+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Not locked down enough!!!!! in Technical; Lo all, I have a problem and was wondering if anybody can point me in the right direction here!! We ...
  1. #1

    Join Date
    Oct 2006
    Location
    England
    Posts
    92
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Not locked down enough!!!!!

    Lo all,

    I have a problem and was wondering if anybody can point me in the right direction here!!

    We have a student GPO which locks students profile down quiet well, HOWEVER, we have a major problem. Some students (and now all, you know how it works!) have figured out that, they can hyperlink to the c drive (even though hidden in GPO) using word, this then enables them to get access to help and support and basically everything else on the C drive.

    I'm struggling to find out EXACTLY where I can either a) stop the students being able to create hyperlinks in word (although this realistically is not feasible or practical) or b) stop command.com, cmd.exe and helpctr.exe from runing using GPO, I thought I'd found a part of gpo which stops these running , but I appear to be wrong.

    Can you give me your thoughts please.

    Cheers

    Manick

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Not locked down enough!!!!!

    a) Download the Office ADM templates and turn it off.

    b) use software restriction policies.

    Also consider:

    Writing and enforcing your AUP.

  3. #3

    Join Date
    Oct 2006
    Location
    England
    Posts
    92
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Not locked down enough!!!!!

    Thanks

    I'll look at the ORKtools and give that a go, the software policy doesn't seem to stop the use of the programs I have listed it may be something I have missed. With regard to acceptance usage policy, I don't about you, but I don't think in a school environment they're worth the virtual paper they're written on!!

    Thanks for the reply I'll let you know how it goes.

    Manick

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Not locked down enough!!!!!

    I don't about you, but I don't think in a school environment they're worth the virtual paper they're written on!!
    In Lancs we don't have a choice. If we dont do anything in school with IT policies the Lancs general IT policy kicks in. End result is the Governers get the blame for anything going wrong. Unsuprisingly when lowly little me points this out stuff gets sorted.

  5. #5

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    783
    Thank Post
    1
    Thanked 33 Times in 31 Posts
    Rep Power
    24

    Re: Not locked down enough!!!!!

    There is a GPO option to hide and prevent access to the C: drive

  6. #6

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,294
    Thank Post
    226
    Thanked 406 Times in 303 Posts
    Rep Power
    162

    Re: Not locked down enough!!!!!

    Quote Originally Posted by manick
    Thanks
    With regard to acceptance usage policy, I don't about you, but I don't think in a school environment they're worth the virtual paper they're written on!!

    Manick
    It's only as worthy as you make it. Any incident that we deal with we relate to the kids back to the AUP, however obscure. This partly makes them realise what they did wrong is (Not just doing something dumb but have broken a set down rule) but also shows them there are set boundaries and where to find them. After that it's up to you or whoever is in charge of laying down the law to deal with it.

    The only problem we had with this approach was some little tyke claiming that whatever he did wasn't expressly forbidden in the AUP. So we explained that it wasn't a list of cans and can'ts but a list of rules to go by. Still didn't get this so we added the disclaimer:
    "these rules are a guide, not a list. If you are unsure if you should do something don't do it and ask."

    Back to the original problem, there should be a hide and a prevent access setting in the GPO. Stops the user getting at drives but everything else is hunky dorey.

  7. #7

    Join Date
    Oct 2006
    Location
    England
    Posts
    92
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Not locked down enough!!!!!

    lo all,

    All sorted now, with regards to a couple of the replies, the drives are hidden in GPO, but this is bypassed by creating a hyperlink in word.

    Again on the subject of AUPs, TechMonkey, I don't know what sort of school you work in me old china, but rules don't necessarily mean a lot here, I'm in an innercity school where kids and teachers have other things to worry about. Stopping kids accessing computers means a reduction in grades which nowadays are all important. We do have an AUP, but the only way to stop em is by making the system as watertight as possible.

    Cheers

    Manick

  8. #8


    Join Date
    Oct 2006
    Posts
    3,413
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149

    Re: Not locked down enough!!!!!

    Quote Originally Posted by manick
    Again on the subject of AUPs, TechMonkey, I don't know what sort of school you work in me old china, but rules don't necessarily mean a lot here, I'm in an innercity school where kids and teachers have other things to worry about. Stopping kids accessing computers means a reduction in grades which nowadays are all important. We do have an AUP, but the only way to stop em is by making the system as watertight as possible.

    Cheers

    Manick
    :idea:

    Im forever getting told "AUP" this and AUP that. Well if AUPs are so good why dont we scrap securuty all together and just have a very comprihensive AUP? Sack having a server, we'll just have a workgroup and have in the AUP "all pupils will not delete each others work"

    If theres a way to stop kids from doing something then use it, telling a bad kid "your breaking an the AUP" doesnt mean shat if they dont care.

  9. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Not locked down enough!!!!!

    good point, thats what the US army do - then ship em to GTMO for terrorism charges.
    http://news.zdnet.co.uk/internet/sec...9208859,00.htm

  10. #10
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    617
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: Not locked down enough!!!!!

    An AUP covers the schools back! It is't necessarily going to make much difference in the school, but in a serious case, it will make a difference in the court room.

    We don't give internet access unless an AUP has been signed by both parent and pupil. And the AUP outlines correct behaviour alongside sanctions for miss use or the network / internet.

    No AUP will work without consistent procedure and support of senior management. But when you have that, you have a strong arm to play. Of course, you have to lock down your network, but without an AUP, you are saying to the kids, "come and get my network". If they think there will be no comeback for trying to hack / abuse the internet they will do it more regularly and more persistenly than ever.

  11. #11

    Join Date
    Oct 2006
    Location
    England
    Posts
    92
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Not locked down enough!!!!!

    telling a bad kid "your breaking an the AUP" doesnt mean shat if they dont care.
    Too true.

    I'm still not quite all the way there!!, We have Office XP installed locally onto each PC (Don't ask me why), are you aware if there is still a way to lock down office (not word as already done) in GP using the office resource kit?

    Manick

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Not locked down enough!!!!!

    If theres a way to stop kids from doing something then use it, telling a bad kid "your breaking an the AUP" doesnt mean shat if they dont care
    Fine. Suspend/Expel them. In more serious cases the school can press criminal charges under the computer misuse act.

  13. #13

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,294
    Thank Post
    226
    Thanked 406 Times in 303 Posts
    Rep Power
    162

    Re: Not locked down enough!!!!!

    Quote Originally Posted by j17sparky
    Quote Originally Posted by manick
    Again on the subject of AUPs, TechMonkey, I don't know what sort of school you work in me old china, but rules don't necessarily mean a lot here, I'm in an innercity school where kids and teachers have other things to worry about. Stopping kids accessing computers means a reduction in grades which nowadays are all important. We do have an AUP, but the only way to stop em is by making the system as watertight as possible.

    Cheers

    Manick
    :idea:

    Im forever getting told "AUP" this and AUP that. Well if AUPs are so good why dont we scrap securuty all together and just have a very comprihensive AUP? Sack having a server, we'll just have a workgroup and have in the AUP "all pupils will not delete each others work"

    If theres a way to stop kids from doing something then use it, telling a bad kid "your breaking an the AUP" doesnt mean shat if they dont care.
    I never said get rid of security, but if you have a bunch of rules there and just ignore it, never make reference to it and generally pander to the kids to not cause too much disruption then how much more will the kids care about the rules? Also how helpful is it too other staff who do try and follow what is set out.
    If we follow that logic we can go the whole hog and forget about banned items lists, not worry about kids swearing or battering staff or infact not report anything criminal that may happen in the school.

    All I was saying is that if you have an AUP and treat it as being worth the paper it is written on then that is it's value. If you give it more merit and worth then thats the weight it has. Doesn't matter if the kids give two hoots or not the rules are there.

  14. #14
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Not locked down enough!!!!!

    Quote Originally Posted by manick
    We have Office XP installed locally onto each PC (Don't ask me why), are you aware if there is still a way to lock down office (not word as already done) in GP using the office resource kit?

    Manick
    Re-install from an admin point on a server - it's quite easy - then re-deploy - later versions office let you lock it down as part of the install.

    Alternatively, as said above - get hold of the appropriate office ADM templates.

    hlml links will work from a lot of apps tho'. You really need to have more control of your access permissions by the sound of it.

SHARE:
+ Post New Thread

Similar Threads

  1. Unable to unlock a locked computer
    By _Bat_ in forum Windows
    Replies: 23
    Last Post: 13th June 2008, 10:53 PM
  2. Locked Out Of Windows XP Domain Machine
    By mrcrazy04 in forum Windows
    Replies: 9
    Last Post: 15th March 2007, 05:54 PM
  3. Replies: 6
    Last Post: 17th January 2006, 05:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •