Blocking internet access on XP Pro machines w/ZenWorks

[Guest]

I've recently begun teaching Microsoft Office at a local high school. We have nice new Compaq computers running XP Professional attached to a Novell network via ZenWorks. It is almost impossible to police the students' constant attempts to access the internet through IE, to stop them from using AOL Instant Messaging, playing games, or even to keep them from inserting their own CDs in the machines. The class all logs on with the same user ID, via the ZenWorks screen that comes up initially, single logon for both PC and network. Other classes use other IDs, and I cannot touch them. I would like to shut down any or even all of these capabilities, and also make the hard drive read-only, based on the ID they use to log on. I'd like these restrictions to not apply to any other IDs, and certainly not to each system's local administrator account
Any advice would be greatly appreciated, as right now I'm not even sure where to start. I was a network administrator once, but never got past being MCSE NT 4, or even doing anything like this on the job. There are less than 60 PCs involved, so manually exporting/importing a local security policy is doable, if that's the way to go. Is it? Any advice would be greatly appreciated. Thank you

 

[Rob Elder, MVP-Networking]

You could make the hard drive read only but using NTFS security permissions
on each local machine.

I think that the Novell client logon is tied to the local user account (not
sure, though, not much of a Netware person.) If this is the case, you might
consider taking the user and making them a member of the Guest group. This
group has very limited rights to do anything.

Unfortunately, local policy on XP PCs is global. This needs to be done from
the domain controller to obtain any filtering. Have you had a chat with
the network admin?

I've recently begun teaching Microsoft Office at a local high school. We

have nice new Compaq computers running XP Professional attached to a Novell
network via ZenWorks. It is almost impossible to police the students'
constant attempts to access the internet through IE, to stop them from using
AOL Instant Messaging, playing games, or even to keep them from inserting
their own CDs in the machines. The class all logs on with the same user ID,
via the ZenWorks screen that comes up initially, single logon for both PC
and network. Other classes use other IDs, and I cannot touch them. I would
like to shut down any or even all of these capabilities, and also make the
hard drive read-only, based on the ID they use to log on. I'd like these
restrictions to not apply to any other IDs, and certainly not to each
system's local administrator account.

Any advice would be greatly appreciated, as right now I'm not even sure

where to start. I was a network administrator once, but never got past
being MCSE NT 4, or even doing anything like this on the job. There are
less than 60 PCs involved, so manually exporting/importing a local security
policy is doable, if that's the way to go. Is it? Any advice would be
greatly appreciated. Thank you.

 

[Guest]

I haven't spoken to the network administrator as yet. I'm a fairly large urban school system at one of six municipal high schools, so whoever that may be is not in the building and will take some tracking down. I was hoping this would be something I could do locally, but I gather that security policies from the network level override local settings. In any case, thanks for your response. I will persue the matter with the admin eventually.