Help eliminate Instant Messenger in school.

[AnimeKnight]

thank god i work for elementary schools.. the kids just bang on the keyboards

why not try get win NT.. if you need several copies of win NT .. we have A LOT i can sell it to you for cheap educational discount.. see if you can convince your school to do that

 

[Marshy]

I asked a similar question a while back, and was directed to Ms Poledit.exe, which allows you to only run certain progs amonst other things,

I'm using NT, so prob makes a different but check it out

Oh its also nice and complicated, so i never got round to actually sorting it out properly, but it seems the potential there,

good luck

and to hijack a little, i use a user account on NT but still can install messenger and things, so how do i do that?

 

[JayBone]

Poledit works just fine...if the users don't know how to get around it.
Its "security" is laughable.
All a user has to do is run Poledit again, and change the settings.
Even if you disable registry editing (this disables Poledit itself, upon reboot) all they have to do is boot it into safe mode, and they can run poledit to undo all the "security" changes you made.
One of the things that I found even more funny is the fact that, even if you use poledit to disable the Run command in the start menu, all the user has to do is use "Go To" on the explorer Tools menu. They may have removed that option from the menu in 98, though.

 

[n0cmonkey]

<<

<< I hate you L users, you always make me stay late at work fixing your childish screw ups. >>



Get a life. Computers can be screwed up one way or another. Wait... I'll say you should do that stuff and then laugh at you when they lay you off since they don't have any problems with the computers. >>



Heh. Sure kid, sure.

 

[acidvoodoo]

<<

<< i hate u school technicians u make the computers so boring at school lol >>



I hate you L users, you always make me stay late at work fixing your childish screw ups. >>



um, ok, wel i wasn't trying to be offensive, but it's stupid. At my school they use like P4s for Excel, if u go near the server desk, the technicians start crying, and they can't even get the cable connection up correctly, it runs wor se then 14.4

(by the way i do not make childish screw ups, u're job being to fix them though doesn't that say something?)

 

[n0cmonkey]

<<

<<

<< i hate u school technicians u make the computers so boring at school lol >>



I hate you L users, you always make me stay late at work fixing your childish screw ups. >>



um, ok, wel i wasn't trying to be offensive, but it's stupid. At my school they use like P4s for Excel, if u go near the server desk, the technicians start crying, and they can't even get the cable connection up correctly, it runs wor se then 14.4

(by the way i do not make childish screw ups, u're job being to fix them though doesn't that say something?) >>



I just wanted to paint a quick picture of the other side of the coin there. It was not a personal accusation. I personally think you may need to pay attention in your Grammar class instead of hax0ring the network so you can chat with 80yo fat blad men on aim.

 

[acidvoodoo]

i don't have aim, don't want it, never will

 

[WalkedIntoAFan]

<< Poledit works just fine...if the users don't know how to get around it.
Its "security" is laughable.
All a user has to do is run Poledit again, and change the settings.
Even if you disable registry editing (this disables Poledit itself, upon reboot) all they have to do is boot it into safe mode, and they can run poledit to undo all the "security" changes you made.
One of the things that I found even more funny is the fact that, even if you use poledit to disable the Run command in the start menu, all the user has to do is use "Go To" on the explorer Tools menu. They may have removed that option from the menu in 98, though. >>



That's not entirely true, simply running poledit again won't do anything unless you have the right template to load. So if the user doesn't have the template file, he cannot get around poledit. Not that it's that hard to find an .adm file to use but still, most of the kids at the school probably have no idea what poliedit is. I didn't know until I had to start doing admin type stuff.

I will agree with you that the security isn't great, but it's better than what they've got, and it's free.

 

[mckennma]

Block it on your firewall.

 

[vash]

There are a few ways to block it:

1. Have everyone connected through a firewall and only allow port 80 TCP in/out. Once you do that, the users can kiss telnet, ftp, ssh, goodbye.

2. Have a proxy server that only allows port 80 tcp in/out -- also, give them a username/password for access.

High school students will try their ways around, but either of the two method above will work quite well (I'd go for both if you want 99% safety).

vash

 

[n0cmonkey]

<< There are a few ways to block it:

1. Have everyone connected through a firewall and only allow port 80 TCP in/out. Once you do that, the users can kiss telnet, ftp, ssh, goodbye. >>



AIM will connect on port 80 without problems.



<< 2. Have a proxy server that only allows port 80 tcp in/out -- also, give them a username/password for access. >>



You can setup a proxy in AIM.



<< high school students will try their ways around, but either of the two method above will work quite well (I'd go for both if you want 99% safety).

vash >>



Block the ip address of the login server at the firewall, along with doing something like this. Much easier.

 

[JoeBleed]

I agree with poledit for 95.. it is weak but much better than nothing. and as far as fortres goes.. i don't know what version my college use to use but the new one is better. dont' know what version that is either.. i only know the password and how to get around it. the older version was actualy started froma autoexec.bat file.... that was lame. I figured it out one night in excel class. the only reason i have the password and know how to get around it is becasue the admin told me. so i haven't tried getting around the new one. The admin said it hides the autoexec and config files. even from the atrib comand. so it must still be started from the autoexec.bat file.. i guess. he is not exactly sure how it works now either. but it does a good job at stoping things. Don't know about the decripting passwords and all but guese that depends on the version...? anyway i will probably get bored and see if i can tear it apart one night.
but back on the poledit for 95. it is a pain in the ass to get it to work right but i do it alot at work so if you want to try it let me know and i can try and send you some basic instructions. but like said above. if they go into safe mode they have full acces to the harddrive and can do what ever they know how to. but as for running poled again.. simple. uninstall it after you set up the computer. that is what i do at work.
if you can spend money and your machines can handle it try buying nt4.. much better all around.
the blocking of every port but 80 should work well to. as long as noone else wants to do stuff that needs other ports.

 

[vash]

<< AIM will connect on port 80 without problems. >>

Didn't know AIM was such a pain to get rid of, go figure, its AOL. I figured that AOL didn't use HTTP, so it would be easy to block, but it sounds more like Yahoo! messanger now. Does AIM use UDP? If it used UDP, you could block that and be done with it.


<< You can setup a proxy in AIM. >>

I guess you could do that (just like any other IM), but if the users didn't have the password to use any port other than 80, then AIM wouldn't be able to connect since the proxy wouldn't let them out. Now that AIM can use port 80, its pretty annoying to stop.


<< Block the ip address of the login server at the firewall, along with doing something like this. Much easier. >>

What if someone had an external proxy forwarder setup? Someone could point their AIM to that external IP and have that external IP forward the information on. This is a common method to get net based games working through restrictive firewalls.

Win95 has ways to be restrictive (you must install admin addons), you could do:

- Don't let them run anything more than iexplore.exe.
- Disable the Start Menu for the default user.
- Don't let them Run anything.
- Don't let them shell to command prompt.
- Don't let them regedit.
- Run ZoneAlarm, put a password on it and use the strictest settings. Run iexplore.exe, let that out and tell ZoneAlarm to never let anything else out unless they know the admin password.

If you really want to lock them down, don't run Windows 95 -- run some flavor of Windows NT, or another OS that doesn't have AIM support and is more difficult to get running (FreeBSD, BeOS, but you'd have different sets of issues there).

Another thing to do is Ghost (or drive copy) the disk images on the machines, so you can just reimage the machines after each period. Sure, its a few minutes, but its less time then uninstalling all their crap

Last, but not least, tell them that any user caught will have their access removed for X amount of days. Be loud about it and you'll see less AIM users around.

vash

 

[dexter333]

Deep freeze is like ghost but it works FAST! I can delete any file on the hard drive, change any registry key, or add any program and when the computer is restarted the files get recreated/deleted and the settings get changed back. It just got installed at my school and a friend and I are working on cracking Deep Freeze now.