Re: Hacked Workstations

From: Kevin D. Quitt (KQuitt_at_IEEInc.com)
Date: 03/01/05 

Date: Tue, 01 Mar 2005 13:05:27 -0800

On Mon, 28 Feb 2005 16:33:02 -0800, "megascout29"
<megascout29@discussions.microsoft.com> wrote:
>What we have ended up doing is just instituting a policy of containment. The
>student network is completely seperate from the other networks in the school.

Given the policy of allowing physical access to the machines and providing
a means to reboot the machines with the students' disks, I don't think
there is anything else meaningful you can do.

>Our student servers are stored away from student access and locked down
>tightly.

Clearly, an excellent idea under any circumstances.

>We just view the student network as a hostile network and assume that
>anything going on could be being recorded via keystroke logger or packet
>sniffer.

Not a bad idea in general, unless the network is being actively monitored.
Also assume you're on Candid Camera.

>For most software problems we just reimage the machine and don't
>even log on, just wipe it and reimage. Oh well.

Even better than my suggestion; no extra hardware required. This, by the
way, is the policy at the school where my wife teaches (and helps manage
the network), even for teachers' machines. The rules are: keep your own
data backed up; if you want support, do not install any of your own
software; if your machine is causing problems on the network, it gets
reimaged. Draconian, but since there is no support department (just my
wife and a couple of savvy folk), it's the only way to keep everything
running.

>I was hoping for a way to actually beat these kids at their own game and
>take the network back.

Would be nice, eh? Too bad you can't lock them into virtual machines.

>But with out the support of the school administration that just isn't
>going to happen.

And there is the bottom line. 

-- 
#include <standard.disclaimer>
 _
Kevin D Quitt  USA 91387-4454         96.37% of all statistics are made up
  Per the FCA, this address may not be added to any commercial mail list

Relevant Pages

  • Re: EventID 1054 from Userenv for startup script
    ... So if you said "some machines don't have full access to the network ... at startup" the GPO's seems not to apply correct. ... startup script policy. ...
    (microsoft.public.windows.group_policy)
  • Local Security Policy problem - Reverts after reboot - xp sp2
    ... I have the post XP SP2 problem on various machines on our network, ... whereby the following permissions are missing from the Local Security ... network connections folder, basically all those acknowleded in MS KB ... Even if i amend a different policy it still reverts back to the old one ...
    (microsoft.public.windowsxp.security_admin)
  • Re: restricting certain machines.
    ... addresses to machines that have approved mac addresses, ... I believe there are switches that can control access by mac tables ... authentication [AH header policy could be created, ... unauthorized computer on your network puts your whole network at risk for ...
    (microsoft.public.win2000.security)
  • RE: policy to enable login after network connection !! how ?
    ... Usually XP clients login with "Fast Login Optimization" engine. ... the users to wait till they got connect to Wireless network, ... Always wait for network before Logon> this policy only belongs to local ... Run Gpresult /v on one of the non-working machines and double check ...
    (microsoft.public.windows.server.active_directory)
  • Re: Can find Vista box, cant share folders or printers.
    ... When I click 'Network' on the laptop the ... I've disabled Norton and Windows firewall entirely to make sure that's not ... public folder sharing - on ... start by running the Network Setup Wizard on all machines (see ...
    (microsoft.public.windows.vista.networking_sharing)
Quantcast