staff discipline

[Guest blacksheep]

Hi,

 

This is sort of my first post here so hi all!

 

What do you guys/gals thinks of this,

 

I have totally got rid of all win98 boxes while i built the school a nice network (around 300 pcs). I got rid of them for obvious reasons, I was replacing them with a new modern OS (2000 or XPP) and suitable machine to go with it. Basically building a domain and the non technical people here decided to flood the school with a load of cheap unetworked 98 machines, but it sort of helped staff somewhat in between (although it went against my judgment). Now a few years on they are networked in every room but still have a difficult members of staff. I have win98 machines been setup (all by them) in a room on its own with no network connectivity (made sure the sockets were off becoz of all the fiddling going, just check my dhcp logs ), no PAT testing, no antivirus management.

My reasons for no 98 is simple, I do not want to build a new network and add them to the domain, they dont do GPolicy, directory traversal etc. they are easy to install pirate s/w on (and they have), and obviously with no antivirus kids will stick their usb stick in and sooner or later start getting work lost from what builds up in the private suite. They are also opening machines in their department to play around. Head wont do anything ive tried. Any ideas? Leave it and cover myself?

 

Thanks.

[FN-GM]

I don't balme you one bit mate.

 

Just don't support them simple as that. You could go an tamper with a few and break them and force them to get rid.

[localzuk]

Write a letter to the head stating your concerns, point out the relevant laws - regarding the data protection act, health and safety law etc... and point out that if anything negative were to occur due to these machines being in school (electrical shock due to them being non-PAT tested, data being lost due to intrusions, a virus spreading due to poor security etc...), it would be him who gets the blame and not you.

[elsiegee40]

Old machines like this have sudden hardware failures at the drop of a hat (or possibly a screw driver, or a hard-drive...)... just don't get caught

[Diello]

Write a letter to the head stating your concerns, point out the relevant laws - regarding the data protection act, health and safety law etc... and point out that if anything negative were to occur due to these machines being in school (electrical shock due to them being non-PAT tested, data being lost due to intrusions, a virus spreading due to poor security etc...), it would be him who gets the blame and not you.

 

Ditto - also CC it to your Chair of Governors as well. Pay particular attention to students loosing GCSE/AL coursework, and the response parents would have to that if their child failed a subject because of that, that the situation being allowed to occur presents a clear threat to the ability of the school to provide satisfactory ICT resources for Teaching & Learning.

 

Definitely refuse to support them in ANY way, including when they "accidentally" break

[SYNACK]

If that room is on a separate power breaker it could be subjected to numerous isolated power failures. That is sure to increase the mortality rate for those old PCs

 

You could also include in your official letter the kind of fines that the school would incur if those machines had illegal software on them (and they pretty much have to). This might help them grasp the monetary logistics of the matter.

Edited January 13, 2008 by SYNACK

[GrumbleDook]

No PAT test and you are in breach of H&S. How about you remove all the memory so they don't work and have to be scrapped?

 

Whatever happens, get it in writing from your Head so that you are covered if anything goes wrong. If he refuses to sign the paperwork that says it is not your responsibility then get the Chair of Governors to do it instead ... failing that speak to your union.

 

Putting the life of staff and students at risk is terrible!

[Grommit]

Hi,

 

This is sort of my first post here so hi all!

 

What do you guys/gals thinks of this,

 

I have totally got rid of all win98 boxes while i built the school a nice network (around 300 pcs). I got rid of them for obvious reasons, I was replacing them with a new modern OS (2000 or XPP) and suitable machine to go with it. Basically building a domain and the non technical people here decided to flood the school with a load of cheap unetworked 98 machines, but it sort of helped staff somewhat in between (although it went against my judgment). Now a few years on they are networked in every room but still have a difficult members of staff. I have win98 machines been setup (all by them) in a room on its own with no network connectivity (made sure the sockets were off becoz of all the fiddling going, just check my dhcp logs ), no PAT testing, no antivirus management.

My reasons for no 98 is simple, I do not want to build a new network and add them to the domain, they dont do GPolicy, directory traversal etc. they are easy to install pirate s/w on (and they have), and obviously with no antivirus kids will stick their usb stick in and sooner or later start getting work lost from what builds up in the private suite. They are also opening machines in their department to play around. Head wont do anything ive tried. Any ideas? Leave it and cover myself?

 

Thanks.

 

Hi

 

Sorry but what role are you in the school and who is procuring and installing the 95 Boxes ?

[Guest blacksheep]

Thanks for the replies so far, at least I dont feel im the only one who thinks it should be done right. Lots of problems with that department as that one guys mentality has seemed to spread to others to some degree and the HOD is not exactly friendly. Through hassling the management he has managed to get admin (local!) access to his PC (or the schools PC where he sits!) and one other guy did in the dept. but I have made them sign policy sheet to say that any illegal software installed is their responsibilty plus a nice but about if they try anything on like network scanning I will disconnect them from the school net (and I will regardless of Head).

The 98 machines are the other story but he will only try to get more with time, he has got this far. The original 98 box procurment was years ago but they all but been decommisioned by me over time. Just these other 4 still remain.

FYI I am the school network manager (they officially call me network coordinator whatever that means, probably viewed as IT technician).

Did I mention the big wallet of copied CDs and the 'well they do it in other schools' reply I get!

'home machine' mentality is the best way I can describe it

Edited January 14, 2008 by blacksheep

[Domino]

eeeeek!

 

okay, as mentioned before write a letter to the head explaining ALL your concerns, and get a signed copy from him. thats first priority, you've gotta cover yourself.

[pallen]

Check your job description. If you have a role in there that states you are respsonsible for the licences on all computers in the school, remove any software that is on there which is not legal. You can give them notice in order to back up any work, but unless you have something in writing which states you no longer have control over these machines it will still be you that is held responsible.

 

The attitude of "other schools do it so we should be able to" is just plain stupid. If it is against the law, it is against the law....ignorance is not an excuse. If you are employed to look after the school network, then it is you who should be making the decisions regarding what is installed on computers. You should have records of all the licences the school has and know when you have hit that limit you either don’t install any more, or buy more licences.

 

By the way, when you write to the Head & Governers, put a timescale on your request. It is easy for the school to let things drag on hoping it will just be accepted. But either you have something in writing which places the machines outside your responsibility, or they have the same restrictions in place as the rest of the networked PCs. As people have said, make sure you cover yourself with the appropriate paperwork.

[Andrew_C]

PAT:-

 

Be careful claiming that they are "illegal" or "against H&S" if they haven't been PATed. Whilst PAT testing is a good way of proving it, the legal requirement is "to have a safe system of work" and to be able to prove that "equipment is maintained so as to prevent danger".

 

I fully accept in your case that neither of the requirement is being met, but don't damage your case with inaccurate quoting of non-existent "law".

[GrumbleDook]

PAT:-

 

Be careful claiming that they are "illegal" or "against H&S" if they haven't been PATed. Whilst PAT testing is a good way of proving it, the legal requirement is "to have a safe system of work" and to be able to prove that "equipment is maintained so as to prevent danger".

 

I fully accept in your case that neither of the requirement is being met, but don't damage your case with inaccurate quoting of non-existent "law".

 

Taken from http://www.pat-testing.info/legal.htm

 

Scope of the legislation

 

It is clear that the combination of the HSW Act 1974, the PUWER 1998 and the EAW Regulations 1989 apply to all electrical equipment used in, or associated with, places of work. The scope extends from distribution systems down to the smallest piece of electrical equipment.

 

It is clear that there is a requirement to inspect and test all types of electrical equipment in all work situations.

 

There is the duty of care that is implicit in a school under the Children's Act 2004, that each child is legally entitle to learn in a safe environment. Failure to have qualified people assess the safety of the environment is in breach of this (guidance from DfES presentation on Every Child Matters in 2005). This covers all areas of the physical environment that the various H&S laws envelop.

[Guest blacksheep]

Ok.. this is great lots of info here for me, thanks again.

I have had another moan today to the head and have reiterated (feeling much more confident about the issue thanks to you ppl) to the HOD. At least she has accepted that I am going to remove them but I did offer replacements (after they'd agreed). I must remove them soon before any more goes down.

I have one win98 box now but HOD is happy for me to get the person who it belongs to sign for it. I was going to write up something to say that it is their responsibilty for the software on it and they declare they have legal copies. It wont go on the network though and im unlikely to ever support it. I will have to get it PAT tested by the guy who does it for obvious reasons (I think I will memo that to the head and HOD too so they know)

For the machines I have given them local admin rights I have written another sheet, and got 3 people to sign to state that the onus is on them (that wasnt on the first) not to install unlicensed software so that the school remains legal and that any install can be traced back to them (I gave them a seperate local admin account under a name, not hard to get around the standard local admin but they would have to reset the account pwd). Plus another bit to basically say 'if he trys to mess with the network or bugger the machine I have the right to dis him'.

As for opening the machine and having a play.. I will have to moan to him and log it somewhere.

Also, Found 'bonjour' service and tools on there too! I think its a sort of network scanning util that looks for bonjour enabled devices and make the machine bonjour capable too (sigh).

So sort of there ??

 

I was quite dissapointed that they couldnt be bothered to check the PAT theirselves, im sure as science teachers they are aware of shock hazards, oh well ill sort it!

Edited January 14, 2008 by blacksheep

[Geoff]

Bonjour is an Apple network protocol.

[Guest blacksheep]

Dont know much about macs but just found this;

http://www.apple.com/support/downloads/bonjourforwindows.html

 

Thats what he had on there I think. Still it shows his intentions or look suspicious

 

Just spoke to the building manager who is testing the one left win98 box I think this will help underline the issue (ill grab the pc's same time would be best).. He doing it tommorow

[GrumbleDook]

Bonjour is an Apple network protocol.

 

Bonjour is the Apple branding of their zeroconf solution and formerly it was called Rendezvous. Bonjour is an IETF standardised version as it is compatible with SLP, the version which was standardised with other companies including Sun, HP and Novell. In reality it now uses mDNS and DNS-SD but keeps the backward compatibility with SLP.

 

Back in the day the .local was the domain 'suffix' used within the hosts table to make use of mDNS or SLP. This was documented but Microsoft still included using .local as good practice for a W2K based domain with no FQDN. This led to a series of issues with systems trying to integrate into Windows networks if they had some zeroconf functionality. An example was the inability to authenticate or bind Macs to a windows network. Apple and Sun have since worked on this and from 10.4 onwards it did not matter that .local was used in a Windows domain.

 

A number of MS courses *still* refer to .local as the domain to be used for domains with no FQDN, and everyone else has learnt to work around it.

[Midget]

Blacksheep> this sounds scarily familar, which SouthWales school are you in? If you don't want it public, PM me, but is it near the valleys?

[Guest blacksheep]

I dont care that much who knows where I am (been here too long!) but its easier to be not linked directly, lets say its on the valley side of Bridgend but I am not up the valleys, although its a valley serving school! Is that enough info? At least that wont come up on the search! PM me if you want more.

After all its nice to talk to like minded people who understand, as I wont get that with many issues here! Busy board though, I bet SLT are lurking lol

[Midget]

thats ok then, thought you were the person unlucky enough to have taken over my old post in an 'end of the line' valley school and the mice had been at play whilst the cat was away for 6-9months

[Guest blacksheep]

>play whilst the cat was away for 6-9months

 

Id expect they dont see why there would be a problem if the machines were wide open, DIY installs etc.! IF anythng like here..

[Grommit]

Thanks for the replies so far, at least I dont feel im the only one who thinks it should be done right. Lots of problems with that department as that one guys mentality has seemed to spread to others to some degree and the HOD is not exactly friendly. Through hassling the management he has managed to get admin (local!) access to his PC (or the schools PC where he sits!) and one other guy did in the dept. but I have made them sign policy sheet to say that any illegal software installed is their responsibilty plus a nice but about if they try anything on like network scanning I will disconnect them from the school net (and I will regardless of Head).

The 98 machines are the other story but he will only try to get more with time, he has got this far. The original 98 box procurment was years ago but they all but been decommisioned by me over time. Just these other 4 still remain.

FYI I am the school network manager (they officially call me network coordinator whatever that means, probably viewed as IT technician).

Did I mention the big wallet of copied CDs and the 'well they do it in other schools' reply I get!

'home machine' mentality is the best way I can describe it

 

OK.. in our School only 2 people have the Administrator Password.. that's me the ICT Manager and the Head Teacher... even the HOD does not have anything above staff access to the site PC's...

 

Don't worry about little things like copied CD's worry about the bigger things of being in charge of you network...

[ICT_GUY]

Hard drive magenets waved not so gently across the mobo. Works a treat.

[Guest blacksheep]

Or just remote manage the PC, mess with the registry and put him in the queue to repair "Well only if you hadnt messed with it.."

 

>Copied CDs

Yeh well ive "told him" and on the policy I put a part about staff being responsible for installing any CDs (on the machines with admin access), and that they must be original/legal copies. It wont actually do much but ive covered myself at least.

 

Last week he is trying to get my asst.tech to give him a spare monitor. It turns out not for school use either, either way I would want a fault reported.

Thankfully this one isnt easily pressured, you wont beleive some of the Uni trainees I have had managment problems with. Senior managment is a bit of a laugh not really in touch with the real day to day issues I have to deal with. Dont expect them to discipline someone they dont see why I got a problem half the time!

 

Admin rights to his department FFS what next, why the hell do I hit a wall with senior-management with that one! "well my machine in the house" etc. and it looks like the whole department just think im a control freak now.. idiots!

[ICT_GUY]

Or just remote manage the PC, mess with the registry and put him in the queue to repair "Well only if you hadnt messed with it.."

 

>Copied CDs

Yeh well ive "told him" and on the policy I put a part about staff being responsible for installing any CDs (on the machines with admin access), and that they must be original/legal copies. It wont actually do much but ive covered myself at least.

 

Last week he is trying to get my asst.tech to give him a spare monitor. It turns out not for school use either, either way I would want a fault reported.

Thankfully this one isnt easily pressured, you wont beleive some of the Uni trainees I have had managment problems with. Senior managment is a bit of a laugh not really in touch with the real day to day issues I have to deal with. Dont expect them to discipline someone they dont see why I got a problem half the time!

 

Admin rights to his department FFS what next, why the hell do I hit a wall with senior-management with that one! "well my machine in the house" etc. and it looks like the whole department just think im a control freak now.. idiots!

 

Go at it from a different angle.

 

Have a policy where the admin password changes on a daily basis for "security" or change it to a 16 digit hexidecimal number.

 

Have a personal admin account that you use for yourself "so you can track what you do" (which is human friendly).

 

You will find that most people will give in pretty damn quickly, tough password security policies knock the wind out of lusers sails very very quickly.

 

(I used to use this tatic when I had idiot kids come in who had difficulty answering the question what password do you want? When they had to type in a 32 character password correctly, they pretty much always had an answer next time.)