Using Policies to Lock Lab Machines
Novell Cool Solutions: Feature
By Mark Poole
Digg This -
Posted: 25 Aug 1999
Lots of our readers are in charge of computer labs in schools, and naturally have some pretty serious concerns about security. Those pesky students are always trying to get away with something nasty, and you guys routinely summon the forces of ZEN to keep everything under control.
One concern we've seen a lot is from people with lab environments who want to use ZEN policies to secure their workstations. However, they're afraid that when students log onto their own PCs in their rooms, presumably to study, they will find their personal machines are locked down as well. Here's a tip from One Who Knows, our favorite university admin expert.
This is actually very easy to get around. What you would need to do is create two policies. One that is associated with the Administrators that unlocks the machines, and one that is associated with a "utility" account that locks it again. That way, if an administrator needs to work on a machine they can just log in and get to work. Before they get up, they just log in as the "utility" account, which will lock the machine up again.
Because policies work like switches and not current state, anybody else who uses the machine will get the last policy set. That way the students (who don't have a policy associated with them) won't lock their own machines, but will have the machines in the labs already locked. The best of both worlds.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com