+ Post New Thread
Results 1 to 12 of 12
Windows Thread, Student Only Sees Own Files in Technical; Hi All. I am looking for a solution where I can map a drive for students and staff. I want ...
  1. #1
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Student Only Sees Own Files

    Hi All. I am looking for a solution where I can map a drive for students and staff. I want staff to be able to put files in for students to use (easy part). I also want students to be able to put files into the directory/directories (maybe one per teacher), but only see their own files. In this way we can avoid them changing other students work, cheating by reading other students work, e.t.c. .

    Is there a good way to do this without using "home directories" ala active directory? The computers are XP pro, and the file servers are 2008R2
    Last edited by goaliepride; 1st March 2011 at 06:49 PM. Reason: forgot to include XP/2008 reference.

  2. #2

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    You can set the permissions on the folder so that the Creator Owner has full control and use a group for all students to have only Read access.

    Regards
    Sukh

  3. #3

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,701
    Thank Post
    1,783
    Thanked 2,168 Times in 1,603 Posts
    Rep Power
    769
    Stuff for staff to give the students, assuming every student is allowed to see it, is easy in it's own folder.

    To be honest, the rest of what you are describing is email... I don't think it can be sensibly achieved on a shared drive without setting up a duplicate Home Drive structure or by giving staff access to actual pupil home drives. In my school, a primary, the latter is what happens, but in secondary schools this is often discouraged because the exam boards take a dim view and because students don't want staff routinel accessing their home drives as a privacy issue.

  4. #4
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,349
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    You can use a 'drop folder' style where the users only have write access not read? We have a student shared drive where staff can read/write and students can drop their work off in a folder which the teacher can then pick up.

  5. Thanks to Jamo from:

    goaliepride (2nd March 2011)

  6. #5

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    What if you create a shared folder for say a Maths teacher and called it Mr X. Then share this folder (change permission) and also set the permssions on the folder as Creator Owner Full control and create another group for the students with READ only access?

    Regards
    Sukh

  7. #6

    Join Date
    Jun 2005
    Location
    London, UK
    Posts
    115
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    20
    Access based enumeration.

  8. #7
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks everyone. I've created a main folder which everyone connects to.

    Main Folder (staff, change permissions. Students (apply to this folder only), Traverse folder / execute file, list folder / read data, read attributed, read extended attributes, read permissions.

    Subfolders created for each teacher. Students (Apply to: This folder and subfolders), same as above + , create files /write data.

    I'm going to try to write some powershell or something to script this too, but we'll see on that. The method is sound, though

  9. #8
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I've created a powershell script to do this for me. The teachers.txt has a list of teacher last names (the folders I want to create). The DontDelete folder has the correct permissions set on it, which I copy to the others. I found a few ways of doing powershell where it can set permissions I specify, but they kept seeming to overwrite each other rather than add (so replace, rather than edit) and it was bugging me so I went the easy but imperfect route. Enjoy!

    #Read a text file to know what folders to create
    $names = Get-Content "\\**Path hidden for privacy**\teachers.txt"

    #Count the names for future loop usage
    $nametotal = $names.length

    #The root folder for what we're going to create
    $root = "\\**Path hidden for privacy**\StudentTurnIn\"

    #grab the ACL for the folder we'd like to mimic the permissions of
    $templateacl = get-acl "\\**Path hidden for privacy**\StudentTurnIn\DontDelete"

    #For loop to create folders that don't exist and assign permission
    For($loopcount=0; $loopcount -ne $nametotal; $loopcount+=1) {

    #Find the name of the next teacher folder
    $currentteach = $names[$loopcount]

    #Add the root path to the teacher to create
    $folderinquestion = join-path $root $currentteach

    #test is the path already exists
    $pathexists = test-path $folderinquestion

    #Create the folder if it doesn't exist
    if ($pathexists -eq $False){New-Item $folderinquestion -type directory}

    #Set the new ACL
    Set-Acl -Path $folderinquestion -AclObject $templateacl -Passthru:$PassThru}

  10. #9
    goaliepride's Avatar
    Join Date
    Feb 2008
    Posts
    47
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Here's another version. I changed it so that it created folder for periods within the main folders. My teacher list also evolved to go "Last name (next line) firstinitial (next line) Last name (next line) first initial" and so forth. Our domains naming convention is firstinitiallastname, so by getting this I copy the ACL from my template folders, apply it to their folders, and then add them as full control to their folder. In this way I can prevent other teachers from accessing their stuff, or more likely, prevent some rogue student from logging on as his teacher and wiping everything every teacher has. Neat huh?

    #Read a text file to know what folders to create
    $names = Get-Content "\\bogusfs02\bogus-Students\StudentTurnIn\DontDelete\teachers.txt"
    #Count the names for future loop usage
    $nametotal = $names.length
    #The root folder for what we're going to create
    $root = "\\bogusfs02\bogus-Students\StudentTurnIn"
    #grab the ACL for the folder we'd like to mimic the permissions of
    $templateacl = get-acl "\\bogusfs02\bogus-Students\StudentTurnIn\DontDelete"

    #For loop to create folders that don't exist and assign permission
    For($loopcount=0; $loopcount -ne $nametotal; $loopcount+=1) {

    #Find the name of the next teacher folder
    $currentteach = $names[$loopcount]

    #Add the root path to the teacher to create
    $folderinquestion = join-path $root $currentteach

    #test is the path already exists
    $pathexists = test-path $folderinquestion

    #Create the folder if it doesn't exist
    if ($pathexists -eq $False){New-Item $folderinquestion -type directory}

    #Set the new ACL
    Set-Acl -Path $folderinquestion -AclObject $templateacl -Passthru:$PassThru

    #Create an array with the number of period at the school, including zer0
    $PeriodArray = 0..7
    #Count the length of the period array
    $periodarraytotal = $periodarray.length

    #Get the name of the teacher, and the username
    $lastname = $names[$loopcount]
    $loopcount=$loopcount+1
    $firstinitial = $names[$loopcount]
    $username = "$firstinitial$lastname"

    #Grab the current acl, add the user as full control, set them to the acl
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $acl = get-acl $folderinquestion
    $permission = "LOSAL\$username","FullControl", $inherit, $propagation, "Allow"
    $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule ($permission)
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl $folderinquestion

    #For loop to add the Period folders. Permissions are taken from inheritance
    For($perloopcount=0; $perloopcount -ne $periodarraytotal; $perloopcount+=1)
    {
    $currentperiod = $periodarray[$perloopcount]
    $periodfolder = "$folderinquestion\Period $currentperiod"
    $pathexists = test-path $periodfolder
    if ($pathexists -eq $False){New-Item $periodfolder -type directory}
    }
    }

  11. #10
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    895
    Thank Post
    206
    Thanked 343 Times in 238 Posts
    Rep Power
    92
    We have two mapped drives - DISTRIB and DROP.

    DISTRIB has full access for staff, read-only for pupils.

    DROP is a folder where pupils can save their work. Its done with CREATOR OWNER permissions:

    domain admins - everything
    staff - read/write/modify
    Pupil Group - write
    CREATOR/OWNER - read, modify (and write if you have to have it to get modify enabled)

  12. #11
    bondbill2k2's Avatar
    Join Date
    Jan 2011
    Location
    West Midlands
    Posts
    1,013
    Thank Post
    80
    Thanked 66 Times in 51 Posts
    Blog Entries
    2
    Rep Power
    42
    We have a few mapped drives

    Central resources- students have read permission only, staff have creator permission. This is used for stuff like spreadsheets or files they want pupils to have for a lesson.

    Pupil resources- This is located off the server on a NSbox and same permissions as central resources. Used to store stuff like pictures and videos (larger files) split into department folders

    Staff resources- Resources for staff only with creator permissions for staff members, also on NSbox and mainly used for large files again like videos and photos.

    Staff docs- On server with same permission as staff resources, contains more genral things like bulletins for staff, manuals and instructions for stuff, extra curric days, staff meeting minutes etc...

  13. #12
    Heebeejeebee's Avatar
    Join Date
    Nov 2006
    Location
    Intergalactic Cruise
    Posts
    1,050
    Thank Post
    68
    Thanked 75 Times in 59 Posts
    Rep Power
    34
    Quote Originally Posted by Slartibartfast View Post
    Access based enumeration.
    What he said !!

    Works brillilantly.

    HBJB

SHARE:
+ Post New Thread

Similar Threads

  1. Staff/Student Remote Access to Files
    By DanW in forum How do you do....it?
    Replies: 11
    Last Post: 9th June 2010, 02:21 PM
  2. Student uploading of files from client to server
    By gdoyle in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 5th January 2010, 05:10 PM
  3. Using DFS for student files - W2k3
    By Michael_84 in forum Windows
    Replies: 9
    Last Post: 26th June 2008, 09:24 AM
  4. Mapping a drive to student files on CC3
    By reggiep in forum Network and Classroom Management
    Replies: 2
    Last Post: 8th May 2008, 10:08 AM
  5. Monitoring of Staff and Student files and emails
    By mark in forum School ICT Policies
    Replies: 12
    Last Post: 12th July 2005, 12:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •