|
If the machines are Win9x, forget it - there is no security.
If the machines are running an OS with NTFS partitions you can lock down the permissions to that
a) They cannot delete / change files and folders.
b) They cannot browse the contents of folders.
c) They cannot change the permissions to allow them to do "a" or "b".
The process is simple, but long winded:
1) Disable file and folder browsing/deleting/changing to all but administrative staff.
2) Re-enable it on obvious directories - temp, document folders, indvidual system files that need write access etc.
3) Make sure all your applications work, change permissions as you find files / directories which need change/delete/browse access.
Once you have a process which works, script it so you can apply it to all your machines and any new ones that come along.
The simple quick fix if you are running Win2000 or XP is to go to the C: drive properties and set "deny" on "list folder contents" for the group which comprises your students. Replicate the setting down the directory tree, and ensure that the student group does not have permissions to change the setting.
They will now get "access denied" if they attempt to use a GUI browser, and no results if they try to user DOS dir or similar.
| 
