Solved

How to secure a W2K Pro standalone workstation from unauthorized changed in school environment

Posted on 2004-08-31
4
185 Views
Last Modified: 2010-04-12
Given: Multiple W2K Pro workstations - Identical hardware
Peer-to-Peer network connected to Internet via Linksys router

I have 15 W2K Pro workstations that are going into a classroom at my Church. I want to secure these from unathorized changes, downloads, installs etc. Previously the students have been using Win98 SE with no real control at the PC or supervisory level. This has resulted in numerous programs being installed such as Kaaza, various search toolbars and plenty of Spyware as a result of the free program downloading.

I will be installing the following applications in addition to the W2K Pro Operating system which will be fully pattched via Windows Update:

Star Office Suite, e-Sword - a bible study app, Acrobat Reader 6, 7-Zip - a file compression utility, Panda Titanium Anti-virus 2004. I am also considering installing the following apps: Spybot Search & Destroy, Spyware Blaster, Spyware Guard and a Popup blocker from www.endpopups.com to help keep systems clean.

I want to lock these systems down tight to prevent the students from destroying them as they have done in the past.

Here are some of the things I see as being necessary:
1. Prevent the students from downloading and installing anything from the internet to these systems.
2. Disable MSN Messenger, Yahoo, etc. file downloads
3. Deny access to Control Panel
4. Prevent access/change to TCP/IP settings
5. Disable messenger service popups
6. Prevent file sharing betwen systems.
7. Prevent any unauthorized changes to the system
8. Deny use/access to Hotmail, Yahoo Mail etc on SOME systems but allow on others.
9. Disable Run command window.

So, where do I start?

Is there a way that I can configure one system and then Ghost the drives?
I realize that I'll have to rename the individual PC's after ghosting them if I do it that way.
What tool should I be using and are there any templates that allow for these restrictions?
All students are using the same password as these are "public" PC's and share a common networked printer.

Have I missed something?

Thanks,

Dave




0
Comment
Question by:Abacustechnologies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 11945934
1.  have them log in as users,, this will prevent them from installing any software
2.  if you dont have any messenger programs installed then the students can run them,, step one takes care of them installing them.
3. can be done by the gpedit.msc snap in
4. done by step 1
5.  disable the messenger service in services
6. disable file and print sharing on the network card properties
7. mainly done with step 1... but they will still be able to change whatever files they have access to,, so disable access to whichever files you dont want them to edit
8.  edit the hosts file to point www.hotmail.com mail.yahoo.com etc etc to 127.0.0.1
9.  remove their read permissions from the cmd.exe file
0
 
LVL 2

Expert Comment

by:wtp_issc
ID: 11946448
Editing the local security policy will allow you to succeed in some of your tasks.  You can then export the policy and import it into the rest of them.
0
 
LVL 5

Expert Comment

by:balmasri
ID: 11951566
Are they Workgroup or Domain.It's better to be domain:
On a Domain Controller install ISA Serevr, There you can configure internet settings.
Configure a computer group policies and puplish them .
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question