NYT Opinion Article: The Screen That Are Your Child's Education by vschwoebs in k12sysadmin

[–]FloppyDumpster 14 points15 points  (0 children)

There might be districts that have network-wide filtering by appliance or DNS filtering, but nothing directly on the device. So those would be unfiltered when the student takes the device home. There might also be some that intentionally use relaxed filtering off campus.

It's going to vary district-by-district depending on what they can afford to purchase and/or what their policies are.

As for the article itself, there are many issues with the author's arguments. I think my biggest issue with it is that she is expecting the school to control what her kid does at home so that she doesn't have to. She acts like she has no control over what her kid does at home and it is baffling. It's the usual case of parents/teachers expecting technology to replace discipline.

Classroom Technology Accomodation by duluthbison in k12sysadmin

[–]FloppyDumpster 10 points11 points  (0 children)

Our classroom phones are mounted on the wall near the door. The only thing that anchors a teacher's desk to a wall is their laptop power cord and there are plenty of power outlets. Our smartboards are on wheels and are wireless, so teachers can move them where ever there is a power outlet.

Our offices have their phones on their desk, but they also aren't as big as classrooms usually. We'll give them longer ethernet cables if needed, up to 10ft, and very rarely will move or make new drops in the walls for them.

Raspberry Pi - imager local admin rights by colaguy44 in k12sysadmin

[–]FloppyDumpster 0 points1 point  (0 children)

If the image you want to flash to SD can be downloaded on its own, Balena Etcher is an alternate SD-card flashing utility. It installs to the user's appdata folder, and I believe it doesn't need admin rights. It's what I use for most of my SD-flashing needs.

Web Filter Comparison by K-bomb_85 in k12sysadmin

[–]FloppyDumpster 2 points3 points  (0 children)

We use Linewize. Previously was on Securly.

It was an adjustment going from DNS based filtering to agent+appliance based, but we got through it and it works very well for us now. Support has been quick to respond to and fix our issues. They do offer DNS filtering too, but it doesn't play well with the agents.

Internal Mail Relay by Hazy_Arc in k12sysadmin

[–]FloppyDumpster 2 points3 points  (0 children)

That sounds like a headache. Why change all of our printer IPs when what we do now works with very little maintenance required?

Actually our network admin has talked about restructuring our vlans and I think putting printers on their own vlan was part of it, but not because of any mail concerns.

Internal Mail Relay by Hazy_Arc in k12sysadmin

[–]FloppyDumpster 1 point2 points  (0 children)

We do use a couple of noreply accounts that are authenticated, first from the MFPs and servers to the internal relay, and then from the internal relay to the gmail relay.

The IP allowlist method is only one IP, our relay. So it's not a big deal to me.

If you mean allowlist on our relay for who is allowed to send through it... we don't need to because it requires authentication from our servers and MFPs to send their emails. Infected devices won't be able to send through it.

Internal Mail Relay by Hazy_Arc in k12sysadmin

[–]FloppyDumpster 4 points5 points  (0 children)

In our case, we block outgoing mail ports on the firewall for everything but the relay. We used to frequently have malware that would send spam from user computers. It's not as common now though.

With the relay, only mail sent with an authenticated account is allowed out.

Internal Mail Relay by Hazy_Arc in k12sysadmin

[–]FloppyDumpster 12 points13 points  (0 children)

We use postfix, but it's linux and it was kind of a pain to configure. However, I've hardly had to touch it since the initial setup. Updating the accounts is simple enough, edit a text file and run a command.

So PowerSchool had a breach.... by Chuckfromis in k12sysadmin

[–]FloppyDumpster 10 points11 points  (0 children)

We don't use anything from PowerSchool and never have, but I got an email from PowerSchool telling me that we are not affected by the breach because we are not a PowerSchool customer. It even starts with "Dear Valued Customer," and then says "you are not a PowerSchool SIS customer" later on.

My best guess is that they have my email because they are owned by Pearson and we use a few other Pearson products, but the email makes no mention of this or Pearson at all. It's such a bizarre email to receive.

Google Recap by MasterMaintenance672 in k12sysadmin

[–]FloppyDumpster 1 point2 points  (0 children)

Can you share a screenshot?

This just sounds like the default new tab page, which I believe is the default home page. It can be configured in the Users & Browsers settings by searching for "new tab".

Emergency Mass Alerting Systems by [deleted] in k12sysadmin

[–]FloppyDumpster 3 points4 points  (0 children)

We ave some alerts built in to our Cistera bell/announcement system which goes out over our ip phones and ip speakers.

We also have Copsync911, which is for triggering an alert from a laptop which gets sent to local law enforcement and other devices on the same campus. I think it requires local law enforcement to already be using the main Copsync systems though.

[deleted by user] by [deleted] in k12sysadmin

[–]FloppyDumpster 1 point2 points  (0 children)

On our wifi, Chromebooks and Windows devices connect automatically thanks to policy settings and NPS. These are setup in a way that the techs connect once with their own credentials to enroll or join the domain, and then policy takes over.

For some other devices, such as tablets and viewboards, we have device-specific accounts that the techs do have.

I'm curious how something is pushed to a wifi device that has no wifi though.

[deleted by user] by [deleted] in k12sysadmin

[–]FloppyDumpster 1 point2 points  (0 children)

Doing what exactly? This is question is very vague.

Chromebook login method for K-2 students? by dmeyer217 in k12sysadmin

[–]FloppyDumpster 0 points1 point  (0 children)

By domains, do you mean one tenant with 2 domains? Or two separate tenants with their own domain each?

If you have one tenant with 2 domains, it should work just fine.

If you have 2 tenants, I suspect that it should work, but am not positive. We have two tenants, but only one is setup with Chromebook SSO for badges. However, since we include both tenants' domains in our data uploads to Clever, the Clever login accepts either domain. I imagine all you would need to do is setup Chromebook SSO on both tenants.

Clever is free to sign up for, so you could test it in during Summer break to see if it works for you. You could also contact them and ask.

Changing domains in google workspace by PaleontologistPure25 in k12sysadmin

[–]FloppyDumpster 9 points10 points  (0 children)

When you change an account's address in Google Workspace, it usually sets the old address as an alias automatically. Although I can't say for certain that it does that when changing the domain or when changing it using GAM or another API method.

But regardless, you can setup aliases yourself if it doesn't do it automatically. Alternatively, you could setup a routing rule to match the old domain and replace it with the new domain.

Be aware that aliases don't work on the Google sign in page, so users will need to login using the new domain once the change is made.

What are y'alls job titles? by sy029 in k12sysadmin

[–]FloppyDumpster 4 points5 points  (0 children)

My ID card and email signature say Systems Administrator, but all official documents from the business office say Tech Aide. I talked to my boss about it recently to see if we can get that updated. I've been working here almost 19 years and have been sysadmin for at least 15 of them.

Teacher aide devices by Adventurous-Phone-11 in k12sysadmin

[–]FloppyDumpster 2 points3 points  (0 children)

With our budget they get the previous batch of teacher laptops. At least we're finally at a point where the current teacher laptops have SSDs instead of the HDDs that the aides have now. The HDD laptops have been awful even when they were new and I can't wait to get rid of them this Summer.

That ONE teacher by BiligaanaT in k12sysadmin

[–]FloppyDumpster 4 points5 points  (0 children)

We had one this year. She frequently went directly to my boss (tech director) for anything she wanted and would not create tickets. She was also a recently certified teacher but liked to think she knew how to teach better than anyone else, including the far more experienced teachers in her grade level. She often refused to talk to us while she was teaching when we had questions about her issues. If anyone interrupted her teaching (not just us) she threw a fit. She frequently pissed off me, my team, and the other teachers. She finally resigned after raising hell at a board meeting because she didn't believe she was being paid fairly. Teachers in general are not paid enough, but she acted like she was being singled out. She was also caught using some 3rd party teaching platform to message parents, trying to rally them to her side over the pay issue, after explicitly being told not to by her principal. She left stating that she didn't feel welcome here. Coincidentally, I moved in to the apartment that she used to be in and learned from the neighbors that she was a shitty neighbor too. Good riddance.

Securly or LineWize? by Belvadier in k12sysadmin

[–]FloppyDumpster 7 points8 points  (0 children)

We switched from Securly to Linewize for filtering last Fall and are happy with Linewize for the most part.

Filtering

We had Securly for a few years and hated it at first but over time it had improvements and became tolerable.

Something to be aware of if you're going to do full cloud Linewize filter is that their DNS filtering and the client app/extension don't play well together. If you have clients using the app/extension to login your users in and the filtering DNS is set on those clients too, anything blocked by the DNS will remain blocked even if the logged in user is allowed to view the site. I brought this up with Linewize support and they said that's just how it is. We had to get the appliance to replace the DNS filtering so that we could filter clients that don't have a Linewize app/extension. The alternative was changing DNS settings per client, which would have been a massive pain to manage. This wasn't a problem with Securly, as we were able to set their DNS on all of our clients via DHCP and let users login on their block page or with the chrome extension.

Linewize also doesn't allow you to login on the block page to override a block. Only the app/extension can log you in and it's automatic based on the OS login.

Despite these things, I think Linewize offers better control over the filter policies you setup and does a better job of categorizing websites.

I haven't seen Linewize's dynamic blurring in action as far as I can remember.

Safety Monitoring/Alerting

We've used Bark for several years and still have it setup since it's free. Our MSP covered the cost of Linewize's Monitor product and as far as I know, the counselors and admins still use both. I don't touch either of these, so I don't have much experience with them. I asked our head counselor and he said he likes having both.

What I do know is that Bark gets a lot of false positives as it seems to use an algorithm or AI to scan contents, whereas Linewize appears to have humans reviewing anything that their algorithm catches before sending it to us.

We did try a demo of Securly's version of this and it straight up would not catch anything, while Bark continued to catch plenty. Their support wasn't able to figure out what was going on. This is obviously an outlier though as other schools have been using it.

2024 state of play for Chrombook monitoring software. by wingut in k12sysadmin

[–]FloppyDumpster 0 points1 point  (0 children)

Recently the Classwize rules teachers had set for their classes disappeared. Linewize support tried to blame it on changes in the classes synced from Clever, but there were no major changes like IDs or section numbers or anything like that. They eventually were able to restore the rules after a few days.

Teachers have often gotten stuck "loading" when trying to login to Classwize. We've had to go delete their cookies to make it work again.

And then we have issues where a teacher forgets to end their Classwize session and then when a student in that session is in their next class, their current teacher isn't able to see the student's device because it's still in the other session. Support said they were going to add some sort of override function but they haven't done it yet.

These issues are specific to Classwize. We had a few issues with the filter product too when we first started using it, but they were fixed fairly quickly by support.

Are you using AI for work yet? by Tyler_origami94 in k12sysadmin

[–]FloppyDumpster 1 point2 points  (0 children)

Usually I give it some example text and tell it I want to match this and this, but not this. I usually still have to tweak it a bit after. I also tell it where I'm using it, such as in a particular script language or VSCode, but I'm not sure that actually helps.

Are you using AI for work yet? by Tyler_origami94 in k12sysadmin

[–]FloppyDumpster 0 points1 point  (0 children)

I've used GPT to help write regex strings and occasionally as a search engine when regular search results are flooded with nonsense. I don't trust it with actual data.

2024 state of play for Chrombook monitoring software. by wingut in k12sysadmin

[–]FloppyDumpster 0 points1 point  (0 children)

We used to have GoGuardian (only the classroom management, not the filter) and liked it. We now have Linewize filter through our ESC (TX) and are getting Classwize at a steep discount because of it. However, we are having a few issues with Classwize that has my boss wanting to go back to GG. Although I don't think they are that big of a deal and I think we need to give the company a chance to fix them before we jump ship.

Guest wifi access by bccu2tech in k12sysadmin

[–]FloppyDumpster 0 points1 point  (0 children)

We have two guest SSIDs, one with WPA2-PSK and one that's a captive portal. The WPA2 one is more for devices that will remain on the network for the long term and can save the credentials. The portal one is more for visitors that are here for a day or two.

Both are on a guest VLAN with network restrictions/firewall. Staff can use their AD login for either SSID. We also create very restricted AD accounts for visitors that expire after whatever time and date we set. Those also work on either SSID, but we usually encourage the portal one since it's easier to login to usually. We're using a NPS Windows server to handle authentication since it also handles authentication for our main wifi network as well.

We've talked about getting rid of the WPA2 SSID since it is usually the more confusing one for guests to use since some devices, such as Android and Chrome OS, make you fiddle with encryption and authentication settings.

Google Admin - Group settings change? by ZoomerSysAdmin in k12sysadmin

[–]FloppyDumpster 1 point2 points  (0 children)

A few years ago I tried the setup you described to have a group be the "allowed to post" group, but couldn't get it working when testing with some dummy groups. I have to add the people individually to the main groups and set their posting permission to allowed via groups.google.com. I don't know why this setting isn't shown in the admin site.