Cost-Benefit Analysis: Internet Access Management

Status
Not open for further replies.
S

star_topology

In Runtime
Messages
195
I am considering implementing an internet access management program (Vendprint Access Manager) in a high school library environment. We want to monitor/restrict those troublesome students who manage to do things they aren't supposed to do(i.e. play games from websites that aren't blocked by the web filter).

Instead of installing the VAM--which will require students to queue into a computer reservation system rather than manually "checking" the computer out via the librarian, I'm thinking about buying a resource textbook that will educate me on the effective use on Group Policy and Permissions (some may remember a few topical questions I've posted before).
Will Windows XP for Dummies have relevant information?

Which method will be the better choice? The third-party software, or my own management of Group Policy?
 
If you're looking for technical information on a concise level, don't go with a Dummies book. Go with sometimes like the XP Bible or "Mastering: Windows Xp Pro" by Minasi press. Or a book from MS themselves.

I would seriously suggest taking some kind of Windows security course to use Windows-Server more effectively with your client machines. Otherwise, you're poking at a hornet's nest.
 
Thanks for the "literature" suggestions. I'll be taking a look into making a purchase at Books-a-Million.

But what do you think the proverbial "hornet's nest" situation would be?
 
You either A: create a security mess that's not secure at all and you have to hose the system to straighten out, or B: you think it's secure, but because you don't know enough it's not, or C: you screw up your security and lock yourself out.
 
I was thinking that's what you meant, and in my case, it's option "B." I don't think I'd lock myself out since I'd be using Active Directory, we'd basically be adding each student individually, which would be a pain, but I just think it would be easier to add/remove students as the years go by and thus have more internal control over it rather than rely on third-party software (which actually looks useful, but not if I can do it myself).

Thanks for the advice.
 
What you can do is create several domain groups, with varying levels of access. As students come in, you can process them into the user groups as needed. Bascially you'd have like 4 main groups, one for each grade level, and then a few other groups to add users to. It's an administration nightmare if you've got thousands of kids, so you basically blanket everyone with the same access controls, then create groups with certain permissions and add those who need to be to those groups.
 
Great advise Shoobie. I was going to make some very simular suggestions.
As to what you are wanting to do, can you explain what you are wanting to block? GP is great for doing a lot of stuff, but you are limited in a few areas. IE being one of them. Most of the work you are going to want to do would be involved with blocking specific sites and stoping resource use of specific applications (remote control, if I remember right...)
GP will work for the application blocking as you can disable the use from there and block the .exe from being run too if you want. Now on the IE stuff, that really should be handled from the proxy, where you setup groups in the proxy server with permissions to access specific sites and such. GP will work for settinig up the proxy, blocking access to the proxy area, shutting down registry access and things of the like, but for actually controlling webpage access, that won't work...
if you want help with idea, feel free to ask. I'm in the process of building up my GPO's for 2500 users right now, so I'm fresh on the details of a whole bunch of them...

Good Luck.
 
Their's a program called lanschool which lists all the computer users. You can view anyone and their's only one way to block out a viewer (ctl-alt-delete and keep it that way).

It's also very fun to login with your account on a computer and control it remotely (you can do this with VNC too). People think it's a ghost.

Oh yeah, it can also broadcast your screen to everyone elses.
 
Just get on the intercom and yell "Anyone who navigates to a pron site will be castrated!"

End of problem.
 
Inaris
"GP will work for settinig up the proxy, blocking access to the proxy area, shutting down registry access and things of the like, but for actually controlling webpage access, that won't work...
if you want help with idea, feel free to ask. I'm in the process of building up my GPO's for 2500 users right now, so I'm fresh on the details of a whole bunch of them..."

I'd appreciate any brief primers on running basic scripts. Like I posted earlier, I'm gonna be looking into a Windows XP Bible that will have some information that I'm looking for, because I basically know nothing other than Active Directory and Group Policy is what I need! lol :p
We aren't looking to deny internet access (the district's web filter does a decent job) but one specific thing we want to prevent is the user changing of the wallpaper/screensaver/mouse cursor and other such settings.

My college sets it up to where all the admin-set default settings are reset upon log off, which would be a nice thing to learn how to do.
 
Status
Not open for further replies.

Similar threads

S
Project \ Guide .. Find a use for an older system or even multiple systems ..
Replies
0
Views
3K
Spud1200
S
S
PIA (Private Internet Access) Review.
2
Replies
17
Views
49K
Yanno
Y
M
Best thing to do towards a IT security career based on my current knowledge?
Replies
1
Views
2K
DistraughtSysop
D
S
A General Security Topic Surrounding UK Internet Users.
Replies
7
Views
2K
Spud1200
S
W
What entry-level IT jobs are still in-demand currently?
2
Replies
11
Views
6K
WhatShouldIDo
W
Back
Top Bottom