In our DLU policy we have all students set as Administrators then we lock them down. As it is, the c drive is hidden, but not blocked and student cannot "normally" get to the c drive. However, if they click on a link that opens Windows Explorer to something like C:\Docs and Settings\Username\My Documents\Folder, they can use the "Folder Up" button to keep clicking Up the structure until they are at the root of C. From there they can get into the Windows dir and mess up the Group Policy's so the computer will be open. I *think* they are just deleting the Group Policy folder or something similar.

From what I can remember during our testing, we need the students to be administrators locally as well have the C drive not being blocked. Otherwise, applications that we use throw errors and dont work correctly.

Does anybody have any thoughts about how to keep them from doing the above stuff?