Remote Control
Following are extracts from discussion on NSWCC List:
Contents |
Command Line
If you want to do some "really" cool stuff ... you need pstools from sysinternals (now owned by Micro$oft).
For example, imagine you have a kid who sits in that corner of the room
where you cant see the screen all the time and every time you walk over s/he
quickly closes something down or, it's a free period and someone else is
using YOUR room and you are suspicious they are letting the kids sit around
playing games ... but for some reason you don't want to just barge into
their lesson and check for yourself ...
This solution works best if you have all of the kids home drives shared from
one server ... and you are logged as a domain admin ...
open up (from your computer in the staffroom) the computer management tool
...
Start-Control Panel-Admin Tools-Computer Management
Right click on "Computer Management (Local)" (near the top) and choose
"Connect to another computer" ... choose/type in the name of the server
where you keep all of your kids home drives (or a "shared folder" for
students)
Now, in Computer Management folder, select "Shared Folders" and "Open Files"
... this will list every file that is being shared from the server ... have
a look at what the kids have open ... anything suspicious or is it all .doc
files etc ... I often catch an illegal copy of games in kids home
directories this way ... games like quake and warcraft, when run will open
tons of files and the kid stands out a mile because of all the files they
have open ...
Ok, you see a file like quake.exe open ... Do you now walk into the room
shouting "Ah Ha !! Caught you !!!" ?? Heck no !!... this is where the fun
begins ...
First, if they are playing a game like quake, try to work out which map they
have open ... it should be one of the open files ... secondly, disable the
account ... so the student can't log back in.
Then you go to the "sessions" folder in "computer management" tool, which
will tell you the name of the computer the kid is sitting at. Now, using
pstools you run (from the command prompt) ... (again as domain admin so you
don't need to worry about passwords)
Psshutdown \\computername -f -r -m "Please see Mr Carpenter in the computing
staffroom immediately"
The kids computer will shutdown ... and they wont be able to log back in
until they see you ... at this point the kid should be pretty worried. When
they come knocking on your door look very very stern and tell them you know
they were playing quake and you even know what map they were using (kids
mouth drops open at this stage) Now you remind them of the rules regarding
playing games in class and storing games in their home directory.
But, what about the games they bring on C: drive or on their USB stick ?? I
hear you ask ...
Ok, you have a kid who doesn't have anything open from the server that looks
suspicious, but you just "know" he's probably playing games ... either
stored on C: drive or on a USB stick.
Find out what computer they are on from the "sessions" as shown above. Now
(from the command prompt) type
Pslist \\computername
This will list all of the applications running on the remote system. If the
kid is playing a game, something suspicious will show up here. Follow the
steps above ...
If you wanted to be "really really" mean, you could run
Psexec \\computername cmd
This will give you a command prompt on the remote computer ... navigate over
to the C: drive (or if you are game ... the USB stick) where the game is
stored and delete the game (you will need to run pskill first to kill the
application, otherwise it will be locked and wont let you delete it) ... Ive
done this from C: drive ... I (personally) wouldn't risk deleting anything
from a kids USB stick ... besides ... its good to have the evidence and this
way you get to confiscate the USB stick and ask the parents to come collect
it from the Deputy.
Now I KNOW its much easier just to be vigilant and keep an eye on what's
going on in the classroom .... nothing replaces good classroom management
and I can rarely be bothered doing all of this stuff ... I usually just walk
in and bust the kid in person ...
But ...
If, every so often, you do stuff like this, it gets around that you are
watching what's going on ... even when you aren't in the room ... the kids
start to think you are some uber hacker guru type ...
... which has got to be a good thing ...
Cheers
Bernie Carpenter Muirfield High
Applications requiring Agents
VNC
Altris
Zenworks
Usage
We can use Zenworks to remotely control a PC without student being aware. You can also setup VNC or Altris with AD, or use the new Zenworks 10 that works on Windows ADs.
When you have remotely controlled them and see them playing a game you
can start writing on there screen that they are being watched, etc..
You can also control the game they are playing. Suddenly they keep
mis-firing rockets around or crashing into walls in the game and they
have no idea why...
Also makes troubleshooting problems mush easier if you are not nearby
at the time. You can see what is actually happening rather than what
you are being told is happening.
As well as being able to use runas to elevate yourself to resolve the problem.
Regards, James Rudd
Notification
Our system allows different control groups.
For student users Remote Control is hidden but for staff a dialogue pops up saying you are being remote controlled and gives the name of the remote controller.
Options in Zenworks Remote Control User Policy
"Give User Visible Signal when Remote Controlled" and
"Display Name of Initiator Every 30 Seconds"
As well as
"Give User Audible Signal when Remote Controlled"
This ensures that staff can not be covertly spied on. It is only
students that may be silently watched, and we have info about that in
the login disclaimer.
For students we usually only remote control in the first place if
something suspicious happens, eg. a group all around 1 PC, or a staff
member observes a student quickly closing windows, etc and asks for us
to check it out.
