Lenovo Software Help Center

How does AD Secure Mode work?

Problem: How does AD Secure Mode work?

Cause: N/A

  • LanSchool Student and Teacher

During the teacher-student handshake, the student will try to determine if the teacher is in the LanSchool Teachers group within the teacher's domain. To do that, the student must be able to contact a domain controller for the teacher's domain. The student must also be authorized to access that domain and query the groups for the teacher domain. 

LanSchool uses the Microsoft Win32 APIs to do this connection and query. The "big call" of the process is AcceptSecurityContext. This function is the one that we use to say "go ensure this user (the student) is authorized to talk to the teacher's domain and set up any connection/authentication necessary". 
Usually, we get back some form of "yes" or "no" 
with "no" meaning that they are not authorized. 

If the student is unable to initiate a transaction with the domain controller for the teacher's domain, then there are few things to check.

1) The domain name is wrong 
2) The requesting domain is not trusted by the target domain. 
3) The domain is unavailable, possible the domain controller is down or not able to be contacted. 

The following URL from Microsoft explains some of the security features: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374703(v=vs.85).aspx Search for "SEC_E_NO_AUTHENTICATING_AUTHORITY" on this page to find more information on what LanSchool uses. 

If you have problems with a specific student machine not being able to validate the teacher then the following things should be tried. 

We suggest trying the following: 

1) Remove the student machine from the student domain. Reboot. Add the student machine back to the student domain. Reboot. 
2) Run the Microsoft domain metadata clean up tools: 
a. http://technet.microsoft.com/pt-pt/library/cc816907%28v=ws.10%29.aspx 
b. http://technet.microsoft.com/en-us/library/cc776854%28v=ws.10%29.aspx 
c. http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx 
3) Validate the network routing and connection from the student machine to the teacher domain controller. 
a. Ping the teacher's PDC from the student. 
b. Ensure that AD specific packets are passing through any firewalls or packet filters. 

    • Related Articles

    • Installing LanSchool 8.0 in Secure Mode

      Problem: How to install LanSchool 8.0 in Secure mode. Prerequisite(s): LanSchool installation zip folder. Solution(s):  LanSchool 8.0 has the ability to install additional levels of security if desired. Two modes are available, Password Secure and ...
    • Implementing Password Secure Mode with Group Policy

      Problem: How to implement Password Secure Mode with Group Policy. Cause: N/A Prerequisite(s): Knowledge of Microsoft Group Policy LanSchool's .adm/.admx templates Access to the Customer Portal Solution(s): In order to pass the password successfully ...
    • Does Active Directory Secure Mode work on Mac OS X?

      No, currently Active Directory is only supported with Windows Teachers and Students.
    • Running LanSchool 8.0 in Kiosk Mode

      Problem: How to run LanSchool 8.0 in Kiosk Mode Prerequisite(s):  LanSchool Teacher installer Solution(s): In LanSchool 8.0 you can run the Teacher Console on Windows in Kiosk Mode. This mode configures the LanSchool console so it cannot be minimized ...
    • Slow access to MS AD LDAP from OSX

      Customer is having slow access talking to MS AD via LDAP. WebNetwork is being run on a MAC OSX box and is using MS AD for Directory Services. The dns server is running on MS AD and the OSX box is pointing to that for its DNS information. Directory ...
    • Popular Articles

    • Can a Teacher see Students outside of school?

      This content has moved! Visit the new LanSchool Classic Help Desk It looks like you may be interested in LanSchool Classic General FAQ.
    • LanSchool Latest Release Notes

      This content has moved! Visit the new LanSchool Classic Help Desk It looks like you may be interested in LanSchool Classic Latest Release Notes.
    • How to uninstall LanSchool Student and WebHelper from Chromebook

      This content has moved! Visit the new LanSchool Classic Help Desk It looks like you may be interested in Mass Deploying LanSchool Student for Chromebook.
    • LanSchool Release Notes

      LanSchool™ Release Notes Updated: December 16, 2019 Component Versions LanSchool, December 16, 2019 Chromebook App, December 16, 2019 Chrome Web Helper:, December 16, 2019iOS TA and Student 8.2.0, December 16, 2019 Android ...
    • Controlling multiple students at once

      Problem: Can I remote control multiple computers at once? Cause: N/A Prerequisite(s): LanSchool Teacher and Student Solution(s): If all of the computers in the lab are the same basic image or configuration (for example. all Windows XP machines with ...
    • Recent Articles

    • Lenovo Software Newsletter

      Question Is there a way I can be notified about product updates? Solution To receive updates from Lenovo Software about product updates, we encourage customers to subscribe to our Lenovo Software Newsletter.
    • Allow Help Desk to reset Image Challenge images

      Issue Customer would like to allow Help Desk users to only be able to reset user Image Challenge images when they have been forgotten by a user. Solution This can be done by assigning specific users in the system the User Group Admin role, as well as ...
    • Troubleshoot RDS

      This is a good article, from Microsoft, on how to troubleshoot RDS/RDP logon issues. https://social.technet.microsoft.com/wiki/contents/articles/37841.remote-desktop-services-rds-logon-connectivity-overview-and-troubleshooting.aspx
    • Building an Employee Phonebook system

      Building a Mini Application Post #20 Can it really be that simple to create a little application with Report and Form Builder?  This tutorial shows you that it is - and actually helps you make a useful application at the same time as learning how to ...
    • Working with Binary Data in Report Services

      Quick Start Guide - Binary Data This tutorial is designed as a quick "How Do I Work With Binary Data" tutorial.  It walks through the steps necessary to upload an image to a database.  Every webNetwork 6.0 installation ships with a database called ...