[windows2000] Re: How to tighten up your network - suggestions

  • From: Berny Stapleton <berny@xxxxxxxxxxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Tue, 24 Mar 2009 17:07:19 +0000

1) Why are they doing it?
2) Do you need to prevent them from doing it?
  - Why? (Is it actually affecting anything)
  - How? (Group users to a PC, make sure they know each other, when
someone breaks the PC, they all go down)
3) Get the kids on side, no "dob ins" but a reward for telling you HOW
to get around it. (You then patch the hole, this was one of the best
ideas I ever saw)

I seen a situation where the environment was locked down so far the
kids were trying to figure out what was being hidden. Letting the kids
see stuff, but not break it is REALLY handy.

Don't make the lock out noticable. Prevent them from doing stupid
stuff. Implement VDI so that when the system is rebooted it goes back
to normal (No viruses etc etc)

The kids aren't stupid, they will find ways around things you nor I
will ever think of; and they are going to be brats too. You have to
get them onside. You might even get one or two who you trust enough to
provide 2nd level support for you. Don't trust them enough though that
you leave a machine logged in with admin rights while your not there,
they will give it themselves.


2009/3/24 Patrick <london31uk@xxxxxxxxx>:
> Hi Guys,
> I have just been to one of my sites, and the kids are running rings around
> my network administrator. Just wanting tips on what we can do to improve
> security.
> Typical issues:
> 1: Smart kids running .exe files
> 2: kids creating shortcuts to restricted areas
> 3: Kids bringing in network scanning tools on usb sticks and running them on
> the network
> 4: kids accessing games site thru usb sticks and hidden links
> 5: Kids embedding games in excel spreadsheets and powepoint presentaion,
> Word documents etc.
> Just to name but a few.
> Windows 2003 R2
> We currently have a web filtering software, which I am not sure is up to the
> job.
> We are implementing GPO's to prevent exe files from being run.
> We are alos using WRSM to restrict what files can be saved on the users home
> drive.
> I am just looking for other ways to discourage kids from trying to breach
> what we have.
> Thanks
> Patrick
To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts: