Educause Security Discussion mailing list archives
Re: training lab security - Active Directory
From: Aaron Childs <aaron () WSC MA EDU>
Date: Sat, 16 Dec 2006 11:44:40 -0500
Hi Kevin, We've been running AD since 2002 and for our lab computers we made a security group for all of our students, and another security group for all faculty and staff and put those groups in the local guest group on each of the machines. This prevents the installation of malware (provided the local admin account is secured) and prevents the user's profile from being saved on the computer as well. Have a good weekend, Aaron ------------- Aaron Childs Assistant Director, Networking Westfield State College http://www.wsc.ma.edu/it/ "Laughter is the closest distance between two people." -- Victor Borge ________________________________ From: Kevin Shalla [mailto:kshalla () UIC EDU] Sent: Fri 12/15/2006 5:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] training lab security - Active Directory I'm new to Active Directory, and am looking for ways to improve the security on our PCs. My hardware management staff is resisting my strategy of putting all our training room computers into Active Directory and having them all log in with their own AD accounts. Their preference is to have users log in to a local guest account on the computers. I'm thinking that if someone loads spyware or other nasty stuff, then other users won't be affected by that because the accounts do not have administrator access. My staff's contention is that once malware is on a PC, it is NOT limited to one account, but infects the whole machine. Further, they believe that having individuals logging in with their own accounts would create too many profiles, filling up the machines. What are the best practices for managing Windows machines in lab facilities?
Current thread:
- training lab security - Active Directory Kevin Shalla (Dec 15)
- <Possible follow-ups>
- Re: training lab security - Active Directory Aaron Childs (Dec 16)