Is this right?

[redhawk14506]

I recently got into trouble at my school for having a scanner in my file (superscan). I can understand a little worry there. But when I edited my login script the sys op freaked out and I got into trouble again. Isn't it OK to edit a login script? I mean I wasn't doing or planning on doing anything malicious. If you can even do anything malicious. Am I in the wrong here?

[MrLinus]

Check for an AUP. If they don't have one, point out that there are no guidelines at the school as to what is acceptable computer/network usage and what isn't acceptable.

From an administrator point of view, it's not a good thing to change the login script because a) you may cause problems for other students using the same machine b) it may cause difficulties for the administrator if he/she has to fix something for you c) you are changing something without letting them know in advance or asking (courtesy sake).

I'd honestly say there isn't a wrong or a right but rather a miscommunication. I'd suggest for future endeavours talk with the admin before doing something. Explain in detail the where-fores and whys. I think it will go a long way in the long run for you.

Hope that gives you some ideas.

[VicE$DoS$]

redhawk14506

Lets make this thread a little more interesting...
What exactly did you change in the login script??

Cheers
V$D$

[groovicus]

Might want to read this thread:

http://www.antionline.com/showthread...hreadid=249219

[nihil]

VicE$DoS$..............yeah! yeah!.................and if its any good I want the script

redhawk14506. I am afraid that life is like that in a "shared environment" be it at school or in the workplace.

The scanners and sniffers scare them because:

1. They do not know where it came from...it may do rather more than "it says on the box" huh?
2. They do not know the motives of the individual who inserted it?
3. Any software that is non-standard is a potential problem that they don't know about. And their time in fixing thing costs money that could otherwise be spent on your education.......hey, you want to get value for your money don't you?
4 It is their job to scan and sniff................they will not welcome rivals
Messing around with your login script:

1. Could cause system problems that will take them a lot longer to fix than the usual ones we buy from Mr. William Gates III
2. Might cause problems for other users of the equipment, which I am presuming is shared?
3. Might be, initially, mistaken for malware that has somehow penetrated the environment.

Basically, you should NOT "bring stuff in" or write it yourself, unless it is part of what you have been set to do.

MsMittens has given some very sound advice, and she is a senior educator as I understand?..way above your school staff, so her advice should be heeded.

Now that I have given you the official "party line" I must say that I found your post rather interesting. I have commited many of the sins I just warned you against. I even ended up with 5 desktops at one place!...........the Sysadmins gave up (I sometimes wonder if taking my wife to their boss's favourite charity fundraising bash had anything to do with it?).......one was dead standard, one was for development, one for supporting obsolete systems, one (secure) one for my main project and another so I could help out the Global Infrastructure Support Team (sysadmins) when they were a bit hard pressed (local admin rights I can handle, admin admin rights scare me). If you play fair...they will play fair. On the other hand, they could send Gore in on a quick contract......do read his Sysop from Michigan stories...they are excellent!

I did not normally alter login scripts other than to change all the users configurations....I used to mess with the Registry ....that kept the "loveletter" virus off our site! and a few others. My sysadmin cronies even bought me beer, rather than the other way round!

At the moment, I suspect your knowledge is perhaps a little ahead of the rest of your class. I appreciate that this can be frustrating, but remember the people who appear to be frustrating you are only trying to do their jobs?.

It might be a good idea to wait for your responses here then go show them to your Principal or whatever....the people who nailed you? and say "sorry"..they may re-institute you in their mindsets............right now, you have probably lost a lot of street cred.

Sorry for ranting on so long


cheers


VicE$DoS$ Beretta what?.................L96A1 or an L39A1.....................take your time before you drop the hammer?

[redhawk14506]

Thanks, all I edited in the login script was just a IF DAY_OF_WEEK = "Friday" WRITE "Today is Friday, just text commands. Is it recommended for admins to disable the ability for someone to change their passwords or lock their workstation? I didn't think it was but we are not allowed to change our passwords or lock our workstations. Any thoughts would be appreciated.

[Tedob1]

yes and both for the same reason. people forget passwords...in school it gets done intentionally or people just walk away and leave it locked. "i forgot my password" is a common chant. it gets really old really quick. maybe you wouldn't forget but believe me their are too many that do.

[Striek]

Originally posted here by spools.exe
Research has found that companies are hit hard in the pocket when their employees forget their passwords and call the corporate helpdesk. Earlier this year, analyst group Meta calculated that each of these calls costs the company approximately US$25.

Although it might not cost so much in a school, It would take up an inordinate amount of system administrators' time, as schools tend to hire as few of them as possible. It also reduces the solution to a forgotten password from manually resetting it to a simple "RTFM" reply. I remember from high school our network admin spent (he said) an hour a day resetting forgotten passwords. One out of three computers would be locked out and unused. A similar policy solved these problems. These could be some of the reasons for this policy.

[nihil]

This is a hard one to call for me, given military security requirements?

You should logout if you leave your screen. it should produce a password protected screensaver after 5 minutes inactivity. If I need your screen I just re-boot?

The system should enforce a password change every 14 days maximum.

It takes all of 5 minutes to reset a user password, including the phone call? So that works out at 12 x $25 =$300 per hour....................Hell...I might just take the paycut for that job...when can I start?

Guess I should be the Dean...My Rules:

To use the system you pay $100 "caution money" per term.......costs you $20 to get reset if you "forget" your password, more than 5 and your parents have to buy the school a new computer, or you are grounded, and they have to get you private lessons..................If you "forget" your simple password...maybe you should be throwing trash, rather than wasting a space in an educational establishment?...you certainly won't learn any of the more complex stuff you are told ( I use the word "told" deliberately: "taught" implies information retention?)

I am not sorry...this time I think that your school is wrong....they are encouraging lax security at an early age? That is NOT what AO sponsors?

Of course if loser organisations contract out (that would explain $25)......then it should cost them $5000 to even get to log-on?

I DO NOT condone lax security on the grounds of cost or ineffectuality............been there, read the book, seen the film, got the T-shirt............not impressed.


Just my opinion


Cheers

[rapier57]

What we do:

If you have to go down the hall to the bathroom (the loo, for nihil), we recommend our students lock their workstations to protect their work, or log out. However, it is inappropriate to lock a workstation and just leave for a class or the evening. We even require that staff and faculty leave systems on, logged out when they leave for the day. We perform updates and maintenance in the background at night, so we need the systems logged out, but powered on.

AUP (acceptable use policy) is probably in force in your school and will dictate how you behave on the network. If some activity is a no-no, don't do it. If you do it anyway, don't come crying. The next voice you hear on our campus is the VP for Student Services discussing how vague your academic future has become.

Students cannot edit the loging scripts here. If they even attempted, I'd get in a really nasty mood, real quick. Those scripts are there for a reason, and the user doesn't get to decide. Besides, they would have to be using some serious hack tools and that activity would definitely be against the AUP (notice a trend here?).

Installing any software by students is against the AUP and vigorously enforced. See comment above about VP of Student Services. Peer-to-peer has become a significant drain on system and network resources, as has many spy-ware apps that masquerade as personalized tools (Hotbar, Precision Time, etc.).