AB Tutor too easy to defeat?

[maxymaxy]

I am just trying out the trial version after trialling Lanschool.

Maybe I am doing something wrong but what stops students simply going to the control panel and uninstalling it? Lanschool was protected and needed the install program before uninstalling.

Is this too obvious or am I doing something wrong? Shouldn't there be a password at least?

[maxymaxy]

The students can log onto the local workstation as teacher/teacher and simply uninstall from that group privilege.

It is very frustrating for me as ICT coordinator to try and help teachers cope with students who are hell bent on getting around the system security (what little there is). The network manager believes in an 'open policy' and self regulation ...but he is not in the classroom is he?

I was getting very excited with AB Tutor because it seemed to do everything I wanted but this major major oversight in design leaves me speechless. AB Tutor should at least need a password or the original install program like Lanschool does to uninstall it. We are looking at getting 10 licenses so Lanschool is expensive.

[maxymaxy]

Well to answer my own question, the answer lies within the excellent way ABT rolls out registry editing. It was a simple as setting up the policies in ABT and deploying them permanently.

[maxymaxy]

I have taken some reasonable steps to protect the ABT client:

1. By making the /program files/abcontrol folder invisible
2. Using the registry function of the ABT control
(a) prevented access to the control panel
(b) disabled cmd.exe, run
(c) prevented access to the task manager
(d) made invisible msconfig, gpedit
(e) disabled .bat files
(f) disabled any access to network properties

There are still ways around these things though.

I have in my IT class a student who is rated one of the top 20 junior programmers in the world Sad
He was at the recent programming olympics! Luckily for me he is an ally rather than foe and lets me in on ways the other students are trying to get around the system.

OK all of this not ideal but I can only do what I can and hope the next NW manager is better.

I still think though the client and install files should be password protected.

[MrForgetful]

I think your problem stems not from what AB Tutor Control limits but that you need some security setting up on your network.

The students can access Control Panel and Uninstall programs? That's your problem right there!

[ColinW]

I have a similar problem and a different solution. I have many machines running without connection to a physical lan and therefore can't use the server to set controls. I set them locally using a designed for the purpose (called sentrypc). There are quite a few alternatives, this one is OK and does the job but there may be better. Not using a centralised policy does mean a lot of maintenance, but at least the little darlings are less able to mess things up deliberately. Incidentally, not sure how this will affect whatever you set centrally, suggest you try it on one machine first.

[Mark Wood]

@maxymaxy: Get a new NM.

@ColinW: You can use local Group Policy to lock down the workstation. All these other programs just put a nice front end onto Windows group policy. Once you have set up one workstation, you can copy the policy to other PCs