Zen 7 latest sp
NW 6.5 latest sp
Client 4.91 sp4

I recently discoverd that a small group of students figured out that they
can bypass their "student" user policy at login by unplugging the patch
cable immediately after entering their login info and clicking the OK button
on the login screen. Since their restricted policy doesn't load, they have
full access to things that are normally restricted, including the browser
proxy settings. The small group with this knowledge is quickly growing, so I
need to get this fixed quickly.

What are my options to plug this security hole?