Solved

How to secure a W2K Pro standalone workstation from unauthorized changed in school environment

Posted on 2004-08-31
4
181 Views
Last Modified: 2010-04-12
Given: Multiple W2K Pro workstations - Identical hardware
Peer-to-Peer network connected to Internet via Linksys router

I have 15 W2K Pro workstations that are going into a classroom at my Church. I want to secure these from unathorized changes, downloads, installs etc. Previously the students have been using Win98 SE with no real control at the PC or supervisory level. This has resulted in numerous programs being installed such as Kaaza, various search toolbars and plenty of Spyware as a result of the free program downloading.

I will be installing the following applications in addition to the W2K Pro Operating system which will be fully pattched via Windows Update:

Star Office Suite, e-Sword - a bible study app, Acrobat Reader 6, 7-Zip - a file compression utility, Panda Titanium Anti-virus 2004. I am also considering installing the following apps: Spybot Search & Destroy, Spyware Blaster, Spyware Guard and a Popup blocker from www.endpopups.com to help keep systems clean.

I want to lock these systems down tight to prevent the students from destroying them as they have done in the past.

Here are some of the things I see as being necessary:
1. Prevent the students from downloading and installing anything from the internet to these systems.
2. Disable MSN Messenger, Yahoo, etc. file downloads
3. Deny access to Control Panel
4. Prevent access/change to TCP/IP settings
5. Disable messenger service popups
6. Prevent file sharing betwen systems.
7. Prevent any unauthorized changes to the system
8. Deny use/access to Hotmail, Yahoo Mail etc on SOME systems but allow on others.
9. Disable Run command window.

So, where do I start?

Is there a way that I can configure one system and then Ghost the drives?
I realize that I'll have to rename the individual PC's after ghosting them if I do it that way.
What tool should I be using and are there any templates that allow for these restrictions?
All students are using the same password as these are "public" PC's and share a common networked printer.

Have I missed something?

Thanks,

Dave




0
Comment
Question by:Abacustechnologies
4 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 11945934
1.  have them log in as users,, this will prevent them from installing any software
2.  if you dont have any messenger programs installed then the students can run them,, step one takes care of them installing them.
3. can be done by the gpedit.msc snap in
4. done by step 1
5.  disable the messenger service in services
6. disable file and print sharing on the network card properties
7. mainly done with step 1... but they will still be able to change whatever files they have access to,, so disable access to whichever files you dont want them to edit
8.  edit the hosts file to point www.hotmail.com mail.yahoo.com etc etc to 127.0.0.1
9.  remove their read permissions from the cmd.exe file
0
 
LVL 2

Expert Comment

by:wtp_issc
ID: 11946448
Editing the local security policy will allow you to succeed in some of your tasks.  You can then export the policy and import it into the rest of them.
0
 
LVL 5

Expert Comment

by:balmasri
ID: 11951566
Are they Workgroup or Domain.It's better to be domain:
On a Domain Controller install ISA Serevr, There you can configure internet settings.
Configure a computer group policies and puplish them .
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A procedure for exporting installed hotfix details of remote computers using powershell
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now