G
G
Gleb868989642021-01-24 10:45:24
Remote access
Gleb86898964, 2021-01-24 10:45:24

Building VDI at school! What is the most convenient way?

Launched a terminal server on Windows Server 2012 in beta mode. At first everything went well, but then the falls began with a regularity of once a week. Often the personal files of teachers were leaked, once the address of one teacher was burned. There were also attempts to launch viruses on the server.
We moved to Windows Server 2019 (we tried to launch the electronic manual there for 2 weeks, until I demolished Microsoft Flash Player and installed the normal Adobe Flash Player) and the problems did not go away. While everyone is studying full-time and the server is mostly idle, but there are connections, which means security problems.
Server Purpose:Running programs that use legacy technologies such as: Adobe Flash Player, Adobe Shockwave Player+Macromedia Authorware Web Player, Microsoft Silverlight. Launching computer programs and computer versions of sites, for those who have a smartphone or just Windows XP.
Server tasks: Provide students with access to Windows programs and an HTML5 browser using an RDP client or using a browser. Provide teachers with full access to the personal profile terminal session with the ability to store personal files in network folders and prepare practical work for students. Provide the opportunity for the school principal to intervene in the educational process at any time.
Work criteria:Security and clear separation of access rights. The student can only run certain programs and have access to files authorized by the teacher or other trusted person. The student can NOT read system files and personal server administration files. The teacher, although he has a full-fledged session and can run any programs (there are also nuances here), BUT does NOT have administrator rights.

How to implement everything yourself? What guides and instructions to use? What software is required? How much will it all cost?

VDI
VDI - Virtual Desktops Infrastructure

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Drno, 2021-01-24
@Drno

Hire a normal system administrator, at least one-time to set up all this stuff.
Smart students/teachers don't have the banal practical experience and skills that this requires.
I would do for students - RemoteApp for each program.
For teachers - full rdp session.
To separate access to files, move the files that need to be shared to a separate disk / folder, then set the rights for the corresponding user groups by subfolders inside.
Student accounts will have access to system files, otherwise they simply won’t be able to log in remotely ...
Another thing is that they can cut the rights to a minimum so that they can not change anything

R
ru6ak, 2021-01-24
@ru6ak

More than half close when students (and teacher too) are users (no administrators or power users) and SRP. The rest is shared folders, and access rights (all rights to groups, not users, for ease of management. ). All this is done without a domain through local policies.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question