+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, Pupils bypassing proxy... in Technical; I'm sure it's been talked about in here before but I can't seem to find the thread... We run a ...
  1. #1

    Join Date
    Nov 2005
    Location
    Middlesbrough
    Posts
    402
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Pupils bypassing proxy...

    I'm sure it's been talked about in here before but I can't seem to find the thread...

    We run a proxy which all pupils are forced through via the domain group policy, some of the pupils have figured out the old remove network cable at logon trick so the group policy fails but they still get logged on to a desktop.

    What are the options to get round this? The gateway specified in the IP settings on each machine points to our actual network gateway, I can't change this to a fake gateway as some of the programs on the admin side that we use don't let a proxy be specified so when I change the gateway they suddenly stop working.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Pupils bypassing proxy...

    Either:

    1) setup a firewall box of some description. Block port 80 traffic for all clients apart from your admin boxes that need it.

    2) alter the default profiles on the pupils machine so that bad things happen when it loads.

    Code:
    logoff /y /f
    as a startup script is probably best.

  3. #3

    Join Date
    Nov 2005
    Location
    Middlesbrough
    Posts
    402
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Pupils bypassing proxy...

    I decided to go with 2. I've added the logoff command to the "run these programs at logon" of the local policy and it works fine. Is there any way to do this to all the machines I want to do this to quickly instead of having to go round each machine editing the policy?

    When I change the local policy, what does it write to? Can I export it from one machine and drop it onto all the others?

  4. #4

    Join Date
    Oct 2006
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Pupils bypassing proxy...

    Desktop Authority can do this. You don't need to go to each machine - you can perform all operations from one console.

  5. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,689
    Thank Post
    861
    Thanked 661 Times in 434 Posts
    Rep Power
    500

    Re: Pupils bypassing proxy...

    Quote Originally Posted by Anddy
    Desktop Authority can do this. You don't need to go to each machine - you can perform all operations from one console.
    :twisted: Desktop Authority - the bane of my life... our LEA use it and its a bloody pain in the arse.. if it doesn't run nothing gets configured, and since our LEA are as close to incompetant as you can get.. it doesn;t run that often...

  6. #6


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,479
    Thank Post
    867
    Thanked 851 Times in 673 Posts
    Rep Power
    197

    Re: Pupils bypassing proxy...

    Option 1) Block all web access except from the proxy - this is good practice anyway, it can prevent things like trojans/unauthorised s/w from operating properly. Done correctly, you can alert on attempted violations, which can help find misbehaving kit...

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Pupils bypassing proxy...

    When I change the local policy, what does it write to? Can I export it from one machine and drop it onto all the others?
    You can do this with a Startup script to manually create the registry keys.

  8. #8

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Pupils bypassing proxy...

    We found that when the network cable is pulled out, the PC loads the a temporary profile based on the local Default User rather than the assigned mandatory profile. So we copied the logoff script to C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ by GP startup script, and voila! Pull the cable and you get instant logoff.
    Genuine new users get their profile from the Netlogon share, rather than the local machine, so they don't get the logoff script.
    I hope this is helpful.

    ______________________________

    Sit vis vobiscum.

  9. #9
    tscnmuk's Avatar
    Join Date
    Jan 2007
    Location
    Lincolnshire
    Posts
    216
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Pupils bypassing proxy...

    We have all IP's apart from my machine and the proxy blocked on all external communication. This is the best way of doing it in my opinion, fairly bulletproof. Unless they are accessing the internet through the proxy, then they are not accesing the internet at all.

    Tom

  10. #10

    Join Date
    Oct 2006
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Pupils bypassing proxy...

    Really strange situation. We have no any problems with desktop authority start. Accordingly - all settings are always apply correctly.

  11. #11

    Join Date
    Jun 2008
    Posts
    11
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    13
    i remove the default gateway, and add routes for the pain in the a£"$ apps that wont proxy via dhcp static routes.

    keeps the load of the firewall amongst other things, and stops p2p pretty good

  12. #12
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    Hmm, my default gateway doesn't have a route to the Internet... but if it did, I would setup a filtering rule that allowed staff to see the required IPs but not allow the students to do so.

    Do you use the same DHCP server on the staff and student networks ?

  13. #13


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,693
    Thank Post
    352
    Thanked 798 Times in 717 Posts
    Rep Power
    347
    This thread died nearly 2 years ago .....

  14. #14
    Azhibberd's Avatar
    Join Date
    May 2008
    Location
    Newbury,Berkshire
    Posts
    169
    Thank Post
    20
    Thanked 21 Times in 20 Posts
    Rep Power
    16
    Well even though its a very old one.... just to let you know you could just set the GPO to logoff if remote profile isn't found! that way it auto logs you off, just google it you'll find it if not just give me a shout i'll go find exactly where it is

  15. #15
    jonathanhaddock's Avatar
    Join Date
    Dec 2007
    Location
    Barton Court Grammar, Canterbury
    Posts
    58
    Thank Post
    0
    Thanked 6 Times in 4 Posts
    Rep Power
    15
    Semi related I guess - proxy avoidance sites, bane of my life, until I stumbled across a student that led me right to a list (and RSS feed) of them:

    Site: Free Proxy | Unblock MySpace | Facebook Proxy
    RSS Feed: http://www.1freeproxy.com/feed/atom/

    Gets updated fairly regularly and then all you have to do is at the URLs to your proxy URL Block list

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Pupils.Tv
    By comedydave in forum General Chat
    Replies: 8
    Last Post: 20th December 2007, 02:16 PM
  2. Proxy switch "proxy on" & " proxy off" software
    By GavRob in forum Network and Classroom Management
    Replies: 20
    Last Post: 30th July 2007, 10:05 PM
  3. Old Pupils on APS
    By Chafftech in forum ICT KS3 SATS Tests
    Replies: 2
    Last Post: 13th December 2006, 01:13 PM
  4. Bypassing BIOS passwords
    By indie in forum Hardware
    Replies: 6
    Last Post: 10th July 2006, 01:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •