Jump to content

Home use of staff laptops - detecting/consequences of misuse

pete

By pete
in Wireless Networks

 Share

Recommended Posts

pete

pete

Posted
Posted

I'm aware of the argument for and against. We don't allow staff to connect their laptops to their home isp / network.

 

For those of you who _do_ allow staff to use their laptops on t'internet at home and also connect them to the school network, what do you have in place to detect misuse and what disciplinary action is taken if users introduce problems, illegal software or malware that disrupts use of the school network?

 

I'm aware of and currently testing Packetfence.

 

I'm also trying to set up a "Thou shalt" and "Thou shalt not" list for home use of laptops to pre-empt a few questions that are soon to come up and would like the document to have teeth.

 

So far I've got:

 

1) Your other home machines must be kept clean (av/malware detection/firewall).

1a) You will use a router.

2) Your friends and family are not to use school equipment.

3) Laptops will be audited and quarantined from network access if suspect or unpatched.

4) Software installed on the laptop should be correctly licensed.

5) Accessing inappropriate Internet content on school equipment in as unacceptable out of school as it is in-school.

6) We will not help you diagnose problems with your home network, your laptops ability to work with the school network is our concern.

7) Causing undue work for IT Staff or disruption to the school network or your ability to teach your subject ("my laptop is X") by allowing your laptop to become infected will be reported to your line manager.

7a) If you phone me at stupid o'clock to fix a problem with your laptop at home, I will bill your department at my consulting rate. I am not paid to provide out-of-hours support to end-users, nor do I wish to be.

 

edit: 8 ) Personal use. If you use your laptop for non-school use, it is a taxable benefit.

 

This is before I work out the faffing with technical details.

SYNACK

SYNACK

Posted
Posted

We allow the staff to use their (school provided) laptops at home and connect to both home networks and the internet. We setup internet filtering using the Surfcontrol Client Access control stuff. The AV software is also set to update over whatever connection is available. Any issues with the systems are dealt with when they bring them into school. Any home issues like router misconfiguration are outside what we support under school funding. If they want us to set up their own personal home network/printer/router then it is at their own cost.

 

Almost all of the issues are solved by not giving the teachers Administrator level accounts. Some higher level teachers do have them but they know that when it slows to a crawl the level of sympathy that they will receive is hugely reduced.

SimpleSi

SimpleSi

Posted
Posted

AFIAC the laptops are for the teachers not me :)

 

So AFAIC its up to them (and whatever restriction the head teacher puts on) as to what they do with them. :)

 

I've had 2 machines, in five years, badly infected with stuff (pre- Defender days) - both times I offered to wipe them as the most efficient way of sorting them out.

 

Both teachers agreed to this.

 

regards

 

Simon

  • 3 weeks later...
forcryingoutloud

forcryingoutloud

Posted
Posted

Thank the gods! I've recently joined a high school after spending 16 years working for serious blue chip companies and I can't believe what my predecessor and the head lets the teachers get away with. We recently changed to AD 2003 and the number of moans about "..why can't I load software up..", w"hy can't I do this", "I wanna I wanna" is incredible.

 

What makes it worse is when you point out the AUP & Staff handbook they default to the '...it's stopping me teaching..' excuse, although what anyone is teaching by having Championship Manager on it is anyones guess.

 

SYNACK, what domain access rights/levels do your teachers have?

  • 2 weeks later...
chaz6

chaz6

Posted
Posted
The HMRC fiasco came right in the middle of me trying to persuade management that staff should not get elevated rights on laptops. Guess what, it helped enormously! Our staff get the same access as a user in the group "Domain Users" and no more.
markcuk

markcuk

Posted
Posted

we have no policy in place for laptops or staff misuse on laptops or on the school network head is not bothered. doesn't want us to lock laptops down says it the only perk teachers get!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

had to laugh when he told me that one :-)

 

mark

maniac

maniac

Posted
Posted

Laptops locked down, staff are required to bring any software they want installing to us for approval first, and if required are granted temporary local administrator rights to install things like home printers/broadband etc.

 

Unfortunitely that still doesn't stop them, somehow programs still end up on them. Even found limewire and other such programs installed on some staff laptops. When we do detect things like that, we collect the laptop from the staff member under the pretence of 'maintenance' and have a good look round it. No diseplinery actions been taken, but several staff have had stern e-mails from us and our line manager.

 

Mike.

ICT_GUY

ICT_GUY

Posted
Posted

All laptops must connect to the school network during PPA time.

WSUS patches them, NOD updates them.

 

I would be concerned if the laptops were used to access warez or illegal p0rn.

 

However, I would not expect to find their porn collection on their laptop, though if I did it would be deleted and I would have a word with them.

 

If unlicenced software was found they would be reimaged and they would be warned.

 

So far all my teachers have been very boring, and I have had no problems.

plock

plock

Posted
Posted
My setup is very similar to many of yours, restricted users, sometimes grant local admin rights for home printers/broadband. We govern all applications to prevent spyware/malware being brought onto our network.
Grommit

Grommit

Posted
Posted
we have no policy in place for laptops or staff misuse on laptops or on the school network head is not bothered. doesn't want us to lock laptops down says it the only perk teachers get!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

had to laugh when he told me that one :-)

 

mark

 

we don't allow Staff Laptops onto the school network.... We hand it too them and don't want to see them again untill they leave..

Pete10141748

Pete10141748

Posted
Posted

We have ours locked down so that staff can't install programs and so have to come to us to do it for them. Other than that, we generally just let them use it. It seems like no matter what we do, staff ignore our policies and the senior members of the staff who actually *could* put disicplinary actions in place just dont care.

 

"you can't ban them from the network, you can't take away their access, you can't give them any sort of punishment at all, even if they break every law under the policy which you wrote to protect the school from liability. you're here to fix any problem that (they) might cause in the process of using the laptop un-trained, and as long as they somehow manage to make something work and can teach, you just fix problems and keep quiet" seems to be the feeling around here. I don't think that anyone has quiet got the idea yet that we *are in charge* of the network and all the ICT equipment, and we are *not* just repair-men sitting in the server room in the dark waiting for someone to cause an issue.

SYNACK

SYNACK

Posted
Posted
Thank the gods! I've recently joined a high school after spending 16 years working for serious blue chip companies and I can't believe what my predecessor and the head lets the teachers get away with. We recently changed to AD 2003 and the number of moans about "..why can't I load software up..", w"hy can't I do this", "I wanna I wanna" is incredible.

 

What makes it worse is when you point out the AUP & Staff handbook they default to the '...it's stopping me teaching..' excuse, although what anyone is teaching by having Championship Manager on it is anyones guess.

 

SYNACK, what domain access rights/levels do your teachers have?

 

As for privileges on the domain all teachers are logged in as limited users with roaming profiles. They are not locked down exceptionally harshly but all the things that need to be defined for it to work are enforced by group policy. For example all of the laptops are forced to synchronize offline documents and user changes to this are locked out. All of the printers are mapped at login time by a script and the teachers have been prevented from deleting any printers mid session as this to has caused problems to.

 

Their is also an enforced 15 minute station lock on all teacher accounts as they had a habit of leaving them logged in unattended during the day or even overnight. This mostly occoured because they were in the middle of typing something and couldn't be bothered saving it. Objections were silenced by reminding everyone that if it was left logged on and unlocked anyone could delete their documents or reports.

 

All of the documents and files are locked to the user via NTFS file permissions and the summary of any objectionable web activity is emailed to management daily.

 

Only the senior teachers are given local admin access on the laptops (most definatly not the domain). This is to test out new software that they or their subordinate teachers wish to use before it is brought to IT to be installed on workstations.

 

Home printers, scanners etc must be installed by IT, we have not added any lockouts on the network adapters as this has not caused any problems yet as most home networking gear is automatic (i like DHCP).

 

Our primary mandate is to provide a working computer that allows them to do school work (this means email, reports, office documents, web research and does not include downloading of illegal music, IMing and Bloging the day away or installing 'helpful' toolbars and system tray inhabiting rubbish). The price of this mandate is either highly enforced security or a combination of high competency and responsibility on the part of the teachers. As you may imagine it was quite easy to justify the lockouts that were required on cost alone.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 46 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...