On Wednesday 15 August 2007 03:45, Antonio Olivares wrote: > Administering the Lab is a pain in the glass. There are many threats, > virii, spyware, trojan horses and the MySpace workarounds. Kids are kids > and there are several extreme ways to prevent the kids from doing bad > stuff, disconnecting the computer from the internet. Still kids manage to > load games, download stuff, in restricted accounts, visit sites that are > blocked and all. [snip] /// Note: what follows may possibly be off-topic. /// Sorry for not quoting earlier posts in the thread, they're scattered around. First I need to check if I understand the situation correctly. There is a highschool computer lab, running Windows, connected to Internet, which is used for teaching students Word, Excell and PowerPoint. Q: is it sane to keep the lab connected to the Internet if it is used only for this purpose? These students are needed to learn those basic apps, while they are profficient enough to be able to tweak the registry, change admin passwords, circumvent firewalls etc. Q: is it sane to assume that such students do not know how to use Word? There is a lab administrator, who doesn't know how to change the admin password if it is stolen, short of reinstalling the OS. Q: is it sane to hire an incompetent administrator who is outperformed by geek teenagers? (btw, tell him to google for "winternals", for example...) Let me just paraphrase Douglas Adams and the Guide --- when creating a top list of the most important things in life, "sanity" got stuck somewhere around 182. place... :-) Ok. Sanity aside, there are several distinct approaches to deal with the problem. 1) Determine what *is* the problem, exactely. Why are the kids not allowed to watch movies from YouTube, download music, etc? The only thing that one really needs is a tight firewall preventing them from attacking outside world (you don't want the kids to hack into Department of Defense or something). Other than that, it's up to their education to help them restrain themselves from immoral and similar content, rather than rules being enforced on them. 2) Delegate the problem to the kids themselves. Pick three or four of them that are most knowledgeable wrt computers, and hire them as assistants in the lab. Give them full access to computers, and ask them to do their best to keep them in working order. I have personal experience that once a teenager is given a task that assumes responsibility, "we rely on you" attitude and proper respect to his computer skills, he tries to do his best to prove himself worthy of it and up to the challange. Sometimes they exibit behavior that is more adult then adults. Besides, one of the main point of school in general is to teach children responsibility and help them grow more mature. Administration of a computer lab is a nice toy-problem for that. 3) Fight against kids. Put passwords in bios, disable booting from anything other than trusted media. Limit their user-rights. Or create diskless machines that are booted over the net from a main server. Create domains or such. Prohibit entering the lab with a laptop. Weld the computer case so it's not to be opened easily (not kidding, I've seen this done!!). Log their complete activity (web sites visited etc.), eventually displaying it on a public place for everyone else to read. Send weekly reports to their parents. Humiliate in public every kid that visits a porn site. Ask the director/principal to punish every kid that ignores the rules. And so on... A computer is a tool, and as such does not make a distiction between good and bad usage. Consequently, it is inherently impossible to enforce only "good" usage automatically. You have to use social rules, laws, punishment, etc. If that is the approach you wish to pursue, that is. If you ask me, I would go for option 2) and ask the kids to help me fix the problems other kids made. Put *them* in charge and in your position, and let them feel what it's like. They'll learn something far more serious and important than Word and Excell... ;-) Oh, and btw, regarding your original question, you may install Fedora on one test machine, install vmware or similar with a frozen windows client (you do have licensed windows, iirc), put a line in /etc/passwd to invoke it on every login, and copy the frozen client from the backup on top of the possibly-modified client on every logout. Instruct the kids to use cd/flash memory/diskettes/other to save their data. Put the test machine randomly in the lab, wait for a month, then decide what to do next. P.S. Sorry for a long mail... ;-) Best, :-) Marko Marko Vojinovic Institute of Physics University of Belgrade ====================== e-mail: vmarko@xxxxxxxxxxxx
