Okay, so I am the tech intern at a High School (i'm fairly new to the job and would consider myself pretty tech savvy) and we recently received a large grant to buy MacBook Airs (11-inch, Early 2015) for all of the students. To put it simply, we locked down the MacBooks tighter than a maximum security prison. The users startup keys have been disabled, so any form of boot mode is out (just in case we put a firmware password on all Mac's). We blocked them from accessing many of the System Preference areas (everything but Dock, Trackpad, Desktop, Printers & Scanners, Sound, Notifications, General, App Store, Accessibility, and Internet Accounts) and a majority of the ones they can open are password locked. We have LightSpeed installed on the computers (so its a portable filter rather than just on our internet ((a side note is that LightSpeed blocks of all communication if it cannot find internet), and FileWave to push new updates whenever needed. We also have Remote Connection to all the Mac's so it's possible to monitor and control all of them from one computer. In spite of all these precautions, our cadets say that they are seeing other students downloading, opening, and installing programs on their Mac's (which should not be possible) They also have seen others getting on applications such as Terminal and Disc Utility. It would be very much appreciated if you could tell me how these students are doing this, and how to further block them from doing this. Thank You! Below is an attachment of what the students see on the System Preference menu.