markwilliamson2001 Posted November 10, 2008 Posted November 10, 2008 (edited) Hi.. The little have worked out how to hack logging onto our machines. They start logging on, then pull the network lead out during 'applying computer settings'. They then get full local admin permissions on the machine, and somehow get pointed to the unfiltered proxy address we use. We are trying to setup some sort of scheduled task to point to a local batch file on each machine that just logs the user off, if say a mapped drive is not found... Has anyone else got this or found away to stop the little , as the profile loads okay, so the logon continues. Mark Edited November 10, 2008 by MkII bad language
K.C.Leblanc Posted November 10, 2008 Posted November 10, 2008 There's a GPO that lets you completly prevent log on if there's no network present.
SYNACK Posted November 10, 2008 Posted November 10, 2008 Have you tried the group policy option: Computer Config > Administrative Templates > System > User Profiles : Log Users off when Roaming profile fails along with: Computer Config > Administrative Templates > System > User Profiles : Wait for Remote User Profile They may be able to help.
markwilliamson2001 Posted November 10, 2008 Author Posted November 10, 2008 We use mandatory profiles, (which load quickly) and seem to be loading okay. Its more the permissions and gp settings and logon scripts for the users which don't work correctly (including our redirected desktop/startmenu). I have the logoff if no profile present working okay, but the gits are waiting till the profile has just about loaded. Will look into the logoff if no network present gp, but I am not sure it will apply properly. Mark
Guest Guest Posted November 10, 2008 Posted November 10, 2008 Of you could take the gateway out of the DHCP options. Takes away 99.99999999999999% of the reasons for wanting to be on as a local admin. I cant remember the last time we had a kid try to "hack" the computers/bypass security/etc.
gshaw Posted November 10, 2008 Posted November 10, 2008 Even with proxies and filtering kids could still use something like this... UltraSurf
powdarrmonkey Posted November 10, 2008 Posted November 10, 2008 I solved this problem before by requiring the machine policies to be complete before allowing logon, waiting for the user's profile always, and disallowing access based on a roaming profile or cached login. Don't remember the exact GPO sections but I'm sure you can find them.
Busybub Posted November 10, 2008 Posted November 10, 2008 http://www.edugeek.net/forums/network-classroom-management/7509-students-unplugging-network-cable.html
markwilliamson2001 Posted November 10, 2008 Author Posted November 10, 2008 Thanks for all the help chaps.. We eventually came to a solution, using a registry hack, (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run...) and adding an entry to a local bat file which we copy across the network at machine startup. This reg hack also helps clean out the intel tray icon, and any other sh1t you don't need! The batch file contains a simple check for a file existing on a mapped network drive at logon, (which if they pull the plug) doesnt get mapped, so the batch file calls logoff... Can't wait for this to pan out! Mark
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now