine in on a regular basis gets a tap on the shoulder by a person ... not a bit of technology, but a real, live human being who can discuss and explain things (without the large lump of wood unless *really* needed) and who can try and use the carrot side of things a bit more.

    3 - A technical response would be to investigate the use of DirectAccess in Windows 7 and Server 2008 R2 to still have control of these machines over the Tinternet when out of the building. Others have already been mentioned (cache times, scripts running in the background, etc), but investigate whether the AV software can centrally do anything to 'disrupt' use ... ie if it is not up to date by x days it will lock out network access so they have to bring it to you anyway (IIRC this is a feature on Sophos or McAffee ... can't remember which!)

    HTH

  16. #15

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    There are technical ways you can deal with this, but really it's another "people" issue.

    You need to get management on side; if they're not and you do something to stop staff using the laptop at home then you'll end up with management telling you to reverse the changes and then everyone gets upset.

    If management agree that the laptop should be brought in regularly then it's a simple disciplinary issue if they don't do as requested.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Student laptop connection to network
    By RoyG in forum School ICT Policies
    Replies: 35
    Last Post: 4th November 2009, 08:23 AM
  2. Network a Mac laptop with windows PC's
    By Bodsworth in forum Mac
    Replies: 2
    Last Post: 30th May 2008, 11:14 AM
  3. Replies: 2
    Last Post: 7th May 2008, 02:52 PM
  4. Laptop losing network connections
    By chrbb in forum Windows Vista
    Replies: 5
    Last Post: 8th January 2008, 10:53 PM
  5. XP Laptop can't see network share
    By SimpleSi in forum Windows
    Replies: 8
    Last Post: 30th October 2007, 09:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •