Let's see, my high school...

-Blocked access to certain programs, including Firefox, by filename. Rename a program to iexplore.exe and it ran happily.
-Installed Deep Freeze on many computers, but never rebooted them to complete the installation. The machines would stay on 24/7, thus DF wouldn't actually do anything until a student or power failure finally rebooted them. By then they already had tons of shit installed.
-Filtered all Internet access through one extremely slow machine. Somehow this filtering only affected IE even though it was server-side.
-Disable the File menu in Explorer and right-click (way annoying) but didn't block access to cmd.exe, net send, and all those fun things.
-Didn't password-protect BIOSes.
-Used such clever passwords as "freezer" for Deep Freeze.
-Had network admins who would frequently forget to log off the computer when they left.
-Would wipe the student network space every year, and forget to enable any size limit, so students were free to (and did) fill up the entire server with games.
-Didn't prevent access to other students' network spaces; you just went to \\server\ and could browse everything.
-Didn't block such things as MSN Messenger, which meant most of the computers were tied up constantly by students pretending to work but really only chatting.
-Had incompetent staff who insisted that Notepad, with most of my essay typed in it, was a virus and demanded I use Word instead.

Probably more I can't remember.

lolwtf:

-Filtered all Internet access through one extremely slow machine. Somehow this filtering only affected IE even though it was server-side.

Either a proxy that was only set up in IE or a NAT/proxy that had TCP/IP issues with IE.

 

Most of your examples sound par for the course, though. 

 

 

IE was set to "direct Internet connection".

lolwtf:

IE was set to "direct Internet connection".

Must have been a crappy NAT server, then.. 

lolwtf:

-Installed Deep Freeze on many computers, but never rebooted them to complete the installation. The machines would stay on 24/7, thus DF wouldn't actually do anything until a student or power failure finally rebooted them. By then they already had tons of shit installed.

I'm sure this applies to more of the posts, but haven't these people ever heard of creating a disk image?

Bah, they're probably not paid enough for that crap 

belgariontheking:

I'm sure this applies to more of the posts, but haven't these people ever heard of creating a disk image?

Bah, they're probably not paid enough for that crap

Perhaps I'm not understanding you, but that's what Deep Freeze does.  It's actually not a bad program.  I used to use it on test machines because you trash the whole system and just reboot and be back with a clean install.  Great for testing security vulnerabilities, too. 

morbiuswilters:

I used to use it on test machines because you trash the whole system and just reboot and be back with a clean install.  Great for testing security vulnerabilities, too. 

 

Virtual PC FTW

MasterPlanSoftware:

Virtual PC FTW

If only it properly emulated hardware. Oh why must it emulate controllers as PS/2?!

AbbydonKrafts:

MasterPlanSoftware:

Virtual PC FTW

If only it properly emulated hardware. Oh why must it emulate controllers as PS/2?!

 

Never had that problem, but right tool for the right job really.

Virtual PC is a great tool for most testing though. Virtual Server is great too.

morbiuswilters:

Perhaps I'm not understanding you, but that's what Deep Freeze does

I see (I think).

It just seemed silly to me to have to install something and then reboot to get it to work.  Why not create an image in which everything's already installed correctly?

lolwtf:

Let's see, my high school...

...
-Didn't password-protect BIOSes.


Probably more I can't remember.

 

pwd protected bios is hard to manage/change. It prevents theft, but we had computers encased in STEEL so no worries about pulling comps!

pwd on bios is needed so studen't dont f-it up. Strangely enough my job does not pwd protect bios, and here u CAN steal comps specially if using the freight elevator!

dlikhten:

pwd protected bios is hard to manage/change. It prevents theft, but we had computers encased in STEEL so no worries about pulling comps!

pwd on bios is needed so studen't dont f-it up. Strangely enough my job does not pwd protect bios, and here u CAN steal comps specially if using the freight elevator!

 

How the fuck is password protecting the BIOS going to prevent someone from stealing the computer?

Did you smoke extra crack this morning or something?

belgariontheking:

It just seemed silly to me to have to install something and then reboot to get it to work.  Why not create an image in which everything's already installed correctly?

Deep Freeze is like an "in-place" disk image utility.  The whole idea is that it is very easy to use.  After installing it, you can install anything you want.  Once you want to "freeze" the disk, you type in the admin password and then reboot.  The reboot is required to lock the freeze into place.  I don't think DF makes a complete mirror of the disk, either (I'm not very familiar with its inner workings) but just keeps track of changes separately.  So when you restart a machine that is frozen it will return to it's last state very quickly without having to copy the image back over the disk.  If you need to install new software, you enter the admin password and unfreeze the system and reboot.  The reboots must be because DF seems to use some kind of virtual disk driver to keep writes away from the frozen image.

 

Anyway, the problem at the original guy's school was that they never did the reboot after freezing the machine so it was still technically unfrozen. 

MasterPlanSoftware:

dlikhten:

pwd protected bios is hard to manage/change. It prevents theft, but we had computers encased in STEEL so no worries about pulling comps!

pwd on bios is needed so studen't dont f-it up. Strangely enough my job does not pwd protect bios, and here u CAN steal comps specially if using the freight elevator!

 

How the fuck is password protecting the BIOS going to prevent someone from stealing the computer?

Did you smoke extra crack this morning or something?

ROFL.

 

And, yeah, password-protected BIOS isn't easy to change, but it's not like you should ever really need to change it.  Hell, you probably never even have to use it.  Just set it to a random string when the machine comes in, record it in whatever system you use for tracking inventory and forget it.  Also, if you lose the PW for some reason you can just crack the case and reset the CMOS.  This isn't rocket science.

morbiuswilters:

And, yeah, password-protected BIOS isn't easy to change

 

ORLY?

Just jump the clear BIOS jumper.

No more BIOS password!

EDIT: Nevermind, sorry, only read your first sentence. I will leave it for emphasis though. Just in case anyone (dlikhten) thinks it is useful for security.

MasterPlanSoftware:

Never had that problem, but right tool for the right job really.

It's mostly Linux distros that don't like it.

I'm still trying to get DOS 5 working in it to see if I can get my King's Quest stuff working. DOSBox just falls flat too often.

MasterPlanSoftware:

ORLY?

Just jump the clear BIOS jumper.

No more BIOS password!

EDIT: Nevermind, sorry, only read your first sentence. I will leave it for emphasis though. Just in case anyone (dlikhten) thinks it is useful for security.

To be fair to you, I wasn't very clear in what I meant by "change".  I was speaking of in terms of implementing a "BIOS password policy" which would require a way to update passwords on thousands of machines.  AFAIK, there is no software to centralize this and it all has to be done by hand.  So that's what I meant by hard to change.  My point was that no IT dept. should need to change the BIOS password once it is set, though, because it's such a minor attack vector (nobody can use the BIOS password to attack you across a network, they need physical access to the machine to do anything).  And you're absolutely correct that it provides no real security.  It's mostly just a way to keep non-IT staff from dicking around with the settings.

MasterPlanSoftware:

How the fuck is password protecting the BIOS going to prevent someone from stealing the computer?

 

You obviously need to buy a new computer. The latest BIOSes, when you password protect them, make the computer weigh over 200 pounds, therefore preventing theft (unless the thief knows ahead of time and brings a forklift or something). 

Reall, MPS! Get with the times! 

KenW:

You obviously need to buy a new computer. The latest BIOSes, when you password protect them, make the computer weigh over 200 pounds, therefore preventing theft (unless the thief knows ahead of time and brings a forklift or something). 

Reall, MPS! Get with the times! 

 

Sorry, I will get skillz0r3d.

Maybe dlikhten can educate me?

We used to have a list of ways to circumvent our security (Novell NetWare and Windows 98 boxes)...I can't recall many specifics, but I do remember the "unplug the network cable after logging in" trick was used heavily. And I remember the web filter sucked...right-clicking a link and selecting "Open in a new window" got you around almost all blocked content.

A friend of mine also stole all the mouse balls from the CAD lab. Does that count as poor security?

LieutenantFrost:

A friend of mine also stole all the mouse balls from the CAD lab. Does that count as poor security?

 

Extra points if he littered the halls with them. That could be pretty fun to watch @ class change time.

MasterPlanSoftware:

Extra points if he littered the halls with them. That could be pretty fun to watch @ class change time.

 

 Nah...we put them in a pillow case and hit things with it. Those mice balls were -hard-! And the only reason he stole them was because the teacher made a specific point of "DON'T STEAL THE MOUSE BALLS!"  He was just begging for it.

 From that point on, all students were required to turn their mice upside-down when they left the lab. Now they've moved onto optical mice.

MasterPlanSoftware:

morbiuswilters:

And, yeah, password-protected BIOS isn't easy to change

 

ORLY?

Just jump the clear BIOS jumper.

No more BIOS password!

EDIT: Nevermind, sorry, only read your first sentence. I will leave it for emphasis though. Just in case anyone (dlikhten) thinks it is useful for security.

 

No, I wasen't thinking about it completely. If they can't start the comp due to bios password they can just swap mobo which is like 50 bucks. It won't stop anyone from stealing any info from anyone. Also old bios could be reset by pulling the battery, in the days before flash.

dlikhten:

No, I wasen't thinking about it completely. If they can't start the comp due to bios password they can just swap mobo which is like 50 bucks. It won't stop anyone from stealing any info from anyone. Also old bios could be reset by pulling the battery, in the days before flash.

 

Again, there is a jumper on most mobo's for this purpose. So there is no thinking involved on your side. It was just a stupid comment.