Announcement

Collapse
No announcement yet.

Private school(6-12) network - malicious kids!!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Private school(6-12) network - malicious kids!!

    *6th-12th graders! Haha!

    First off, our server is running Windows Server 2008 R2. Majority of our client computers are Windows XP, a few are Vista, and some Windows 7. What I'm trying to accomplish is where the students/teachers can be on any computer joined to the domain with their username/password and have their own desktop/folder but CAN NOT access any of the local files on hard drive except for the apps i allow them to use, such as MSOffice and such. Is this possible? Please help!

    I've done a basic configuration on the server-side and have a few computers joined to the domain already. If possible, what do I need to do to achieve this?
    Last edited by RWELLER; 24th September 2012, 19:36.

  • #2
    Re: Private school(6-12) network - malicious kids!!

    Look into AppLocker on Win7 and Software Restriction Policies on earlier versions. Also get the school to put some sanctions in place (suspension, especially by the neck, seems to be effective)

    WTF is the world coming to if 6-12 year olds are hacking networks (or do I misunderstand your title?)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Private school(6-12) network - malicious kids!!

      Well, everything is currently setup where all client computers are on a workgroup. The kids are logging onto the 'student'(win xp limited login) login on the computers around campus and are using downloaded hacking tools, none are successful but they're crippling each computer that they have local console access to. I want to know how to completely restrict it so the ONLY thing that they can access once they log into the domain with their username/password is MSOffice, their email, web browser, etc. However I want them to be able to download documents/music/videos/etc off the internet and save it into their personal allocated diskspace on the server and run them on the computers. Is this possible? Id like it to still be like their limited local login where it asks for an administrator login/pass to load some binary files needing admin credentials...... But yes to sum it up they're hacking/damaging the computers on the network.

      Comment


      • #4
        Re: Private school(6-12) network - malicious kids!!

        Start with getting the machines into a domain and using restricted groups to remove local admin membership -- that will go a long way to meeting your last requirement. Then (as I said) look at SRPs / AppLocker to reduce applications they can run. Group policy will let you do other things like hiding local drives, not saving desktop changes etc.

        Its all moved on from when I was a teacher and the worst thing the b***ers did was embed solitaire in a word document!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Private school(6-12) network - malicious kids!!

          Awesome, thank you for your advice! Yeah, its hectic here as far as the IT stuff goes.

          Comment


          • #6
            Re: Private school(6-12) network - malicious kids!!

            "Malicious kids" I think so not..

            Kids at that age are inquisitive by nature. If you have set up your network the way it should be you should not have any problems.
            Can't stand it when people offload their shortcomings to others sometimes...
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: Private school(6-12) network - malicious kids!!

              As mentioned above, get them all onto a Domain then shut the little turds out with GPOs. Server 2008 R2 has about 3,000 GPOs that can be applied to the various settings. In 2008 R2 there are some 300 extra GPOs that are not in Server 2008 and are for Windows 7 with about 170 odd specific to IE 8 and IE 9. Makes locking them down a breeze.

              You might also consider Mandatory Profiles as that hinders the the little sods a bit.

              Also enable Auditing so you can track who is trying to access locations they are not supposed to be. You may like to look into FSRM (File Server Resource Manager) as it is really useful for monitoring and stopping inappropriate files from being saved to their Home Folder. It allows you to prohibit file extensions and file sizes plus set storage quotas. If the rules you set are exceeded then you get a nice email telling you who the culprit is. The info is in the FSRM link bolded in this paragraph.

              iTALC is a very useful and FREE program that allows for monitoring the troublemakers once they have been identified. Record their actions and they have ZERO defense for their crimes.

              Finally, Train Signal is a very useful training tool to get you quickly up to speed with how to implement GPOs and lockdowns if you aren't already proficient in that area.

              You may wish to consider install something like TMG to stop the enemy from downloading things like large demo games.

              How many machines, Laptops, Netbooks, Tablest and Desktops are you running?
              Any wireless?
              Server numbers, physical and Virtual?
              Students?

              Remember that prisons and schools are the only places where you are being constantly attacked from the inside.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Private school(6-12) network - malicious kids!!

                Believe me i have done some schools and always coming back to
                THIS

                The only down it is hardware.

                Good luck

                Comment


                • #9
                  Re: Private school(6-12) network - malicious kids!!

                  Originally posted by mhoogev View Post
                  Believe me i have done some schools and always coming back to
                  THIS
                  Good luck
                  Might struggle with the hardware requirements
                  Last edited by Ossian; 25th September 2012, 15:55.
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Private school(6-12) network - malicious kids!!

                    Why disk around with having to open and install then open and remove a piece of hardware in each machine at end of lease (also difficult to do with laptops) when you can lock the little bas..... err dears down with GPOs.

                    Victorian Education Department had (may still be) the largest student network in the world. I believe it has the largest wireless network with over 21,000 WAPs and the students are all subdued with GPOs. If they do happen to wreck a machine, then it can be Ghosted in a few minutes or via WDS.
                    1 1 was a racehorse.
                    2 2 was 1 2.
                    1 1 1 1 race 1 day,
                    2 2 1 1 2

                    Comment

                    Working...
                    X