Verify who made/modified a doc

[Stephen Bloomer]

we have a problem with students sharing each others work
during tests. With OfficeXP and VB6, is there a way of
proving who has worked on an document/project? The
standard properties canbe changed!

 

[Rob Schneider]

I'm sure there is a way, but not perhaps in the way you suggest.

Can you elaborate more on what the problem is, how they overcome the
existing control measures, and what your 'wish' is?

Simplistically ... is it necessary to have network (presumably?) running
during test? I assume you have made rules about no cheating known and
have enforced it (expelled the ones found cheating, for example?)

Students should learn that cheating is unacceptable even if possible to
easily do. Putting up too many inadequate technology-based controls to
try to prevent cheating doesn't enable that learning, nor will it stop
cheating.

Hope this is useful to you. Let us know.

rms

 

[Guest]

we are running a W2k server AD network with XP sp1
desktops. We have, on occcations disconected network
drives and disabled email for short tests. But we have
some tests that go over serveral days (1.5 hours per day
for three days etc) and we have found a couple of students
who swapped files between classes. we then tried getting
the students to save all work in a folder and between
classes, changing the permissions on the folders. The
problem with this is that the IT Teachers do not have
enough knowledge to enable them to change the properties
themselves and as I am the only Tech, I do not have the
time to do it for them. This problem is mainly with Word
2002 and VB6, which are the programs used on the extended
tests.
we have cought some, as the Author in the properties box
showed the other students details, but they now haw to
change those details.
I was hoping that there was a way of opening the files
with diferent software which would reveal details of which
users made and worked on the files.

 

[VManes]

When viewing a folder in Details view, you can add other columns of
information - one of which is file Owner (as distinguished from author,
which you point out is easily changed.) Would this be helpful?

(I don't have a system available with multiple people's files available to
me till Tuesday, so I can't verify this.)

Val
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
www.sdsmt.edu
The best little engineering school you
may not have heard of, but should have!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

we are running a W2k server AD network with XP sp1
desktops. We have, on occcations disconected network
drives and disabled email for short tests. But we have
some tests that go over serveral days (1.5 hours per day
for three days etc) and we have found a couple of students
who swapped files between classes. we then tried getting
the students to save all work in a folder and between
classes, changing the permissions on the folders. The
problem with this is that the IT Teachers do not have
enough knowledge to enable them to change the properties
themselves and as I am the only Tech, I do not have the
time to do it for them. This problem is mainly with Word
2002 and VB6, which are the programs used on the extended
tests.
we have cought some, as the Author in the properties box
showed the other students details, but they now haw to
change those details.
I was hoping that there was a way of opening the files
with diferent software which would reveal details of which
users made and worked on the files.

 

[Rob Schneider]

Given that the tests can go on for several days and presumably this
would give ample opportunity for the students to "collaborate", I can't
think now of any technology-based solutions here. Everything I've
thought of in the last few minutes can be easily defeated by the
committed cheater (or is too expensive/complicated to mention).

Even if you had them store their files into their own private folders
(which maybe you should do anyway), they could share ID's and passwords
(even though that normally is forbidden by *policy* in most
organisations) and masquarade as someone else.

I'll give this some more thought, but I recommend you think through this
issue with wisdom from Bruce Schneir, a world-renowned security expert
in his book "Beyond Fear":

Step 1. What assets are you trying to protect?. To define the scope of
the problem.

tep 2. What are the risks to these assets? What is being defended, what
are the consequences if it is successfully attacked, who wants to attack
it, how they might attack, and why.

Step 3. How well does the security solution mitigate those risks?. How
the solution interacts with everything around it, evaluating both its
operation and its failures.

Step 4. What other risks does the security solution cause? Addresses the
unintended consequences. What new problems are created?

Step 5. What costs and tradeoffs does the security solution impose? Most
security costs money; but other trade-offs may be more important
(convenience, issues involving basic freedom, privacy, etc.).

My best hunch. Change the tests. Make it so that *collaborations* is
not only possible, but encouraged. May teach the people how to work
together. That's more like real-life than normal examinations are anyway.

Another idea: don't use Word and VB6 in exams. Use something else to
test whatever it is you are trying to test.

Hope this is useful to you. Let us know.

rms

 

[Stephen Bloomer]

We know that we can not stop it totaly, but we need to at
least make it dificult and encorage them to do there own
work.

File ownership gets removed when emailed or stored on a
FAT drive etc, so that does not help. what we need is
something embedded into the files itself. e.g. open up
the normal.dot file using other software and adding in
some lines of code that will cause it to store the users
details who work on the file. If it was in the normal.dot
all files created afterwords would include the code.

 

[Rob Schneider]

Don't use FAT. Easy to convert to NTFS and it's more secure and reliable.

If you don't have already, use individual private file space on server.
Maybe use logs on server to detect suspicious logins. Only allow log
ins from the room where the exam is held and have a teach watching all
the time, including intial login (then check log tomake sure no
additional log ins by anyone else).

Use Word to put stuff into normal.dot.

What you are talking about doing sounds like a computer virus. I
recommend you not take this route. I also doubt it would be effective at
all. Even if you could figure out a logic to implement, it can be
over-come in trivial ways.

I don't see technology solution here. I see whre you could build or buy
a more secure testing environment but that way to complex and too
expensive considering the risks.

Something else should be the control, I feel. Good luck.

 

[Stephen Bloomer]

All my systems are on ntfs, but usb drives and floppy
disks remain FAT

Thanks for your help. I think I will have to handball it
back to the Teachers.

Steve

 

[Bob I]

Since they submitted the work as a shared effort, the points awarded for
the work should be divided appropriately among the said students.
Unfortunately a "B" divided by 4 equals "FFFF"