[Micronet] Lab Computers, restricting access

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Lab Computers, restricting access

Richard DeShong-2
We have a small number of computers that we'd like to restrict to a given set of students.  I am looking for a low maintenance, low cost solution.

Some details:
There are about 900 students.  The list doesn't change much during the semester.  The computers are joined to the campus domain and are being maintained by CSS.  Students currently use their Calnet ID's to log in.

--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
510-642-5123     asc.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Keenan Parmelee-2
We do this in the labs we have in the Residence Halls.  Just create a user group in AD with the users you want to restrict access to, then apply a User Restriction Rights GPO to those machines.

---
Keenan Parmelee
Technical Services Manager
Student Affairs Information Technologies
<a href="tel:%28510%29%20643-9937" value="+15106439937" target="_blank">(510) 643-9937
http://rescomp.berkeley.edu

On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG <[hidden email]> wrote:
We have a small number of computers that we'd like to restrict to a given set of students.  I am looking for a low maintenance, low cost solution.

Some details:
There are about 900 students.  The list doesn't change much during the semester.  The computers are joined to the campus domain and are being maintained by CSS.  Students currently use their Calnet ID's to log in.

--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
<a href="tel:510-642-5123" value="+15106425123" target="_blank">510-642-5123     asc.berkeley.edu


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Seth Novogrodsky
In reply to this post by Richard DeShong-2
We use PaperCutNG. From what you have described, it would definitely meet your needs. Access is controlled trough Active Directory groups. Quotas are easy to manage, and a lot of reporting options are available. I am not sure if it would meet your low-cost requirement, though. The educational price for 1000 users is $660. It runs on a variety of server platforms. We are using a Windows Server 2008 R2 VPS in the campus data center.

Feel free to contact me if your have questions.

Regards,
Seth

On 11/20/2014 8:41 AM, Richard DESHONG wrote:
We have a small number of computers that we'd like to restrict to a given set of students.  I am looking for a low maintenance, low cost solution.

Some details:
There are about 900 students.  The list doesn't change much during the semester.  The computers are joined to the campus domain and are being maintained by CSS.  Students currently use their Calnet ID's to log in.

--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
510-642-5123     asc.berkeley.edu


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-- 
Seth Novogrodsky
Department of Economics and College of Letters & Science

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Richard DeShong-2
In reply to this post by Keenan Parmelee-2
Thanks Guy and Keenan, it sounds like what I was expecting.  I'm sure that CSS can set up the computer group and the security group.

What's missing is a way to allow a staff member to add and remove users from the security group.  I have admin rights to our OU, but not to the CSS OU that contains the computers.  And it would be really nice to be able to give this function to several staff so issues can be mitigated.  Hopefully without training staff on using A/D tools.

On Thu, Nov 20, 2014 at 8:55 AM, Keenan Parmelee <[hidden email]> wrote:
We do this in the labs we have in the Residence Halls.  Just create a user group in AD with the users you want to restrict access to, then apply a User Restriction Rights GPO to those machines.

---
Keenan Parmelee
Technical Services Manager
Student Affairs Information Technologies
<a href="tel:%28510%29%20643-9937" value="+15106439937" target="_blank">(510) 643-9937
http://rescomp.berkeley.edu

On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG <[hidden email]> wrote:
We have a small number of computers that we'd like to restrict to a given set of students.  I am looking for a low maintenance, low cost solution.

Some details:
There are about 900 students.  The list doesn't change much during the semester.  The computers are joined to the campus domain and are being maintained by CSS.  Students currently use their Calnet ID's to log in.

--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
<a href="tel:510-642-5123" value="+15106425123" target="_blank">510-642-5123     asc.berkeley.edu


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.





--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
510-642-5123     asc.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Graham Patterson

I do this by having a scheduled task running under sufficient admin
rights read a file containing the calnet ID, full name, and optionally
special groups.

The file is restricted access to those people I need to have add rights
(I retain removal rights to full Admins). The job checks for accounts
not already in the group, and adds new ones. I my case I also add the
CalNet ID and full name to a text file I use for lookups when running
various server commands that normally returns just IDs.

It is all Window CMD stuff with a bit of AWK thrown in. I'm sure it
could be moved to PowerShell if needed.

The job is scheduled every 10 minutes, which does the job. Decouples the
request from the authority nicely.

Graham


On 11/20/14 9:00 AM, Richard DESHONG wrote:

> Thanks Guy and Keenan, it sounds like what I was expecting.  I'm sure
> that CSS can set up the computer group and the security group.
>
> What's missing is a way to allow a staff member to add and remove users
> from the security group.  I have admin rights to our OU, but not to the
> CSS OU that contains the computers.  And it would be really nice to be
> able to give this function to several staff so issues can be mitigated.
> Hopefully without training staff on using A/D tools.
>
> On Thu, Nov 20, 2014 at 8:55 AM, Keenan Parmelee
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     We do this in the labs we have in the Residence Halls.  Just create
>     a user group in AD with the users you want to restrict access to,
>     then apply a User Restriction Rights GPO to those machines.
>
>     ---
>     Keenan Parmelee
>     Technical Services Manager
>     Student Affairs Information Technologies
>     (510) 643-9937 <tel:%28510%29%20643-9937>
>     http://rescomp.berkeley.edu
>
>     On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         We have a small number of computers that we'd like to restrict
>         to a given set of students.  I am looking for a low maintenance,
>         low cost solution.
>
>         Some details:
>         There are about 900 students.  The list doesn't change much
>         during the semester.  The computers are joined to the campus
>         domain and are being maintained by CSS.  Students currently use
>         their Calnet ID's to log in.
>
>         --
>         Richard DeShong, Systems Analyst, Athletic Study Center,
>         U.C.Berkeley
>         164 Chavez Student Center, Berkeley, CA, 94720-4220
>         510-642-5123 <tel:510-642-5123>     asc.berkeley.edu
>         <http://asc.berkeley.edu>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>
>
>
>
> --
> Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
> 164 Chavez Student Center, Berkeley, CA, 94720-4220
> 510-642-5123     asc.berkeley.edu <http://asc.berkeley.edu>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Richard DeShong-2
Thanks for that detail, Graham.

On Thu, Nov 20, 2014 at 11:36 AM, Graham Patterson <[hidden email]> wrote:

I do this by having a scheduled task running under sufficient admin
rights read a file containing the calnet ID, full name, and optionally
special groups.

The file is restricted access to those people I need to have add rights
(I retain removal rights to full Admins). The job checks for accounts
not already in the group, and adds new ones. I my case I also add the
CalNet ID and full name to a text file I use for lookups when running
various server commands that normally returns just IDs.

It is all Window CMD stuff with a bit of AWK thrown in. I'm sure it
could be moved to PowerShell if needed.

The job is scheduled every 10 minutes, which does the job. Decouples the
request from the authority nicely.

Graham


On 11/20/14 9:00 AM, Richard DESHONG wrote:
> Thanks Guy and Keenan, it sounds like what I was expecting.  I'm sure
> that CSS can set up the computer group and the security group.
>
> What's missing is a way to allow a staff member to add and remove users
> from the security group.  I have admin rights to our OU, but not to the
> CSS OU that contains the computers.  And it would be really nice to be
> able to give this function to several staff so issues can be mitigated.
> Hopefully without training staff on using A/D tools.
>
> On Thu, Nov 20, 2014 at 8:55 AM, Keenan Parmelee
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     We do this in the labs we have in the Residence Halls.  Just create
>     a user group in AD with the users you want to restrict access to,
>     then apply a User Restriction Rights GPO to those machines.
>
>     ---
>     Keenan Parmelee
>     Technical Services Manager
>     Student Affairs Information Technologies
>     <a href="tel:%28510%29%20643-9937" value="+15106439937">(510) 643-9937 <tel:%28510%29%20643-9937>
>     http://rescomp.berkeley.edu
>
>     On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         We have a small number of computers that we'd like to restrict
>         to a given set of students.  I am looking for a low maintenance,
>         low cost solution.
>
>         Some details:
>         There are about 900 students.  The list doesn't change much
>         during the semester.  The computers are joined to the campus
>         domain and are being maintained by CSS.  Students currently use
>         their Calnet ID's to log in.
>
>         --
>         Richard DeShong, Systems Analyst, Athletic Study Center,
>         U.C.Berkeley
>         164 Chavez Student Center, Berkeley, CA, 94720-4220
>         <a href="tel:510-642-5123" value="+15106425123">510-642-5123 <tel:<a href="tel:510-642-5123" value="+15106425123">510-642-5123>     asc.berkeley.edu
>         <http://asc.berkeley.edu>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>
>
>
>
> --
> Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
> 164 Chavez Student Center, Berkeley, CA, 94720-4220
> <a href="tel:510-642-5123" value="+15106425123">510-642-5123     asc.berkeley.edu <http://asc.berkeley.edu>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   <a href="tel:510-643-2222" value="+15106432222">510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
510-642-5123     asc.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Robert L. Muzzy
In reply to this post by Graham Patterson
We use a .vbs script that works similarly.  A non-admin user adds calnet
IDs to a file and the scheduled process adds those users to a group, and
removes them from the file.

Bob Muzzy
Student Affairs IT
UC Berkeley
510-643-0815

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Graham
Patterson
Sent: Thursday, November 20, 2014 11:37 AM
To: [hidden email]
Subject: Re: [Micronet] Lab Computers, restricting access


I do this by having a scheduled task running under sufficient admin rights
read a file containing the calnet ID, full name, and optionally special
groups.

The file is restricted access to those people I need to have add rights (I
retain removal rights to full Admins). The job checks for accounts not
already in the group, and adds new ones. I my case I also add the CalNet
ID and full name to a text file I use for lookups when running various
server commands that normally returns just IDs.

It is all Window CMD stuff with a bit of AWK thrown in. I'm sure it could
be moved to PowerShell if needed.

The job is scheduled every 10 minutes, which does the job. Decouples the
request from the authority nicely.

Graham


On 11/20/14 9:00 AM, Richard DESHONG wrote:
> Thanks Guy and Keenan, it sounds like what I was expecting.  I'm sure
> that CSS can set up the computer group and the security group.
>
> What's missing is a way to allow a staff member to add and remove
> users from the security group.  I have admin rights to our OU, but not
> to the CSS OU that contains the computers.  And it would be really
> nice to be able to give this function to several staff so issues can be
mitigated.

> Hopefully without training staff on using A/D tools.
>
> On Thu, Nov 20, 2014 at 8:55 AM, Keenan Parmelee
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     We do this in the labs we have in the Residence Halls.  Just create
>     a user group in AD with the users you want to restrict access to,
>     then apply a User Restriction Rights GPO to those machines.
>
>     ---
>     Keenan Parmelee
>     Technical Services Manager
>     Student Affairs Information Technologies
>     (510) 643-9937 <tel:%28510%29%20643-9937>
>     http://rescomp.berkeley.edu
>
>     On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG
>     <[hidden email] <mailto:[hidden email]>> wrote:
>
>         We have a small number of computers that we'd like to restrict
>         to a given set of students.  I am looking for a low maintenance,
>         low cost solution.
>
>         Some details:
>         There are about 900 students.  The list doesn't change much
>         during the semester.  The computers are joined to the campus
>         domain and are being maintained by CSS.  Students currently use
>         their Calnet ID's to log in.
>
>         --
>         Richard DeShong, Systems Analyst, Athletic Study Center,
>         U.C.Berkeley
>         164 Chavez Student Center, Berkeley, CA, 94720-4220
>         510-642-5123 <tel:510-642-5123>     asc.berkeley.edu
>         <http://asc.berkeley.edu>
>
>
>
-------------------------------------------------------------------------

>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>
>
>
>
> --
> Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
> 164 Chavez Student Center, Berkeley, CA, 94720-4220
> 510-642-5123     asc.berkeley.edu <http://asc.berkeley.edu>
>
>
>
> ----------------------------------------------------------------------
> --- The following was automatically added to this message by the list
> server:
>
> To learn more about Micronet, including how to subscribe to or
unsubscribe from its mailing list and how to find out about upcoming
meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable,
and the list's archives can be browsed and searched on the Internet.  This
means these messages can be viewed by (among others) your bosses,
prospective employers, and people who have known you in the past.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe
from its mailing list and how to find out about upcoming meetings, please
visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and
the list's archives can be browsed and searched on the Internet.  This
means these messages can be viewed by (among others) your bosses,
prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Lawrence Huntley SWEET
In reply to this post by Richard DeShong-2
Free, and probably over-kill (but fairly secure imo):

I would create a local system account service executable that only admins can stop/disable. (.Net binary) that restarts upon failure.

It would check group membership once upon login (checks that the current user is in the group list written in some read only location (binary Reg entries with R/W assigned to staff only?)).

Upon encountering not in allowed list, Fire method: alert user, logoff user (/f I think for force it's been a while).

I have a couple of different windows services already developed and working in a similar vein.(.net) that could be adapted in a straightforward manner.

Installutil.exe (from ms, i believe) installs /uninstalls win services. 

In vs studio to make one from scratch it's a different type of project called "windows service" (imagine that).

If you want my source files let me know offline.

Lawrence


Lawrence Sweet
AP III .-|-. SAIT
510 -612-6180
Una mentira dijo a menudo bastante se convierte en la verdad.

On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG <[hidden email]> wrote:
We have a small number of computers that we'd like to restrict to a given set of students.  I am looking for a low maintenance, low cost solution.

Some details:
There are about 900 students.  The list doesn't change much during the semester.  The computers are joined to the campus domain and are being maintained by CSS.  Students currently use their Calnet ID's to log in.

--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
<a href="tel:510-642-5123" value="+15106425123" target="_blank">510-642-5123     asc.berkeley.edu


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Lab Computers, restricting access

Richard DeShong-2
Thanks, Lawrence and Robert.  When I start working with CSS, I know more of what I'll need to supply to them.

On Thu, Nov 20, 2014 at 11:54 AM, Lawrence Huntley SWEET <[hidden email]> wrote:
Free, and probably over-kill (but fairly secure imo):

I would create a local system account service executable that only admins can stop/disable. (.Net binary) that restarts upon failure.

It would check group membership once upon login (checks that the current user is in the group list written in some read only location (binary Reg entries with R/W assigned to staff only?)).

Upon encountering not in allowed list, Fire method: alert user, logoff user (/f I think for force it's been a while).

I have a couple of different windows services already developed and working in a similar vein.(.net) that could be adapted in a straightforward manner.

Installutil.exe (from ms, i believe) installs /uninstalls win services. 

In vs studio to make one from scratch it's a different type of project called "windows service" (imagine that).

If you want my source files let me know offline.

Lawrence


Lawrence Sweet
AP III .-|-. SAIT
<a href="tel:510%20-612-6180" value="+15106126180" target="_blank">510 -612-6180
Una mentira dijo a menudo bastante se convierte en la verdad.

On Thu, Nov 20, 2014 at 8:41 AM, Richard DESHONG <[hidden email]> wrote:
We have a small number of computers that we'd like to restrict to a given set of students.  I am looking for a low maintenance, low cost solution.

Some details:
There are about 900 students.  The list doesn't change much during the semester.  The computers are joined to the campus domain and are being maintained by CSS.  Students currently use their Calnet ID's to log in.

--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
<a href="tel:510-642-5123" value="+15106425123" target="_blank">510-642-5123     asc.berkeley.edu


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.





--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
510-642-5123     asc.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.