-
Reddit’s r_k12sysadmin Credits: @r_channels @reddit2telegram
Student MFA and Google 3rd Party Apps Episode
In this episode (https://k12techtalk.podbean.com/e/episode-121-student-mfa/), we talk about the possibility of requiring Student MFA
(thanks to a k12sysadmin post... https://www.reddit.com/r/k12sysadmin/comments/13s9sfa/mfa\_for\_students/).
And we talk about the recently announced change to "3rd Party Apps" authentication with Google SSO... https://k12techpro.com/google-admin-app-access-control/
https://redd.it/13yaqn6
@r_k12sysadmin
CoSN/CETL
Does anyone belong to CoSN and/or is CETL certified? If so, what is the benefit? The membership and exam are expensive.
https://redd.it/13xz8gz
@r_k12sysadmin
Trouble coming up with a Chromebook replacement cycle.
I'm curious to know about how others have designed the replacement cycle and lifespan of their Chromebooks.
I see a lot of people say their Chromebook lifespan is 3-4 years or so, but with the EOL dates now being 7-9 years beyond the purchase date I'm not really understanding how they don't have immense leftover devices that are still fully functional.
Just a little about my specific situation: For my district we had a sporadic amount of chromebooks in various carts before 2019/2020, probably around 650. Once the pandemic was here and we decided to go 1:1 we bought just over 2000 devices in one year with the emergency connectivity funds and haven't really bought more since. Now I'm stuck with 650 devices that are EOL 2024 and 2000 that are EOL 2026 with the task of coming up with a way to work our system into a sustainable replacement cycle.
If anyone would like to share how they have planned their Chromebook refresh cycle that would be very helpful, thanks!
https://redd.it/13xl8sj
@r_k12sysadmin
Any members in the Denver/Boulder area?
Mods: please remove if this isn’t okay to post.
My family is relocating before the start of the next school year. I would like to stay in the K12 public sector, and have been looking for a good resource for a job search. Here in CA we have Edjoin, but I haven’t found anything like that for CO in my searches.
If you have any insight that could help me, please DM.
Thanks, and have a great summer break!
https://redd.it/13x3fkc
@r_k12sysadmin
Anyone who's had experience switching their K12 computer systems to thin clients with Azure Virtual Desktop: how did it work out for you?
Our computer systems are rather dated, and we are finally able to upgrade our classroom computers over the summer. We haven't bought anything yet, we're still looking into everything and I'm just helping my boss out with research, but we've been floating the idea of replacing the old computers with thin clients running Azure Virtual Desktop. We have a business partner who will help us, I'm just seeking insight as to which direction to go. I haven't worked with VDI's firsthand in a real world environment before, so I don't know how this would change how teachers use their computers or how we maintain them, etc..
Obviously in a production environment, you want any changes to be as seamless and frictionless as possible. Something is telling me that this upgrade sounds good on paper, but will end up creating more headaches than if we just found some bulk computers that fit our budget, and that AVD is intended more for business environments than K12. We have roughly 150 \~ 200 Windows computers to replace; teachers generally use a sound bar and projector, sometimes smartboards (which we're also looking to upgrade), run programs for education and exam generating, and browse the web. Would there be any issues with running these kinds of peripherals or software?
Teachers also rarely use any computers outside their own classroom, but can already log in to other domain computers with their credentials if they need to, so I'm not sure if we exactly need the functionality of bringing your entire desktop experience with you to another workstation. Also, while I haven't gotten any actual figures for either upgrade path, I wonder if the savings for getting thin clients + AVD is even that great as opposed to getting thick clients to run Windows locally. I'm eager to hear of everyone's thoughts and experiences with this!
https://redd.it/13smvqb
@r_k12sysadmin
Where can I find the official i-Ready system requirements?
Does anyone know where I can finde the las test official i-Ready requirements for ChromeOS?
I can’t seem to be able to find it anywhere online and the unofficial sites I do find only suggest Chrome OS version 74 or higher.
Thanks!
https://redd.it/13soqgl
@r_k12sysadmin
P2P Disabled on managed Chromebooks?
Hi K12,
I've got a fleet of managed Dell 3100 Chromebooks. I've enabled P2P updates in Google Admin (and confirmed it at each OU level), and I went into my devices logs to see if there was any network issues blocking them that I needed to take care of, but from what I can tell they just don't think P2P is enabled at all.
I have lines like
" Not starting p2p at startup since it's not enabled." and "Error reading Variable au_p2p_enabled: "No value set for au_p2p_enabled"" in the update engine logs.
In my policy dump, I can't even find an entry in the JSON for DeviceAutoUpdateP2PEnabled. Not true or false, just not even listed.
The Dell documentation mentions enabling it in CROSH using the p2p_update [enable | disable\] command, but I assume that's for non managed devices. Is there a device level setting that's overriding my managed policy?
Any ideas on where I can start looking? Google's documentation on this isn't great, or maybe I'm just not great at finding it.
Thanks!
https://redd.it/13sl1qa
@r_k12sysadmin
AITA? Chromebook Turn-Ins
So long story short, this week and next are our chromebook returns and guess what, my wife gives birth to our baby in the beginning of the week. Normally wouldn't be worried or anything about this sort of this but I was in part of the decision for the dates for the turn-ins AND I only just started a couple months ago. I feel like a horrible person taking off this week and asking for another week (next week).
https://redd.it/13sffjl
@r_k12sysadmin
MFA for students
We are a K12 school and we use Microsoft 365. We have a 1:1 program for all grades. K-5 typically leave their device at school (but take it home when warranted) and 6-12 have theirs at home and school.
Currently all staff use MFA, but students do not. We do have a conditional access policy limiting sign-ins to the US only. Do any schools use MFA for students? If so, what grade and how do you implement it?
https://redd.it/13s9sfa
@r_k12sysadmin
Cloud backup
We are Google School district and are slowly moving to Microsoft 365. Been reading good things that Synology might be good fit for us. As there is no licensing. Would love to hear peoples thoughts. Good / Bad or we use and love it oh and stay from these guys. For us we are just looking to backup 800 staff accounts.
https://redd.it/13s34fg
@r_k12sysadmin
Year in Review
Looking to create a 1 page year in review for the IT Department. Items will include tickets opened, closed, response times, # of loaner Chromebooks given out. What other items would be beneficial to showcase? Anyone already do this and can provide an example? I'm not the creative type but want to make sure we showcase what we do behind the scenes.TIA
https://redd.it/13rvjcg
@r_k12sysadmin
Google team drives - I've got a mess.
So, I'm sure many of you have dealt with this issue, and it's something I knew was brewing but I'm just getting around to really tackling the issue. Basically what I've found is that it's been the wild wild west. We are a medium/smallish district, but everyone has had free reign to create team drives. When I sort the list with 20 entries per page sorted alphabetically, I was at 18 pages of drives when I got to "S".
As I've started to look into getting things under control, I now realize there are a lot more options here, so I'm wondering what others do? The steps I've taken to move forward with is as follows;
* First and foremost, I've disabled students from being able to create team drives.
* Secondly, I've created an "archive" account of sorts. My thought was I will use this as a roll account that will essentially host all team drives. From there, I will assign managers as needed. Those managers can then assign permissions and access as needed.
* Ultimately with the school year coming to a close I'm not disabling staff from creating team drives. I will communicate that over the summer. Going into next year I think I will have a form setup to which staff can reach out to request a team drive. At that point I can review and decide if a team drive is necessary or just a shared folder is fine. If so... I will create the drive, assign a manager, and let them have at it.
Now, I also have questions on setting the team drives up. Do most use the OU assignment feature? Right now all of our team drives appear to be going to the root. I'm wondering if there is any benefit to assigning to an OU or not? I know I will have more questions as I try to clean this up, but I just want to get it setup cleanly and hopefully only have to rebuild this once.
https://redd.it/13rnwji
@r_k12sysadmin
Any other districts who haven’t blocked ChatGPT yet?
Hey! One of the few districts here that have fought back on blocking ChatGPT! Principals and teachers have requested that we blocked it from the start, but my director has fought back on it to our ed. services department. We won the battle pretty easy because, it really is no different that google, and kids can go home and use it, or use their cell service. And it’s just a new way to obtain data, just like an encyclopedia. Good teachers also can usually tell if a students writing is theirs or not. We also have used it in our department, it’s helpful in my opinion as long as your not asking it to craft emails from scratch, in my opinion that’s just laziness. Any other districts out there that haven’t blocked it? Any other districts IT use it ever at work?
https://redd.it/13r7i2y
@r_k12sysadmin
Acer R13 Motherboard failures
Is anyone seeing motherboard failures on their Acer R13s?
All of a sudden I have a stack of five Chromebooks that won't run recovery. When I turn it on it tells me the OS is damaged or missing, I reboot into recovery mode and get the prompt to insert my recovery usb but then the screen goes black and it shuts off.
I'm wondering if its worth it to buy a replacement motherboard considering how soon they are going to reach the end of their AUE.
https://redd.it/13qzwuz
@r_k12sysadmin
Ever ask your boss for an additional work duty for more pay? How did that go if so?
As a response to a question I saw about helpdesk turnover, I would like to get some feelers on an idea of am I just insane/impatient?
I am sure helpdesk turnover is a problem for most districts that have one. Ours is at the high school only since they are the only school with devices signed out to kids vs a cart of 30 per classroom style like the rest of the schools are. This year there were 650 kids at the high school. I take care of the rest of the district's chromebook repairs as well as the tickets for the district. My coworker does more of the SIS stuff with Powerschool and things and we just got a new boss who starts June 1st. Our previous helpdesk guy quit the first week of May so I have been going over there until lunch to cover then do my actual job in the afternoon. It sucked, but it was doable.
What I am thinking of proposing is we run things like a kid needing a spare cause their Chromebook is dead or they forgot it at home out of the library and all physical repairs for the district through the helpdesk spot since it has most of the parts already in there. I would bounce from school to school picking up the damaged ones and bringing back to the helpdesk to repair and bring them back. So let's say on Monday I go to the PreK-2nd grade school, Tuesday go to the 3rd-5th grade school, Wednesday the middle school, Thursday the High school, and Friday I do any catching up I need on repairs or district tickets. We paid our last tech 15/hr or around 30k a year so if I walk in proposing to do it for 10k more a year I think itll be a win-win. I get an almost impossible to get raise and they get stability in a high turnover area. The worst idea you've ever heard?
https://redd.it/13qvxu8
@r_k12sysadmin
Me when I see a kid at school during summer break
https://redd.it/13y06oa
@r_k12sysadmin
On-prem backup to Amazon S3, no subscription?
Are there still any backup options available for on-prem servers using either file based or VM based backup, and can backup to a cloud bucket like Amazon S3, that are a one time license purchase with maintenance, or just straight free open source, and are known to be reliable?
Both Veeam and Veritas have gone the subscription route... sigh.
"You will own nothing, and you will ~~like it~~ be forced to accept it!"
https://redd.it/13xqf72
@r_k12sysadmin
Laptop hard drive drive encryption
I have remote school with a tech who is on holidays until later next week. He mentioned a number of Lenovo laptops have hard drive passwords and can't be powered on. He removed the m.2 drive and put in another m.2 drive booted the computer. Bios password is still on it. (Our password for the school)
He was preplexed he isn't hardware guy. I wasn't on the call when he called. So I don't have models other than they were SanDisk drives.
Has anyone heard of this? Better yet how do I protect against it? Is this something like bitlocker where I can put the drive in external USB enclosure and just format the drive?
https://redd.it/13x4pg9
@r_k12sysadmin
GCPW and O365\AAD Integration
I am currently finalizing a deployment for Windows 11 utilizing GCPW for authentication.
Our AAD users are federated, and the device is AAD joined. (We are working to move to pure AAD)
Our gsuite user accounts/emails match our AAD users.
The issue I am running into is, O365 does not auto login once the user is logged in. This also goes for edge, company portal, etc.
Wondering if I missed a prerequisite or have something misconfigured.
https://redd.it/13ow49x
@r_k12sysadmin
Chromebook Churn
Remember the "Chromebook Churn" study by PIRG from a few weeks ago that caused a stir? The author of the study, Lucas, came on K12 Tech Talk Podcast to clarify some things. We also make the point that it doesn't matter the device you hand a middle schooler, it won't last 7 years.
Listen here (https://k12techtalkpodcast.com/e/episode-119-an-interview-with-lucas-from-pirg/) and all major podcast platforms.
https://redd.it/13ted8s
@r_k12sysadmin
SMTP relay for Gmail - Got it working?
We've used basic SMTP relay for Gmail for years now.
Essentially, we just have IIS6 setup to run SMTP relay on an internal Windows server.
We use the relay for on-premise MFP - Scan to email - functionality.
We've just had it set up internally and without authentication.
But lately we've had issues with those scan emails getting routed to SPAM folders.
So I figure now is a good time to look at setting this up *properly* (read: more secure and authorized/authenticated).
However, I'm trying to follow official documentation and not having any luck getting email scans to come through at all right now.
I created a new Google Workspace account to use as a "service account" just for this purpose.
I've got that account username and password set as the "Basic Authentication" account in SMTP outbound security. I've enabled TLS security on the same tab.
I've set the TCP port to 587 and the "smart host" to smtp.gmail.com.
MFPs are just pointed to the SMTP server (no authentication at the device level). No change here from previous (working) configuration.
This configuration isn't working, but I'm not sure at which step its breaking.
Best I can figure, I've got 3 pieces of this to ensure are configured properly:
* Gmail/Google Workspace
* SMTP Service
* MFP itself
MFP = Multi Function Printer - ie, scanner/printer.
Does anyone have this working that would be kind enough to share their settings?
If you're doing it differently, care to share how? How are you handling routing Scan to Email via Gmail?
Edit to add: No 2FA on the newly created service account. I've logged into it manually to test (and accept TOS etc)
https://redd.it/13snad5
@r_k12sysadmin
Parent/Student Tech Training
We have been onboarding a new LMS/SIS system for the 2023/24 school year. This process is very extensive. We generally do a short tech training at the start of school with device handouts. Already I have teachers freaking out about the students needing a full days worth of training. Leadership has requested mainly virtual trainings. How does your school handle technology trainings? Are they extensive, in person, virtual, or a combination? Is there ever enough training? Any wisdom helps :)
https://redd.it/13sg9n0
@r_k12sysadmin
That fancy new program you purchased?
Yeah, I checked the system requirements because you just told me about it in passing, and our student tablets aren't supported.
What in the world possesses academic leadership to make huge purchases without running them by IT to make sure they can actually use them? I'd crawl under my desk to hide until faculty leave for the summer, but they're all checking out with me today. Probably won't hear back about this issue until August, when teachers realize kids can't access a platform they've already integrated into their curriculum.
https://redd.it/13sdmn0
@r_k12sysadmin
Making Papercut server fault tolerant?
How do you make your Papercut server being 99% available? In case the server goes down, no printing? Solutions?
https://redd.it/13s5qgc
@r_k12sysadmin
Steal one of my computers? I don’t think so!
A fun story, at least for me! Last week I had to troubleshoot a printer issue located in a common area at the HS. While there, I discovered a MiniPC, that’s for general student use, missing. I thought “well, damn, I’ll never see that again!” Not that big of a deal as it was only $200. However, I randomly checked the Splashtop dashboard for it.
Yesterday, it showed up! My goodness, how dumb can you get to not wipe the computer? I logged in and grabbed evidence- IP, wireless SSID,, and general location via gps-coordinates(dot)net. Of course network location isn’t entirely accurate, and 2 addresses were generated. I went to the first area yesterday and walked around to find the SSID. No luck.
I logged into the computer again and captured the SSIDs of other devices that the computer could see- only 5 others. The first area was way too dense for that few to show up. At the end of the day I drive through the second location and scored a hit on a unique SSID from an Arlo security camera base station.
I went back today and walked the area… BINGO! The houses were spaced far enough away for me to be 100% confident in the address. I did an address search in Synergy and… yes, 2 students matched. I took the names and info to the VP and she knew exactly which student it was. Mind you, I would have given the Student leniency and let him do the right thing, but the VP said it’s not his first infraction. Turns out, he also was caught on camera stealing from a car in the Student lot just yesterday! All info has been documented and sent to the local PD.
It was the most fun I’ve had in awhile, honestly. Oh, and the original issue of the printer? I had to junk it. An HP m402n that kept printing out the same job over and over. Now where’s my bat?
TL:DR- A student stole a computer and didn’t wipe it. I tracked the location down via good sleuthing!
https://redd.it/13ry6bp
@r_k12sysadmin
Add Multiple Accounts Bug
Hi All,
We just learned of a bug with disabling multiple accounts in Chrome. If you add "google.com" to the "Sites that can never use cookies list" students can add multiple accounts through Chrome. Blocking chrome://settings/privacy and chrome://settings/cookies should stop students from adding google.com to the list.
https://redd.it/13rsi36
@r_k12sysadmin
Doc cams and Chromebooks/boxes
As the title says what are ya'll using for doc cams and chromebooks/chromeboxes as the operating unit? We were using Ladibugs but are looking to upgrade as they're terrible quality. Right now we're trialing some Aver M5's and while they seem to work fine on Windows I'm having issues getting the image quality to be good on a chromebook/box. Though admittedly my prior tests with the M5 on Windows was on normal monitors and old projectors as opposed to the Promethean panel I was using with the chromebox...
https://redd.it/13rjwia
@r_k12sysadmin
GAM Question - add drivefile issue
This is crazy to me - I'm trying to push a single user's network share files up to their Google Drive. Now, I know that GAM is not the ideal tool for this, but it's what I'm working with at the moment.
I'm runninggam user user@domain.org add drivefile localfile \\server\share\directory\*
The response that I'm getting is very strange to me:ERROR: [Errno 22] Invalid argument: '\\\\server\\share\\directory\\*'
Anyone know why the extra '\\' is being added? I've tried quotes as well as powershell variables. It doesn't seem to matter how the directory is fed into gam, it adds those additional \\-es.
Anyone know of a better way to make this happen? Thanks in advance!
https://redd.it/13qyjhh
@r_k12sysadmin
What is this block page from?
As of yesterday, my school's network has been throwing up this block page for this, and as far as I can tell, only this page. Problem is, this isn't the block page for any software we use - Linewyze with a bit of filtering through our Palo Alto firewall. It looks like GoGuardian's block page, but we haven't used GG for two years at this point.
Anyone know where this is coming from?
https://preview.redd.it/zu9m5m2flv1b1.jpg?width=941&format=pjpg&auto=webp&v=enabled&s=e2512542539ea81743314b64b5753b2303c9ef6c
https://redd.it/13qvtp1
@r_k12sysadmin
View all Google Classrooms
I'm confident I already know the answer but this is a creative group; Is there any way to view all Classrooms in your Google Domain?
How is it even possible this feature doesn't exist? Management want to know how it's being used, who made courses, who hasn't, how many kids access them etc etc. Some of this info can be found with the Audit function under reports, but even that goes only 6 months back I think.
https://redd.it/13qsc0g
@r_k12sysadmin
