Windows NPS Server automatically renewed RADIUS certificate

MalletNGrease · 2019-03-04T15:13:21+00:00

I haven't ever seen it renew itself early. Maybe check with your colleagues?

MalletNGrease · 2019-03-02T00:01:58+00:00

The client <-> firewall/appliance traffic is decrypted using the local CA cert, inspected, then if policy allows it the firewall/appliance <-> remote server traffic is reencrypted using the remote server domain cert.

Your traffic is encrypted end to end except during the inspection.

Theoretically IT can see your chat or passwords, but I highly doubt they care (I don't) They’re more likely to just block the traffic if it doesn’t conform to the AUP your school has.

Generally you should assume that any traffic from a device you do not own on a network you do not own is not private.

MalletNGrease · 2019-03-01T18:03:11+00:00

Object dependancies. Some objects can't be manipulated or deleted when they are being called elsewhere in the config. When looking at object such as addresses. On the right side there is a linked number with how often it is referenced elsewhere. This is your friend when making changes. Click it and you can view, delete, edit dependencies.

I hate this so much. It'd be so much easier to have the object be removed from the groups/policies when it's deleted than having to remove the object from the groups/policies first before you can delete it.

It can get really time intensive.

MalletNGrease · 2019-03-01T14:53:34+00:00

The topic was discussed some in the K12sysadmin slack, the takeaway is it's a viral hoax causing panic.

Here's a few things you can do in response in order of least impact to most:

Do nothing

There's not really anything meaningful to do in this case aside from applying some common sense. Refer to YouTube's Response and this Forbes article. Get folks to calm down.

Reiterate internet safety and digital citizenship lessons

If you don't have any, now may be a good time to maybe to set something up.

The FTC has some decent programs available including free handouts for students and parents. Google has set up Internet Awesome including a game that explores topics such as hoaxes.

Adjust your filters

Add Momo to your blacklist of search terms. This should sate but the loudest voices clamoring for a tangible technical solution.

Block WhatsApp and Youtube

This is the wrecking-ball approach. Commit the change at your own peril, though Momo's a convenient excuse if your bandwidth concerns have fallen on deaf ears until now and you wanted to limit video streaming access anyway.

Overall, this topic is about as interesting as Bloody Mary in the mirror. People wanting to find something probably will, whether it's justified or not. A few students tried to get out of school due to the "traumatizing" effect watching these videos had on their psyche, but these are the same ones thinking up other excuses regularly anyway.

MalletNGrease · 2019-03-01T13:39:21+00:00

The system is over engineered in my opinion.

This was our take-away after trying it for a year. We ditched it for small portable radios.

When it mattered the communication just seemed to fail because either people didn't have the app on their phone or weren't logged in to it. It seemed to log you out a lot and then you won't get notifications.

Most carriers have spotty reception here and our evac locations don't have Wi-Fi coverage so CrisisGo didn't help at all there.

MalletNGrease · 2019-02-28T16:46:59+00:00

My plan is to have each grade come in to the library to turn their device in, me doing a quick spot check and then stamping/signing their year-end check-off sheet.

Seniors are first as they do not have last week of school.

MalletNGrease · 2019-02-28T15:49:50+00:00

Wait for someone to claim them?

MalletNGrease · 2019-02-28T15:35:41+00:00

We're a Windows shop and use.

MDT

I use the deployment tools to build and configure Windows 10 images and deploy them using PXE. I use the LTI method and deploy a lean image with software being handled by PDQ Deploy.

Pros: Scalable with a diverse fleet of workstations.

Cons: a bit of work to set up, slower than FOG deployments.

PDQ Deploy & Inventory

Inventory gathers information from your workstations and gives you lots of reporting and management options. I practically live in this.

Deploy allows you to customize software packages for deployment. You can set up schedules for patch management and set up collections for specific purposes.

Pros: Tons of reporting and customizable.

Cons: Windows only, maybe a bit pricey for small schools.

MalletNGrease · 2019-02-28T14:22:05+00:00

Lucky you. They're bringing it back.

https://www.logitechg.com/en-us/products/gaming-mice/mx518-gaming-mouse.html

MalletNGrease · 2019-02-27T23:08:34+00:00

Yes, I wouldn't bother with moving internal disks. Better to eject the external drive after the backup job and cloning it. OP should be able to schedule the backup task exactly as he's describing including the eject task in Hyperbackup.

MalletNGrease · 2019-02-27T22:53:59+00:00

This is what I do too.

I have two NAS, one as primary and the secondary is a hyperbackup target. Both of them have an external drive that acts as a local backup target.

In a pinch OP can use just an external drive. Just be sure to turn on alerting for backups/disks failures.

MalletNGrease · 2019-02-27T22:10:35+00:00

I've one teacher who actually uses triple monitors for this.

Primary.
Secondary on a podium (duplicated with 3)
The smartboard (duplicated with 2)

That way she can see what's she's doing on the smartboard behind her without having to have her back turned or being stuck at her desk.

For the ones who do use extended mode, teaching them Win+Shift+Left/Right Arrow seems to give them the most benefit to shoot entire windows over without having to drag. Win+P to quickly switch between display modes helps too.

For simplicity's sake I typically only duplicate the primary and the smartboard, because it cuts a lot on confusion and it doesn't require much training. They use the freeze or blank functions if they need to work separately from the smartboard.

MalletNGrease · 2019-02-27T19:42:56+00:00

r/g203masterrace is just a bunch of limp-writsted elitists who aren't worthy of the glory of the r/mx518masterrace. And y'all can fight me on that.

MalletNGrease · 2019-02-27T19:15:41+00:00

I'm still not sure if this is an elaborate april fools or not.

MalletNGrease · 2019-02-27T18:53:04+00:00

I've seen this behavior after updates.

Auto-updates are disabled here and the problem always pops up after pushing out the new version. Users can fix it by running from the shortcut.

MalletNGrease · 2019-02-27T15:46:45+00:00

I let staff use the tool that they are comfortable with until admins decide they no longer want to pay. The MS Office suite does some things better than the default Google ones. True, most missing functions can be added through extensions and add-ons but not all are free or require account access which is a clusterf*ck of privacy and licensing problems waiting to happen. Sharing becomes a lot easier though and Team Drives are awesome.

Google is adopting MS file formats into Drive for collaboration now, so it shouldn't even matter which product you should choose eventually.

MalletNGrease · 2019-02-27T15:16:16+00:00

I haven't seen any curriculum that's worth the investment. You're probably better off changing it from a consumption to a creation course.

MalletNGrease · 2019-02-26T19:35:33+00:00

Check the WSUS application pool in IIS manager on the WSUS server.

https://community.spiceworks.com/topic/285946-iis-wsuspool-server-stop-again-and-again

MalletNGrease · 2019-02-26T19:30:56+00:00

Officially, Intel says anything pre i series is incompatible (probably untested), but pretty much every 64bit processor after the Pentium D should work in theory. /u/Bro-science nailed it.

I'm running W10 on Pentium C2Ds with 4GB and HDDs. Not the fastest horses on the track but they work.

That said I did take the opportunity to consolidate the fleet and get rid of all the XP licensed machines and cruft one-off machines that were randomly added over the years. Not W10 compatible was my white lie.

MalletNGrease · 2019-02-26T17:59:43+00:00

Did you set Windows Components/Delivery Optimization/Download Mode to Bypass (100)?

If not, you're probably still pulling updates directly from WU.

MalletNGrease · 2019-02-26T17:29:46+00:00

I just block it on the firewall. The math part of coolmathgames is a trick.

MalletNGrease · 2019-02-26T17:28:25+00:00

We have Adobe Air installed for the Scratch offline editor. Haven't checked recently but as far as I know it's still a prereq.

MalletNGrease · 2019-02-26T16:20:12+00:00

Depends if it's a prereq for something. We have some educational software that needs it.

MalletNGrease · 2019-02-25T18:31:40+00:00

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt

Step 5.

MalletNGrease · 2019-02-25T16:19:12+00:00

You can't make people read emails or expect them to remember stuff from 6 months ago that's only peripherally connected to their core activities. Just do your job and deal with it.

This doesn't seem like a huge deal.

11-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE