Following are extracts from discussion on NSWCC List:
If you want to do some "really" cool stuff ... you need pstools from sysinternals (now owned by Micro$oft).
For example, imagine you have a kid who sits in that corner of the room where you cant see the screen all the time and every time you walk over s/he quickly closes something down or, it's a free period and someone else is using YOUR room and you are suspicious they are letting the kids sit around playing games ... but for some reason you don't want to just barge into their lesson and check for yourself ...
This solution works best if you have all of the kids home drives shared from one server ... and you are logged as a domain admin ...
open up (from your computer in the staffroom) the computer management tool ...
Start-Control Panel-Admin Tools-Computer Management
Right click on "Computer Management (Local)" (near the top) and choose "Connect to another computer" ... choose/type in the name of the server where you keep all of your kids home drives (or a "shared folder" for students)
Now, in Computer Management folder, select "Shared Folders" and "Open Files" ... this will list every file that is being shared from the server ... have a look at what the kids have open ... anything suspicious or is it all .doc files etc ... I often catch an illegal copy of games in kids home directories this way ... games like quake and warcraft, when run will open tons of files and the kid stands out a mile because of all the files they have open ...
Ok, you see a file like quake.exe open ... Do you now walk into the room shouting "Ah Ha !! Caught you !!!" ?? Heck no !!... this is where the fun begins ...
First, if they are playing a game like quake, try to work out which map they have open ... it should be one of the open files ... secondly, disable the account ... so the student can't log back in.
Then you go to the "sessions" folder in "computer management" tool, which will tell you the name of the computer the kid is sitting at. Now, using pstools you run (from the command prompt) ... (again as domain admin so you don't need to worry about passwords)
Psshutdown \\computername -f -r -m "Please see Mr Carpenter in the computing staffroom immediately"
The kids computer will shutdown ... and they wont be able to log back in until they see you ... at this point the kid should be pretty worried. When they come knocking on your door look very very stern and tell them you know they were playing quake and you even know what map they were using (kids mouth drops open at this stage) Now you remind them of the rules regarding playing games in class and storing games in their home directory.
But, what about the games they bring on C: drive or on their USB stick ?? I hear you ask ...
Ok, you have a kid who doesn't have anything open from the server that looks suspicious, but you just "know" he's probably playing games ... either stored on C: drive or on a USB stick.
Find out what computer they are on from the "sessions" as shown above. Now (from the command prompt) type
This will list all of the applications running on the remote system. If the kid is playing a game, something suspicious will show up here. Follow the steps above ...
If you wanted to be "really really" mean, you could run
Psexec \\computername cmd
This will give you a command prompt on the remote computer ... navigate over to the C: drive (or if you are game ... the USB stick) where the game is stored and delete the game (you will need to run pskill first to kill the application, otherwise it will be locked and wont let you delete it) ... Ive done this from C: drive ... I (personally) wouldn't risk deleting anything from a kids USB stick ... besides ... its good to have the evidence and this way you get to confiscate the USB stick and ask the parents to come collect it from the Deputy.
Now I KNOW its much easier just to be vigilant and keep an eye on what's going on in the classroom .... nothing replaces good classroom management and I can rarely be bothered doing all of this stuff ... I usually just walk in and bust the kid in person ...
If, every so often, you do stuff like this, it gets around that you are watching what's going on ... even when you aren't in the room ... the kids start to think you are some uber hacker guru type ...
... which has got to be a good thing ...
Bernie Carpenter Muirfield High
Applications requiring Agents
We can use Zenworks to remotely control a PC without student being aware. You can also setup VNC or Altris with AD, or use the new Zenworks 10 that works on Windows ADs.
When you have remotely controlled them and see them playing a game you can start writing on there screen that they are being watched, etc.. You can also control the game they are playing. Suddenly they keep mis-firing rockets around or crashing into walls in the game and they have no idea why...
Also makes troubleshooting problems mush easier if you are not nearby at the time. You can see what is actually happening rather than what you are being told is happening. As well as being able to use runas to elevate yourself to resolve the problem.
Regards, James Rudd
Our system allows different control groups.
For student users Remote Control is hidden but for staff a dialogue pops up saying you are being remote controlled and gives the name of the remote controller.
Options in Zenworks Remote Control User Policy
"Give User Visible Signal when Remote Controlled" and
"Display Name of Initiator Every 30 Seconds"
As well as
"Give User Audible Signal when Remote Controlled"
This ensures that staff can not be covertly spied on. It is only students that may be silently watched, and we have info about that in the login disclaimer.
For students we usually only remote control in the first place if something suspicious happens, eg. a group all around 1 PC, or a staff member observes a student quickly closing windows, etc and asks for us to check it out.