[windows2000] Re: How to tighten up your network - suggestions

  • From: Patrick <london31uk@xxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Tue, 24 Mar 2009 13:26:45 -0700 (PDT)

Thanks Benny. Very useful, and food for thoughts. We caught a kid activelly 
looking for ways to crack the system, including runing bathc files on usb 
sticks, infact he was trying to change the administrator password with psexec, 
and access was denied, but we got all that on monitor.

He got into the kids shared rive , and boy he had all sorts of tools and 
scripts in there to try and break in. The thing is that he has been caught 
before and was cautioned, but this time he was caught on my watch, and after a 
very stern warning from me and a visit from the Vice principal, he started to 
spill, he gave names of other kids, and you wont believe what we found in thier 
personal drive.

I know it is sort of difficult to get everyting covered, but I want to tighten 
up the obvious, cos we dont want a situation were the kids lock us out of out 



From: Berny Stapleton <berny@xxxxxxxxxxxxxxxxx>
To: windows2000@xxxxxxxxxxxxx
Sent: Tuesday, March 24, 2009 5:07:19 PM
Subject: [windows2000] Re: How to tighten up your network - suggestions

1) Why are they doing it?
2) Do you need to prevent them from doing it?
  - Why? (Is it actually affecting anything)
  - How? (Group users to a PC, make sure they know each other, when
someone breaks the PC, they all go down)
3) Get the kids on side, no "dob ins" but a reward for telling you HOW
to get around it. (You then patch the hole, this was one of the best
ideas I ever saw)

I seen a situation where the environment was locked down so far the
kids were trying to figure out what was being hidden. Letting the kids
see stuff, but not break it is REALLY handy.

Don't make the lock out noticable. Prevent them from doing stupid
stuff. Implement VDI so that when the system is rebooted it goes back
to normal (No viruses etc etc)

The kids aren't stupid, they will find ways around things you nor I
will ever think of; and they are going to be brats too. You have to
get them onside. You might even get one or two who you trust enough to
provide 2nd level support for you. Don't trust them enough though that
you leave a machine logged in with admin rights while your not there,
they will give it themselves.


2009/3/24 Patrick <london31uk@xxxxxxxxx>:
> Hi Guys,
> I have just been to one of my sites, and the kids are running rings around
> my network administrator. Just wanting tips on what we can do to improve
> security.
> Typical issues:
> 1: Smart kids running .exe files
> 2: kids creating shortcuts to restricted areas
> 3: Kids bringing in network scanning tools on usb sticks and running them on
> the network
> 4: kids accessing games site thru usb sticks and hidden links
> 5: Kids embedding games in excel spreadsheets and powepoint presentaion,
> Word documents etc.
> Just to name but a few.
> Windows 2003 R2
> We currently have a web filtering software, which I am not sure is up to the
> job.
> We are implementing GPO's to prevent exe files from being run.
> We are alos using WRSM to restrict what files can be saved on the users home
> drive.
> I am just looking for other ways to discourage kids from trying to breach
> what we have.
> Thanks
> Patrick
To Unsubscribe, set digest or vacation
mode or view archives use the below link.



Other related posts: