-
Reddit’s r_k12sysadmin Credits: @r_channels @reddit2telegram
Esports Club/Multi-Use Classroom Help
I'm currently in charge of setting up a new Esports lab in my high school - we have about 30 computers total that are currently up and running. We also have a teacher with an Esports curriculum that is looking to use the computers as well as some additional software. This is my first time setting up something like a lab and I wanted to make sure I have everything I need in order to get this working properly.
I was planning on setting up the Esports lab on its own VLAN to allow students access to matchmaking for their games. These computers are currently not set up on our domain - would it make more sense to connect them to the domain via AD or leave these computers as standalone PCs? I was thinking it would be necessary to add an OU to AD in order to create some policies for these computers, hence the need to connect them to AD. If I go the route of adding them in AD, I was planning on assigning Esports-specific accounts with some way to provide a changing password so that students cannot access these computers outside of club hours. Is there a better way of doing this, especially in regard to the lab being a multi-use room?
It appears as though our students are not given Microsoft/AD logins to access desktops, rather the desktops contain Chrome agents that allow them to log in that way. This makes me unsure how to proceed with the students in the Esports class versus the Esports club - what is the best way to allow access for both sets of students to access the same computers but for different programs?
In regards to Esports - has anyone else had a similar situation in their schools? What policies do you have set up for your Esports labs? Is there anything I might be missing/forgot to mention? I'm excited to get this project moving and ready, but some of these things are stumping me up along the way. Apologies for so many questions, I'm fairly new to IT and this is my first large project so I'm trying to make sure things go smoothly.
https://redd.it/17quy6n
@r_k12sysadmin
Clever and PowerSchool SFTP - Issues with Multiple Enrollments
Hi all:
We're using Clever extensively and our SIS is PowerSchool. I'm using Clever's recommended settings for sending data from PowerSchool using the Data Export Manager.
We've discovered that due to the way PowerSchool sends course/enrollment data, Clever is having an issue with some term start/end dates. Essentially, the crux of the issue is that PowerSchool sends a separate row for each enrollment record in a section, including students who enrolled and left. If a student is enrolled and then removed from a section, the end date for that particular enrollment record is the date the student left the section.
Unfortunately, Clever will occasionally take this entry and set that date as the end date for the section (I'm guessing it may be the first record for that section that Clever comes to). In other words, if a student left a section on 11/8 and Clever grabs that record, the end date for that section in Clever is now 11/8 for everyone.
Clever support was useless - they told me contact PowerSchool. I can't be the only customer having this issue given how widespread PowerSchool adoption is. Has anyone else seen this before?
https://redd.it/17qtky2
@r_k12sysadmin
Google Workspace to M365 auto provisioning question
We have our M365 domain federated against Google Workspace with auto provisioning turned on for the app in Workspace and this is working well for the most part. That said, I am running into an issue where when a user's email is updated in Workspace after having already been auto-provisioned, the new value from Workspace is only propagating to the UPN in M365, leaving the ImmutableID as the older, pre-updated value which breaks SSO for the user.
The autoprovisioning attributes for the app in Workspace for both userPrincipalName and onPremisesImmutableID are set to Username so this makes me think that both should be updating but clearly that is not happening.
Anyone else with this set up observing similar behavior or have any suggestions? Right now I am fixing these one account at a time by using PowerShell to un-federate in 365, update the immutableID, then re-federate and I would like to not have to scale that.
Thank you!
https://redd.it/17qq5f7
@r_k12sysadmin
Anyone else have their AppleTVs locked up by the update last night?
Every AppleTV running 17.1 was black this morning. We have to manually unplug and plug them back in to get them to come up.
https://redd.it/17qng0d
@r_k12sysadmin
Web Filter - Appliance or not?
Right now we have a 5 year old hunk of junk appliance in place that works great most of the time. I'm looking for what you all are using and how well you like it.
https://redd.it/17qlbt0
@r_k12sysadmin
Mosyle says VPP token is expiring, but I just renewed it
When I go to Apple Basic Setup in Mosyle, it shows:
My Push Certificate is set to expire in Aug. 2024.
My "ASM token" is valid until Oct. 2024.
*not "VPP token": is it the same thing?
Is there a third Apple<->Mosyle connection or is this a false alarm?
https://redd.it/17q223l
@r_k12sysadmin
Google Admin
I have a teacher in our District that needs all his students to have microphone access in browser settings. I can't find out how to do this in admin console. Any suggestions?
https://redd.it/17pylmk
@r_k12sysadmin
Papercut Rollout
We're in the middle of a Papercut roll out and running into major problems.
1. Users are unable to log into the system. I'm guessing the issue is related to sync with Windows Active Directory. Let me know what details you might need to address the problem.
2. Tag numbers were not imported correctly through a CSV file. Apparently the usernames through our door management/HR clocking system don't match the AD usernames. Anyone know a powershell script to correct this?
3. We're trying to use the Print Deploy tool and it's going no where. This is related to AD sync, is my guess.
Any thoughts would be helpful. After the chaos is settled I'll let you in on why this happened.
https://redd.it/17pvsmu
@r_k12sysadmin
Office 365 - Spellcheck not working.
For some reason spellcheck has stopped working in Exchange online for all our users. Anybody else seeing the same issue? The admin center is not showing any advisories regarding this problem.
https://redd.it/17pt4jm
@r_k12sysadmin
Logging in to Google / Microsoft MFA authenticator?
I am a bit confused about the purpose of logging in to an MFA authenticator app. What do you gain by logging into it? If you log out of it, how do you log back into it?
Doing some searches on this indicates you can get into a catch-22 login loop at least with Microsoft authenticator, where you need an authenticator code to login, but you can't login to get the code, so...
It seems possible to lock yourself out of admin roles if you accidentally log out of the authenticator and you don't have any backup MFA methods such as a text or phone call, which Microsoft strongly recommends not using.
Is it assumed that MFA authenticator users will always have at least two authenticators active for a single account, so that the one can be used to login the other?
Apparently one-time login passcodes are the only other way around this, and if you don't have those you ride the knife edge of disaster, if you lose access to a device signed into a single active authenticator (dropped device, bricked device, can't repair).
It seems the best route to maintain last-resort access with a logged in authenticator app, is a separate break-glass global admin/tenant account without MFA and an insane 50+ character password or passphrase...
https://redd.it/17pd2vm
@r_k12sysadmin
Gabb phones networking requirements
Anyone have experience with what ports/TLDs/URL's need to be available?
I've got a few students this year whose phones don't work at school. Our wifi is somewhat restrictive and Gabb support doesn't seem to understand what I'm asking for and I can't find anything on their website. They keep wanting to know if the phone is activated or not, and the fact that it works on wifi for these kids at Starbucks, McDonalds, home, friends houses, anywhere else except my network doesn't seem to register as relevant with them.
Yes I could get their phone and work through it myself watching what hits my content filters and firewall, but it really shouldn't be that hard...
https://redd.it/17p6ujz
@r_k12sysadmin
Question about title
I’ve started a position as a technology coordinator at a small school district.
But I am the highest ranking tech person in the district. Making all decisions including budget and long term infrastructure planning. They plan on building a new school and I know I will be the lead rep for all things technology related.
My question is shouldn’t my title be that of a director or chief rather than coordinator?
Every other district in my area has the senior most tech as a Director or chief. Granted, most schools district are bigger than ours. But does size matter as far as title are concerned since others in my district do have the chief or director titles?
What would be the best way to go about addressing this? Set a formal meeting with HR? Or first gather information on what they see the difference is in director and coordinator?
If they say I’m only a coordinator would it be fair to ask when they plan to hire a director to make those decisions?
https://redd.it/17ot5u1
@r_k12sysadmin
IT involvement with your SIS
How much do your IT departments do with your SIS? I ask because we are constantly being asked by various departments and teachers how to do certain tasks in our SIS (Skyward) and we don't know the details of the specific departments or how any changes might impact other things like state reporting. We have started to push back and are telling people they need to ask their department heads and/or administrators in charge of whatever their department might be. That seemed to be working but now we're getting requests from admin to make these same changes.
I'm not comfortable with my team doing anything in the SIS as I believe it's not our responsibility and we are in no way qualified to do anything but make sure the network is up and they can get to the login screen.
https://redd.it/17mxbuz
@r_k12sysadmin
Veracross Queries: Who builds then at your school?
Our school transitioned to VC for our SIS last year. As departments have been coming on board, they have started to reach our department to build queries. If you use VC, is your IT department in charge of creating queries for users? Is your IT department in charge of training each department on how to use their respective modules?
We have given everyone access to VC University and had VC trainers available as their module came on board, but we are still getting daily requests for departments on how to build queries for them to do their job.
I'm just curious to see how your school handles this.
Thanks
​
https://redd.it/17mv12p
@r_k12sysadmin
Blocking Snapchat from school network
Incase anyone is needing to block snapchat from their network, here's my list of what you need to block. The app will load but messages will not go though
snapchat.com
sc-analytics.appspot.com
www.feelinsonice.com
feelinsonice-hrd.appspot.com
snapchat.appspot.com
feelinsonice.appspot.com
feelinsonice.l.google.com
appspot.l.google.com
app.snapchat.com
data.flurry.com
web.snapchat.com
https://redd.it/17ma4tm
@r_k12sysadmin
Getting work done vs Appearing to get work done
Recently had a sit down with our superintendent to go over some issues he saw. The impression is that I am never seen and no one knows where to go to find me. Basically when someone needs me the joke is "good luck" despite me sending out multiple reminders that I am available by calling my deskphone 24/7 and that it always forwards straight to my cell phone. We have a tech support ticket system that is extremely easy to submit and we have one tech phone line that ties to 3 tech phones (when they aren't calling me directly). I also live within a mile of the school and can be on site in minutes.
He also said that currently the network and overall security of the buildings and device support has never been better but wants me to talk with more people in person. I tried this today and everyone in the office wanted to talk about Christmas lights for 30 minutes. I've been told I am the exact opposite of the previous tech director. He could talk to anyone for an hour and would frequently do so. He also worked about 60 hours and when I came in to replace him, fixed a ton of security holes and crypto issues (remote access and hacking tools were installed on server).
What are any of you Directors doing to interface more without wasting all of your work time on office chit chat. I can not seem to satisfy everyone's need for me to "be seen". I consider being seen to be the same as not doing anything or not working.
https://redd.it/17qvpxg
@r_k12sysadmin
Audio recording app for Chromebooks
I am having a real hard time finding a play store app for Chromebooks that can record to an audacity compatible format(not m4a). Preferably able to save to Google drive and/or to a local USB stick. Don't need any bells and whistles, just a way for students to record raw audio they can edit on audacity.
Thanks in advance.
https://redd.it/17qrgat
@r_k12sysadmin
Readingeggs iPad Audio Issues
I’m wondering if anybody else is having issues with audio cutting out in ReadingEggs on iPads? It’s happening to random students at random times. Sometimes restarting the all fixes it, sometimes turning off Bluetooth fixes it, while other times restarting the iPad (sometimes up to 5 times) fixes it. It’s happening with both headphones plugged in and with the built-in speakers. When we’ve called ReadingEggs support, they’ve said it’s “something with your MDM”. We’ve scoured our profiles in Jamf Pro and can’t find anything we’re doing relating to audio. I don’t think it’s anything to do with MDM since when the audio cuts out on ReadingEggs, other apps like YouTube work fine. We’re also not experiencing this issue on any other app, just ReadingEggs.
Anybody else having this issue?
https://redd.it/17qo75w
@r_k12sysadmin
Heads up: TestNav and SonicWALL Capture ATP / Gateway Anti-Virus
Hi all,
​
Just in case anyone is scrambling here this morning:
​
Today we had MCAS retakes at our high school. Students use TestNav for all state assessments, and for the most part it works very well. However, this morning, all students were getting a "Unable to download test content", Error 1009.
​
Turns out that SonicWALL Capture ATP / Gateway Anti-Virus was flagging a file named glossary.par, full URL:
http://ma.testnav.com/client/glossary.par
​
Looking into how to report to SonicWALL and allowlist on our end now.
​
https://redd.it/17qmj2f
@r_k12sysadmin
802.1x Chromebooks & boxes dropping WiFi intermittently
I need to call on the hive mind for some help. In the last few weeks, we have started getting reports of chromebooks (Lenovo 500e gen 2 intel) losing wifi signal randomly during the day. This can last anywhere from a few second to 5 min, then reconnects and all is good. Looking at some of the logs, nothing seems out of place but obviously something is. We did notice that coming up from a sleep state, it can take a few minutes to acquire signal (which is odd). This all started after a power outage a few weeks back, however, we have rebooted DC's, NPS server, Wifi Controllers...etc and they are not reporting any obvious errors but, the issue still seems to stick around. Not everyone having this issue and when the issue happens, not all the users on that AP have the issue. I am leaning towards a specific device issue or a timeout type issue, but I am not seeing excessive re-auths on the NPS server. We run a 5Ghz-only main SSID and a guest that is 2.4Ghz-only. I have the users update their units, forget the guest network (if they have it) but it persists and is frustrating. I can't seem to find a common thread, any thoughts are appreciated.
https://redd.it/17qcu71
@r_k12sysadmin
Non TLS Emails
I've noticed for a while in my reports Hudl has consistently made the top of the Non TLS Encrypted inbound emails list. I've contacted them and they don't know what I'm talking about. Seems like some of the email traffic is encrypted and it's all coming from one server they have from what I see. The emails that are coming from it seemingly are just notifications that their playlist is ready to view but it could potentially have more student/staff information based off user input. Just kind of irks me that a company as big as Hudl that mainly deals with student data isn't sending their info TLS encrypted. Could be just a mistake on their part though.
Subject line is typically something like "Latest: 1 Playlist" from noreply@hudl.com
mail2.hudl.com
184.72.240.81
https://redd.it/17q0pvl
@r_k12sysadmin
ViewBoard Volume issue
We purchased ViewBoards in 2019. Having an issue with the volume on a few of them. We have IPF6550 models.
When we use the remote or the buttons on the screen, it will work for a few seconds, then just shoot all the way up to 100. If you try to lower it, it works for a few clicks then shoots all the way down to 0. Business office is trying to find when and where they were purchased ( I was not on the tech side then), but any ideas as to what it could be?
https://redd.it/17py4qx
@r_k12sysadmin
Any other IT department responsible for non IT things?
We have a security department that doesn't do anything with security cameras or equipment, or the management software, and we have a maintenance department that thinks they don't do anything with door hardware that isn't even relating to the badge readers. Is it commonplace for IT to be the dumping ground for any work that others do not want to do in an educational environment? Genuinely thinking about preparing my resume as there is just no end in sight to the nonsense in this place.
The only thing I have here that is better than anywhere else is the health benefits. Even the retirement doesn't make me feel like I need to stay, now that anyone starting at schools isn't eligible for a pension in my state.
https://redd.it/17pv37i
@r_k12sysadmin
Students can't access Drive from Sites
Our students each make a portfolio of their work in Google Sites. This includes clicking on the Drive icon on the right and selecting files to embed. This works well on our Windows computers and for my account on a chromebook. For some reason, students are currently unable to do this from their chromebooks. When they click the button for Drive, there should be a "slip" that slides out from the right side and shows their Drive's contents. Instead, there is an animation as of something should slide out, but the area is just white. It's like an IFrame that didn't load.
I made a test account and put it into an OU that contains students. It had the same symptoms. I move it up a level (to the school, then students, etc.) and the symptoms remain. I move it to the I.T. department's OU and wait a while (5-10 minutes) and try again and it works.
Any idea what setting this could be? I looked through and I didn't see anything that looked like it might impact this. And yet, when the students login to PCs, they can click on the button to insert files from Google Drive and they can see the list of files. So I think this is a chrome setting.
https://redd.it/17pj9jw
@r_k12sysadmin
Another URL to Block
https://dextensify.pages.dev/
Another day, another exploit...
https://redd.it/17p8zre
@r_k12sysadmin
Any districts using Rhombus cameras?
Hey all, we are trialing a Rhombus camera and Verkada camera. I have been able to talk to other schools using Verkada but don't know of any other districts using Rhombus. Anyone here using them who could give some feedback? We were thinking of getting the R200 and R400 cameras. Rhombus has the lower priced quote so far, not as cheap as Digital Watchdog though. Looking at Digital Watchdog also. Thanks in advance.
https://redd.it/17p5grh
@r_k12sysadmin
Am I crazy? V2.0
I posted earlier this week with my frustrations of my role moving less and less technical but still being expected to maintain a solid network and the response there were good and thoughtful, but I am still stuck in a loop here. I think the reality of the situation is that, from my perspective, k12 environments are not only decreasing in the quantity of IT workers employed, but also the quality. I have worked in IT for 15 years and I have known some stone cold killers disguised as system admins. All those guys move on to get 6 figure jobs in the public sector and never look back. The rest of us try to fill their shoes and pretend that jumping from Cisco CLI to fix a switch, to Powershell to automate account creations and maybe bash out a quick script to migrate VMs to a new host and then dive immediately into fixing a building's PA is a reasonable state of being and that we are actually good at doing those things.
​
When our schools need a new roof, our maintenance team doesn't grab ladders and hammers, they pick up the phone and call a roofing company. Should IT be the same way? We do so to some extent with bigger projects but I think there is a degree of "tech pride" that gets in the way of fulling leveraging this idea. I plan to meet with my super next week and say that I am happy to do the work that he needs, but I need help technically and I would like to take this approach. Is this career suicide?
https://redd.it/17nqf4r
@r_k12sysadmin
Goggle Sign Builder
I know this is no longer available on the Chrome Web Store, it only gives me an option to "Launch" the app and no way to actually download. We have been using Google Sign Builder for the last 3 years in our High School, however I have lost the actual installer to build the JSON for the kiosk view. Does anyone have an offline installer for this or know where to get it from?
https://chrome.google.com/webstore/detail/chrome-sign-builder/odjaaghiehpobimgdjjfofmablbaleem
Thank you in advance.
https://redd.it/17mva5p
@r_k12sysadmin
How does everyone deal with, or your thoughts on Replit use in your division?
Recently noticed kids are using Replit/Firefox to circumvent our DNS filters. I’m trying to build a case for the blocking of Replit but my boss is asking me me to find legitimate use cases for teachers, as well as personally questioning the teachers/students to find out what it’s being used for, which I feel is a fruitless endeavor as they would never admit to me if they were using it to pass our filters.
This action is enough for me to block it completely. However, are there legitimate use cases where TRTs, teachers would actually use this for legitimate purposes? Still no stopping them from using it for the same reasons as we block a tremendous amount of access to things like tiktok, VPNs, VPS hosted servers/sites.
I just don’t see any real need to have this open at all. Anything anyone needs to do their day to smday jobs can be done in the Chrome browser.
Just curious as to how everyone is handling all this AI whack a mole crap popping up on a daily basis.
https://redd.it/17mr3t0
@r_k12sysadmin
Have you had to re-claim your Google Business account to fix the listing details on a Google Search?
We recently discovered that we need to change some of the pictures and other things that come up with a Google Search. We've been on Google Workspace since 2013, but I have a feeling someone set up the Google search info much earlier than that.
We have no idea what account was used or who did it so we need to try to re-claim it.
Does anyone have any experience with this that might help me move forward?
https://redd.it/17m6eoj
@r_k12sysadmin