• Can someone explain how to apply the steps to lock down students to access a certain website?


  • Hi @karen-dawson
    this is currently not possible but we're working on a solution to block internet access in general.


  • One method would be to update the Windows local HOSTS file by way of a scheduled task running from each student computer.

    A central HOSTS file (hosts.txt) is stored in a shared network folder (\\server\share\Veyon\hosts.txt), edited as necessary with a copy transferred each minute to the classroom computers.

    hostsfile.png
    The scheduled task runs a batch file located in the shared folder (\\server\share\Veyon\updhosts.bat).

    = = = = = = = = = = = = = =
    @ECHO OFF

    IF NOT EXIST "C:\Windows\System32\drivers\etc\hosts.original" COPY /Y "C:\Windows\System32\drivers\etc\hosts"
    "C:\Windows\System32\drivers\etc\hosts.original"

    COPY /Y "\\server\share\Veyon\hosts.txt" "C:\Windows\System32\drivers\etc\hosts"
    = = = = = = = = = = = = = =

    The task runs as the SYSTEM user at startup and each minute thereafter.

    general.png
    trigger.png
    action.png


  • I may have misinterpreted the question from the original post.

    If I understand, the question is what are the steps to block all websites except for one.

    To my knowledge there is no native facility within Windows to block websites by name aside from Hosts file entries. Windows Hosts files by current design do not allow for wildcard URI delimiters, so blocking all websites by name would prove a bit impractical. 🙂

    Since most employees who oversee computer labs do not have management access to their employer’s DNS, DHCP and proxy resources one simple alternative to accomplish the task at hand is to implement an intermediate DNS server. The idea is to intercept and filter DNS lookups.

    One such self-hosting DNS server/forwarder is the open source server Technitium.

    https://technitium.com/dns/

    https://download.technitium.com/dns/DnsServerPortable.zip

    First download and unzip the portable version of Technitium to a shared server folder.

    From the DnsServerPortable folder run DnsServerApp.exe using the Veyon master computer or for convenience, a domain/workgroup server computer to which you have access.

    A command window will open showing the Technitium DNS server has started, the folder to which configuration settings are stored and the address to the web console.

    Enter the displayed web address into a browser (http://computername:port/).

    You will be prompted to set the Technitium admin account password.

    The DNS server console will open as a page containing a series of tabs.

    Open the Settings tab where you will see the server computer’s name (DNS Server Domain).

    Scroll toward the bottom of the page and in the Forwarder section enter your organization’s DNS server IP addresses (usually there are two). The server addresses can be found by entering ipconfig /all at a Windows command prompt.

    Example:
    10.254.63.10
    10.254.63.12

    These entries are needed so that DNS lookups not handled by your Technitium DNS server will be forwarded to your regular DNS servers. Click the Save Settings button and then the Flush Cache button.

    Next, open the Blocked Zones tab.

    Click the Import button.

    In the Blocked Zones window enter *.*to block all websites (note the asterisk delimiter) or any other particular URLs you wish blocked.

    Examples:
    youtube.com
    www.youtube.com
    *.youtube.com
    *.app
    *.ru

    Click the blue Import button to close the Import Blocked Zones window.

    You can use the blue Block button on the current tab to enter URLs individually.

    The Export button downloads a text file containing currently blocked zones.

    Use the Browse and Delete buttons to edit blocked entries.

    Next, open the Allowed Zones tab.

    In the same manner as with Blocked Zones enter and edit those URLs you wish to allow.
    Referring to the original question, enter the one allowed URL.

    In the final step you will need to change/set the DNS server address(es) at each student or client computer from your organization’s DNS servers to the Technitium DNS server.

    At each computer open Network Connections by entering ncpa.cpl from a command prompt.

    Right-click the listed Ethernet adapter and select Properties, (assuming IPv4) select Internet Protocol Version 4 (TCP/IPv4) then click the Properties button.

    If static DNS entries are present replace those with the IP address of your Veyon master computer or the IP address of the domain/workgroup server from which you are running the Technitium DNS server.

    Otherwise, select ‘Use the following DNS server addresses:’ then enter the Veyon master computer IP address (or domain/workgroup server IP address) as the Preferred DNS server entry. Leave the Alternate DNS server entry blank.

    Click the OK button to accept the changes.