1. Unlocked, generic user accounts: for simplicity’s sake several generic accounts exist so students who forgot their passwords can log in and take online exams without wasting anyone’s time resetting their own password. However these credentials get out in the open and the students use them to surf with (some) anonymity later in the day. Solution: lock those accounts when they’re not in use, and limit the workstations they can log in to.

2. Software that requires elevated privileges. Even some newer software required “Power User” or “Administrator” privileges, including AutoDesk Design Academy 2008, which is key where I work. I hate giving users more elevated privileges than they deserve, but I haven’t found a good solution to this problem yet. Which leads me to…

3. Unneccessary users in the Administrators group. We used to allow our teachers to install their own software, but we’ve remove them from the Administrators group on their workstations for abusing this in two ways. They innevitably end up filling their computer with spyware and junk applications. And on top of that, they use their admin credentials to install software that our school doesn’t have rights to, putting us at risk for fines and lawsuits.