Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to secure a W2K Pro standalone workstation from unauthorized changed in school environment

Posted on 2004-08-31
4
184 Views
Last Modified: 2010-04-12
Given: Multiple W2K Pro workstations - Identical hardware
Peer-to-Peer network connected to Internet via Linksys router

I have 15 W2K Pro workstations that are going into a classroom at my Church. I want to secure these from unathorized changes, downloads, installs etc. Previously the students have been using Win98 SE with no real control at the PC or supervisory level. This has resulted in numerous programs being installed such as Kaaza, various search toolbars and plenty of Spyware as a result of the free program downloading.

I will be installing the following applications in addition to the W2K Pro Operating system which will be fully pattched via Windows Update:

Star Office Suite, e-Sword - a bible study app, Acrobat Reader 6, 7-Zip - a file compression utility, Panda Titanium Anti-virus 2004. I am also considering installing the following apps: Spybot Search & Destroy, Spyware Blaster, Spyware Guard and a Popup blocker from www.endpopups.com to help keep systems clean.

I want to lock these systems down tight to prevent the students from destroying them as they have done in the past.

Here are some of the things I see as being necessary:
1. Prevent the students from downloading and installing anything from the internet to these systems.
2. Disable MSN Messenger, Yahoo, etc. file downloads
3. Deny access to Control Panel
4. Prevent access/change to TCP/IP settings
5. Disable messenger service popups
6. Prevent file sharing betwen systems.
7. Prevent any unauthorized changes to the system
8. Deny use/access to Hotmail, Yahoo Mail etc on SOME systems but allow on others.
9. Disable Run command window.

So, where do I start?

Is there a way that I can configure one system and then Ghost the drives?
I realize that I'll have to rename the individual PC's after ghosting them if I do it that way.
What tool should I be using and are there any templates that allow for these restrictions?
All students are using the same password as these are "public" PC's and share a common networked printer.

Have I missed something?

Thanks,

Dave




0
Comment
Question by:Abacustechnologies
4 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 11945934
1.  have them log in as users,, this will prevent them from installing any software
2.  if you dont have any messenger programs installed then the students can run them,, step one takes care of them installing them.
3. can be done by the gpedit.msc snap in
4. done by step 1
5.  disable the messenger service in services
6. disable file and print sharing on the network card properties
7. mainly done with step 1... but they will still be able to change whatever files they have access to,, so disable access to whichever files you dont want them to edit
8.  edit the hosts file to point www.hotmail.com mail.yahoo.com etc etc to 127.0.0.1
9.  remove their read permissions from the cmd.exe file
0
 
LVL 2

Expert Comment

by:wtp_issc
ID: 11946448
Editing the local security policy will allow you to succeed in some of your tasks.  You can then export the policy and import it into the rest of them.
0
 
LVL 5

Expert Comment

by:balmasri
ID: 11951566
Are they Workgroup or Domain.It's better to be domain:
On a Domain Controller install ISA Serevr, There you can configure internet settings.
Configure a computer group policies and puplish them .
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Norton Ghost for Windows NT 5 1,491
Outlook 2013 Certicate error 1 296
Server 2000 DC moving to Server 2012R2 - forest functional level 15 237
Windows Foriegn Disk 3 137
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question