17
Reddit’s r_k12sysadmin Credits: @r_channels @reddit2telegram
GCPW Equivalent for Mac
Is anyone aware of a method to replicate what GCPW does on Windows, but on a Mac? Looking to utilize Google as the auth store for our computer labs, mainly as a resort to help Securly function more properly on these computers. I don't know much on Mac, and am learning about this whole project as I go. Thanks in advance!
https://redd.it/1b0ipkn
@r_k12sysadmin
How are ya'll dealing with the Pencil Method
If you guys don't know, the Pencil Method is an unpattchable (i'm serious, no one can patch it (except google) as it's a hardware exploit) that involves opening up your chromebook. finding the flash chip (commonly made by Winbond or Gigadevice) and bridging pins 3 and 8 (WP and VCC) with something conductive to disable write protect. Then anyone can do anything once that's done, including installing MrChromebox Firmware and turning off enterprise enrollment. Just curious on how ya'll are handling this (or gonna handle it if you hadn't heard of it
https://blog.osu.bio/blog/the-tsunami Guide incase.
https://redd.it/1azbkuc
@r_k12sysadmin
9th - 12th OS for 1:1s
Hey all,
Our 9th - 12th students have been using windows 1:1s for a good number of years now, and it’s starting to become a challenge to support. This leads to my question: what OS are you giving to your students? My assumption is ChromeOS is going to be dominant, but figured it’s worth asking all the same.
https://redd.it/1ayxgqn
@r_k12sysadmin
How many devices do your teachers use?
While talking with schools, we've learned that some teachers have multiple devices in their classrooms they use (iPad, Chromebook, Desktop, etc). How many devices do your teachers have in their classrooms? Why do your teachers use more than one?
View Poll
https://redd.it/1aydd10
@r_k12sysadmin
Smartboard/Touchscreen cleaning
Hello fellow admins, we work in a place where a lot of fingerprints end up on a lot of surfaces, but I'm curious what your schools use to clean the touchscreens. I have been asked to take on locating a solution to cleaning these, but I'm not sure what sort of bulk purchases for this I would purchase. I normally use a lot of microfiber cloths for this at my own home, or rubbing alcohol wipes on my phone, but we CANNOT use rubbing alcohol at my workplace.
Any tips out there for me?
https://redd.it/1ay658f
@r_k12sysadmin
Windows 11 Co-Pilot Preview
Last night my computer updated and Co-Pilot preview was installed. I have been trying to see what I can find about what they are doing with data, what data they are collecting etc. We have people using spreadsheets with student information, financials and so on.
Microsoft's literature is kind of vague:
https://learn.microsoft.com/en-us/microsoft-365-copilot/microsoft-365-copilot-privacy
It appears it meets GDPR which is at least a good step.
Is anyone else having concerns? Should I not be worried about this at all?
https://redd.it/1axzn6y
@r_k12sysadmin
Managed Network Services
I currently do not have a network admin. If something is wrong with the network that's on me. It takes away from my duties as the Director per my business manager and Super.
We've been in talks with a MSP to help manage our network infrastructure. Has anyone done this?
It makes me nervous because when do they say we don't need you anymore more.
https://redd.it/1axi26n
@r_k12sysadmin
OneSync, Skyward, and Google - oh my!
Hey all -
Here is the scenario - right now we create a student in Skyward. OneSync queries Skyward. It can't actually read the password field (encrypted) so it generates the password based on the studnet unique ID and a few other things.
The need / plan is to allow the high school only to set their own password in Google. I can bulk update the "change password on your next login" flag for just the High School student OUs. But.. will OneSync then override it on an Import, like during the next rollover when we bulk import the whole thing? All that would do then is reverse the change back to the generated one set initially.
Any districts allowing high school students to set their own passwords, and use OneSync to provision - how do you get it to play nicely?
Thank you for any and all ideas!
https://redd.it/1axf4t8
@r_k12sysadmin
Do you block chrome:\\settings for students?
we received communication from Securly earlier in the week suggesting we block chrome:\\settings for students to patch a vulnerability.
We've been down this road before and it seems there's no way to accommodate students who need accessibility settings with chrome:\\settings disabled.
Securly suggests putting students in a separate OU who need accessibility settings- which means we now need to decide who is worthy of that feature.
What are other districts doing for this?
https://redd.it/1ax6oeh
@r_k12sysadmin
Speech to Text for hearing impaired student
Just had a building principal reach out wanting a solution for a student suffering temporary hearing impairment, and curious if my fellow school tech Redditors have any advice or recommendations.
Students are on chromebooks so initially I'm thinking maybe a wireless mic for the teacher, connected to the student's chromebook with a STT app. Anybody have better ideas or experience with different solutions?
TIA
Edit to add: I should specify the issue is the student having difficulty hearing the teacher(s) in class, looking for a STT solution to dictate what the teacher is saying for the student.
https://redd.it/1awjx8r
@r_k12sysadmin
Record Retention
In the past our admin has paid a company to scan all records, digitize, and index them. What are your districts using to complete this?
​
https://redd.it/1awgrhh
@r_k12sysadmin
Network overhead speakers
Hello all,
Our original 20-25 year bogen speakers are starting to fail in the classrooms. I am interested in having network speakers installed to replace them and was curious if anyone has experience with them. I’ve requested a demo of the Axis brand so far but haven’t spent a ton of time on it yet researching what else is out there.
https://redd.it/1au2t6x
@r_k12sysadmin
I wish to build a TeleCenter system 21 unit so that I can hook it up to a fire alarm system I have
https://redd.it/1athhpt
@r_k12sysadmin
Content Filter for Windows District
We have been using Cisco Umbrella for a few years and I'd like to know what's out there for a web-based content filter that might have additional features. We have no Chromebooks - just Windows and then iPads for K-4. I've seen demos from Senso, Lightspeed, Aristotle K12.
I was very impressed with Senso and have heard it is very good for Windows environments. Lightspeed also had a great demo, but some in this subreddit have expressed dissatisfaction. It's hard, though, to get a good sense because so many other schools are Google and Chromebooks.
Would love a tool that could also help us to evaluate software usage so that we can have a better sense of what is actually being used and what is just a money sink. We have a separate firewall appliance.
Share the good, bad, and ugly - and TIA.
https://redd.it/1ate898
@r_k12sysadmin
Chromebook kiosk issues?
I am currently on hold trying to get in contact with Google but...
is anyone having trouble with Kiosk mode? I am trying to set up devices to launch an Avant website (https://app.avantassessment.com/) for an exam. As far as I know I have it set up correctly in the admin console, but the Apps button isn't showing up on the devices. I feel like I'm losing my mind here as I've done this before and never had any issue.
BTW, I am setting up the Kiosk via Devices > Chrome > Apps & Extensions > Kiosk. Then "add by URL". The installation policy shows as "installed", and the device I'm working with is in that OU. But I do not have the ability to launch that site from the Chromebook. There isn't even an Apps button.
https://redd.it/1arq27j
@r_k12sysadmin
Staff Reviews
What template do you use for staff annual/bi-annual reviews?
https://redd.it/1b0h450
@r_k12sysadmin
Taxes - educator expense deduction
Do you claim this deduction? Do you think we qualify?
https://redd.it/1az2h0h
@r_k12sysadmin
Co-op or MSP style services as a Director?
Does anyone here work for multiple schools as a vendor, like Director as a Service kind of deal? If so I would love to chat, I have questions about the approach and would like some insight from anyone who has been there.
I currently have a tiny (less than 100 enrollment) school without a Director or even tech that would like to contract me for summer services (identity management, network audit, update Student AUP, etc) but I'm not sure about it yet.
They mentioned maybe bringing in another school they coordinate with to create a sort of co-op so I could help both over the summer with the same policies/OU layouts and whatnot.
https://redd.it/1ayvczu
@r_k12sysadmin
FOIABuddy.com?
Our district just got our first FOIA requests from this "tool." The PDFs it generates don't display properly in Acrobat (looks like they're using a tool that spoofs a fillable PDF--it's not actually one to standard under Adobe). Not quite sure if it was the tool or the submitter that messed up. Wondering if anyone else has gotten info from this tool and seen the same issues.
https://redd.it/1ay3jn4
@r_k12sysadmin
Elementary Tech Classes
For many years we have had a once-per-week, 30-minute technology class for Kindergarten through 5th grade students. This was one of the specials classes along with Art, PE, Library, and Music. We're trying to determine if this is the best model. Just because we've always done it this way doesn't mean it's the correct solution.
How much time per week do your elementary students have getting technology instruction, specifically using a mouse and keyboard?
Do you have a dedicated computer teacher?
Does the elementary classroom teacher teach keyboarding skills and other aspects of using a keyboard?
Is it part of library or some other class?
For context, our students have iPads K-2 and then Windows laptops 3rd - 8th grade. We know for sure that we want them to start learning to type on a keyboard at some point in elementary school.
Thanks!
https://redd.it/1ay3o7m
@r_k12sysadmin
Remote support tools
We currently have ConnectWise ScreenConnect and are looking for a replacement. We need something that can provide unattended remote access to approximately 2000 endpoints. What is your product of choice?
https://redd.it/1axiyid
@r_k12sysadmin
90+” Interactive Whiteboards
Hi everyone, I have a classroom with an aging SMART board that’s basically dying. There’s two teachers in that room: one needs a display that’s at least 90” big diagonally so all students can see what it displays. She’s fine with a projector on a large, regular white mark board.
The other teacher needs it to be interactive, so that she can interact with what’s being displayed.
The problem I find is most companies I have found have gone to TVs, but haven’t found any big enough. All I’ve seen max out at about 85”. I guess SMART (smarttech.com) has 94” and 97” boards, but the reseller requires us to buy in packs of 200. Since we just need 1, that’ll be a hard pass. Especially considering they’re bound to be several thousand dollars each.
So my question is: are there any interactive white boards out there, at least 90” big, and allows us to buy just 1?
https://redd.it/1axgb45
@r_k12sysadmin
Student Chromebooks - Loaners or Swapping
When a student has a damaged, missing, etc chromebook, does your district give the student a loaner checked out from library/tech until theirs is returned, or just hand out a different chromebook?
View Poll
https://redd.it/1axdfs4
@r_k12sysadmin
Trying to download global protect from Palo Alto
I am tyring to get to download our global protect client, usually by going to the VPN public IP address and today I am met with this, ERR_SSL_KEY_USAGE_INCOMPATIBLE. I use chrome and it is fully updated. Palo Alto is on 10.2.0-h2 because of the whole certificate thing that we had to fix by April. Is this a chrome thing?
https://redd.it/1awr67e
@r_k12sysadmin
Weird DNS issues Paramount Plus etc.
Been having some strange DNS issues lately. We use MS-ISAC (Akamai) for external DNS (DC's sent to fowarders) . Websites like cnn.com,bbc.com,weather.com. Would not load. We changed forwarders to Quad 9 DNS, everything was working fine.
Today, paramountplus.com won't load. Tried changing my computer DNS to 8.8.8.8 and 1.1.1.1 manually (bypassing the DC external Quad 9 Forwarding) Still does not load,
Changed my DNS on my PC to the Akamai DNS, page loads fine....
https://redd.it/1awimp4
@r_k12sysadmin
Boxlight Procolor Unpluggd Questions
We have a few older boxlight procolor 752u in some classrooms. Is there anyway to get the unpluggd app to stream wirelessly without allowing broadcasts. We use Aruba for wireless with a self hosted mobility controller or whatever they are calling it now.
https://redd.it/1awej4a
@r_k12sysadmin
TIL Force Install extensions don't apply to Chromebooks using Managed Guest Sessions
Quote: "Private apps and extensions that are limited to users in a domain can't be installed because managed guest sessions don't require users to sign in." https://support.google.com/chrome/a/answer/3017014?hl=en
We stumbled across this nugget before any major incident or damage could be done. We have deployed Chromebook as kiosks using Managed Guest Sessions around the district, mostly connecting to our SIS but also for the library card catalog and a new digital pass system. These are also mostly in public spaces: Library media center, main offices, study hall, etc.
You might be thinking, so what?
The problem (for us, at least) is that our web filter product is extension based and requires the authentication of the user through their Google account. In a Managed Guest Session, the extension isn't installed or loaded, therefore the Chromebook is completely unfiltered. Many years ago, when originally configuring the settings of the web filter extension, it was placed at the root of the organization and set to Force Install. We thought, "Perfect! Now everyone and every device gets this extension via OU inheritance."
You know what they say about assuming...
The way we found to counteract this is to block all URLs while creating a very specific blocked URL exception list for Managed Guest Sessions. Specifically, in the Google Admin console, Devices > Chrome > Settings > Managed guest sessions > URL blocking. There are two settings. Blocked URLs is set to wildcard (*) and Blocked URL exceptions is the specific list of allowed sites.
Please don't interpret this as a rant against any product or service. It's more a facepalm "I should've had a V8" kinda moment. We were dumb and ignorant - don't be like us.
https://redd.it/1atwwim
@r_k12sysadmin
DIY Anti-Phishing / Security Awareness Training
Anyone doing their own DIY anti-phishing email campaigns or any type of security awareness training. We are a fairly small district and admin can't justify the cost of knowbe4. Are there any free tools that can help with this or any good resources for this stuff?
https://redd.it/1ati2wv
@r_k12sysadmin
Best software for patch management?
What are you using for Patch Management for Microsoft and 3rd Party Apps?
​
We are looking to move away from our current software because it is too robust and expensive for what we need. Our district supports roughly 1000 Windows PCs.
https://redd.it/1ascj5n
@r_k12sysadmin
Papercut Mobility Print + iPads scenario
Hi all,
I'm wondering if using Papercut Mobility Print with iPads would help alleviate issues we're having...
We have a host of HP Enterprise laserjets at the schools for students to print to. They print via AirPrint pushed out by mdm. It seems to be a weekly occurrence where a group of students will suddenly not be able to print. Of course, the iPads are silent and never show any errors. Sometimes it looks like it's printing but nothing comes out. Other times the printer disappears when the user selects it. The printers don't show attempts in the logs so the jobs never actually get there. Other students print fine. When I try to troubleshoot, there's not a clear cut solution. It usually just starts working again.
My thought was what if I put a papercut mobility print as a layer between the two. I just don't know enough about how iPads interact with that. Do they send the jobs to the mobility print server and the server converts it to a job using it's own print drivers. Or does the MP server just simply relay the job through as an airprint job. I'm thinking if the server converts it, that might help with the issue but if it's just handing things off, probably not.
I used papercut mf in a past life but it was mostly windows and Chromebooks.
Thanks.
​
https://redd.it/1arp6vi
@r_k12sysadmin