Security User Management

The Department of Information Technology categorizes security at four levels 1) physical, 2) device, 3) network, and, 4) Internet.  The one-to-one teaching and learning initiative focuses on three of these levels.  For the one-to-one initiative, the Department of Information Technology has implemented key measures to maintain a secure and reliable computing environment for teachers and students.  These include group policies, user credentials, undeletable Web browsing histories, remote monitoring and classroom management.  Together these elements help to provide safe, stable, and reliable access to computing tools.

BCPS will implement a security solution to minimize pranks and threats for materials that are printed on school property by including a footnote watermark that identifies the source device for all documents printed from a student’s device.  An antivirus product across elementary, middle, and high school grade levels will be installed on all devices.

Accounts for Windows devices and servers are managed through Active Directory (AD) integration.  AD is integrated with the Advantage HR system and the student information system (SIS) to maintain accurate account data.  Part of the verification process is to ensure the devices are issued only to valid employees and students.  Devices are not issued to staff or students who are not registered in the respective human resources or student information system.

Authentication for staff and student Microsoft Windows users leverages local, school-based AD servers to log into the device, as well as the student or staff server.  Students are prevented from logging onto the network with any account other than the account assigned to the student’s machine through machine policy.  Staff will log into their machines and staff servers similar to students, although their accounts are not restricted to specific machines.  Student and staff personal folders are created on the respective servers based on daily imports from AD and the SIS.

Authentication for elementary students to get onto the device is based on generic AD user conventions.  Students are automatically logged onto the student server and have access to the relevant school folder based on school location/file server credential.