school needs help stopping hackers

[liquidmonkey]

i work as a math teacher (90%) and computer guy (10%) at a school and on our computers we are using windows XP which is run from another company on a network. in order to access the computers you must login and your own password. i'm sure you know the login screen. without this you cannot access anything OR so i thought.
kids have been getting into the computers, reseting the BIOS passwords, putting in Power Up passwords and such, one kid even installed a totally different version of windows. this is a problem and i would like to know a technical solution on 1) how to stop the kids from doing this and 2) how are they able to do this?
i'm no hacker / cracker and only work on the computers at the school 2 hours a week so i don't have a lot of time to deal with these problems in depth.
can someone out there please help me?

 

[Byteman]

If they are resetting BIOS passwords, theyre prob just rebooting the machine and going into the setup. You would do well to not allow them to shut the machine down! 1. Can you make the physical machine non-accessable to them?. 2. use a local security policy, in user rights assignment there is an option called "shut down the system". Take out the "users" group from that policy, and make sure all the students are under the users group (network wise).

Since you have a company running the network, they can do this easily via a logon script, generated from their end. Ask them to do it, that will propogate to all users who belong to that group. On your end you'll just need to physically lock up the machines (so they can't do a hard shutdown/reboot).

 

[Geoff]

Our school has a login script, it disables many features and doesnt allow any executables to run.

About the BIOS, if there is already a password set to it, then they need to physically open up the machines to reset it, what you can do is use normal screws and not the thumb screws, and screw them in very tight, and if your able to put a lock on the case, do so, then they cant open the case up to reset the bios. And you can also disable booting from a cd in bios so you dont have to worry about the installing a new OS on it.

 

[spacedude89]

also, the windows login screen is EASY to get past if you know how. you need to set a admin password if you havent. try turning off the computer. turn it back on, then wait for the windows loading screen after the bios. then immediatly turn off the computer. let it load normaly. it should stop and say windows had a problem starting and give you the option to start in safe mode. say yes and start safe mode. when you get to the login screen, there should be a user named "Admin", it wont have a password if you havent set it. and with this account you can delete passwords and users even if they are a regular admin, i call that the "super admin", just login in to the "super admin" and set a password.

 

[diroga]

isn't this an administrative problem not a teacher problem? do the school administrators know about it?

 

[ack]

He's the computer guy, they probably told him to fix it.

 

[Geoff]

also, the windows login screen is EASY to get past if you know how. you need to set a admin password if you havent. try turning off the computer. turn it back on, then wait for the windows loading screen after the bios. then immediatly turn off the computer. let it load normaly. it should stop and say windows had a problem starting and give you the option to start in safe mode. say yes and start safe mode. when you get to the login screen, there should be a user named "Admin", it wont have a password if you havent set it. and with this account you can delete passwords and users even if they are a regular admin, i call that the "super admin", just login in to the "super admin" and set a password.

or you can press F8 when loading windows, this will bring up the menu to start in safe mode, which is a bit easier then what he said, lol

 

[apj101]

also, the windows login screen is EASY to get past if you know how. you need to set a admin password if you havent. try turning off the computer. turn it back on, then wait for the windows loading screen after the bios. then immediatly turn off the computer. let it load normaly. it should stop and say windows had a problem starting and give you the option to start in safe mode. say yes and start safe mode. when you get to the login screen, there should be a user named "Admin", it wont have a password if you havent set it. and with this account you can delete passwords and users even if they are a regular admin, i call that the "super admin", just login in to the "super admin" and set a password.

How do you know the admin user account will be called "admin", and its wont simply display the admin user name in the user input box when booting to safe mode. It will be blank!
Plus if you knew the admin was user id "Admin" and had no password set why bother with going into safe mode, just log on as admin

the windows login screen is EASY to get past if you know how.

Only if its not set up correctly. Your safe mode idea only works if the system is not set up correct. I'd give you a million pounds if you can get past my log on screen so EASY.

or you can press F8 when loading windows

That can be disabled. think tweakui has an option

 

[Hylian]

This happened in my school, yet parts like memory and hard drives started missing. A detective was hired and found the finger prints all over the back of the case and the students were fined and expelled.

Just keep track of who sits where and question them about it. If no one fesses up, kick all those suspected out of the class. There's bound to be someone to break under that pressure (ie. 1 out of three guys actually did it, one or both the other 2 rat him out)

 

[MiniRatFck]

yeah keeping track is a good idea...like label each computer with a number and have a print out so that students have to sign in for that computer in order to use it.....and definitely set an admin password or it would be just too easy.

 

[spacedude89]

How do you know the admin user account will be called "admin", and its wont simply display the admin user name in the user input box when booting to safe mode. It will be blank!
Plus if you knew the admin was user id "Admin" and had no password set why bother with going into safe mode, just log on as admin

The default name of the account is Administrator or admin, and the reason you can just login as admin is cause it is restricted to safe mode. try disableing the windows login screen in the control panel so it requires you to type in the user as well as the password, then type in "Administrator" with no password, see what happens. most people dont bother to set the password, at least most home users. i dont know about schools cause ive never checked.

Only if its not set up correctly. Your safe mode idea only works if the system is not set up correct. I'd give you a million pounds if you can get past my log on screen so EASY.

It is if you know how.