It is best to raise a domain. You can even use samba without buying WinServer (and yes, AD will allow you to do much more and much cooler, so if possible, it's better to use it). Users should be centralized and trained to use a network drive for personal files.
I also had the experience of organizing a large fleet of computers in computer classes for programming olympiads. This is a very specific task of one-time use of the system, different from regular sessions. Unlike the 1990s and 2000s, when the number of development environments familiar to participants could be counted on one hand, nowadays dozens of different compilers and IDEs need to be installed. At the same time, all this should work stably for the Olympics. Even before me, VirtualBox was simply installed on all computers with a reference image, which was re-imported separately on each machine for each Olympiad (a fun activity is to run with a pack of flash drives and do it everywhere), but it was not very convenient, and it confuses the participants, that you need to do something there in the window of the virtual machine.
I prepared on all Linux machines, where a special user runs X without DE and WM with headless fullscreen VirtualBox with the target system from the image (Windows XP). The reference image of the machine itself lay on LVM, and an LV snapshot with the image was transferred to VirtualBox. Accordingly, before the Olympiad, instead of the default system, all machines were manually loaded into Linux, a script was performed from the server (ssh with a key) on all machines to recreate the snapshot, and then you could simply enter the name of the desired user. After the Olympiad, the snapshot could be recreated, having again received a clean reference system.
To the heap, I laid out the system itself and the reference image with udpcast over igmp, this noticeably accelerated the matter, even despite the unmanaged switches. For the first time, all this, of course, took a lot of time, but it was worth it. Most of the participants did not even know that they were working in a virtual machine :)

Ideally - a domain and VDI

If you do not want to bother, buy an inexpensive NAS that has a user-friendly interface and conveniently closes all your tasks. Some simple model, like Synology DS118 .
Get both a centralized storage without a headache, and the closure of all your Wishlist associated with storing files, you can give each person a folder, you can make shared folders, you can fumble resources even on a schedule, even on the Internet.
In order to prevent children from running everything themselves, it is only worth depriving users of administrative rights and password-protecting the administrative account. Any action that requires elevation will explicitly request an administrator password, which can be approached and entered manually. If you want to get confused, you can find cheap tokens on sale (for example,Yubikey : inexpensive, practical), which are inserted into USB and, at the touch of a button, fill the input field with a static string. The teacher has one such key, and passwords can be made even very complex - just so as not to lose the token.
As a container for applications, Sandboxie can be ideal - an open source development for solving exactly these problems.
The options for raising the domain above will undoubtedly solve all the problems, but these options will turn out to be noticeably more expensive (server, server OS, specialist who will set everything up, or a lot of time spent, if on your own). And with the budgets in the education system, they say, it's tight.