liquidmonkey

i work as a math teacher (90%) and computer guy (10%) at a school and on our computers we are using windows XP which is run from another company on a network. in order to access the computers you must login and your own password. i'm sure you know the login screen. without this you cannot access anything OR so i thought.
kids have been getting into the computers, reseting the BIOS passwords, putting in Power Up passwords and such, one kid even installed a totally different version of windows. this is a problem and i would like to know a technical solution on 1) how to stop the kids from doing this and 2) how are they able to do this?
i'm no hacker / cracker and only work on the computers at the school 2 hours a week so i don't have a lot of time to deal with these problems in depth.
can someone out there please help me?

Byteman

If they are resetting BIOS passwords, theyre prob just rebooting the machine and going into the setup. You would do well to not allow them to shut the machine down! 1. Can you make the physical machine non-accessable to them?. 2. use a local security policy, in user rights assignment there is an option called "shut down the system". Take out the "users" group from that policy, and make sure all the students are under the users group (network wise).

Since you have a company running the network, they can do this easily via a logon script, generated from their end. Ask them to do it, that will propogate to all users who belong to that group. On your end you'll just need to physically lock up the machines (so they can't do a hard shutdown/reboot).

__________________
Don't byte off more than you can chew...

[-0MEGA-]

Our school has a login script, it disables many features and doesnt allow any executables to run.

About the BIOS, if there is already a password set to it, then they need to physically open up the machines to reset it, what you can do is use normal screws and not the thumb screws, and screw them in very tight, and if your able to put a lock on the case, do so, then they cant open the case up to reset the bios. And you can also disable booting from a cd in bios so you dont have to worry about the installing a new OS on it.

__________________
Desktop // Laptop
Core 2 Quad Q9550 @ 4.0GHz // Core 2 Duo P8400 2.26GHz
Asus Rampage Formula X48 // Intel PM45
ATI 4870X2 2GB GDDR5 // 512MB GDDR3 9800M GTS
4GB (2x 2GB) DDR2 940 // 4GB DDR3 800
750GB SATAII w/32MB // 200GB SATAII 7200RPM
Creative SB X-Fi Titanium Fatal1ty
SilverStone 750W +12V@60A
3DMark06: 21391 // 9179

spacedude89

also, the windows login screen is EASY to get past if you know how. you need to set a admin password if you havent. try turning off the computer. turn it back on, then wait for the windows loading screen after the bios. then immediatly turn off the computer. let it load normaly. it should stop and say windows had a problem starting and give you the option to start in safe mode. say yes and start safe mode. when you get to the login screen, there should be a user named "Admin", it wont have a password if you havent set it. and with this account you can delete passwords and users even if they are a regular admin, i call that the "super admin", just login in to the "super admin" and set a password.

__________________
Desktop: Abit AW9D-MAX ~ Core 2 Duo E6300 @ 2.4GHz ~ Radeon X1900GT
Laptop: HP ~ Core Duo T2050 ~ nVidia 7600

First smiles, then lies. Last comes gunfire.

diroga

isn't this an administrative problem not a teacher problem? do the school administrators know about it?

ack

He's the computer guy, they probably told him to fix it.

__________________
http://www.ack-network.com -great hosting, software, and advanced computer techniques.

[-0MEGA-]

or you can press F8 when loading windows, this will bring up the menu to start in safe mode, which is a bit easier then what he said, lol

__________________
Desktop // Laptop
Core 2 Quad Q9550 @ 4.0GHz // Core 2 Duo P8400 2.26GHz
Asus Rampage Formula X48 // Intel PM45
ATI 4870X2 2GB GDDR5 // 512MB GDDR3 9800M GTS
4GB (2x 2GB) DDR2 940 // 4GB DDR3 800
750GB SATAII w/32MB // 200GB SATAII 7200RPM
Creative SB X-Fi Titanium Fatal1ty
SilverStone 750W +12V@60A
3DMark06: 21391 // 9179

apj101

How do you know the admin user account will be called "admin", and its wont simply display the admin user name in the user input box when booting to safe mode. It will be blank!
Plus if you knew the admin was user id "Admin" and had no password set why bother with going into safe mode, just log on as admin

Only if its not set up correctly. Your safe mode idea only works if the system is not set up correct. I'd give you a million pounds if you can get past my log on screen so EASY.


That can be disabled. think tweakui has an option

__________________
What did one snow man say to the other?
can you smell carrot?

The fight is won or lost far away from witnesses - behind the lines, in the gym, and out there on the road, long before I dance under those lights.

How you do anything, is how you do everything!

Hylian

This happened in my school, yet parts like memory and hard drives started missing. A detective was hired and found the finger prints all over the back of the case and the students were fined and expelled.

Just keep track of who sits where and question them about it. If no one fesses up, kick all those suspected out of the class. There's bound to be someone to break under that pressure (ie. 1 out of three guys actually did it, one or both the other 2 rat him out)

__________________

X-Blade ATX Window Case - Enermax Liberty 620W Power Supply
Intel Core 2 Duo E6600 - ASUS P5n32-SLI SE Deluxe
OCZ 2GB 800MHz RAM
80GB Seagate SATA - 320GB Seagate SATA
BFG GeForce 7950 GX2 1024MB PCI-E - LG L204WT 20.1" Widescreen Flatron LCD
Sound Blaster Audigy 2 - Altec Lansing 5.1 Surround Sound
Windows XP Pro - SP2

MiniRatFck

yeah keeping track is a good idea...like label each computer with a number and have a print out so that students have to sign in for that computer in order to use it.....and definitely set an admin password or it would be just too easy.