Students are beating restrictions on System Preferences that have been imposed by Configuration Profiles.
Essentially, they put a copy of System Preferences into any location (sometimes hidden) in their home folders. They will usually rename the app. After Showing Package Contents, they delete /Contents/Resources/NSPrefPaneGroups.xml.
This copy of System Preferences has no icons visible, but going to the View menu shows that they are all there, with no restrictions.
We are struggling to find a solution for this. We tried creating a query for any user folder containing a file with the extension .app, but that returned just about every computer.
The challenges are:
1) The Unrestricted System Preferences app is in a random folder on each machine.
2) The app could have anything as its name.
3) Even if we could find it and delete it, the student could easily repeat the process.
I don't want to completely block System Preferences, but this seems like the only option at this point.