I am looking for advice or some suggestions from anyone that has had the same hurdle.
We are a k-12 school district and we issue Windows 10 laptops to students. We lockdown the laptops to prevent students from running applications that are not on the allow list. All standalone exe’s are blocked.
We are struggling on how to allow students to run Processing and keep the laptop locked down. We could create a open directory that can run any exe but it wouldn’t take kids long to realize they could run anything out of that folder.
Does anyone have any advice on an option to make this work? No idea to silly, willing to try anything. It would be best if I didn’t have to lay hands on the effected laptops, but in reality its only a hundred or so that would be using this.
How locked down are these machines? Do students have access to the C: drive? My IT dept won’t allow us to install new applications, but P4 can run anywhere on the C: drive (probably on any external drive too.) So I can download P4, unzip the pre-compiled application and run it from anywhere I have access. It doesn’t have to be installed in to the C:/Program Files/ directory.
If your IT has a whitelist/blacklist or other anti-virus protections then this may not work. I would recommend either having them include P4 in future updates (or whitelist it if that is your case), or provide a virtual machine where you can install anything you want. VMs do run slower, but typically IT people like them for their security and relative ease of use.
If all else fails, then you could try P5.js which runs in a browser. But it doesn’t have all of the same features and functionality as P4.
I hope that is helpful. Good luck!
We have, unfortunately, had issues with allowing stand alone exe’s and had to shut non registered EXE off. I feel strongly that our kids need real world experience and make the argument for windows instead of chromebooks… It has bit me a few times, like this. I also like to think our kids are extra smart
We are using Intune to manage our student laptops and the only way to add a program to the allow list is through a MSI installed via Intune. But… with that said… my experience with Intune makes me a rookie, and someone out there may have way better Googlefu than I do and can find a work around.
my tries and thoughts…
I did have an idea to whitelist a directory, but then anything in that directory could run, so the smart ones would figure that out pretty quick.
I even thought about making a tiny little partition on HD and have it living in there and whitelist that… that may work, could have the same problem as above, but would also need to be the next deployment of laptops.
We use to have a GIANT RDP farm and still have servers up, thought about putting it on there, I am not to familiar with how to lock a remote desktop down, still looking into that.
Even started thinking about old school APP-V, again, its been a long time so would need to do some playing around.
