I'm a System Administrator at a High School, albeit somewhat of a newbie.
As with most System Administrators new to a network I didn't create, I'm having some troubles with the security holes left by those that have come before me.
We are running W2K3 servers & XP Pro clients.
We have blocked students from directly accessing the command prompt, using group policy, which was in place when I came here. However, some little bright spark has figured out how to create a .bat file using notepad, that calls an executable, i.e. command.com, etc.
Their two favorites at the moment are the "Net" command coupled with the "/send" switch, to send stupid (& often infinitely looping) messages to other machines, etc. However, more alarmingly, a few have found out about "TSShutdown". I tested this as a student the other day & found to my horror that there is presently nothing preventing them from shutting down any machine on our network, including our servers!!
The whole thing is getting completely out of hand, and we really need to stamp this out right now. A third party comapny we contract to maintain our servers, tried implementing a group poilcy that blocked student access to "command.com" but this hasn't stopped anything.
Can anyone please suggest a way to lock these two commands down, or better still, how to stop students from creating and running batch files full stop??
Start Free Trial
