My solution to Homework Submissions
The following maybe of some help to administrators / teachers trying to configure HAP+ for Homework. Iíll try to keep this updated as I refine it, sorry if itís a bit long winded.
Just some background,I work at a school in Bangkok, and I am both the IT admin for my departments private network and a computer science teacher, which is both a blessing and a curse. I have been working on testing the below over the past few weeks, and collecting feedback from students and teachers via questionnaires.
Teachers want to distribute files / handouts to students outside of class time, have the students complete the work digitally (or scan / photograph work), then upload it through HAP+ so it can be marked. Teachers want specific folders that they can create in a homework drive and for students to be able to list all the files in the folder and upload their files. However, they do not want students to be able to change it / delete it once uploaded, and they also donít want student getting access to the other files.
The HAP+ setup
∑ Create a drive in HAP+ called homework mapped to a network share (mine is \\server\Homework).
∑ Give both students and teachers Read/Write access in the HAP+ admin panel.
The Share Setup
∑ Create a folder on your file server called Homework.
∑ Share this folder to both the Teacher Group and the Student Group. At this point give them both read/change access.
∑ Right click on the folder and set up the NTFS permissions. This is the important bit. I have 2 groups, one called Teacher and another called Secondary. The permission for those are as follows (I did this in the standard permission box on the security tab, but if you have issues with inheritance you may need to use the advanced section, removing inheritance and adding System, Administrator, Teacher and Secondary):
o Teacher Ė Modify, Read and Execute, List Folder Contents, Read, Write
o Secondary Ė List Folder Contents, Write
With the above setup, teachers see the Homework drive like any other drive they have read/write access to. Students can see the drive, enter it, see folder but not list any of the files. They can upload, but get no confirmation that it uploaded, nor can they check without trying to upload it a second time, which they receive an error that the file already exists.
Fixing the file listing so students can see the files
This took me a long time to figure out, but the reason why students donít see any file listed is due to Access-Based Enumeration. Windows handles sharing / NTFS permissions with this switched on by default. As I understand it, with this enabled Windows will hide files that donít have Read Access. Itís a nice security feature, but after testing multiple homework submissions and getting feedback from my students, they all complained about not being able to see files, and check if the upload worked.
So, to disable access-base enumeration and list all the files in HAP+, simply:
1. On the server, go to Server Manager -> Roles -> File Services -> Share and Storage Management.
2. Find the share you want to adjust, in my case Homework.
3. Right Click and select Properties. On the first tab (Sharing), select Advanced.
4. Uncheck the box labeled ďEnable access-base enumerationĒ.
5. Click OK, and the effect should be instant.
Now when students log into HAP+ (or if they have a mapped homework drive) they can list all the files, upload their homework, but still canít download / copy / delete / edit them.
The file manager in HAP+ responds oddly to this. Because it can see the files, you still get the context menu listing download / Zip / Delete. Zip and Delete just donít work and give the standard red error bar. However, if a student selects Download, you are presented with a nasty error page (see attached). I am hoping this is just a small issue with HAP+ that can be fixed, but my students are just happy we can list files and submit.
I am no security expert, but I can only imagine that Access-based Enumeration is enabled by default for extra share security. I am using a very specific share only for homework, so I canít really see how I maybe exposing a security hole. But there is always the possibility.
We found a nice way to check for plagiarism as well. When the file is uploaded through HAP+, it gets stamped with a creator because of HAP+ virtualization. So as I get my students to upload files with a filename of their student ID, if I think they got their friend to complete and upload their work for them, I can always right click on the file in explorer and check who created it. Admittedly this only shows if someone uploaded it for them, but the illusion of control in teaching is sometimes very effective.
A couple of teachers have asked by returning homework once it is marked. Right now we use another drive with Read Only permissions to store this stuff. The majority of the time it wouldnít matter if students see each otherís work after it has been submitted and marked. But there is always an exception (like multiple classes at different stages in learning) where access only to the specific student might be needed. I am working with testing a solution / power script with a teacher where they can adjust the individual file permissions in batch with zero technical knowledge.
Hope this helps people in the homework situation. I know HAP+ has a homework script in development, but itís not ready and also adding individual students to a homework category can be laborious (especially as I have 300+ students spread over 11 classes) .