First things first: Do you have your students and teachers (i.e. the "rampaging masses") sign an "Acceptable Use Policy" or something similar prior to granting them access to the system? If not, then I suggest you do so post haste. Also, configure the message title and text for users in Group Policy telling them that there is no expectation of privacy, you may be monitored, use of this system for illegal activities...etc. etc. etc. Personally, I'd say you should get the support of your boss to tighten down security to a ridiculous level then only enable things as they are NEEDED. By the way, have you considered running your machines as Kiosks with limited desktops/start menus and the like. Store these two folders on a central server and give the proletariat "Read Only" access to it. Hope this helps! Jeremy Shelley, CISSP ISSP, Defense Security Service Chris DeVoney wrote: > One other suggestion: write a Perl script to look for the time of activities > that are out-of-sync with the related person's activities. For example, > accounts created after normal tech support hours or activity on an 8-to-5 > employees account outside of their normal work hours. > > It takes a little bit to gather the time-band data for accounts but, if it > involves students, lots of "abnormal" activity happens during the > evening-night. > > cdv > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 04:42:27 PST