I work in a educational environment with windows 2000 servers and clients, I also have ISA server 2000 running in integrated mode. The GPO setup is such that I have OUs for Pupils and OUs for Teachers, the pupils are further broken down into year groups. What I want to be able to do is to prevent the students from downloading files from the internet and executing them on their local machines. I don't want to restrict the teachers from doing so. What is the best way for me to do this.
If it is through GPO could you give me the instructions on how to do this rather than saying "through GPO" as I have this answer from a different forum and is not particularly helpful. I have noticed that this particular forum tends to be more descriptive.
If it is via logon script then a an explanation as to what it should look like and where it should go would be helpful.