Re: School district and creative way to handle student passwords ?
From: Marlon Brown (marlon_brown_at_hotmail.com)
Date: 04/01/05
- Next message: matthewpascucci_at_yahoo.com: "Re: Microsoft Security Groups"
- Previous message: Dan S: "Cannot approve Windows 2003 Service Pack 1 in SUS"
- In reply to: Mark Randall: "Re: School district and creative way to handle student passwords ?"
- Next in thread: Paul Adare: "Re: School district and creative way to handle student passwords ?"
- Reply:(deleted message) Paul Adare: "Re: School district and creative way to handle student passwords ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Apr 2005 09:13:27 -0800
Byron, I thought about this, but a forest isn't more adequate when you have
administrators that would handle each domain/forest totally separately ?
One thing is for sure:
Thanks for the posts and I agree, I will setup a damn domain where I will no
longer request kids to change passwords.
I will put a one-way trust where staff can access student resources,
including printers and student folders. The other way around won't work
because students won't be able to even touch staff resources. I think that
should take care of the freaking problem and this people will leave me
alone.
"Mark Randall" <markyr@REMOVETHISgoogle.ANDTHIScom> wrote in message
news:eZcPVHqNFHA.2384@tk2msftngp13.phx.gbl...
> I know you know this, but - really the need for physical isolation is
> minimal - I look at it this way, if at any point anyone from either
student
> or staff domains goes online that network might as well be fully exposed
to
> all relevant nasties.
>
> At my old school we used 2 domains, in this case DCS1 (for students and
> staff) and DCS1ADMIN (for financial administrators etc), I compromised the
> security on DCS1 quite a few times (mainly due to lousy ACL's and too much
> API up in my head), however I could not once compromise DCS1ADMIN because
I
> couldent even log on the acursed thing to do anything interesting...
say...
> make myself the schools official paid head of ICT (hey I was a student
there
> at the time).
>
> However, on top of that - we had staff and students in 2 different user
> groups on DCS1 - each with its own group policy.. maybe that would help in
> this situation.
>
> - MR
>
> "Byron Hynes" <nospam@byronetta.com> wrote:
> > I don't know enough about the OP's situation to firmly recommend one
over
> > the other. Personally, I would likely use one forest, but make very,
very
> > sure that the domain accounts and DCs for the student account were both
> > physically and "logically" protected.
>
>
- Next message: matthewpascucci_at_yahoo.com: "Re: Microsoft Security Groups"
- Previous message: Dan S: "Cannot approve Windows 2003 Service Pack 1 in SUS"
- In reply to: Mark Randall: "Re: School district and creative way to handle student passwords ?"
- Next in thread: Paul Adare: "Re: School district and creative way to handle student passwords ?"
- Reply:(deleted message) Paul Adare: "Re: School district and creative way to handle student passwords ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
