Background info:

I help administer a small lan which is used for teaching.

It is 20 PC's and a small server which hosts all the home directorys, tools and reference library that is required for the course.

Each student is given a local username which utilises roaming profiles and doesn't store a local profile (unless they disconnect from the network that is).

All accounts are heavily locked down and access to command prompt and executing batch files is prohibited.

Each Student has access to Excell, Powerpoint and Word.


Utilizing macros i am able to open cmd prompt and then browse the local HDD (which should be impossible with the policies in place) and this got me thinking of if this could be used as a stepping stone to escalating their privileges.

Would any of you guys know of a way that this could be used to exploit the lan (be able to map the network HDD's for example) and if this is possible what steps could i put in place to isolate the possibility. I am currently working on locking down the macro opening but unfortunately macro's are required in order to open some of the larger databases so the problem may have to stay there and pray no student finds it.

The code used in the macro is very simplistic:

'execute EXE file
    Shell "CMD /K ", vbNormalFocus
End Sub
The above macro open cmd prompt on my limited accounts using all office programs.