Are the student sessions virtual/remote desktop sessions? If so try enabling multi session mode (https://docs.veyon.io/en/latest/admin/reference.html#refmultisessionmode) and try the NetworkDiscovery add-on with session scanning enabled so it will access the Veyon Server instances at ports 111XX instead of 11100 only (which is the console session). BTW we'll publish a tutorial on how to work with remote/virtual desktop sessions in a few weeks.
@josch I don't know exactly how VMware works in your environment. Does it provide remote desktop sessions? If so, you could try enabling the multi session mode (https://docs.veyon.io/en/latest/admin/reference.html#refmultisessionmode) so Veyon Service will start Veyon Server instancs for each user session. The sessions can then be accessed by appending the corresponding port number (111XX) to the host address.
There isn’t a way in Windows 7 or Windows 10 to intercept a pending sleep state to run code before entering sleep mode. You can configure a scheduled task to run on the detection of a sleep event but the action to perform (Veyon update) happens not prior to entering a sleep state but actually occurs immediately after the computer wakes. So there could be a significant time delay between when the update is queued and when the update is actually performed.
I’ve not attempted to update Veyon with the master open but once the master computer exits sleep mode veyon-master.exe would likely still be in memory so it might be necessary to end the process. You could do this by the scheduled task I mentioned or as part of another update procedure.
Is the affected group name somehow special? What happens if you do not configure computer filters? Can you alternatively try to install Veyon 4.5.1 and replace libldap-common.dll in the installation directory with https://github.com/veyon/veyon/releases/download/v4.5.1/libldap-common.dll (make sure to stop the Veyon Service and any Veyon-related programs such as Master or Configurator before). It contains a minor improvement which might change the behaviour.
If it does not help, please change the log level to "Debug", stop Veyon Configurator, remove C:\Windows\Temp\VeyonConfigurator.log, start Configurator again and click the List all entries of a location button and enter the name of the affected group/location. Afterwards paste the content of C:\Windows\Temp\VeyonConfigurator.log so we can have a look at the related debug messages.
No it's not a problem To use Veyon with RDP sessions you have to enable multi session mode (https://docs.veyon.io/en/latest/admin/reference.html#refmultisessionmode) and access computers via the corresponding network ports, e.g. add computers with hostname "192.168.....:11101" to access the first RDP session, "192.168.....:11102" for the second RDP session and so on. Make sure to use Veyon 4.5.1 or a newer version. When working with RDP sessions it's recommended to use the NetworkDiscovery add-on which can also scan for sessions and provide them in Veyon Master dynamically.
I may have misinterpreted the question from the original post.
If I understand, the question is what are the steps to block all websites except for one.
To my knowledge there is no native facility within Windows to block websites by name aside from Hosts file entries. Windows Hosts files by current design do not allow for wildcard URI delimiters, so blocking all websites by name would prove a bit impractical.
Since most employees who oversee computer labs do not have management access to their employer’s DNS, DHCP and proxy resources one simple alternative to accomplish the task at hand is to implement an intermediate DNS server. The idea is to intercept and filter DNS lookups.
One such self-hosting DNS server/forwarder is the open source server Technitium.
You will be prompted to set the Technitium admin account password.
The DNS server console will open as a page containing a series of tabs.
Open the Settings tab where you will see the server computer’s name (DNS Server Domain).
Scroll toward the bottom of the page and in the Forwarder section enter your organization’s DNS server IP addresses (usually there are two). The server addresses can be found by entering ipconfig /all at a Windows command prompt.
These entries are needed so that DNS lookups not handled by your Technitium DNS server will be forwarded to your regular DNS servers. Click the Save Settings button and then the Flush Cache button.
Next, open the Blocked Zones tab.
Click the Import button.
In the Blocked Zones window enter *.*to block all websites (note the asterisk delimiter) or any other particular URLs you wish blocked.
Click the blue Import button to close the Import Blocked Zones window.
You can use the blue Block button on the current tab to enter URLs individually.
The Export button downloads a text file containing currently blocked zones.
Use the Browse and Delete buttons to edit blocked entries.
Next, open the Allowed Zones tab.
In the same manner as with Blocked Zones enter and edit those URLs you wish to allow.
Referring to the original question, enter the one allowed URL.
In the final step you will need to change/set the DNS server address(es) at each student or client computer from your organization’s DNS servers to the Technitium DNS server.
At each computer open Network Connections by entering ncpa.cpl from a command prompt.
Right-click the listed Ethernet adapter and select Properties, (assuming IPv4) select Internet Protocol Version 4 (TCP/IPv4) then click the Properties button.
If static DNS entries are present replace those with the IP address of your Veyon master computer or the IP address of the domain/workgroup server from which you are running the Technitium DNS server.
Otherwise, select ‘Use the following DNS server addresses:’ then enter the Veyon master computer IP address (or domain/workgroup server IP address) as the Preferred DNS server entry. Leave the Alternate DNS server entry blank.
Although this would be useful as a temporary solution in the classroom, the best ways are to modify the host file in each computer, or to put any unwanted adresses in the black list of your firewall.