Sign in with
Sign up | Sign in
Your question

lock down the systems as much as possible to prevent users in the labs from cha

Last response: in Business Computing
Share
April 19, 2011 10:49:29 PM

I am taking a class on WInd 7 operation system. I have been asked to set up a computer lab for students and lock down the systems as much as possible to prevent users in the labs from changing system settings.
Any suggestions on which settings to lock? I have the obvious ones on the control panel and setting up passwords. ANything else?
Anonymous
a b 8 Security
April 20, 2011 10:52:10 AM

This topic has been moved from the section Opinions and Experiences to section Business Computing by Grumpy9117
m
0
l
April 20, 2011 12:39:42 PM

Your taking a class on WInd7 eh?

You already failed.
m
0
l
April 20, 2011 5:48:23 PM

erinlemoi said:
I am taking a class on WInd 7 operation system. I have been asked to set up a computer lab for students and lock down the systems as much as possible to prevent users in the labs from changing system settings.
Any suggestions on which settings to lock? I have the obvious ones on the control panel and setting up passwords. ANything else?

GeekApproved: nice fish.

erinlemoi: There are two approaches that I know of. Both should be taken.

The first is to simply create logins for the students that are not admin accounts, but standard user accounts. Make sure that they don't know the admin password. This prevents most meddling and installation of software.

But there is no foolproof way, because fools are so ingenious. Unfortunately, the best way to prevent one student screwing up the machines for all the others is to
1) Get identical machines
2) On each machine, take an image snapshot of the OS and save it on a hidden partition on the drive
3) Modify the boot sequence so that it overwrites the OS partition with the image from the hidden partition.

This way, all the machines get reset to base state every time they are started.

There is fancy software to keep a central image server and send the same image to each machine over the network as the machine starts, then modify local settings like the machine name. Ghost comes to mind. But it's expensive and requires training, plus the network is slower than disk-to-disk transfer.

========================================

Other members, are there security policies that can be locked down tight? Or is the OS supposed to prevent standard user logins from changing things of significance?
m
0
l
April 21, 2011 5:09:51 PM

I get it now, he's abbreviating Windows.

For some reason it just didn't click that he was talking about Windows 7. ROFL
m
0
l
April 21, 2011 5:20:22 PM

^+1 toWyomingKnott. The image solution is in my opinion the best way to keep the machines untouched especially when they get the image from the server.
m
0
l
April 26, 2011 7:43:52 PM

Also, keep in mind the audience. It's one thing to lock down a machine, but it might be prudent to check with the class instructor for their requirements. Too many times in IT has security overreached their target.
m
0
l
April 30, 2011 1:55:24 PM

Better way, I used to work in a school system so I have been there. You need to check into some software called Centurion Guard. It is beautiful.

http://www.centuriontech.com/education/index.php

How it works, you image your machines, install etc, install this software on the machine, and lock it down. The kids can mess with everything known to man, load a program, do what they want to do. When you need the machine back to it's original state, reboot. It wipes all of their changes and puts it back to the stock image you had. My boss and I tried it, even went to safe mode, deleted files and what not. Rebooted, machine was perfect.

They used to make a physical system that did the same thing as their software did, which we had installed, my boss said that was the best thing they ever did. Check it out. Maybe combine it with some remote view software that lets an instructor reboot all the machines from their desks between periods.
m
0
l
!