Cost-Benefit Analysis: Internet Access Management - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 02-22-2005, 01:08 PM   #1 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default Cost-Benefit Analysis: Internet Access Management

I am considering implementing an internet access management program (Vendprint Access Manager) in a high school library environment. We want to monitor/restrict those troublesome students who manage to do things they aren't supposed to do(i.e. play games from websites that aren't blocked by the web filter).

Instead of installing the VAM--which will require students to queue into a computer reservation system rather than manually "checking" the computer out via the librarian, I'm thinking about buying a resource textbook that will educate me on the effective use on Group Policy and Permissions (some may remember a few topical questions I've posted before).
Will Windows XP for Dummies have relevant information?

Which method will be the better choice? The third-party software, or my own management of Group Policy?
__________________

__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 02-22-2005, 03:01 PM   #2 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

If you're looking for technical information on a concise level, don't go with a Dummies book. Go with sometimes like the XP Bible or "Mastering: Windows Xp Pro" by Minasi press. Or a book from MS themselves.

I would seriously suggest taking some kind of Windows security course to use Windows-Server more effectively with your client machines. Otherwise, you're poking at a hornet's nest.
__________________

__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Old 02-22-2005, 03:33 PM   #3 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

Thanks for the "literature" suggestions. I'll be taking a look into making a purchase at Books-a-Million.

But what do you think the proverbial "hornet's nest" situation would be?
__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 02-22-2005, 03:40 PM   #4 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

You either A: create a security mess that's not secure at all and you have to hose the system to straighten out, or B: you think it's secure, but because you don't know enough it's not, or C: you screw up your security and lock yourself out.
__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Old 02-22-2005, 04:01 PM   #5 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

I was thinking that's what you meant, and in my case, it's option "B." I don't think I'd lock myself out since I'd be using Active Directory, we'd basically be adding each student individually, which would be a pain, but I just think it would be easier to add/remove students as the years go by and thus have more internal control over it rather than rely on third-party software (which actually looks useful, but not if I can do it myself).

Thanks for the advice.
__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 02-22-2005, 04:46 PM   #6 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

What you can do is create several domain groups, with varying levels of access. As students come in, you can process them into the user groups as needed. Bascially you'd have like 4 main groups, one for each grade level, and then a few other groups to add users to. It's an administration nightmare if you've got thousands of kids, so you basically blanket everyone with the same access controls, then create groups with certain permissions and add those who need to be to those groups.
__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Old 02-22-2005, 05:25 PM   #7 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

Great advise Shoobie. I was going to make some very simular suggestions.
As to what you are wanting to do, can you explain what you are wanting to block? GP is great for doing a lot of stuff, but you are limited in a few areas. IE being one of them. Most of the work you are going to want to do would be involved with blocking specific sites and stoping resource use of specific applications (remote control, if I remember right...)
GP will work for the application blocking as you can disable the use from there and block the .exe from being run too if you want. Now on the IE stuff, that really should be handled from the proxy, where you setup groups in the proxy server with permissions to access specific sites and such. GP will work for settinig up the proxy, blocking access to the proxy area, shutting down registry access and things of the like, but for actually controlling webpage access, that won't work...
if you want help with idea, feel free to ask. I'm in the process of building up my GPO's for 2500 users right now, so I'm fresh on the details of a whole bunch of them...

Good Luck.
Inaris is offline  
Old 02-22-2005, 05:32 PM   #8 (permalink)
Lord Techie
 
Join Date: Jan 2005
Posts: 8,013
Send a message via AIM to DJ-CHRIS
Default

Their's a program called lanschool which lists all the computer users. You can view anyone and their's only one way to block out a viewer (ctl-alt-delete and keep it that way).

It's also very fun to login with your account on a computer and control it remotely (you can do this with VNC too). People think it's a ghost.

Oh yeah, it can also broadcast your screen to everyone elses.
DJ-CHRIS is offline  
Old 02-23-2005, 10:42 AM   #9 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

Just get on the intercom and yell "Anyone who navigates to a pron site will be castrated!"

End of problem.
__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Old 02-23-2005, 11:48 AM   #10 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

Inaris
"GP will work for settinig up the proxy, blocking access to the proxy area, shutting down registry access and things of the like, but for actually controlling webpage access, that won't work...
if you want help with idea, feel free to ask. I'm in the process of building up my GPO's for 2500 users right now, so I'm fresh on the details of a whole bunch of them..."

I'd appreciate any brief primers on running basic scripts. Like I posted earlier, I'm gonna be looking into a Windows XP Bible that will have some information that I'm looking for, because I basically know nothing other than Active Directory and Group Policy is what I need! lol
We aren't looking to deny internet access (the district's web filter does a decent job) but one specific thing we want to prevent is the user changing of the wallpaper/screensaver/mouse cursor and other such settings.

My college sets it up to where all the admin-set default settings are reset upon log off, which would be a nice thing to learn how to do.
__________________

__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:38 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.