Likewise- our quarantine role is very limiting- they all seem to want
Instant Messaging.  At the moment we have 2 users in the temporary role
out of 2500.

>>> [log in to unmask] 11/23/2004 11:39:06 AM >>>
We are set up in a similar manner but our "open window" only allows
HTTP
to the Internet - it does not allow HTTP, POP3, IMAP or SMTP to our
own
servers which blocks the students from email. It also kills AIM and
that
alone is a big motivator - this keeps them honest.

Jeff

-----Original Message-----
From: Paul D. Walker II [mailto:[log in to unmask]]
Sent: Tuesday, November 23, 2004 11:12 AM
To: [log in to unmask]
Subject: [PERFIGO] Remediation incentives

Maybe we set ours up wrong ... but here is the situation:

We deployed Perfigo w/SmartEnforcer client.  Rather than hassle with
digging IP addresses for the Win update servers, the "temprorary
access"
role has port 80 open to the internet for 40 minutes.  What has
resulted
is
approximately 80 per cent of the computers in the dorms went through
the
process to get full access.  The remaining 20 per cent or so have
basically
reasoned in their mind that they are ok with 40 minutes of temporary
access
and if they need more, they will re-login.

Do other schools have problems with what I would call "feet-draggers"
that
are too lazy to remediate their PC?  How are you dealing with them?

We have basically taken the approach of scanning the reports section
on
the
admin console to find "failed" attempts to access the network and
contact
them individually and threatening total access denial.  This is taking
way
too long in my estimation.  Have others found "better" ways to achieve
this?  Have we missed something with the win update server IP issue in
our
setup?

Thanks for listening and (hopefully) replying.


================================================
Paul D. Walker II
Division Manager, Computer & Network Support
The Moody Bible Institute