General discussion

Locked

wired/wireless network

By keithbruce ·
Hello folks, here's the scenario. I am a technology advisor for a local private school. We recently received some funds to purchase several laptops with both wired/wireless connections.

I have set up generic networks before, but never one that would require restrictions to websites, software, applications, etc. I work full time as a tech support rep and this is exactly how our network is set up... very little access to anything other than what's necessary. and when there is a software upgrade or change, the computer automatically updates via the network. On startup, it receives network profiles. This is exactly what we would like to do to the laptops, so the students will not get into trouble and not screw up the computer.

I have found very few and very vague information online, but perhaps someone may be able to offer some advice or some links how to set up this network.

Keith

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to wired/wireless network

my 2 cents is:
oh, man. laptops in a school. with wirelexs, can the kids take them home? like having so many barn doors wide open...
if i would you i would visit local university with bagels in hand and ask if staff will let you pick their brain a bit.
i suggest you write down a spec (it'll change all right, just put a stake in the ground) for exactly how these notebooks will be used, like:
web browsing
network access to lan file server
email access via web? via pop3?
and all the other stuff you know like:
roaming profiles
pre-login virus and spyware screening
no removable media, maybe?
anti-virus
anti-spam
then 'harden' or secure each thing.
to lock down the web you will need a web proxy server.
to lock down mail you may need a mail proxy server
to lock down secure access to the lan file server, you may need Active Directory
if you have only a few websites allowed you may be able to 'cheat' and use a 'whitelist' configured in your broadband router
i have not done this.
when i worked in a similar environment folks used product call Fortres. I think mostly what Fortres did is put a friendly user interface on the tools already built into your network os and client os.
in my opinion, this is a tough and big job. See if you can get them to buy you some microsoft support or some kind of support.
also my last 2 cents is: document as you go as best as you can make yourzelf. if you will start out with a working spec doc detailing each thing that needs to happen on the laptop you can make notes on it. also jot down ideas as you have them for a network permissable use doc. so when the kids hack around your IM block they should have in writing that is a no-no.
guess i can't help but add, some of your students are going to know more about this than you. you won't lose respect asking them to help you imho.

Collapse -

by CG IT In reply to wired/wireless network

if your in a Windows environment that is not Active Directory, you should pursuade the powers that be to go to an Active Directory environment. Microsoft give steep discounts on price for educational institutions on software.

Active Directory with Group Policy can pretty much control the entire desktop environment a user sees and can work with. With Group Policy, you can restrict just about all configuration variables available in control panel with it. Further, you can deny configuration variables on the local machine including access to CD Roms to only locally logged on users[and in Active Directory, users are logging on to the domain].

you can further limit users by only allowing log on to specific computers and use mandatory profiles.

Back to Windows Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums