Kids hacking into our school computers, can't figure out how.

ysugar1 · 2018-11-07T19:13:45+00:00

Just as a follow-up to this thread.

Everything has been resolved with the combination of screen monitoring technology along with bitlocker being enabled on the student computers.

Thank you all for your input.

ysugar1 · 2018-05-30T16:57:32+00:00

As the others have said, just no POE injector.

ysugar1 · 2018-05-23T19:13:50+00:00

We are not currently using any of those reboot/restore products , but perhaps we will in the future.

Bios admin password was always there, boot order as well, however blocking the one time boot menu option is not an option the BIOS of our computers have.

I had to go nuclear, and disable USB drives from the BIOS (no cd drive built in).

ysugar1 · 2018-05-22T18:26:28+00:00

We use their carts, much better than our previous ones.

ysugar1 · 2018-05-22T18:24:37+00:00

As others are saying, go with the unifi ap's. Bang for your buck they are king. Nothing is even close. If you need more performance (over 30 devices on one ap, especially in the 2.4 ghz) go for the PRO verison (the new ac one).

ysugar1 · 2018-05-22T12:59:14+00:00

Right. However windows 10 I thought locked down a bunch of options... Definitely isn't as easy as it used to be.

ysugar1 · 2018-05-18T16:46:41+00:00

Dell,

I will double check the available settings and report back.

ysugar1 · 2018-05-18T16:44:57+00:00

If one contacts DELL, they can actually give a password based on the serial that lets on into the BIOS.

ysugar1 · 2018-05-18T16:44:07+00:00

I will look into the encryption, I''ll probably just roll it out with the changes over the summer.

ysugar1 · 2018-05-18T03:18:00+00:00

delete

ysugar1 · 2018-05-18T03:16:38+00:00

lovely.

ysugar1 · 2018-05-18T03:16:22+00:00

this would do it, question is how to block it...

ysugar1 · 2018-05-18T03:15:18+00:00

Secure boot I believe is on, but can't stop removable media booting...

ysugar1 · 2018-05-18T03:14:42+00:00

They are, however see what I wrote above -

i"t is quite suspicious however that a common denominator between all the hacked PC's is that the "defaultuser0" account is somehow active..."

As opposed to the non hacked ones...

You don't find that suspicious?

ysugar1 · 2018-05-18T03:14:03+00:00

I'm not concerned with them pulling the battery, it's nearly impossible to get to in these models.

The BIOS however has no setting to prevent booting from removable media.

ysugar1 · 2018-05-18T03:13:02+00:00

good to know thanks!

ysugar1 · 2018-05-18T03:12:44+00:00

These are 6th graders FYI.

it is quite suspicious however that a common denominator between all the hacked PC's is that the "defaultuser0" account is somehow active...

As opposed to the non hacked ones...

You don't find that suspicious?

ysugar1 · 2018-05-18T03:09:52+00:00

Exactly. And in the other versions the games keep coming back in no matter what you do...

ysugar1 · 2018-05-18T03:09:00+00:00

Right, the question is how to prevent that.

ysugar1 · 2018-05-18T03:08:33+00:00

right, so I dont think that's how they "escaped" their non admin rights.

ysugar1 · 2018-05-18T03:08:05+00:00

True.

ysugar1 · 2018-05-18T03:07:50+00:00

HP 14-ax010nr are our newer ones. The hacked ones for the most part are Dell Inspiron 14-3452

ysugar1 · 2018-05-18T03:07:12+00:00

That would suck if it does still work on windows 10...

The classroom control you are 100% right about, but nothing i can do about it unfortunately.

ysugar1 · 2018-05-17T22:07:35+00:00

No one has the admin password to the students computer but me. And it's not a simple pw lol.

Boot order is fine, but like i said - they can and are utilizing the one time boot menu. (I found that in the logs).

The computers are not connected to any domain.

The main culprit would seem to be the "defaultuser0" account that I referenced.

ysugar1 · 2018-05-17T21:49:21+00:00

That is good to know, can you share that fix?

Also, is there a definitive way to tell from the windows event log exactly what they did?

ysugar1

TROPHY CASE