Another idea is assign static IP's to the PC's that are problem causing and make students sign a piece of paper on what PC they are going to use. You would need a teacher to keep track of this, or make them login to the PC's. Then you can gather the evidence of who's launching sub7 and catch them.

You have barely any security there that is your problem. At my school we were all issued ID's and when we either had an assigned PC, or in the library you had to sign a piece of paper on what PC you were using, show your student ID, then they gave you the password for that PC. They were pretty strict, but we didn't have these kind of problems.

We also had a deep freeze variant on our PC's so when they reset there went anything you installed.