@tobydox said in Windows 10: upgrade to latest version, control problem:

The problem has been fixed in version 4.5.2 - if possible please upgrade and give us some feedback.

I confirm, thank you.

The problem has been fixed in version 4.5.2 – if possible please upgrade and give us some feedback.

Are the student sessions virtual/remote desktop sessions? If so try enabling multi session mode (https://docs.veyon.io/en/latest/admin/reference.html#refmultisessionmode) and try the NetworkDiscovery add-on with session scanning enabled so it will access the Veyon Server instances at ports 111XX instead of 11100 only (which is the console session). BTW we'll publish a tutorial on how to work with remote/virtual desktop sessions in a few weeks.

I suggest to update to version 4.5.2 (or newer) which contains important bug fixes concerning Windows 10 support

@josch I don't know exactly how VMware works in your environment. Does it provide remote desktop sessions? If so, you could try enabling the multi session mode (https://docs.veyon.io/en/latest/admin/reference.html#refmultisessionmode) so Veyon Service will start Veyon Server instancs for each user session. The sessions can then be accessed by appending the corresponding port number (111XX) to the host address.

@hobo-sapiens

There isn’t a way in Windows 7 or Windows 10 to intercept a pending sleep state to run code before entering sleep mode. You can configure a scheduled task to run on the detection of a sleep event but the action to perform (Veyon update) happens not prior to entering a sleep state but actually occurs immediately after the computer wakes. So there could be a significant time delay between when the update is queued and when the update is actually performed.

I’ve not attempted to update Veyon with the master open but once the master computer exits sleep mode veyon-master.exe would likely still be in memory so it might be necessary to end the process. You could do this by the scheduled task I mentioned or as part of another update procedure.

The command would be:

"C:\Windows\System32\taskkill.exe" /f /im veyon-master.exe

Or remotely,

"C:\Windows\System32\taskkill.exe" /S computername /f /im veyon-master.exe

@antrax34

Students have Read access to Veyon$, but do the student computers have access to Veyon$?.

Using 4.5.1 I once noticed a delay in one computer appearing in the Master window. Connecting was unsuccessful but succeeded on a second attempt. The issue appeared transient and has not recurred.

Is the affected group name somehow special? What happens if you do not configure computer filters? Can you alternatively try to install Veyon 4.5.1 and replace libldap-common.dll in the installation directory with https://github.com/veyon/veyon/releases/download/v4.5.1/libldap-common.dll (make sure to stop the Veyon Service and any Veyon-related programs such as Master or Configurator before). It contains a minor improvement which might change the behaviour.

If it does not help, please change the log level to "Debug", stop Veyon Configurator, remove C:\Windows\Temp\VeyonConfigurator.log, start Configurator again and click the List all entries of a location button and enter the name of the affected group/location. Afterwards paste the content of C:\Windows\Temp\VeyonConfigurator.log so we can have a look at the related debug messages.

@tobydox

After updating to Veyon 4.5.1 the overlapping issue has not recurred. Everything is working perfectly.

Thank you.

No it's not a problem To use Veyon with RDP sessions you have to enable multi session mode (https://docs.veyon.io/en/latest/admin/reference.html#refmultisessionmode) and access computers via the corresponding network ports, e.g. add computers with hostname "192.168.....:11101" to access the first RDP session, "192.168.....:11102" for the second RDP session and so on. Make sure to use Veyon 4.5.1 or a newer version. When working with RDP sessions it's recommended to use the NetworkDiscovery add-on which can also scan for sessions and provide them in Veyon Master dynamically.

I may have misinterpreted the question from the original post.

If I understand, the question is what are the steps to block all websites except for one.

To my knowledge there is no native facility within Windows to block websites by name aside from Hosts file entries. Windows Hosts files by current design do not allow for wildcard URI delimiters, so blocking all websites by name would prove a bit impractical.

Since most employees who oversee computer labs do not have management access to their employer’s DNS, DHCP and proxy resources one simple alternative to accomplish the task at hand is to implement an intermediate DNS server. The idea is to intercept and filter DNS lookups.

One such self-hosting DNS server/forwarder is the open source server Technitium.

https://technitium.com/dns/

https://download.technitium.com/dns/DnsServerPortable.zip

First download and unzip the portable version of Technitium to a shared server folder.

From the DnsServerPortable folder run DnsServerApp.exe using the Veyon master computer or for convenience, a domain/workgroup server computer to which you have access.

A command window will open showing the Technitium DNS server has started, the folder to which configuration settings are stored and the address to the web console.

Enter the displayed web address into a browser (http://computername:port/).

You will be prompted to set the Technitium admin account password.

The DNS server console will open as a page containing a series of tabs.

Open the Settings tab where you will see the server computer’s name (DNS Server Domain).

Scroll toward the bottom of the page and in the Forwarder section enter your organization’s DNS server IP addresses (usually there are two). The server addresses can be found by entering ipconfig /all at a Windows command prompt.

Example:
10.254.63.10
10.254.63.12

These entries are needed so that DNS lookups not handled by your Technitium DNS server will be forwarded to your regular DNS servers. Click the Save Settings button and then the Flush Cache button.

Next, open the Blocked Zones tab.

Click the Import button.

In the Blocked Zones window enter *.*to block all websites (note the asterisk delimiter) or any other particular URLs you wish blocked.

Examples:
youtube.com
www.youtube.com
*.youtube.com
*.app
*.ru

Click the blue Import button to close the Import Blocked Zones window.

You can use the blue Block button on the current tab to enter URLs individually.

The Export button downloads a text file containing currently blocked zones.

Use the Browse and Delete buttons to edit blocked entries.

Next, open the Allowed Zones tab.

In the same manner as with Blocked Zones enter and edit those URLs you wish to allow.
Referring to the original question, enter the one allowed URL.

In the final step you will need to change/set the DNS server address(es) at each student or client computer from your organization’s DNS servers to the Technitium DNS server.

At each computer open Network Connections by entering ncpa.cpl from a command prompt.

Right-click the listed Ethernet adapter and select Properties, (assuming IPv4) select Internet Protocol Version 4 (TCP/IPv4) then click the Properties button.

If static DNS entries are present replace those with the IP address of your Veyon master computer or the IP address of the domain/workgroup server from which you are running the Technitium DNS server.

Otherwise, select ‘Use the following DNS server addresses:’ then enter the Veyon master computer IP address (or domain/workgroup server IP address) as the Preferred DNS server entry. Leave the Alternate DNS server entry blank.

Click the OK button to accept the changes.

Access Control is set to LDAP Basic, Enable usage of domain groups and Grant Access to every authenticated user. No other access control rules set.

Hi,
Although this would be useful as a temporary solution in the classroom, the best ways are to modify the host file in each computer, or to put any unwanted adresses in the black list of your firewall.

Any progress?

For some computers using Windows 10 the Power Options shutdown setting 'Turn on fast startup' may need to be disabled.

Disabling of advanced sleep modes within the BIOS may be necessary.

Updating network (ethernet) drivers could be required to allow disabling certain energy efficiency settings within the driver.

@MackenzieP

A tech at a neighboring school advised that rather than entering IP addresses into the Configurator’s Host address/IP field (Locations & computers) to instead enter computer names.

A bit confusing to me but he said to make the Host address/IP field match the Name field when using DHCP assigned addresses.

Yes, both.