Jump to content

Recommended Posts

Posted

I am just trying out the trial version of AB Tutor after trialling Lanschool.

 

Maybe I am doing something wrong but what stops students simply going to the control panel and uninstalling it? Lanschool was protected and needed the install program before uninstalling.

 

Is this too obvious or am I doing something wrong? Shouldn't there be a password at least?

Posted

I suppose the root issue is: Is there a good reason students have been given rights to uninstall software?

 

That aside, I guess you could transform the MSI, so that the app's entry is hidden in Add/Remove programs. Although, if the students have local administrator rights, you'd need to try and prevent them from stopping the AB Tutor Control service, probably through group policy system services permissions.

Posted

Hi,

 

Thanks for the quick reply. The students can log onto the local workstation as teacher/teacher and simply uninstall from that group privilege.

 

It is very frustrating for me as ICT coordinator to try and help teachers cope with students who are hell bent on getting around the system security (what little there is). The network manager believes in an 'open policy' and self regulation ...but he is not in the classroom is he :evil:

 

I was getting very excited with AB Tutor because it seemed to do everything I wanted but this major major oversight in design leaves me speechless. AB Tutor should at least need a password or the original install program like Lanschool does to uninstall it. We are looking at getting 10 licenses so Lanschool is expensive.

Posted

Hi maxymaxy - I would ask the network manager how his 'open policy' deals with the data protection act? I would say that any reading of the law indicates that students should never be able to log in as a teacher as they would then have access to confidential information. Why do the kids know the username and password combo for the teacher? Is there only one 'teacher' account?

 

To put it bluntly, you (as in the school) don't have any security and as such are not complying with the data protection act or the child protection act.

 

Is your school a primary by any chance?

Posted

It's not reasonable to expect ABTC to compensate for the lack of desktop security that's been implemented.

 

We use it throughout the school here with no security problems, except for teacher password breaches, which are dealt with swiftly.

 

From your second post, it doesn't even sound like a technical issue. As localzuk says, a) why do students know the teacher's credentials, and b) why is the username the same as the password?

Posted
I'm not reasonable to expect ABTC to compensate for the lack of desktop security that's been implemented.

 

We use it throughout the school here with no security problems, except for teacher password breaches, which are dealt with swiftly.

 

From your second post, it doesn't even sound like a technical issue. As localzuk says, a) why do students know the teacher's credentials, and b) why is the username the same as the password?

 

Exactly, we use it across school also and have no problems with security on it, but that is because we use it in an environment which runs on 'deny first, then allow' as the security policy.

Posted

I can only echo what others have said. You need to look at your basic setup else you could be saying the same about any program.

We use AB tutor and are happy enough with it considering the price.

Posted

I agree with all of you. Just to clarify though, the students log in to the workstation locally which means that they have the privileges to uninstall programs but it doesn't allow them to map the network drives hence privacy is not an issue. The novell network means that there are two login screens first to login to the network and the second to login to the workstation. Some problem with one of the servers means that students are able to ONLY login locally which means they can still play LAN games but not have any access to their home drives or network drives.

 

Having calmed down a bit and thinking through some possible solutions, it may be that when ABT is installed the first time I can set up a some permanent policies in ABT and deploy them to the clients which deny students (who log in locally) access to run/cmd and the control panel. I can also do a registry hack to hide the icon in the add/remove programs. This is not ideal, I know, but is it feasible with ABT?

 

The network manager is leaving at the end of this year so I hope the new person will take security a bit more seriously.

Posted

I have just tried the registry editing policy function in ABT and it works well :p From the control workstation I was able to easily remove access to add/remove programs.

 

I will go ahead with my pilot plan, create a policy pack to tighten up security (just don't tell the network manager) and .... hope the new guy is more sympathetic to the teacher's plight 8O

  • Thanks 1
Posted

Ouch... some serious concerns with the kids able to log in as admin...

 

They could install anything! How about a keylogger? Viruses?

 

I'd scrap the teacher/teacher account immediately. Uninstalling AB Tutor is the last thing to worry about!

Posted
They could install anything! How about a keylogger? Viruses?

 

I was thinking the same.

 

Assuming that your users need to logon locally, why do they need to logon lcoally with such unrestricted accounts?

Posted
Ouch... some serious concerns with the kids able to log in as admin...

 

They could install anything! How about a keylogger? Viruses?

 

I'd scrap the teacher/teacher account immediately. Uninstalling AB Tutor is the last thing to worry about!

 

Absolutely - a ridiculous setup - the NW Manager needs sacking!

Posted
I have just tried the registry editing policy function in ABT and it works well :p From the control workstation I was able to easily remove access to add/remove programs.

 

I will go ahead with my pilot plan, create a policy pack to tighten up security (just don't tell the network manager) and .... hope the new guy is more sympathetic to the teacher's plight 8O

 

Also let the folks at AB know what you have done as a workaround. They might be interested in changing things in their documentation to help others with similar problems.

Posted

Thanks everyone for replying.

 

I have taken some reasonable steps to protect the ABT client:

 

1. By making the /program files/abcontrol folder invisible

2. Using the registry function of the ABT control

(a) prevented access to the control panel

(b) disabled cmd.exe, run

© prevented access to the task manager

(d) made invisible msconfig, gpedit

(e) disabled .bat files

(f) disabled any access to network properties

 

There are still ways around these things though.

 

I have in my IT class a student who is rated one of the top 20 junior programmers in the world :(

He was at the recent programming olympics! Luckily for me he is an ally rather than foe and lets me in on ways the other students are trying to get around the system.

 

OK all of this not ideal but I can only do what I can and hope the next NW manager is better.

 

I still think though the client and install files should be password protected.

Posted
do you think it is acceptable to allow the security of a school network to be run by one of the students. Am I the only one who thinks this is a bad idea??????????
Posted

mrphil,

 

My main point for starting the thread was to point out that in SOME situations it would be an advantage to have the client password protected. I still think ABT should seriously consider this.

 

Not all of us live in an ideal world. As you can see from my solution I am writing my own group policies 'round the backdoor'. If the NW manager was doing his job, the guest account would obviously have all the necessary restrictions.

 

I don't need reminding that the students have too many privileges. I am being squeezed from both ends - the lack of security from the network, teachers in the middle complaining about students not being on task, and students at the other end just wanting to play games and muck around.

Posted

I do think tho' that it's a bit rich of maxy to be critical of ABTutor. What's to stop the kids completely wiping the PCs and installing their own O/S's?

 

What you're doing is slowly setting up a secure system the hard way using a tool whose prime purpose is not for this, and then criticising it.

 

What you really need is an Active Directory server and group policy restrictions on your users. Or if you're setting up standalone kiosk PCs use Steady State - for free.

Posted

@Mark

 

That is what he is doing a little of, but being prevented by the fact that the NM (presumably his boss) couldn't give a rat's ear about it all.

 

Part of me is tempted to let the OP know a variety of ways that things can be made to fall over on a more regular basis so that the whole problem needs to be addressed ... but I am not that sort of bloke.

Posted

Oh I get it - you're a Teacher.

 

Most times the situation is reversed - it's the teachers who want unrestricted access and the techs who pull their hair out trying to maintain a secure & reliable system despite it. We do, however, have one member on here at least who has argued the case _for_ open access much as you describe. He was running Novell too.

 

I agree with you that it's impossible to control kids fully, and safety measures have to be in place. My ex Head disagrees, and puts any blame onto the teachers for lack of control.

 

All I know is that with ABTutor installed, teachers re-gained control of lessons using IT.

 

I'm sure the logon local issue is actually to do with the client and not the server, but I stand to be corrected.

Posted

Oh $deity ... in that case the only thing to do is to apply serious boot leather to the backside of the NM to get him to change his ways. I have to admit that it is amusing to have an ICT Co-ordinator complaining about the system not being locked down enough rahter than the other way around.

 

@maxymaxy

Point your NM in our direction and I am sure that various members with experience of a Novell/AD solution will be able to help. Failing that ... here is a clue-bat (a long bit of 2X4) to encourage all to have another look at security.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



  • 46 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time

×
×
  • Create New...