Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#234674 - 23/09/2004 10:14 Questions about securing workstations
Whitey
member

Registered: 09/03/2002
Posts: 178
Loc: Louisiana, USA
Ok, I took a position in Tunis, Tunisia to do some finance work for an NGO. I have since been put in charge of maintaining their entire network for the country. What I have is about 30 computers in a lab that students use that I need to make uniform and secure.

They are all on the same domain and all the students login under the same user name. I have a profile on the server (running MS 2000 server I think) that I thought would only allow the files in that profile to be on the users desktop. However the computers do not have those files when logged in under that user name. Also to log in that user takes more than five minutes, and I know that it shouldn’t take that long.

All of the “workstations” are running XP and they all can see the domain controller or the main server in this case. They are all on the same domain, and they all have SP2.

I have no idea where to start reading. I have looked on the MS website, but I still haven’t learned what to look for. If anyone can suggest resources I (and the citizens of this fine country) will be very thankful.

I just need a little help getting started. I haven’t really had any training in this area, I have only learned to manage problems as they arise. That hasn’t been a very effective solution so far.
_________________________
_______________________________________ former owner...now I'm just another schmuck

Top
#234675 - 23/09/2004 14:06 Re: Questions about securing workstations [Re: Whitey]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31596
Loc: Seattle, WA
Quote:
all the students login under the same user name.


Well, that's the first thing you need to change...
_________________________
Tony Fabris

Top
#234676 - 23/09/2004 14:16 Re: Questions about securing workstations [Re: tfabris]
Whitey
member

Registered: 09/03/2002
Posts: 178
Loc: Louisiana, USA
damn I was afraid of that. I also have my hands tied in some respects. I say I work for an NGO, but the fact is that they get most of thier money from the state department. I have to answer to the people in Washington, I can persuade them, but I can't just haul off and say "ok, every student needs thier own user account!"

can you point me in the direction of some literature that can help in my fight.

I'll be so glad when this assignment is over.
_________________________
_______________________________________ former owner...now I'm just another schmuck

Top
#234677 - 23/09/2004 14:55 Re: Questions about securing workstations [Re: Whitey]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31596
Loc: Seattle, WA
Quote:
can you point me in the direction of some literature that can help in my fight.

Despite the seemingly self-contradictory nature of the terms, Googling on "microsoft security best practices" will give you a lot of web sites.

The thing about having separate users is simple common sense. When everyone logs in with the same user name, then everyone is anonymous. Anonymity is what makes people think they can get away with doing bad things. As soon as you take away anonymity and replace it with accountability, then people start to behave. This is the way it is in the real world, I don't know why the idiot middle-manager who decreed "all students have the same username" would think it'd be any different on computer systems.
_________________________
Tony Fabris

Top
#234678 - 23/09/2004 15:18 Re: Questions about securing workstations [Re: tfabris]
Whitey
member

Registered: 09/03/2002
Posts: 178
Loc: Louisiana, USA
Thanks Tony.
At least I have something now. I can't believe they want me to do all this. I guess I should have kept my mouth shut when I said I knew something about servers.
_________________________
_______________________________________ former owner...now I'm just another schmuck

Top
#234679 - 23/09/2004 16:16 Re: Questions about securing workstations [Re: Whitey]
image
old hand

Registered: 28/04/2002
Posts: 770
Loc: Los Angeles, CA
make each workstation have a user name, and disable roaming profiles. reason why it takes 5minutes every login is because its copying all of the shared user profile (with all the "contraband" that comes w/ a school lab) from the server to the workstation every time.

Top