cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

network security issues CREO 2

ptc-2786037
1-Newbie

network security issues CREO 2

Hi,

can anyone help?

  • We are able to install Creo 2 on our school network, thats no problem.
  • When students log onto their own profiles, (which only allows them to see a limited amount of drives on our servers) and go to open a file (File - Open) they are then able to see the entire school network and servers, giving them access to everything, creating a major secutiy issue.

My tech guys and managers have either given up or cant work it out. I have 3 staff trained, and over 100 students across 3 key stages ready to use it.

Has anyone come across this problem before? Im not a IT technician so I cant give you much information, but is there anything I can try or tell someone to try?

Any information will be greatly received.

Stuart

6 REPLIES 6

Hi Stuart,

We have seen this problem in a small number of schools and understand it is related to how permissions are controlled within the network software. Network managers in schools who do not have this problem have reported:

"Access to see and edit files and folders should be controlled with user and group policies." They went on to say: Relying on hiding icons and drives is not recommended in a school situation."

Are your IT support staff able to edit the user/group policies in the way described?

Tim

Hi Tim

Similar security problems are also stopping us using CREO 2 with students. I have no knowledge of networks but our ICT technician tells me that the following is the problem:

"For Creo to open when logged on as a student we had to enable the 'command prompt to process scripts' policy. This means that students can run batch files and scripts on the computer which is a security issue"

We are using a RM CC4 network.

Any further help you could provide would be most welcome. There must be an RM network manager out there somewhere that has the solution to this?

Roy

Roy,

You correctly point out that scripts must be enabled for ProE or Creo to run. However, it is not necessary to enable the command prompt.

Under the command prompt option there is a sub-option to enable scripts. It is only the sub-option that should be enabled leaving the command prompt disabled for all students. Here are instructions kindly provided by Leon Wells, a network manager in a Staffordshire school.

The student profile on some networks including RM has scripts disabled by default.

Here is how this can be cured on RM CC3 networks.

1. Start Management Console > Configuration settings > User types

2. Double click on the student user profile then look under 'User type & software restrictions'

3. Leave 'Disable command prompt' set to disabled

4. Change the sub-option 'Disable command prompt script processing' to 'No'.

Note: Pro|ENGINEER will run OK with access to command prompt left disabled.

There may be slight differences in CC4 but RM should be aware of this and be able to support your IT support staff.

Let us know how you get on.

Tim

Tim

I have put this solution to our IT guys. They had already done this and CREO will of course run. However, the issue is that students could possibly bring in batch files and/or scripts on a USB pen and run them which would cause issues on the network,

Any further thoughts?

Roy

Enabling scripts does create the possibility of students running them to cause trouble. However, to do this they also need a mechanism for running the script. The command prompt can remain barred and in most schools macros are disabled so there would have to be another method for them to run the script.

Pro|ENGINEER and Creo have been in school for seven years and it is in around 1000 schools. In all that time I have not seen a single report of scripts being used for malicious purposes. Before their demise I also contacted Becta and they did not have any evidence of scripts being used to cause problems on school networks. I am fortunate to work with schools around the world and disabling scripts is a peculiarly British thing. Do your IT staff know of problems scripts have caused?

I wouldn't want my comments to be seen as critical of network management in schools. Security is really tricky to get right in schools. It is a balance of providing access to the rich and varied range of resources while protecting the pupil and the network infrastructure.

In the past networks were so tightly controlled, pupils could do very little. Widespread use of smart phones that rarely have any filtering or protection has brought this into sharp focus and prompted a move from 'protecting' pupils to 'monitoring and educating' them about the dangers.

This is a hugely positive step for teaching and helps pupils greatly when researching for their D&T projects.

Typically in networks managed by windows servers (and others?) group policy manages the security of folders. Even though students can see the whole network, they should not be able to open, edit, launch or delete files that they shouldn't . Group policy will have them locked in to their own folder using %username% variable. If the network is visible by browsing using the Creo file Open dialogue, students would be able to get there using any number of tools. Just having things apparently hidden is not security, group policy is.

Top Tags