On the Problems with Laptops in School?

resistor2004 asks: "My school has recently implemented a program of issuing laptops to all students from 7th grade through highschool seniors, and providing a massive 802.11b network across the campus. As you can imagine, it's a serious nightmare for the IT department. Apart from the usual run of broken laptops we have had a major problem with students usign email during class. Is there any effective way to allow the teacher to monitor the student's activity from his/her own laptop? Some of our teachers have come up with creative methods like installing mirrors in the back of the classroom so that they can see the students' screens, but a method that could be performed on the laptop would be even better." Might VNC be a potential solution to this problem. I would think that with a few creative scripts, and a working VNC client, a teacher can pop up a window to see what students are doing on their school-provided computers. Can you think of other ways teachers may be able to monitor students laptop use in-class to insure that they are at least not horsing around when they should be learning?

A possible solution

[haplo21112]

I assume for ease of use for the common student, that these machines are running an M$ OS...easy solution, in that case. Microsoft SMS Server. It has a software inventory, and metering component, which can be setup to tell machines what they are and are not allowed to run. Simplely set that up tell the Machines they are not allowed to run various Email clients, such as outlook.exe ect...if the students try to get around it by renaming that will not work either because the system looks at internal names, not physical names. You could also use windows policy files to accomplish the same effect.

You've got problems?

[n-baxley]

Not to belittle your problem, but you have the resources to issue laptops to all students 7-12 and a 802.11 network and you're complaining about it? Either you have a very small school, or a huge budget. I'd have given my right arm for something like this when I was in junior high!

Re:One way

[GregWebb]

This is exactly what I was thinking of - a database-driven timetabled firewalling regime. Simple and automatic. Remember to take out Hotmail et al, though :-) Oh, the other advantage of this is it reduces the incentive to skip classes. If you know that you'll be offline during classes automatically, that has to help.

Why not make it more than that, though? Why not block all network traffic save user filestore access during classes unless a teacher explicitly enables it? If you want web access for a class, default to the proxy only letting through pre-approved URLs so you know they're reading the right sites. Only if they're doing wider research should free(er) access be provided.

If they're in NT/2k/XP, what about requiring them to log in as a particular user account with extremely limited priveledges (as in little more than their WP) every time they enter a class, and allow the teacher to pull up a list of who's logged in differently? Dunno if it's possible, but do that automatically and you've got an even stronger truancy preventer.

Anyway, there's lots to do (and without much imagination, so I'm a little surprised to see this question getting posted) and it's not going to be that hard...

Re:Another non-technical solution

[stilwebm]

Exactly. The laptops can come to class for reading others' electronic submissions, interacting with a physics lab, etc. They should not be used during the lecturing part of education.

Use a little security

[iankerickson]

Disable access to the campus wide email server and proxy to accounts in the group 'Student' during class time. Each classroom, building or department could have a local proxy that allows students in a given class access to certain URLs on the internet, added in by the teacher, automatically purged after they expire or by you. School schedules are mind-numbingly regular, and variations from the norm (half-days) can be handled by a script to set the stop/start times for periods. When period starts, turn unregulated access off. Period ends, access resumes. You can do the same things for lunch, as long as you have valid data which students are scheduled for which lunch. This also prevents most problems with browsing inappropriate pages during class, unless one of your teachers has a porn archive that can be found on the WLAN.

Other than that, your school has given the students laptops ... what did you expect they would do with them. Doodle? Write embarrassing poems? Reverse engineer the entire MacOS with MacsBug? Turn off access using an automated system and you won't have to police so much. Not to mention your server load will drop, letting you go a few more years between server upgrades.

The problem with VNC is that you'd have to lock down the local security settings of the laptops to prevent the students from disabling it. It also wouldn't take long before one of them learns how to setup rfbproxy to send a prerecorded VNC sequence to clients, like an idle desktop with a hot key to pause/resume the fake sequence.

If your laptops run MacOS prior to X or Windows that is non-NT, then good luck securing them. The products vendors sell to secure these like Foolproof and Fortress do everthing they promise, but at the hands of a determined kid with nothing better to do but crack it, their "security" is a joke. Think "scriptkiddy".

Best of luck.