Thanks Benny. Very useful, and food for thoughts. We caught a kid activelly looking for ways to crack the system, including runing bathc files on usb sticks, infact he was trying to change the administrator password with psexec, and access was denied, but we got all that on monitor. He got into the kids shared rive , and boy he had all sorts of tools and scripts in there to try and break in. The thing is that he has been caught before and was cautioned, but this time he was caught on my watch, and after a very stern warning from me and a visit from the Vice principal, he started to spill, he gave names of other kids, and you wont believe what we found in thier personal drive. I know it is sort of difficult to get everyting covered, but I want to tighten up the obvious, cos we dont want a situation were the kids lock us out of out network Thanks Patrick ________________________________ From: Berny Stapleton <berny@xxxxxxxxxxxxxxxxx> To: windows2000@xxxxxxxxxxxxx Sent: Tuesday, March 24, 2009 5:07:19 PM Subject: [windows2000] Re: How to tighten up your network - suggestions 1) Why are they doing it? 2) Do you need to prevent them from doing it? - Why? (Is it actually affecting anything) - How? (Group users to a PC, make sure they know each other, when someone breaks the PC, they all go down) 3) Get the kids on side, no "dob ins" but a reward for telling you HOW to get around it. (You then patch the hole, this was one of the best ideas I ever saw) I seen a situation where the environment was locked down so far the kids were trying to figure out what was being hidden. Letting the kids see stuff, but not break it is REALLY handy. Don't make the lock out noticable. Prevent them from doing stupid stuff. Implement VDI so that when the system is rebooted it goes back to normal (No viruses etc etc) The kids aren't stupid, they will find ways around things you nor I will ever think of; and they are going to be brats too. You have to get them onside. You might even get one or two who you trust enough to provide 2nd level support for you. Don't trust them enough though that you leave a machine logged in with admin rights while your not there, they will give it themselves. Berny 2009/3/24 Patrick <london31uk@xxxxxxxxx>: > Hi Guys, > > I have just been to one of my sites, and the kids are running rings around > my network administrator. Just wanting tips on what we can do to improve > security. > > Typical issues: > > 1: Smart kids running .exe files > > 2: kids creating shortcuts to restricted areas > > 3: Kids bringing in network scanning tools on usb sticks and running them on > the network > > 4: kids accessing games site thru usb sticks and hidden links > > 5: Kids embedding games in excel spreadsheets and powepoint presentaion, > Word documents etc. > > > > Just to name but a few. > > Windows 2003 R2 > > > We currently have a web filtering software, which I am not sure is up to the > job. > We are implementing GPO's to prevent exe files from being run. > We are alos using WRSM to restrict what files can be saved on the users home > drive. > > I am just looking for other ways to discourage kids from trying to breach > what we have. > > > > Thanks > > Patrick > ********************** To Unsubscribe, set digest or vacation mode or view archives use the below link. //www.freelists.org/list/windows2000