Solved

How to secure a W2K Pro standalone workstation from unauthorized changed in school environment

Posted on 2004-08-31
4
186 Views
Last Modified: 2010-04-12
Given: Multiple W2K Pro workstations - Identical hardware
Peer-to-Peer network connected to Internet via Linksys router

I have 15 W2K Pro workstations that are going into a classroom at my Church. I want to secure these from unathorized changes, downloads, installs etc. Previously the students have been using Win98 SE with no real control at the PC or supervisory level. This has resulted in numerous programs being installed such as Kaaza, various search toolbars and plenty of Spyware as a result of the free program downloading.

I will be installing the following applications in addition to the W2K Pro Operating system which will be fully pattched via Windows Update:

Star Office Suite, e-Sword - a bible study app, Acrobat Reader 6, 7-Zip - a file compression utility, Panda Titanium Anti-virus 2004. I am also considering installing the following apps: Spybot Search & Destroy, Spyware Blaster, Spyware Guard and a Popup blocker from www.endpopups.com to help keep systems clean.

I want to lock these systems down tight to prevent the students from destroying them as they have done in the past.

Here are some of the things I see as being necessary:
1. Prevent the students from downloading and installing anything from the internet to these systems.
2. Disable MSN Messenger, Yahoo, etc. file downloads
3. Deny access to Control Panel
4. Prevent access/change to TCP/IP settings
5. Disable messenger service popups
6. Prevent file sharing betwen systems.
7. Prevent any unauthorized changes to the system
8. Deny use/access to Hotmail, Yahoo Mail etc on SOME systems but allow on others.
9. Disable Run command window.

So, where do I start?

Is there a way that I can configure one system and then Ghost the drives?
I realize that I'll have to rename the individual PC's after ghosting them if I do it that way.
What tool should I be using and are there any templates that allow for these restrictions?
All students are using the same password as these are "public" PC's and share a common networked printer.

Have I missed something?

Thanks,

Dave




0
Comment
Question by:Abacustechnologies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 11945934
1.  have them log in as users,, this will prevent them from installing any software
2.  if you dont have any messenger programs installed then the students can run them,, step one takes care of them installing them.
3. can be done by the gpedit.msc snap in
4. done by step 1
5.  disable the messenger service in services
6. disable file and print sharing on the network card properties
7. mainly done with step 1... but they will still be able to change whatever files they have access to,, so disable access to whichever files you dont want them to edit
8.  edit the hosts file to point www.hotmail.com mail.yahoo.com etc etc to 127.0.0.1
9.  remove their read permissions from the cmd.exe file
0
 
LVL 2

Expert Comment

by:wtp_issc
ID: 11946448
Editing the local security policy will allow you to succeed in some of your tasks.  You can then export the policy and import it into the rest of them.
0
 
LVL 5

Expert Comment

by:balmasri
ID: 11951566
Are they Workgroup or Domain.It's better to be domain:
On a Domain Controller install ISA Serevr, There you can configure internet settings.
Configure a computer group policies and puplish them .
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question