Re: Public Machine Access

[Cal Frye <cjf () CALFRYE COM>]

Non-lab computers don't have DLU enabled, so the local workstation login fails.
DLU is a workstation property, rather than a user property.

If, for some reason, the DLU login succeeds, they have very limited local
rights, although this hasn't occurred all that often. Students using office
computers usually don't use their personal logins at that point. They'll use a
Netware login after reaching the desktop if they need access to their personal
files, or use Netstorage via a web browser.

Yes, rarely, something has gotten bunged up as a result, but this is a problem
with the student and their supervisor at that point. If we would make it
impossible for student employees to work, the office staff might be tempted to
let them "borrow" a login ID that works, and that would be worse, no?

--Cal Frye, Network Administrator, Oberlin College
   www.calfrye.com, www.pitalabs.com, www.ouuf.org

  "It is the mark of an educated mind to be able to entertain a thought without
accepting it." -- Aristotle (384 - 322 BC).


Gary Flynn wrote:
> Cal Frye wrote:
>
> > Our desktop support folks have been very clever with the use of
> > policies so that
> > we get away with not allowing students admin access to the lab
> > machines. We use
> > Zenworks' Dynamic Local User to remove each user's profile upon logout,
> > encouraging them to save files to their home directory on the server
> > (where it
> > gets backed up, too ;-)
>
>
> How do you prevent student accounts with DLU enabled from
> being used on non-lab computers?
>
> -
> Gary Flynn
> Security Engineer
> James Madison University
> www.jmu.edu/computing/security