I'm proposing re-writing the entire ACL.
If you want to block access from 189.0 network to the web and the rest of the WAN, then you do a src 189.0 with dst any and the ACL is out.
However, you also want to RDP and Dameware that subnet from your main school office. You need to have a permit on that ACL before the above deny with src/dst specific networks.
I also see you have some udp 53 being allowed from that subnet's servers. Your ACL would look like this.
access-list 110 permit ip 10.100.189.248 0.0.0.7 any
access-list 110 permit tcp 10.100.189.0 0.0.0.255 eq 3389 any
access-list 110 permit udp 10.100.189.0 0.0.0.255 eq 3389 any
access-list 110 permit tcp 10.100.189.0 0.0.0.255 eq 6129 any
access-list 110 permit udp host 10.100.189.250 any eq domain
access-list 110 deny ip 10.100.189.0 0.0.0.127 any
access-list 110 deny ip 10.100.189.128 0.0.0.63 any
access-list 110 permit ip any any
interface Serial0/0
ip access-group 110 out
HTH,
__
Edison.