Restricting file types

[gazzanewpy]

We have a number of users (1200 and all 18 and under) who have their own network share area as well as a global share location. The trouble is students want to play games and these get downloaded or brought in from home.

Anyone know of a way (software or GPO) to stop the saving, storing or running of exes, coms, vbs, etc in specific areas (rather than using Software Restriction Policy that seems to require I specifying the exact exes we want to prevent or allow)?

 

[PatBo]

In Poledit I have restricted exe's completely for students in Protected Apps. and 'D' drive if PC has one!
.asx.mp3.wvx.wma.mpga.ram.wav.avi.mpg in Protected Files with No Access and Hide or similar.
If they need .wav for a school programs, set to Read only and Hide. Worth playing around until you get the best you can. Seems to work fine for us, even if a student downloads music files or games they either will not see them or be able to run anything. If they have a set amount of disk space as our students do then if it fills up and they will have some explaining to do when you check their areas.

Nothing is 100% when dealing with students, good luck!


Slán agus beannacht.
Patrick Boland

 

[EBGreen]

You could look at having their logon script scrub their individual share of files that you don't want. You could alternatively have a script run at some low use period (4am) to do the same. Or, both.

[blue]"Well, once again my friend, we find that science is a two headed beast. One head is nice, it gives us aspirin and other modern conveniences,...but the other head of science is BAD! Oh, beware the other head of science, Arthur; it bites!!" - The Tick[/blue]

 

[gazzanewpy]

As regards running a script, logon times at schools has to be quick whilst a single routine can take hours, literally, and therefore is not valid. Thanks for the tip though.

As regards poledit. This is an NT tool isn't it and we have 2000 Server. What are we editing and how? Sorry to be thick here but I can't picture what you mean.

 

[VinceF]

A couple of things.

First you can set the policies via GPO to prevent users from being able to install applications, make sure they don't have admin rights to the machines they are on.

Secondly you can apply GPO settings to allow only specific apps to run, all other will not be available for them.

Third, lock the machines down. Create a standard desktop and apply it to them via a roaming profile.

GPOs contain settings fo Internet Explorer that will prevent running scripts and allow you to block some sites, though not many.

Finally, a good proxy server can do wonders. I use Sqid, which is open source and easy. You can run it on Windows if you want. Another is Eazy Proxy. They allow you to restrict files that can be downloaded and run, like .exe, .zip, etc...

 

[Binkie]

Lakeside Software's SysTrack and SysLock can help to lock out applications, as well as control the websites your students are allowed to visit; without impacting system performance.

SysTrack tracks websites/pages visited by users and generate alerts, actions (shut down the browser) & notifications if necessary. SysTrack can also audit which applications students are using, and with SysLock shut down unauthorized application usage automatically.

Examples of apps you may not want running in your environment could include virus's, games, resource intensive apps, or sites like kazza.com and weatherbug.com that consume large amounts of resources.

Good luck!

Carrie3010@yahoo.com

 

[PatBo]

Good morning,
We are using NT4 and all user group policies are set through Poledit. Any shared/accessible areas can be locked down with permissions and for the internet we use a Debian/Linux Proxy Server with SquidGuard. It was an unused PC which we installed Linux on and all software was free from the net. Some great help out there, search Yahoo or similar.

Slán agus beannacht.
Patrick Boland

 

[gazzanewpy]

Ok, down a new route. Have thought of shifting our gateway unit to a small linux server unit but I know almost nothing about Linux. I know how to spell it and then that's it.

Therefore, question. Is this a worthwhile route and how quickly could I pick this up?

I know that's two questions but I work in education and we can't count!