Re: Active Directory in comp labs

["James R. Pardonek" <pardonjr () CALUMET PURDUE EDU>]

We also use Deep Freeze.  Every student uses their own account to log in and
we require a password change every 120 days.  The only issue we see with
Deep Freeze is that it does not "freeze" the boot partition.  So, if you get
a boot sector virus, the machine is infected regardless of rebooting until
you clean it.  Somewhat defeats the purpose.



Regards,

Jim



James R. Pardonek, CISSP

Senior Network Administrator

Purdue University Calumet Data Network

Information Services

Purdue University Calumet

Hammond, Indiana



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Todd Clementz
Sent: Thursday, June 03, 2010 7:56 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Active Directory in comp labs



Brandon,



We used DeepFreeze for a year with a few hang-ups, but there were other
reasons for us going away from it.  I do have a questions about a unified
username and password.  Are your security people, and maybe you are the
security people, not concerned about anything being done from a
computer.i.e. malicious email or hacking attempt or anything like that?
Here at OSU, the policies and procedures are pretty lengthy with regard to
user/network security.



Todd Clementz

Systems Engineer

Knowlton School of Architecture

The Ohio State University

614.292.8544



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brandon Payne
Sent: Thursday, June 03, 2010 8:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Active Directory in comp labs



Starting this Fall we will be rolling out Active Directory for the first
time in all of our computer labs.  All computer lab machines will be running
the Faronics - DeepFreeze product (when computers are rebooted, they are
back to a fresh state).  To simplify things for now, all students will be
using one domain profile to login, "Student."  To get around any sort of
password expiring issues, Faronics said to set the Maximum Password Age to
999 or "Not Defined."  Is anyone else running Deepfreeze while joined to the
domain?  Hoping there aren't any other issues.



All lab machines are Windows 7.  I already have some computers deployed and
have had some use the past couple weeks and they work fine so far. The real
test will be summer semester.



Do you know of any caveats or recommended items for running AD in the labs?
Thanks in advance...


--
Brandon Payne
Technical Support Specialist
Information Services
Sauk Valley Community College

Attachment: smime.p7s
Description: