- Dec 14, 2000
- 10,473
- 81
- 101
My sister (38 yrs old) works in a small high school in BFE. She is tasked with setting up windows security for the classroom environment. Evidentally they have a couple kids who consider themselves "hackers" who are messing up the network and causing problems. The kids have been suspended from computers, but will do it again.
Their environment consists of 2 domain controllers and 2 groups, students and staff. The students have a policy applied to their accounts that deny them access to the command prompt, control panel, supposedly block them from writing to their hard drive, and other misc policies.
The client machines are a mix of windows 98 and windows 2000 machines. Students have full use of the floppy drive (ugh), as well as access to USB ports, etc (can you turn these off in a policy editor?)
Problem is, students have been gaining use of their hard drives and command line, even though they are turned off in their policy. I really think that full use of the floppy drive and having it bootable is a bad thing, but she insists they need the floppy drive to bring in assignments from home (not all of them have internet access at home).
Can any of you recommend any books, websites, or general information that would help her (and me) to get a better understanding of how to lock down the environment and make it basically hackerproof? I know there is always a way around things, but there has to be a better way of securing the environment. I told her she needs to rotate her domain admin password on a biweekly basis at minimum, find a way to lock out the floppy drive or at least remove it from the boot sequence and password protect the bios, and disable usb ports if they are not needed (think USB pendrive).
What other ideas?
Their environment consists of 2 domain controllers and 2 groups, students and staff. The students have a policy applied to their accounts that deny them access to the command prompt, control panel, supposedly block them from writing to their hard drive, and other misc policies.
The client machines are a mix of windows 98 and windows 2000 machines. Students have full use of the floppy drive (ugh), as well as access to USB ports, etc (can you turn these off in a policy editor?)
Problem is, students have been gaining use of their hard drives and command line, even though they are turned off in their policy. I really think that full use of the floppy drive and having it bootable is a bad thing, but she insists they need the floppy drive to bring in assignments from home (not all of them have internet access at home).
Can any of you recommend any books, websites, or general information that would help her (and me) to get a better understanding of how to lock down the environment and make it basically hackerproof? I know there is always a way around things, but there has to be a better way of securing the environment. I told her she needs to rotate her domain admin password on a biweekly basis at minimum, find a way to lock out the floppy drive or at least remove it from the boot sequence and password protect the bios, and disable usb ports if they are not needed (think USB pendrive).
What other ideas?