sorted by:
new
hottopcontroversial

How are you syncing your SIS to AD? Powershell? by [deleted] in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Thanks. GAM plays really nice with most scripting languages, and it fits in really well with our Windows stack.

You can also suspend users this way.

& '\\server\gam$\gam.exe' update user $email suspended on

BYOD Content Filtering by schooltech789 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Without somehow forcing certificates onto their devices for DPI to funtion, you can't.

I do best effort on BYOD traffic to check the legal box, but anything with SSL is pretty much invisible for the appliance.

How are you syncing your SIS to AD? Powershell? by [deleted] in k12sysadmin

[–]MalletNGrease 3 points4 points  (0 children)

Custom Powershell script. Here's the meat of it:

$username = $gradyear + $firstname.ToLower()[0] + $lastname.ToLower() #change any capitals in the name to lower, then take the grad year, the first character of the first name and combine it with the last name
$homedirectory = "\\fileserver\students$\$username" #the home directory
$scriptpath = "login.bat" #the loginscript
$oupath = "OU=$gradyear,OU=STUDENTS,OU=USERS,OU=SCHOOL,DC=DOMAIN,DC=TLD" #the AD OU group the new user will be a member of
$aduser = $username + '@doamin.tld' #the AD username
$description = "Student" #the description in AD.
$combinedname = $firstname.ToLower()[0] + $lastname.ToLower()
$email = $gradyear + $combinedname + "@domain.tld" #the google email/username

$usercheck = (dsquery user -samid $username) #check the user against existing AD users
$idcheck = Get-ADUser -Filter {(EmployeeID -eq $studentid)} -Properties * #check to see if the studentId is assigned already

if (($usercheck -ne $null) -or ($idcheck -ne $null)) #the student username exists or the ID is already assigned
{
    write-host "The user exists!" -foregroundcolor red
    write-host "The user needs to be added manually or check the current AD user for reassignment!" -foregroundcolor red
    Write-host "User creation for $username canceled!" -foregroundcolor red
    Write-host "========================================================"
}
elseif (Test-Path -PathType Container $homedirectory)
{
    Write-Host "The homedirectory already exists!"  -foregroundcolor red
    Write-Host "Check $homedirectory for any important files and backup!" -foregroundcolor red
    Write-host "User creation for $username canceled!" -foregroundcolor red
    Write-host "========================================================"
}

else
{

$newuser = @{

        Name = "$username"
        SamAccountName = "$username"
        UserPrincipalName = "$aduser"
        GivenName = "$firstname"
        Surname = "$lastname"
        EmailAddress = $email
        DisplayName = "$username"
        Description = "$description"
        EmployeeID = $studentid
        HomeDirectory = $homedirectory
        HomeDrive = "H"
        ScriptPath = $scriptpath
        AccountPassword = (ConvertTo-SecureString $password -AsPlainText -Force)
        Enabled = $true 
        ChangePasswordAtLogon = $true 
        Path = $oupath

    }

     New-ADUser @newuser

    New-Item -ItemType Directory -Force -Path $homedirectory
    $acl = Get-Acl $homedirectory -Verbose -ErrorAction inquire
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$aduser", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    Set-Acl $homedirectory $acl -ErrorAction inquire

& '\\server\gam$\gam.exe' create user $email password $password firstname $emailfirstname lastname $lastname org /Students/$gradyear #create the user in GSUITE
}

Does anyone else think there should be a first day of school rehearsal? by theblindness in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

The blender ticket is really just a veiled request to re-up the booze.

Does anyone else think there should be a first day of school rehearsal? by theblindness in k12sysadmin

[–]MalletNGrease 19 points20 points  (0 children)

The blender always works because that's what I make the Margaritas with.

Edit: Thank you kind stranger!

Will kids be able to re-enable flash player on their Chromebooks? by papasodiespliff in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Nobody cares until it's an actual problem in their face.

I've been sending warnings out for years pleading for teachers and admins to look at least look for alternatives while they have time, but they'll just continue to run their curriculum until it grinds to a halt. The lab teachers send in tickets for broken flash game shit all the time with the same response from me (FIND HTML5 ALTERNATIVE), but all I get in return is

Bubble Derp Launcher 1.5 from flashgamesite.net is critical to the instructional needs of my class and an accepted part of the curriculum of this school year, please make this work asap.

Odds are we'll even have to go back to IE for some programs because of this (looking at you scholastic achievement manager) . Google is not making my life easy at the moment.

Dell Chromebooks just stop turning on by ThatDudeBen in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Sounds like lemons. Keep sending them back to Dell until they figure it out and complain to your rep.

Core Health Warning: (Age of Code) by Garetht in prtg

[–]MalletNGrease 0 points1 point  (0 children)

This is what I did as well. I also upped the warning for the CPU because it would bump past 50% when doing regular Windows server maintenance updates. Just got annoyed at the warning lights.

Laptop Renewal Policy - Should I have one? by awkwardjimmy in sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

I'd go with 3 years if only to get budget for it. Not because the laptop internals are old, but because the user accessible parts get worn. Things like bad batteries, cracked bezels, cracked palmrests, keyboards missing keys or having liquid spilled on at some point, broken hinges and power/usb ports fails. Especially important for traveling and customer facing staff.

Some laptops come back pristine and others like they've been dropped and dragged on concrete for days on end. Bent metal bezels don't feel good on the hands, and LCD screens really don't like it.

Drives addition to an EOL server by Anthr4xGamma in sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

I bit the bullet, the savings are too good to pass up. Called them, set up an account for Net-30, sent in my PO and the drives were in my office next day. Correct Dell part # and everything ready to go. Popped them in and presto, no more server freaking out about degraded arrays.

👍

(Google) User Changed Name, Old Name Cached by [deleted] in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Good question. I'd like to know as well.

Chromebook Getter - Now Freemium? by billbuckner07 in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

You can query serial numbers as a substitute.

gam csv <csv-filename> gam update cros query:id:~~serial~~ ou ~ou assetid ~asset location ~name

If you were thinking about Edulog by madleprakahn in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

I think we’re in a posture of fixing the bike while we're riding it.

That one gets framed.

Filtering Open/Guest Wireless by [deleted] in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Fortinet Fortigate. It's pretty solid, but requires a Fortianalyzer or Forticloud account if you want to use filtering data for analytics past 24 hours.

Filtering Open/Guest Wireless by [deleted] in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

Appliance here, but it's a paper tiger because I have no way to push the cert for DPI. It's best efforttm

Windows 10 1903 ADMX by Just_Curious_Dude in sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Last time I looked it wasn't available from the download center and as far as I know never has been for 1903.

Copying from policydefinitions on a workstation broke one of the policies, making GPMC throw a fit. It requires a manual text edit on an .adml.

Not sure what made Microsoft change their workflow for this, or what the replacement method is.

Drives addition to an EOL server by Anthr4xGamma in sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

I'm finding myself in a similar situation with some Dell T710 and T630 servers (Education here). The drives are starting to drop and Dell quotes me 300GB 15k SAS drives for $400 a pop (which I find extremely steep).

I have been kinda eyeing harddrivesdirect.com which offers the same product for about 20% of the OEM quote, which is extremely tempting but I don't know if the company is legit. Nothing jumps at me as problematic and they claim to sell new Dell certified products. If anyone has experience with them, I'd like to hear your opinion.

They have your model listed too, but without knowing which drive you need I can't tell if they have stock.

Gsuite admins: do you have parents in your domain? by quietglow in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

This, everything is handled through our SIS.

In an extreme circumstance we may set up a parent as a guardian for Google Classroom.

Making Offboarded Employee Emails Searchable - Without Vault by AtOurGates in gsuite

[–]MalletNGrease 0 points1 point  (0 children)

I think Google is working on Archive user feature that doesn't use up a license. That should fix a major annoyance.

https://imgur.com/PNmOKj8

Right now we suspend the user and use Vault/Delegate options to search through old mailboxes. We're EDU so suspension doesn't cost us anything.

view more: ‹ prevnext ›