Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

stop saving certain types of files

Status
Not open for further replies.
danjwalker

danjwalker

IS-IT--Management
Mar 22, 2005
44
GB
I have 2k3 server SP1 and win XP sp2 clients.

I work in a school. I wondered if there was some way that I could stop students saving mp3, wav, wmv etc into their share on the server.

I thought that an event occurred when a file was saved to NTFS and that could trigger something. I have googled all ideas but got nowhere. I can program in vbscript and vb.net if I need to do so to resolve this.

Thanks,
 
Sort by date Sort by votes
R2 is the first standard windows server to support file screening.


For a school the upgrade licence should be dirt cheap approx £60 / $100 i think.





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.
 
Upvote 0 Downvote
Only thing to mention is that all the kids have to do is change the extension and they can get around it.

E.G. Put into a .zip or .rar, or simply create they're own extension (say .music), apply it to all songs and then map WinAmp to that extension.

Great step in the right direction for MS to do this - but it's very easy to get around at the moment.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
We are a special needs schools with students that have various difficulties like dyslexia, physical, behavorial issues. Most are autistic.

One kid we had sucessfully hacked a RM network in his previous school. He was removed. He hacked my normal network in just 2 days. Got a command prompt on a machine and was able to access the C drive. He also got himself into staff areas that were set up before I got here that had everyone permissions set to full access!

It is this kid that is making us take file saving issues seriously. Never been an issue in the 2 years I have been here. This kid created a batch file that ran command.com. This is not protected by group policy but cmd.exe is. Command.com is not needed anymore and is only on XP for compatability purposes.

Anyway, as to your question, we do not have winamp. I think WM player is locked down, but I have not tested it. The main issues I have are people saving exe cmd vbs js and similar files.
 
Upvote 0 Downvote
You will have issues with .bat and .vbs files as the commands can be saved in test files and then renamed.

I've seen Ranger by Sentinel products used in schools very effectively it's different to RM in that it's tools sit on and assist normal windows security. It uses an active agent that looks for .vbs and exe's (by scanning the header not the extension) being launched and closing them down. Again it costs money i'm afraid.


One of the best ways is still going to be to lockdown permissions and privileges so any files they manage to launch are limited in the damage they can cause.





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.
 
Upvote 0 Downvote
I'm very much against the whole RM network thing. Kid's know more than you think and the fact that you caught him only means that at least one persons has compromised your network.

Nobody should have more rights that 'User', and default WinXP locks down what users can do in terms of file access. I'd suggest doing a full audit on all file shares (using either the NET SHARE command or the computer management MMC).

Regarding the media storage, if the kid knows enough VBS to get around your current security the the file resource management in R2 won't be enough.

How about you tell him if he does it again he gets 5Mb of quota limits imposed and runs as a guest account on the local machine? With auditing turned on. And a key logger.
If you catch him doing anything else then he's off the network for good.

Sorted.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
I have done one better than that. Disabled AD account. Everybody knows that he is not allowed near a machine. Even the IT illiterate know when he is sitting at one! This is only temporary though.
 
Upvote 0 Downvote
Steve hits the big red button and nukes the site from orbit :)

I agree with Steve you really need to limit access and stay fully patched, if you're using XP with SP2 you can make things pretty miserable. Following this advice should limit the amount of damage he can do, you might also consider banning him from using removable drives.





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.
 
Upvote 0 Downvote
Oh forgot you should also review your acceptable use policy to prohibit this kind of activity, this way you have good grounds to push the situation further e.g. parents involved, banning from the network use of laptops or standalone PC's only and eventually exclusion.





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.
 
Upvote 0 Downvote
Well, as we are a special needs school, to not sound too bad, we could have a fair usage policy but as we could not fully explain it, what would be the point of having one. It would not be fair to the students.

I have enough to do without messin about chasin after kids that think that my system is a proving ground for g33ks. He was so proud when he did what he did, we explained on his first day that if he was to wonder what was in places, I would show him and he could get in serious trouble misusing the computers. I showed him the servers and how the network functions. Fat lot of good that did! He got thrown out of his old school because of this behavior.

Its such a shame, he is a clever lad and I quite like him. Oh well...

 
Upvote 0 Downvote
I can see where you are coming from but it might be an idea to look into this and get the parent or guardian to sign it. With the way data protection laws are going you might need this level of protection if any sensitive data was revealed about another pupil or member of staff.
Most education authority auditors will specify that this should be in place, well they do in the U.K. anyway. I know this doesn't help your current situation but i thought it was worth bringing up.

Cheers.






When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
684
microsGuy16
microsGuy16
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
782
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
322
mikehook
mikehook
JScannell
  • Locked
  • Question
File saving from browsers
Replies
1
Views
262
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top