JRH

Speaking as a long-time IT Director/VP for both government and private sector organizations, this is a sticky situation. However, based on the fact that the computers are purchased by the students, it is their computer - not government property. The resources that the computer attach to are government property, so there should be policies in place to ensure that the connections are appropriate and protections are in place. There are methods/technology that can be put in place to allow access to the network infrastructure only from computers that are up-to-date with the latest virus eradication software and verified "clean". This is handled within the network infrastructure of the school, not at the local machine level. Additionally, blocking sites is handled at the firewall - this is perfectly acceptable at most businesses/schools/etc. (FYI, Denver International Airport, which provides free WiFi service to travelers blocks sites that could be viewed as "inappropriate"). If the student is using the USMMA connectivity for Internet access, KP has every right to limit the sites that are viewed.

With all of that said, providing the kids with local administrator permissions (or simply using a global policy within Active Directory) to allow for the basic needs (i.e., changing time, installing software, etc) should be an acceptable practice, and I believe that an easy route was taken by just removing the local user from the local administrative group...it's a practice that I've seen many times, typically by an IT organization that doesn't have a skill level necessary to implement good security, but also to allow for a functional level of operation.

Just my .02 - but I'm quite passionate about this one

suzannegra

Agree 100% with JRH!!!

KPMarineopsdad

That seems to have been the case. I was told that there were some
restrictions that were necessary to allow the Academy onto the Department of Transportation's network and DoIT took the easiest and fastest route.

Jamzmom

^^^ This is becoming a pain in the butt. Due to the problems mentioned here (& kids being kids, finding ways around said problems) don't look for some to have privs for a while. Lock down time.

Yes indeed the Feds have their rules for services they are paying for but when kids can't access their own SERVICE ACADEMY email to get messages from the ACADEMY & their class work when they are away, something is alittle crazy IMHO.

Three little words. Wireless Network card. Geez.

chillguy

Here is a mass email sent to us a few days ago:

M/N,

It has come to our attention that a number of M/N have reimaged the hard drives of their laptops to escape the limitations of the FDCC. Those laptops and M/N network accounts will be suspended on Monday with a complete loss of all network privileges.

V/r,

HDW


"HDW" is the man in charge of our network functions. It is his department’s policy that wireless networks are not allowed in the barracks.

Also, because of the FDCC, there is no foreseeable solution to our problem. The smart thing would be to have a school network separate from the MARAD network. But KP probably won't be able to afford that for a long period of time.

Jamzmom

Thanks Chillguy for the heads up. I can't begin to imagine the frustration of having a computer thats more or less a word processor.

is2day4him

jamzmom,
the level of incompetence is almost frightening. basically, as JRH said above, they decided to blanket us under a code that has so many flaws and easy-outs in it that it's beyond irritating. for example, my printer hasn't worked since 2nd tri of plebe year, and i'm not planning on buying $50 worth of ink for it. anyways, i get these error messages about it at least 15 times a day, i tried to uninstall said printer, but guess what... i don't have administrative rights to do so...
i took it to the guys at DoIT, and all that did was make the error message have a loud sound, rather than making it go away...
GRR!!!

Jamzmom

This would be a wonderful thing to happen. The IT guys could probably free up a bunch more time to work on larger problems by giving the Mids the opportunity to fix their own simple little problems (like uninstalling/re-installing printers that go buggy).

is2day4him

according to them, it wasn't their doing, it came from higher up, thus their hands are tied. they hate it, or at least say they do, because it creates more work for them.

kp2001

I feel for you guys. I think they are treating the computers/network like they treat mine at work at a Navy facility and it doesn't work for people who work/live at the same place. I cannot do squat on my computer at work in regards to installing/uninstalling things. I can't install programs, heck I can't even change the time on my desktop. I sometimes can use a thumbdrive and others cannot. It is a bit ridiculous, do y'all have to use passwords that contain around 10 characters with two uppercase, two lowercase, two special characters, and at least two numbers? Try coming up with a password with those restrictions ever X number of days.

Maybe we as alumni/parents need to figure something out as well like trying to fund an academy network or something of the sort. I am glad however to see that the incompetence of the IT department has not improved one bit. Do they still simply reformat your hardrive for every complaint?

is2day4him

well now, no one goes to DoIT if they can avoid it at all. i'm sure it's always been that way, but yeah, they don't have any clue what they're doing. most kids are switching to linux and aren't having any issues, although DoIT says that it's not possible to do it without getting caught (hence why over a third of the regiment has it and they have no clue, right?).

namann2011

The FDCC thing is pretty frustrating. What I did was buy a new internal hard drive and swap it out. I am fortunate enough to have a copy of XP.

This is probably the best way to get around it and it only cost me $50

KPInTheKnow

The restrictions at KP are actually imposed throughout the entire federal government. The rules are established by the President's Office of Management and Budget. Even the DoD and DHS service academies will have to impose the same restrictions.

JRH

"The restrictions at KP are actually imposed throughout the entire federal government. The rules are established by the President's Office of Management and Budget. Even the DoD and DHS service academies will have to impose the same restrictions."

Not so much. This is simply the lazy way out of implementing good security on a network. I'm a gov't guy - this ain't the gov't way. It's the KP way....

KPInTheKnow

Sorry pal. Not true. Look at: OMB Memoranda Read (and weep) the PDF file noted as M-07-11.