Student password compromised by another student
126 views
Skip to first unread message
Dave Rudy
May 23, 2024, 12:46:45 PM5/23/24
to GAM for Google Workspace
We have an issue some students have had their passwords compromised by another student or students and they are editing their google docs to say explicit things. Is there a query that can be used to see the serial number of the device that modified a google doc? We are not sure if the student or students doing this is logging into their device with the compromised accounts or if they are just opening another google docs instance with the compromised account information. If it is the former, checking the compromised user's accounts against device's recent users list will probably suffice but if it is the latter, I am not sure how that would be deduced.
Thank you,
Dave
Just Wild
May 23, 2024, 1:07:32 PM5/23/24
to GAM for Google Workspace
Hi Dave.
Here it is important to understand that if you do not have mdm enabled in advanced mode (before entering the account on a personal device requires installing google device policy or plugin for chrome) - In the Google console in principle will not be displayed serial numbers.You can try to see the list of devices in the admin panel that were used to log in to the compromised account (and it will be clear whether you can see the serial numbers at all). Then you can see who else has logged in from this device.
The Google panel logs themselves only show the ip from which the changes were made (without information about the device). so I'm not sure that gam will be able to get more information.
The Google panel logs themselves only show the ip from which the changes were made (without information about the device). so I'm not sure that gam will be able to get more information.
четвер, 23 травня 2024 р. о 19:46:45 UTC+3 Dave Rudy пише:
Dave Rudy
May 23, 2024, 1:13:12 PM5/23/24
to GAM for Google Workspace
Thank you for this information. Unfortunately the IP address that is logged for all of the machines on the school network is the gateway IP which is unhelpful.
✉ Kevin Melillo
May 23, 2024, 1:13:37 PM5/23/24
to google-ap...@googlegroups.com
Depending on the amount of logging you have internally you may be able to map IP addresses to MAC addresses. If this is possible, then it may be possible to track down the machine used to log into the account. Unless you have very observant teachers at this point, you may not be able to tell which student in the class was using that workstation.
Good luck!
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/85af557f-9a5c-487a-9bb4-48a7fe469dadn%40googlegroups.com.
Dave Rudy
May 23, 2024, 4:45:09 PM5/23/24
to GAM for Google Workspace
Thank you.
Trent Watson
May 24, 2024, 4:16:40 PM5/24/24
to GAM for Google Workspace
If they are using a managed Chromebook you could query the user to see what devices they have used and compare to the device they should have if you have an asset management system.
Reply all
Reply to author
Forward
0 new messages