Thanks Jonny and Timbo, glad this has helped
Thanks Jonny and Timbo, glad this has helped
How I've done it, and if I do say so myself it's pure genius.
a single user account runs a vb script that will map unique userareas based on a 10char code entered.
1. a single standard pupil account with no user area, own login script
2. hidden shared folder that account has full control off in permissions and share
3. login script:
4. script to create the foldersCode:'on error resume next Dim fso, msg Set fso = CreateObject("Scripting.FileSystemObject") Set objNetwork = CreateObject("WScript.Network") Set objShell = WScript.CreateObject("WScript.Shell") Do until completed=true foldername = "" Do until foldername>"" foldername=inputbox ("Enter Code", "Controlled Assessments") loop fldr = "\\server\share\" & foldername If (fso.FolderExists("s:\")) Then objNetwork.RemoveNetworkDrive "s:" If (fso.FolderExists(fldr)) Then objNetwork.MapNetworkDrive "s:", "\\server\share\"&foldername If (fso.FolderExists("s:\")) Then ret=msgbox("Connected", 64) completed=true else ret=msgbox("userarea failed", 48) completed=false end if Elseif (fso.FolderExists(fldr) <> true) then ret=msgbox("Code not found!",48) completed=false End If loop
5. things to take care ofCode:function createcode stringlist="abcdefghijkmnpqrstuvwxyz" count=0 code="" do while count < 10 upperbound=len(stringlist) lowerbound=0 pick=Int((upperbound - lowerbound + 1) * Rnd + lowerbound) if pick=0 then pick=1 end if 'wscript.echo pick getletter=Mid(stringlist,pick,1) code=code & getletter count=count+1 loop createcode=code end function '================================================== 'START Const ForReading = 1, ForWriting = 2 Dim fso, f Set fso = CreateObject("Scripting.FileSystemObject") Set objArgs = WScript.Arguments bob=0 if objargs.count < 1 then wscript.echo "Specify how many accounts you want" wscript.quit end if filename="c:\codelist" & int(objargs(0)) & ".txt" Set f = fso.OpenTextFile(filename, ForWriting, True) randomize do until bob = int(objargs(0)) codename=createcode f.writeline codename wscript.echo codename bob=bob+1 'wscript.echo bob folderpath = "\\server\share\" & codename 'wscript.echo folderpath Set g = fso.CreateFolder(folderpath) loop f.close
---skip normal login script (stop resource drives being connected)
---prevent internet access
6. teachers responsibility to allocate and keep records of which kid uses which code
7. technicians responsibly to change the login password before and after each session & run the script to create the codes.
We have a different account for users to use for Controlled Assessments here too but we only have 1 which is used for all departments. Well thats the way its been configured/planned but currently only 1 department uses it.
BTW do ppl still want a way to set when accounts are available for a specific time period. I've only skimmed so i may have missed it (if i have sorry) but the way we do it here is that the teacher at the start of the lesson sets the account expire date using the hta i developed. It uses the following code to set when accounts will expire and this can define exact time and date:
Code:Set objUser = GetObject("LDAP://cn=Name,ou=OU,dc=Domain,dc=com") objUser.AccountExpirationDate = #15/10/2010 10:28# objUser.SetInfo
We had controlled assessment the other day for English. However my exams officer did not as me to set anything up at all?
tmcd35 (19th October 2010)
@kili: just wondered, do you currently run this solution for multiple departments/subjects? or just the 1.. Also i assume you have a restriction in regards to shared folders e.g. mapped drives, and can i just clarify that they still have access to any documents within their home directory while in 'Controlled Assesment' i.e. they can read document/files that exist there already.
Just a thought which may make it easier is to create a new security group in ad and set them to deny permissions to the home directory but grant permission to the controlled assessment folder within the home dir. That way instead of editing the ntfs permissions on folders you just add and remove users from the group, much like how you move them to the OU with the internet restriction.
Very interesting reading! We've gone through the same processes. However, I don't understand the subjects that require internet access. How can that be controlled? At first, it's easy for the student to upload their work to an e-mail/file storage site, work on it at home and then come back the next lesson to download it. Especially if the teacher isn't so "IT savvy" and doesn't pay attention at the end of lessons. We've questioned this time after time, but our exams officer just says that's the exam boards rules.
I'd recommend creating a suffix and then numbering the accounts. This way, you can log the account numbers in a spreadsheet. For example; ICTCAB001. We can then segregate them into different class groups and also put them in correct OUs so you can lock down accounts using the logon hours function. Saves me having to enable and disable them all the time!
When in a controlled environment they don't have access to any other folders within their home folder they only have access to the controlled folder , access is denied to all other folders or folders on any other mapped drives for the period of the lesson. When the lesson is over permission is auto scheduled to deny access to the controlled folder and grant them access to their home folder files and mapped drives.
@kili: Figured thats what happens, i do think using group permisisons would be quicker/easier though (instead of setting file permission all the time)
@Tunster: Ref access to internet, yeah tell me about it. I've flagged this but they're just ignoring it. Havent yet found a way to block uploads and downloads. With accounts though, are you suggesting a different account for each subject/policy(some subject want certain restrictions sometimes but not others so have more then 1 policy)?
There are currently 1 users browsing this thread. (0 members and 1 guests)