+ Post New Thread
Results 1 to 13 of 13
O/S Deployment Thread, Building safe environment for coding in Technical; This posting could go in one of many of the forums, but this one may have the best-informed readers. I ...
  1. #1

    Join Date
    Jun 2008
    Location
    Barnet
    Posts
    113
    Thank Post
    30
    Thanked 11 Times in 7 Posts
    Rep Power
    14

    Building safe environment for coding

    This posting could go in one of many of the forums, but this one may have the best-informed readers. I hope.

    I've spent much of the last few weeks trying - and, on the whole, failing - to get an environment together allowing older students to program i.e. create and run arbitrary .exes without it being too easy for them to trash the computer or network. I've gone through a few iterations:

    1) Use a separate partition. I used MDT 2010 to apply a custom image to a second partition on our Win7 clients. The custom image was off-domain and I'd blocked access to the 'main' partition and applied other restrictions using local policy. The end of the custom image deployment task sequence ran bcdedit to give the new partition a distinctive name. A startup script on the school domain made the currently-running OS the default. In other words after installing the custom image all I had to do to make that image non-default was to force a boot into the main partition then a GPO would make sure that that became the default image.

    This worked, and performed, well, but then MDT 2012 came along and I can no longer get it to install into a second partition without trashing the main one. I'm sure it can't be that hard to do, playing with the diskpart script, but I gave up.

    I tried investigation MDT-created VHds, but gave up on that one, too.

    so, plan 2) Use virtual machines

    I built an off-domain image into a VM and tried that. the first discovery was that MS Virtual PC needs virtualisation support, and the systems in the ICT rooms lacked it. OK, let's try VirtualBox. Next problem: not enough memory. OK, added a few gig to each device. This worked for a few weeks until Windows needed to reactivate itself against our KMS server. It failed. My assumption was that it was because the VMs were all cloned. I didn't want to push a newly-syspreped image out as the students would get lumbered with the OOBE, so that meant try something else.

    3) Push out an empty VirtualBox machine and disk, then perform an MDT build into it. The image is on-domain but disposable, as a VM, and access to almost everything has been blocked by: blocking GPO inheritance; loopback processing and new GPOs where needed. The problems: PXE boot and network access is slow. PXE boot fails when there's even the slightest hint of a load. It took me from 4.30 to midnight to install the VMs in 9 machines. That leaves me 33 to do. Worse, it takes the students forever to log on twice (once into the physical; once into the virtual). In fact it's not usable.

    So now I need plan number 4, but don't yet know what it is.

    What do (would) you do?

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,974
    Thank Post
    584
    Thanked 1,021 Times in 786 Posts
    Blog Entries
    15
    Rep Power
    465
    Search for virtualbox on these forums; there's some good solutions around (if I do say so myself!) that work really, really well.

  3. Thanks to synaesthesia from:

    Rawns (10th October 2013)

  4. #3

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,696
    Thank Post
    335
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    We're using it with Virtualbox. Deploying premade Ubuntu image. So no activation (No network access at all on the virtual machine), just one shared folder that directly links into the machine through Virtualbox.

    Teachers may not like the fact it's Linux, but without them paying for a lot of Windows licenses, and issues like activation it seems easiest way. And it's not hard to learn, especially if you premake the image with shortcuts to the programs etc.

    Steve

  5. #4

    Join Date
    Jun 2008
    Location
    Barnet
    Posts
    113
    Thank Post
    30
    Thanked 11 Times in 7 Posts
    Rep Power
    14
    Quote Originally Posted by Steve21 View Post
    We're using it with Virtualbox. Deploying premade Ubuntu image. So no activation (No network access at all on the virtual machine), just one shared folder that directly links into the machine through Virtualbox.

    Teachers may not like the fact it's Linux, but without them paying for a lot of Windows licenses, and issues like activation it seems easiest way. And it's not hard to learn, especially if you premake the image with shortcuts to the programs etc.

    Steve
    I foresee one problem - running VB under Linux!

  6. #5

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,696
    Thank Post
    335
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    Quote Originally Posted by birchanger View Post
    I foresee one problem - running VB under Linux!
    Didn't see any mention of visual basic?

    Steve

  7. #6

    Join Date
    Jun 2008
    Location
    Barnet
    Posts
    113
    Thank Post
    30
    Thanked 11 Times in 7 Posts
    Rep Power
    14
    I didn't mention any technology, but assumed that .exe creation would be considered likely.

    Thing is, the dual-partition method worked well, until someone went and installed MDT 2012. My latest solution - domain VirtualBox VMs being built by MDT - meets the required functionality but won't bloody well build from the network, and is too slow. Everything I try nearly works except for something biting me in the bum.

  8. #7


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    We just gave them administrator rights on windows machines over ovirt. Reboot == clean machine.

  9. #8

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,974
    Thank Post
    584
    Thanked 1,021 Times in 786 Posts
    Blog Entries
    15
    Rep Power
    465
    Don't do that!
    Local virtual machines, not anywhere near the network. That would increase things to go wrong on the network, increases network accounts. Pointless.
    Local machine, no network connection, just a shared drive (set up by vbox itself) to connect to the users home drive (which it does via the host again not touching the network).

    If you want to play safe, immutable hard drives on the guest so anything they do is wiped when they shut down the guest. As said, do a search on here and there's walkthroughs on doing it.

  10. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by synaesthesia View Post
    Don't do that!
    Local virtual machines, not anywhere near the network. That would increase things to go wrong on the network, increases network accounts. Pointless.
    It's fine. Put them into a Firewalled "Student PC" network with really limited access, no network accounts and *much* easier to manage than local VM's.

  11. #10

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,974
    Thank Post
    584
    Thanked 1,021 Times in 786 Posts
    Blog Entries
    15
    Rep Power
    465
    Manage them? What for? Immutable disks, put them in place, don't ever touch again!

  12. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by synaesthesia View Post
    Manage them? What for? Immutable disks, put them in place, don't ever touch again!
    You might need to do things like install software, patches or even replicate them for others to use.
    An example is that we can let anyone in the school access the VM from wherever they are, it is quite neat - plus I don't need to go around to each machine to install the VM.

  13. #12

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,974
    Thank Post
    584
    Thanked 1,021 Times in 786 Posts
    Blog Entries
    15
    Rep Power
    465
    Ah, fair enough. We don't have the server grunt for that No need to patch the machines as they're offline and sole purpose here. Half an hour job to install software to the image and push it back out to the machines that run it which is the only real downside.

  14. #13

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by birchanger View Post
    What do (would) you do?
    Linux server, integrated with Samba and complete with separate home folder for each pupil, for pupils to log in to via SSH or Remote Desktop.

    Edit: sorry, for some odd reason I didn't see the rest of the thread - a Linux machine might not be suitible for what you're trying to do. I think there's a c# implemenation available for Linux, I'm not sure about Visual Basic.
    Last edited by dhicks; 11th October 2013 at 08:50 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Amazon builds Windows tool for sending files to Kindle
    By Arthur in forum Netbooks, PDA and Phones
    Replies: 3
    Last Post: 25th April 2012, 12:39 AM
  2. Word always enters safe mode for one user
    By sidewinder in forum Windows
    Replies: 11
    Last Post: 29th January 2009, 07:09 PM
  3. Problem after RIS image with Macromdeai asking for code?
    By Kyle in forum Educational Software
    Replies: 7
    Last Post: 29th November 2007, 10:51 AM
  4. Building an MSI for SmartNotebook
    By nicholab in forum Windows
    Replies: 7
    Last Post: 11th May 2007, 02:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •