What are these system admins thinking about?

It never ceases to amaze me how many high school computer science teachers have trouble running developer software (IDEs, compilers, etc) because of computers and/or networks that are locked down too tightly. Either students can't get access to the command prompt or the IDE can't access the C drive or perhaps the network access to shares does not allow executables to run. I have even heard of school network administrators objecting outright to programming classes on the grounds that students might learn enough to "mess with" the network or local computers. Imagine that! Students might learn something!

I think at some point one has to trust students. At one school I taught at students were known to bring baseball bats to school. Yes those same tools of violence that are often used in muggings and even murders. But somehow we trusted students to use these weapons only for the sporting event they claimed to be bringing them to school for. Can't we have the same level of trust for using the network? If a student can learn to behave with a baseball bat why not a network account? The network is a tool for learning. We should be able to teach students to use the network responsibly.

I once bought some lockdown software for my computer lab. The students found ways around it and it became a game for them. Having the lockdown software actually made my job harder. I removed the software, announced serious consequences for making a computer difficult to use or making any other unnecessary changes. Vandalism when down dramatically. Students responded to the trust I gave them.

Setting us computers and networks so that teachers can teach and students can learn is the job of the system administrator. Classroom management and supervision is the teachers job. If a network administrator can't set up a network so that it can be used in a class maybe they are in the wrong job.

One last rant, when I was a CS department head and Technology Coordinator (always fun to wear a lot of hats) I felt that if a computer teacher could not handle full network administrator rights than I should probably not hire them. Now I realize that not everyone feels that someone needs those privileges or that level of expertise coming in to the job. I'd think one would want to teach them enough to have those privileges by the time they finished their first year of teaching if only to reduce the work load of the network admins. Or am I just way too extreme?

Comments (6)

  1. Yes! A million times yes! And I say that as a system administrator and CS teacher. I can’t do the teacher part of my job if the kids can’t do the work I assign. I can’t do the sysadmin part if kids are constantly interupting me to unlock the computers for this or that necessary thing.

    I think people don’t know what will bring extra work. If I open up the system to users, will that make extra work when they randomly click things they don’t understand and can’t tell me what they did? But will it make work if I don’t give them permission?

    And, of course, many school sysadmins don’t actually understand what goes on in the classroom so they can support it effectively. When it looked like a major piece of software I use might not be compatible with our new systems, my sysadmin said, "but you can just use something else." I believe she really thought it was that easy.

    I also think we can’t effectively prepare students for life after us if we don’t give them some trust and let them make mistakes. How else can they learn?

  2. kentcb says:

    Amen. This is not just a problem in academic quarters. It is also a problem I have experienced in the corporate world.

    I’m a developer and had to argue extensively to get admin rights on my work PC. Imagine trying to develop and test software when you don’t even have the rights to install tools on your machine, let alone try different configurations that exist out in the field.



  3. RichardG says:

    I think the admins are just being lazy. The  risks of spyware and virus – which are real – gives them a good excuse to make life easy for themselves. I work in the corporate world and I’ve seen it there.  At my wife’s school, the teachers cannot even change the monitor refresh rate, it’s set at 60Hz – reading the screen then gives half the staff a headache!


  4. TAG says:

    You are not allowed to trust users. It’s required only one bored user to make education of 10’s hard.

    The problem with all thouse admins are Microsoft. In 1996-99 I was using read-only disk protection for Windows 98 systems. It was a BIOS "virus" thich cached small portion of writes to drive C: in memory and not allowed them to propogate to HDD.

    This way programs had feeling that they can do anything with Windows – in the same time as simple reboot solve all issues by booting exactly same environment as it was after initial configuration by administrators.

    Regarding Microsoft – you already have copy-on-write disk protection in Windows Embedded. I don’t get why you don’t want to make it as option for regular Windows OSes to make them manageable. Even with current NT "permissions" – it’s still a mess then somebody change colors, desktop wallpaper or rearrange/delete icons or change some third-party application configuration settings or toolbar icons. Instead of plain – "configure once and reboot to restore to administrator appoved software level" you are offering admins to keep track of all "evil" things that users can do – this definitely make it hard for regular users to use.

  5. I agree with you. One thing I’d emphasize is that it’s nice to have enough security that it serves as a safety fence for students who might make honest mistakes.

    Also, re your baseball analogy: it’s easy to detect misuse of a basball bat (very obvious, and generally accompanied by loud screams and a giant crowd), and it’s easy to identify the bad-guy.

    Detecting misuse on a network is much harder.

  6. I’m not saying the systems should be wide open. You don’t need (or want) to give students admin privs. But at the same time I think many systems are just locked down too tightly.

    And as for the baseball bat thing, sure it is easier to identify the bad guy but the damage that can be done is just so huge that if you are comparing risk of damage the baseball bat is so much worse than letting kids change the color scheme on their desktop or removing items from the menus.

Skip to main content