Jump to content

Managing a student lab


Recommended Posts

Hello there..

I'm managing a student lab with about 25 computers. There are 2 major problems:

First is the destructive behviour of students who intentionally delete, edit, or even break down the whole operating system. Of course fixing that will be only momentarily, it'd be only a matter of time before the system to collapses again.

Second is the infected USB sticks used by students. The infection spreads out causing the lab to be a "virus lab". Because of the successive lab sections there is only a limited time available every week to clean up the computers to be reliable again.

To overcome that, large effort has to be done and a lot of time is wasted. I'm looking for a way to effeciently control the lab and saving it from viruses and those annoying students.


Most of the computers have core2due proccesors and only five of them have pentium4. The core2due machines have wirless NIC and the lab is eqquiped with an access point.

Only a limited number of programs is required on each machine (Matlab, Xilinx and some other engineering programs)

The students are to have the ability to : open these programs("ONLY" would be preferred), save/open their work on the machine and access the internet.

One of the solutions was DeepFreeze but it didn't work because students actually broke it.

I need a solution that may require some effort now but saves me alot of time later. The one that i'm thinking of now is using ActiveDirectory but I still don't know if it'd be suitable to my case cause I don't know anything about it yet.

Anyother ideas?

Link to comment
Share on other sites

Obviously if these are XP or Vista clients, you could use SteadyState if DeepFreeze was to easy to break - just make sure these users are NOT logging in as administrators, otherwise none of these solutions will be anything but trivial to break down.

If something like SteadyState doesn't work (for whatever reason), you can always go to the next step up and set up a server running WDS and MDT 2010, and have your lab's images or the flat-installation files and application installers stored there; when the users invariably break machines or infect the network (make sure the WDS/MDT machine is running good antivirus software), you can just reboot the machines, PXE boot, and re-image or rebuild using an MDT task sequence.

You could add an AD environment with a domain controller running DHCP and DNS, although depending on how much control you need, that might be overkill. It'd work, that is true, but the flip-side of that is that it would just add more administrative overhead to the environment.

Link to comment
Share on other sites

Yes they are vista based machines. I'll try SteadyState and see if it works fine.

About WDS and MDT, it sounds a nice solution but the problem is that the machines always(not sometimes) get infected. I was wondering if orders can be given to each machine not to open any flashdisc before being scanned by the server!

Link to comment
Share on other sites

It also sounds like you could make use of EWF (Enhanced Write Filter) or Ram overlay, which will make it so any changes to the system are lost when the PC reboots. It appears that Vista supports this option, but I've only had first hand experience with it on XP Embedded.

Link to comment
Share on other sites

  • 2 weeks later...

Can these engineering programs work without administrator privileges?

It seems like the key problem is that students have access to administrator account(s).

If that's true then the easiest solution is:

- change students' account type from administrator to limited user (limited users can't damage the system, only their accounts);

- password protect the BIOS and disable booting from CD/DVD and USB drives (so they can't boot from liveCD);

- and use the mentioned SteadyState to allow running applications from Windows/Program Files directories only (that is, previously installed programs only).

If possible, physically protect the cases so students can't get inside and play with the hardware (like resetting the BIOS password).

Link to comment
Share on other sites

Take away admin rights and just add standard users to the files/folders the users need for one.

You could also look at Clean Slate, similar to DeepFreeze. But if the users have admin rights thy could probably disable the write filter just like they could with DeepFreeze. I've been running a couple of student labs for the last seven years or so and lock them down with DeepFreeze and not had a problem with students disabling it but they are standard users whenever possible. I'm looking at switching to Clean Slate next year as it has a litle more flexibility for my needs.

Link to comment
Share on other sites

It's probably not the solution you want, but how hard would it be to punish the student who breaks the PC up again? Obviously when you come up to a PC and it's malfunctioning, it should be easy to tell who was sitting there last.

Also, why do you let them bring USB sticks in the first place?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...