Page 2 of 2

Posted: Fri Jun 25, 2004 10:29 pm
by dmoc
Maybe me dumb but isn't this what the network logon is for/ already does?

Posted: Sat Jun 26, 2004 10:04 am
by merendo
They use Win2k. The network login just says 'someone had been on this computer' but not who.

I am not sure if it is possible to block all the Ctrl+Alt+Del keys because of Win2k sec restrictions and they even added more security restrictions in my schools network.

Posted: Sat Jun 26, 2004 10:22 am
by GedB
Merendo,

This is not a programming problem, it is an administartion problem.

Win2k already has commercial strength authentication built in. Nothing you can write can get even close to that.

I take it that the installers of the Win2k domain were too lazy to set up individual users for each student. Instead they just have a set of standard users, such as Students, Manager, Teacher, Administrator. Since all Students have the same log on, then you have no way of knowing which student.

The solution to this problem is to fix this, and give every user their own logon.

There may be complaints of administration overhead, but your solution will have the same overhead.

You have to insist that users enter both a ID and a Password. Without a password they could enter anybodies ID!

So now you have to administer users, with all that entails. You have to make sure there are facilities for resetting password when somebody forgets and all the rest of it.

The difference is that instead of using the built in, industry tested tools provided by the largest software company ever you are instead having to write them yourself.

On top of that you are constantly having to desperately plug the unavoidable holes in your system.

What you are doing in not feasable. Ignore anybody who says that they did this already, so they know it is possible. They are talking rubbish. Not so long ago you could use this type of solution because it was possible for a single program to take almost complete control of the computer. Now security has improved, and there are measures in place (such as not allowing ctrl-alt-del to be blocked) that are specifically designed to stop you from doing what you are trying to do.

Stop now. Tell them to administer their Y2K domains properly.

If this is a project for which you need grades then get yourself a book on Y2K administration and write up how to properly secure the network. Write up the procedures needed to take care of scenarios such as forgotten password. If finding the proper, real world solution gets you lower grade then school really is a huge waste of time.

Be pragmatic.

Posted: Sat Jun 26, 2004 1:29 pm
by dmoc
Dumb old me agrees wit GedB :P

Posted: Wed Jun 30, 2004 12:45 pm
by merendo
Well, I showed this thread to my teacher and he agreed. The network is indeed messed up, the server is a bit old and there are too many modifications which have unproperly been made. However, my teacher is not the administrator of my schools network but he's gonna take a look at all of this crap.