Disable usb drives (GPO) remove cd-rom and floppy drives password protect the bios lock the cases disallow access to local drives (GPO) Don't allow to save from IE (GPO) M$ Shared Desktop toolkit (like deep freeze but free and GPO friendly) - can't stop them and can undo the damage with a reboot Conversations with their parents about their actrivities should be a given. Surely you make them sign an aaaceptable use policy before allowing them on? Where I am many of those actions will get you canned, possibly arrested. We don't allow usb drives, mcafee epo is set to delete a lot of extra stuff and we're implementing mcafee hips. My citrix servers are locked down way more than that of course. On Wed, Mar 25, 2009 at 8:29 AM, Patrick <london31uk@xxxxxxxxx> wrote: > Hi Jim, > > we currently have Symantec corperate and I will be looking to upgrade them > to endpoint protection soon. > > The little buggers and just finding ways to be naughty, I dont mind the odd > game, and some I will trun a blind eye, but when kids start trying to > actively break in, then that is a different issue. > > > Thanks > Patrick > > ------------------------------ > *From:* Jim Kenzig http://thin.ms <jkenzig@xxxxxxxxx> > *To:* windows2000@xxxxxxxxxxxxx > *Sent:* Tuesday, March 24, 2009 5:45:04 PM > *Subject:* [windows2000] Re: How to tighten up your network - suggestions > > Symantec Endpoint Protection comes to mind... > http://www.symantec.com/business/products/newfeatures.jsp?pcid=pcat_security&pvid=endpt_prot_1 > > Jim Kenzig > Blog: http://www.techblink.com > Twitter: http://twitter.com/kenzig > Twitter: http://twitter.com/InternetPilot > > > On Tue, Mar 24, 2009 at 12:42 PM, Patrick <london31uk@xxxxxxxxx> wrote: > >> Hi Guys, >> >> I have just been to one of my sites, and the kids are running rings around >> my network administrator. Just wanting tips on what we can do to improve >> security. >> >> Typical issues: >> >> 1: Smart kids running .exe files >> >> 2: kids creating shortcuts to restricted areas >> >> 3: Kids bringing in network scanning tools on usb sticks and running them >> on the network >> >> 4: kids accessing games site thru usb sticks and hidden links >> >> 5: Kids embedding games in excel spreadsheets and powepoint presentaion, >> Word documents etc. >> >> >> >> Just to name but a few. >> >> Windows 2003 R2 >> >> >> We currently have a web filtering software, which I am not sure is up to >> the job. >> We are implementing GPO's to prevent exe files from being run. >> We are alos using WRSM to restrict what files can be saved on the users >> home drive. >> >> I am just looking for other ways to discourage kids from trying to breach >> what we have. >> >> >> >> Thanks >> >> Patrick >> >> > >