17
Reddit’s r_k12sysadmin Credits: @r_channels @reddit2telegram
Google Context-Aware Access for Chrome OS devices
Hello K12 Team,
I am currently working to configure context- Aware Access( CAA) to restrict access to a application to only school issued devices.
This is the current policy that I applied :
https://preview.redd.it/k948qyl43ewe1.png?width=1147&format=png&auto=webp&s=a57a465821e4d1eb7256527f217b16a418186679
While configuring the policies, I noticed a couple of issues and wanted to ask for your input:
1. ChromeOS Devices Not Appearing Under Mobile & Endpoints:
In the Admin Console, under Devices > ChromeOS, I can see our full list of managed Chromebooks.
However, these devices do not appear under Devices > Mobile & Endpoints.
This makes it unclear whether CAA policies or device-based access restrictions will work as expected across services.
2. Verification Concerns:
I'm using the "Device OS = ChromeOS" and "Verified ChromeOS = Required" condition.
I want to confirm if all our managed Chromebooks are properly verified from Google's perspective and if there's a way to validate this.
3. Licensing Clarity:
We are using Google Workspace for Education Fundamentals, and based on my research, it seems to support CAA.
I’d appreciate confirmation on whether our current licensing allows full use of CAA features, especially in terms of device-based restrictions.
Ultimately, I’m trying to ensure that:
Only school-managed Chromebooks have access to that app and dont allow if they access from other devices.
Would love some guidance or confirmation that I’m approaching this correctly — and if there’s a known way to get those ChromeOS devices to appear under the Mobile & Endpoints section (or if that’s even necessary for CAA enforcement).
Thanks in advance!
https://redd.it/1k56iq6
@r_k12sysadmin
Locking Chromebook cases?
We see a lot of screen damage that's caused by kids removing the cases to slip in references to whatever the current meme is, even though this is against policy (I know, right?)
Does anyone know of any cases we can "lock" in place? We have mostly Lenovo 300e Gen 4s.
https://redd.it/1k4n4v0
@r_k12sysadmin
IFP info from Our Demo of 3 Mimio Pro G Clear touch and V7 IFP8603-V7PROM
So we are doing a demo of IFPs to decide on one as it looks like we are going to start moving this way slowly. I always see questions about IFPs so figured I could add to the discussion.
We have 3 different models in the title. I don't know the exact Clear touch model but will add it when I get it. I will add to this as I play with them more as well.
So the first thing I want to touch on is they are all almost exactly the same. From the bezels to the software. The mimio is the only one slightly different from the three. It has a web cam in the bezel but on the negative side it didn't come with the Wi-Fi module. Where the V7 did not sure about the cleartouch as it was an actual demo unit and already had installed. I haven't had alot of time to play with them yet but they all feel and respond the same.
So that being said unless you need a specific piece of software that is baked into one of the brands it comes down to price. The V7 is significantly cheaper. We got the 86" for 2350 ended up 2500 shipped from Comp source. that is still several hundred cheaper then the 75" of the other two brands. Both of the other 2 were around 2700 for the 75"
If anyone has anything else to add about these models or any other models feel free. This can just be an open discussion about all things IFP
https://redd.it/1k2bb75
@r_k12sysadmin
GoGuardian banning Google search results based off first results
Had some weird reports over the last day of students not being able to see Google search results sporadically, so I got on my test student account and tried googling "what is the powerhouse of the cell?".
Was met with a GoGuardian block page. Weird, no reason Google should be blocked. Go to check in GoGuardian what the activated policy was and there's no entry for a Google search, but there is for a Reddit post titled "What is so funny in "Mitochondria is the powerhouse of the cell" joke?"
So I try it on my desktop, and I notice the first result when googling that question IS the Reddit link. That Reddit link isn't included in the AI overview, it's literally just the first result.
I message GoGuardian's support and they already know what's going on, apparently there's been a change with how Google handles "network prediction" in order to load pages faster when searching. This can lead to a blocked page getting included in that, which then triggers the GoGuardian block of the whole search result.
The tech I talked to linked me a support article on their site titled "Google Searches Blocked Unexpectedly" that includes all the info on this if you want to read it yourself.
Any other content filters running into this? We have Linewise running concurrently (don't ask) and it doesn't appear to be affected by the change in Google.
https://redd.it/1k2923i
@r_k12sysadmin
Navigating Tariffs and Special Tech Requests
https://k12techtalkpodcast.com/e/navigating-tech-tariffs-in-k-12-education/
In this episode, we dive into the current issues surrounding technology tariffs and their impact on K-12 education.
A segment is dedicated to addressing the complex topic of managing individual teacher requests for technology upgrades or changes. We share strategies for handling these situations at a district level while balancing the needs of staff and budgetary constraints.
Additionally, the episode features a discussion about a significant lawsuit against Google, where parents accuse the tech giant of tracking students.
https://redd.it/1k25yyr
@r_k12sysadmin
Seamless Remote Access VDI
Hello Everyone,
I am the original author of this guide from around 5 years ago teaching you how to setup VDI during COVID times. Now, a lot of things have changed, improved, making the previous guide ultimately obsolete.
I hate seeing people spend time, and especially money on something that is unnecessary (VMWare, Citrix, any other expensive VDI solution). So that is what this new guide is for.
The changes in this new guide:
More clear and detailed.
Handles more edge cases.
Scales easier.
Covers maintenance.
Easier setup overall.
And much more.
Feel free to use this guide and give me any feedback that you have. I also have it in a public GitHub repo incase you want to contribute to it here.
https://redd.it/1k1m52n
@r_k12sysadmin
end user...lol
https://preview.redd.it/kivfml6xmfve1.png?width=526&format=png&auto=webp&s=27f85ee958ee675049b7ad5b3d5e3d53922955f4
https://redd.it/1k1ixpr
@r_k12sysadmin
MS 365 Admin Center Insight Message (Websocket Connection)
https://redd.it/1k1c765
@r_k12sysadmin
PA Upgrades
Currently we have Bogen Multicom 2000’s across our environment. I’m looking to replace the headends,amps..etc, clean up cabling, and reuse the existing analog speakers. We only have two zones, and only care about unidirectional communication.
Whatever headend/amps I rip and replace with ideally will have native SIP support. As a result, bells will be handled by another application.
Has anyone done a similar upgrade while reusing existing analog speakers? If so - any recommendations on headends/amps? I know it’s contingent on the type and amount of speakers/zones per site, but I figure I’d seek recommended options.
Would love to chat with someone who’s gone through a similar process, and did it “in-house”.
https://redd.it/1k1bgot
@r_k12sysadmin
CTE Students
Do any school districts here offer remote desktop access to a server for students to use Autocad or Adobe from home?
What options do you use outside of a lab environment.
https://redd.it/1k10056
@r_k12sysadmin
Umbrella as a filter
I am switching to Cisco Umbrella as my filter, would anyone be willing to share your config for how you are filtering with it?
https://redd.it/1k0m8oa
@r_k12sysadmin
Speech-to-Text & Schoology
I have a teacher assigning PDF documents using file upload in Schoology. They want students to be able to have the PDF read aloud inside Schoology.
We currently have Read & Write for Chrome installed, the free version. That doesn’t work in Schoology in the built-in PDF viewer. I’m seeing that the same parent company has OrbitNote available, which claims to integrate in Schoology.
Has anyone used OrbitNote and have positive/negative feedback, or a different solution that works well for their environment?
https://redd.it/1k0aah8
@r_k12sysadmin
Any way to turn off Copilot results in Bing?
In Edge is there a way to turn off "Copilot response on web page" via GPO, Intune or other mass method? I know you can turn it off individually by going to the Bing hamburger but that isn't of much use.
Students are using the Copilot AI response on Bing to get around site blocks that give answers to test questions.
https://redd.it/1k05xrx
@r_k12sysadmin
Got a job as "Media Technician" aka IT technician, any help/advice appreciated.
Hey all,
I just accepted a position with an elementary school (K-6) that has about 200 students with 1:1 Chromebooks. I was told that I would be keeping inventory, troubleshooting things with staff, (I was given a pretty vague description) and I'm looking for some insight from someone in this kind of position. I'd be the only person in this department, btw. My background is all self-taught, I would consider myself a media generalist as in prior positions I've had to learn various different types of equipment, software, etc. I went to school for journalism/media but I've always had a knack I guess for tech and I'm great at troubleshooting and figuring out the answer (google warrior). What are some things I should learn about prior to starting? Any resources or anecdotal advice would really help! Thanks, I'm pretty nervous.
https://redd.it/1jzvcpc
@r_k12sysadmin
Install Rights without Admin Rights
Hello all!
I am a system admin for a high school of about 900 students. Currently we are allowing the students to have local admin rights to give a sense of responsibility and freedom to use their devices as if they were in the real world. This upcoming school year we are looking to roll back some rights as it is a bit of a security risk to allow full access to their computers. I have been tasked with finding a way to remove admin rights away from the users but still allow install rights to let them install things that they want to use outside of school such as Spotify or some Windows Store apps.
From my research I am finding it near impossible to solve this without the use of outside software. I was hoping to reach out to my fellow school sysadmins to see how you all implement something similar or if you have some insights that could help guide me to a solution to this!
Thank you for any tips or advice you have!
https://redd.it/1jzrj4f
@r_k12sysadmin
Chrome Kiosk Print
I'm trying to setup a Chromebook to work as a kiosk for users to click in/out. I have everything setup but print does not work, I get an error Print is blocked. I'm sure I'm missing something but I have researched and Googled this but nothing has helped.
I have all settings that I could find set to allow printing in Gsuite for that OU.
https://redd.it/1k4o533
@r_k12sysadmin
Social Media Admin Management?
Hey there all, I'm working with our interim Social Media manager to revamp Social Media access and rebalance the load so that it's off of people who are already overworked.
The current issue is that access to the social media platforms is connected to personal accounts, including the SuperAdmin for our Facebook account. If someone leaves, then we're a bit SOL and will have to either start from scratch, or rely on that person to reassign someone else.
My main idea was to use the shared emails in order to create accounts for specific people to sign into, and from there connect it to the Facebook Business account as the Managers. However, in creating the account, it immediately got suspended before we even had a chance to add it to the school's Facebook. I don't really want it to be that people create accounts using their work emails and the like, but I was curious how other school districts do it? 'Cause we have specific emails that are like [campus acronym\]@[domain.org\] and those would be easy enough for us to manage access, then from there the schools can have at it.
And I know it's best practice to keep IT and Social Media separate, but my district has <1000 students and each of us are wearing a lot of hats (especially IT *cries*), and setting it up for the schools to take over will lighten the load of a lot of us.
https://redd.it/1k4kkhl
@r_k12sysadmin
Acer Chromebook Spin 513 Shorting out
Are any of you seeing issues with Chromebooks shorting out?
I have a classroom that has gone through 5 Acer Chromes this year alone. I replaced the Chromecart with one that I put in all new (UL listed) chargers.
https://redd.it/1k2a56k
@r_k12sysadmin
Security Watch 4/18/25
On K12TechPro, we've launched a weekly cyber threat intelligence and vulnerability newsletter with NTP and K12TechPro. We'll post the "public" news to k12sysadmin from each newsletter. For the full "k12 techs only" portion (no middle schoolers, bad guys, vendors, etc. allowed), log into k12techpro.com and visit the Cybersecurity Hub.
SSL/TLS Lifespan Cut Proposed
Starting in 2029, SSL/TLS certificates may be limited to just 47 days—down from 398. This push for better security means automation tools like ACME will become essential for certificate management.
Smarter Phishing on the Rise
“Precision-Validated Phishing” is making traditional defenses less effective. These attacks confirm the validity of email addresses before launching, bypassing automated detection tools and targeting users more effectively.
An Odd Ransomware Case
NTP recently handled a unique incident involving amateur attackers using AI and 7-Zip instead of traditional ransomware. The attack was neutralized, but it highlights a growing trend of less-skilled actors targeting smaller organizations. See full newsletter for details.
CVE-2025-29824: SYSTEM-Level Exploit
A new Windows vulnerability allows attackers to gain SYSTEM privileges. Patched as of April 2025 (OS Build 26100.3775), this flaw emphasizes the need for regular updates, strong monitoring, and endpoint protection.
https://redd.it/1k25ww6
@r_k12sysadmin
Chromebook or Windows?
This came up in a meeting today. My point was that most schools are on Chromebooks. I was told that many are on Windows, which didn't sound correct.
Please vote for what your school uses for students.
View Poll
https://redd.it/1k1jnvg
@r_k12sysadmin
3D Scanning & AR/VR - Any Experiences, Recommendations
I'm helping set up an EdTech lab and we're looking at hearing what other schools are doing as far as AR/VR and 3D scanning. Anyone seeing these get use in their environments? Any thoughts on what works, or what to avoid?
https://redd.it/1k1kzgm
@r_k12sysadmin
Is anyone using Google's Cloud Certificate Connector to distribute SCEP profiles for 802.1x networks to Chromebooks?
I've looked over this documentation and the setup seems pretty straightforward (assuming our windows team has the NDES/SCEP stuff set up in ADCS).
We are using a service account to get chromebooks on our Enterprise network that of course got leaked to some crafty students and now they are able to get on our Staff BYOD network. SCEP certs seem like a good way to go, but does anyone have any experience is this setup?
Thoughts, feelings, insights etc? It seems like one of those things that if something goes sideways with a cert, all of your chromebooks now can't get on the enterprise network. Also does the cert have to be renewed once everything is in place?
https://redd.it/1k1gtlh
@r_k12sysadmin
Cybersecurity: The Greatest Threat Schools Aren’t Ready For
https://www.gse.harvard.edu/ideas/edcast/25/04/cybersecurity-greatest-threat-schools-arent-ready?utm_source=SilverpopMailing&utm_medium=email&utm_campaign=Daily%20Gazette%2020250417%20(1)
https://redd.it/1k1cego
@r_k12sysadmin
What is ForAudio
Over the past couple of weeks, we’ve been having issues with pages not loading or freezing on Chromebooks on our student WIFI network. I’ve gone down multiple rabbit holes trying to troubleshoot it.
Today, I logged into our Palo Alto firewall and reviewed the blocked traffic from one of the student WiFi networks. To my surprise, I found hundreds of blocked sessions labeled with the application "ForAudio," all going to Google IP ranges. I searched online and on Reddit but couldn’t find much information about it.
What’s really strange is that I had a ticket today from a student who couldn’t access a local community college’s website. When I checked the Palo Alto logs, the connection attempt was using the "ForAudio" application and was being blocked. I created a rule to allow "ForAudio," and just like that, the site loaded immediately.
So far, we’re only seeing this behavior on Chromebooks. Has anyone else come across this or figured out what "ForAudio" actually is and how it ties into Google?
https://preview.redd.it/l6odonl3yave1.png?width=2302&format=png&auto=webp&s=e7d42de03d1a2880aed7728f94c340676017956d
https://redd.it/1k11p84
@r_k12sysadmin
Google Workspace Chrome Devices: Urgent: System not Responding
Is anyone else getting a ton of "Urgent: System not Responding" emails from Google Workspace about Chrome devices being offline when they clearly aren't?
https://redd.it/1k0xrgk
@r_k12sysadmin
Personal Vehicle - Transport Assets
As this suggests the NYS-BOCES I work for makes us use our own vehicles to haul assets to districts in our service are. One of which is an hour drive away, but they refuse to buy us a vehicle for such purposes. Isn't this a big no no, as it creates risks like if you get into an accident insurance is going to fight over paying for equipment, increases chance of theft. I just want to know if this is normal in the industry or what other districts do.
https://redd.it/1k0kkoa
@r_k12sysadmin
Anyone else use Scotty logic when giving time estimates and difficulty levels to the boss/Captain?
https://redd.it/1k081vv
@r_k12sysadmin
Acer Spin 511 R75T-C3M5 Buyback
Hi all! Would any of you like a buyback for the Acer Spin 511 R75T-C3M5? We need some motherboards and other parts, and this would help make things easier for some repairs.
https://redd.it/1k025v7
@r_k12sysadmin
Google GCPW and Action1 setup on windows desktop that students have access too. Advice?
Hey all, due to our school not having good MDM or AD for windows devices we are moving more staff to Chromebooks and trying a minimal management approach since the school doesnt have the money currently to invest in better Windows Management (Plus almost all windows machines are at EoL). I started last Oct, so I did not get the school into the position fyi. I know it is not an ideal situation, but between GCPW and Action1 I believe I can get decent management for the soon to be very small windows fleet.
I have a couple windows machines that will be used for students to access in our arts/media room for photoshop/lightroom.. etc. The currently wks that desperatly need replaced are setup with one local student user for every student to sign on. Then they sign into their own adobe school accounts.
Could it be an issue for students to just sign in using their own Google account with the GCPW?
Not sure if overtime that could get a bit much if each login creates a new user acount on windows? (not sure if it does?)
For the few admin who will be using windows machines the GCPW should be perfect, but I am wondering if it will be best for computers students will use daily.
I also dont know if it is best to try to use GCPW or Action1 to control windows updates. Action1 will be great for remote management and pushing things out.
any advice on this setup is very welcome.
Again, I know it is not ideal, but it is much better then what we had before. Maybe next year I can't push for a project to get our school better windows management.
I appreciate any advice. Thanks!
https://redd.it/1jzrdsm
@r_k12sysadmin
Chromebook password management
How is everyone managing student passwords? I have inherited a shop where every child has the exact same password. They do this for ease of administration for the teachers. We have as young as kindergartners in Chromebooks and I understand why expecting a kindergartener to manage a password is unreasonable. I’m trying to think of a way to have unique passwords per user but make it easy management wise for teachers. Any brilliant ideas?
https://redd.it/1jzqjnt
@r_k12sysadmin
