Configuring LanSchool Secure Mode
Overview
LanSchool has two different, optional, security modes that can be enabled on installation called Password Secure Mode and Active Directory Secure Mode, and one or both may be selected.
If the options are not properly installed, however, a Teacher will not be able to communicate on the desired channel and Student access will be unavailable. Each feature has different purposes and requirements, so be sure to read carefully to choose which feature(s) may be beneficial for your environment.
If LanSchool is installed using the LanSchool Connection Service (LCS) the same process of selecting each mode must be leveraged during the installation of the LCS.
Password Secure Mode
This mode requires teachers to type in a password when the console is launched to see students on a particular channel. This feature adds an extra level of security to prevent unauthorized Teacher Consoles from being able to interact with student devices.
- After double clicking on either the teacher.msi or student.msi file, continue through the install as previously described. To install the password protected version, check the box to Enable a security mode.
- Select Password Secure Mode.
- Type in a password and re-enter it to confirm.
- Repeat these steps for both Teacher or Student installations.
The password is required on the Teacher install so that if a teacher computer uses the “Become a Student” feature, it can still be secure.
When a teacher launches the console or changes channels, they will be prompted for a password to view the students on that particular channel or group of channels.
In the event that only a Teacher or a Student, but not both, was installed with Password Secure mode, the Student will not be accessible by the Teacher. This will be indicated by a Security Locked Out icon on the Student thumbnail. You can verify if this is the case by checking the version number on the Students.
The password that is configured for the LCS needs to match the password of the students, otherwise communication will not occur between the teacher and student systems.
If the teacher's password is compromised, it will be necessary to re-install both Teacher and Student computers with a new password.
Active Directory Secure Mode
LanSchool 9.0 has the ability to leverage Windows Active Directory to ensure that only authorized teachers can control students. This mode adds an extra level of security to prevent unauthorized consoles from being used. This mode will only function in an Active Directory Domain environment and on Windows 2000 or newer systems. To fully configure this mode, you must have Domain Rights to create and populate a domain User Group.
- After double clicking on either the teacher.msi or student.msi file, continue through the install as previously described. To install the password protected version, check the box to Enable a security mode.
- Select Active Directory Secure Mode.
- Repeat these steps for both Teacher or Student computers
To install the Active Directory Secure mode on the Teacher or Student using a script or Active Directory, refer to the section, Mass Deploying LanSchool Student for Windows .
When in this mode, a teacher must be a member of the Domain User Group “LanSchool Teachers”. If the teacher is not a member of that group, then Active Directory Secure students will not interact with that teacher.
Using the appropriate Windows Server 2003 or 2008 Active Directory tools, create the "LanSchool Teachers" Domain User Group.
The "LanSchool Teachers" group must be created on the root of the domain.
Once the group has been created, those same tools can be used to populate the group with the appropriate teachers.
If the Student has Active Directory Secure Mode enabled, then it will be Security Locked Out to any Teacher who was not installed with the Active Directory Secure Mode enabled (or is not a member of the “LanSchool Teachers” group). The restriction does not go the other way. An Active Directory Secured Teacher (who is also a member of the “LanSchool Teachers” group) will be able to control Students who do not have AD Secure Mode Enabled, without any restrictions.
The system that is hosting the LCS needs to be a member of the domain and can see the LanSchool Teachers Group, otherwise communication will not occur between the teacher and student systems.
Active Directory Secure Mode is not available yet for Mac Teachers and Mac Students and limited support when domain functional level is set to Windows 2000 mixed or Windows 2000 native mode.
Version Identifiers
If you hover with your mouse over the icon in the Student system tray, it will show a version number something like: v9.0.6Ls, v9.0.2.6Sd, v9.0.6Sds
The lowercase letters are security identifiers, where “s” signifies Password Secure Mode, “d” signifies an Active Directory Secure Mode installation and “r” is appended to the version for Teacher and Student when connected through the LanSchool Connection Service.
The uppercase L and S are not actually security identifiers, rather they refer to the type of LanSchool install chosen. L is for the Lite version and S indicates a Subscription license. The system is designed to lock out any devices that don’t match security models. The Students will need to be reinstalled with the correct security mode option(s) in order to correct the security lock out issue.
Related Articles
Troubleshooting "Security Locked Out" Message
Overview The most common reason that the Security Locked Out icon is displayed on the student thumbnails is because of a mismatch in the Secure Mode option chosen during installation of the teacher, student and/or LanSchool Connection Server ...Using the LanSchool Tech Console
Overview The use model for Tech Console is quite similar to LanSchool Teacher consoles. The Tech Console can be launched from the LanSchool icon in the system tray for Windows or from the dock icon on Mac. The Tech Console includes a number of ...Using Assessment Mode
Overview Assessment Mode allows an Administrator or Teacher to put student devices into a secure, locked mode in order to take a test or exam. When applied, the students devices enter Assessment Mode. During this mode the Teacher can't interact with ...Installing LanSchool Student for Windows
Overview The following instructions will assist you with manually installing LanSchool Classic Student on a single Windows student device. For information on installing the teacher client or mass deploying LanSchool throughout your organization, see ...Installing LanSchool Teacher for Windows
Overview The following instructions will assist you with manually installing LanSchool Classic Teacher Console on a single Windows device. For information on installing the student client or mass deploying LanSchool throughout your organization, see ...
Popular Articles
Limiting Website Use
Overview To block troublesome or distracting websites or limit students to a select few websites pertinent to the class, use the Limit Web feature in LanSchool Classic. The teacher can choose to restrict all web activity, allow only certain websites, ...LanSchool Classic Teacher Guide
LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...Installing LanSchool Teacher for Windows
Overview The following instructions will assist you with manually installing LanSchool Classic Teacher Console on a single Windows device. For information on installing the student client or mass deploying LanSchool throughout your organization, see ...Latest Release Notes
LanSchool Classic Release Notes Customers with an active LanSchool subscription will have access to download the latest version from the LanSchool Classic Portal. For instructions, see Downloading LanSchool Installers. LanSchool Classic 9.3.0.56 ...Unloading LanSchool from the Student Device Temporarily
Overview A teacher can temporarily unload the student agent from Windows or Mac device. This function is useful in situations where students must use an application that requires the LanSchool Student be removed or disabled, such as secure browsers ...
Recent Articles
Troubleshooting WiFi Tampering
Overview With the latest version of Windows 11, LanSchool Classic is unable to retrieve a list of available SSIDs on the student machine unless Location Services is enabled on the device. Enabling Location Services To enable Location Services ...Disabling Edge Split Screen
Overview LanSchool Air is unable to limit the web in Microsoft Edge when the student uses the Edge Split Screen feature. The LanSchool Air extension does not register the second screen and will not block the website. It is recommended to disable Edge ...End of Life LanSchool Classic Chromebook Student
End of Life LanSchool Classic Chromebook Student Google is no longer supporting Chrome OS apps like LanSchool Classic on Chromebooks, as of ChromeOS version 132. However, users now have the option to enable a setting in their Google Workspace Admin ...End of Life LanSchool Classic Android Student
As of August 15, 2024 LanSchool Classic Android Student has reached End of Life and will no longer be developed.Disabling Teacher Console Registration Prompt
Overview New installations of LanSchool Classic Teacher Console will receive a prompt to register LanSchool. This prompt may be disabled to prevent disrupting teachers. Disabling Registration Prompt Using Registry Key Navigate to this policy key: ...