I am in the process of making global changes to the labs in every school. I just wanted to give a heads up to everybody, in case you hear about any specific functionality that is missing after the change.
Some labs, will not feel much of a difference, as the workstation lock down is pretty strict already, but other labs are much looser, and applying the global lock down policy on them, may possibly disallow some program they use from running.
An example of this behavior:
As I applied the global lock down policy on Dickson, I got a call, stating that the students are getting an access denied message when they were trying to access the "Lab Applications" folder on the desktop. This happened as a result of the policy. The fix was and easy, but I needed to get the notification that something was wrong in order to fix it.
Unfortunately, this is one of those processes that I can't really be 100% certain of any adverse effect that a policy may cause, so, I would appreciate if the techs/helpdesk keep an eye out for any issues that may arise from this process, and notify me of those.
Currently, I'm working on all the elementary labs, and will be working on the secondaries later.
This is part of a small project I'm working on to allow for the techs/helpdesk to login to a workstation as a student and perform troubleshooting, without being subjected to the lock down policies that are applied to a regular student accounts, while still having the same environment as the student (i.e: shared drives, privileges on the NTFS level, etc...)
One last note: This is being performed to actually lock down the labs to a point where we may be able to do away with deep freeze. If a teacher calls stating that they can no longer do something, that is not essential to the functioning of the software on the workstation, please inform them that we are tightening the security on the workstations, and they will need to work with that. Otherwise, if you feel that it is a legit request that needs to be dealt with, please bring it to my attention.
I will be writing some documentation on the wiki, with some technical explanation on the troubleshooting users, as well as the new OUs and group policy schemas that apply these changes.
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.