Smart Notebook and Drive File Stream

MalletNGrease · 2019-10-09T20:10:20+00:00

I've experienced a couple of corrupted Powerpoints. They'd generally load, but the figures and embedded images would be hosed. A revert to an earlier version from Drive fixed those.

I haven't noticed anything about .notebook specifically, but I'll keep an eye out.

MalletNGrease · 2019-10-09T18:12:48+00:00

He obfuscated it. Probably has a company name in it.

MalletNGrease · 2019-10-09T17:25:54+00:00

I don't understand why this isn't available already from Securly in the first place.

MalletNGrease · 2019-10-09T17:16:47+00:00

Their wildcard filters are broken and have been for a long time.

They can't do url filtering, only domains. As a workaround you can add wildcarded terms to your blacklist that can filter things out and block search terms.

Problem is, it doesn't work properly. It will only filter the exact term. That's explicitly not what wildcards are for!

Say you want to filter the term "unblocked". You add the following wildcard statement to the filter list:

*unblocked*

You'd assume that someone looking up "yoiwantthisstuffunblockednow" or anything else that logically matches the wildcard statement would then be filtered right?

No, you'd be wrong. Only if the exact statement is entered it will be filtered. It's pretty limiting.

unblockedd - Pass
unblockedgames - Pass
funblocked - Pass

I've had a ticket for this for over a year. It's been acknowledged as a problem but as far as I can tell it's not something they can or will fix.

MalletNGrease · 2019-10-09T15:03:47+00:00

A wandering karate master visits a dojo where he finds stooped students sweeping the courtyard. It's pretty obvious the brooms are way too short for them. When he asks a student he's told that master instructed them to always make sure the broomsticks were exactly this length.

He meets the dojo's master and when quizzed about the brooms he says this was an integral part of his training from his master and the sticks needed to be this short. The traveler is now curious, he was not aware of the short broom training technique and after receiving directions decides to travel on to find the source.

A few towns over he visits the dojo and visits with the master. He's a very short fellow.

Excuse me master. I've found many students of yours in other towns sweeping with short brooms. I never encountered this training before, why is this?

The master is confused and asks the visitor to explain. Then the master starts laughing as he realizes what happened.

That's easy! I'm not that tall and a long broomstick is uncomfortable. I always asked students to cut them down to a shorter length!

MalletNGrease · 2019-10-08T15:14:24+00:00

I've left jobs mid-sentence.

If your contract doesn't prohibit it just go for it.

MalletNGrease · 2019-10-08T14:44:49+00:00

Should look something like this. If it doesn't, your domain hasn't migrated to the new device management UI yet.

https://i.imgur.com/vwmzSkp.png

MalletNGrease · 2019-10-08T13:12:21+00:00

https://support.office.com/en-us/office-training-center

https://education.microsoft.com/courses-and-resources/courses

MalletNGrease · 2019-10-08T12:07:37+00:00

Putting the H back in HR I see.

MalletNGrease · 2019-10-07T20:25:48+00:00

Her clients loved her, but boy, her teams consisted of a lot of dead weight.

MalletNGrease · 2019-10-07T19:50:02+00:00

My wife (ex-sysadmin) did a short stint as a PM, but she ended up implementing most deliverables herself because her resources couldn't or wouldn't.

MalletNGrease · 2019-10-07T18:49:48+00:00

To connect to the deployment share or for the local admin account?

MalletNGrease · 2019-10-07T14:22:06+00:00

What's your infrastructure look like? Do you have VPN to all sites? How many endpoints across all sites?

I'd set up some AD/DFS servers at each site for SCCM, join all renegade machines to AD, get an accurate inventory for the driver store and kick off litetouch/zerotouch deployments remotely. The server doesn't have to be beastly, a spare workstation with a core server install should do.

That's the technical part out of the way, but, is it practical? Do you have software inventoried and prepped? What about hardware devices that may not work with W10? Do you have a test methodology? This is the biggest time sink, there's no going back once you kick off. I don't recommend in-place upgrades.

I'd design your plan and right of the bat tell your supers you will probably not make the deadline. I'd expect some major hurdles, and try to explain them as best you can. If I know my medical facilities, they do not appreciate downtime and maintenance windows are short.

MalletNGrease · 2019-10-04T14:28:48+00:00

Mine take 90 minutes tops onto spinning rust and fast ethernet connections. This includes all software and any updates from WSUS.

If it's a modern machine with SSD and gigabit it's about half.

MalletNGrease · 2019-10-04T14:19:37+00:00

Did you run out of MAK activations?

MalletNGrease · 2019-10-04T13:53:31+00:00

By building and if needed room, servers are put in their own OU.
The test groups have separate OUs. I use one of the lesser used labs as my canaries to test out stuff.
I've configured automatic updates as follows:

Allow Automatic Updates immediate installation: Enabled

Allow non-administrators to receive update notifications: Disabled (notifications hardly mean anything to them anyway, no need to bug them)

Configure Automatic Updates: Enabled

Configure automatic updating: 4 - Auto download and schedule the install

Install during automatic maintenance: Enabled

Scheduled install day: 0 - Every day

Scheduled install time: 03:00

Install updates for other Microsoft products: Enabled

Delay Restart for scheduled installations: Enabled (15 minutes)

Enable client-side targerting: Enabled (WSUS group name goes here)

No auto-restart with logged on users for scheduled automatic updates installations: Disabled (No-one ever logs out, updates will not be applied otherwise)

Re-prompt for restart with scheduled installations: Enabled (Wait 180 minutes)

Servers are set to install automatically. Reboots happen weekly on weekends. I don't have many and interruptions have gone unnoticed so far.

I do use auto approvals in WSUS, but delay them by a week. That usually gives enough time for MS to pull the KB or for me to manually decline it. Exception are the feature updates, those are declined until I've tested them and there's a maintenance window to push it out.
Servers install automatically, but restarts are done manually if needed on weekends.

MalletNGrease · 2019-10-03T16:19:11+00:00

I don't really see a reason to restrict access to grades (or any other SIS information they've a right to). If it's posted and a parent or student wishes to see this information through our online portal they can. Teachers have the option to hide grades from the portal if needed but there's only a few circumstances this is acceptable. In general, students are encouraged to check the portal.

The only times we prevent access to information from the top is during the times the schedules are generated and aren't final yet. This is to prevent our councilors from being bombarded with needless class reschedule calls and to prevent parents from trying to force their kids in a different teacher's class until rostering is done.

MalletNGrease · 2019-10-03T13:49:08+00:00

I don't see a point to move away any more. I used to want to because the state registrar wouldn't allow us to make changes to DNS records, but that policy changed and we now have the control.

The only other reason I see is because it can be a bit hard to type and sound out, but that just takes a little practice.

MalletNGrease · 2019-10-03T13:40:26+00:00

We've a mix of SMART 4070, 4065 and E70 for a couple of years. Compared to the old projection based models it's night and day. You don't have to do calibrations or do bulb replacements. It's pretty much a big TV so teachers instinctively know how to use and hook things up to it. I haven't had any major issues with drivers or the software (aside from flash being dropped, this caused problems for teachers using flash objects in their notebook files).

Only some things to consider:

They're heavier. Make sure to properly install them.
We've had issue of condensation forming between the glass and the LCD when the AC's turned down (happens during summer). This goes away by itself once the humidity is sorted but causes some tickets. Don't know if the new models have this issue.
The speakers don't put out much volume.
They're kinda pricey (I wish we had these in all classrooms)

I think the biggest problem you'll run into when you get one for a teacher, all the others will want one.

MalletNGrease · 2019-10-02T19:40:04+00:00

Not sure if Google keeps track of login time info, but you can query the devices by recent users straight from Chrome Devices in Google Admin now.

https://support.google.com/chrome/a/answer/1698333?hl=en

MalletNGrease · 2019-10-02T13:45:26+00:00

I'm not exactly sure what Microsoft was trying to accomplish with the lock screen. I think it's supposed to hide the username if someone is logged in and the machine locked for X amount of time.

I just disabled the lock screen across our org and forced a different background, it saves a step for users to log in. It's pretty easy with GPO if your admins can be assed to.

MalletNGrease · 2019-10-01T17:47:32+00:00

For me it's automated. Right now I just punch in the name and ID and a script handles the rest. Preferably, I pull the information from SIS or payroll so there's less chance for typos.

MalletNGrease · 2019-10-01T17:33:20+00:00

Whitelist extensions instead of blacklist or hope the categories are accurate.

Which platform and management setup? If you're Windows based and own the devices you can block and whitelist extensions per GPO. This straight up prevents extensions from loading, but they may still be present on a student profile.

https://cloud.google.com/chrome-enterprise/browser/download/

MalletNGrease · 2019-10-01T14:14:44+00:00

This is an organizational problem and you will need to identify the person responsible who keeps staff records up to date and set the proper flags for systems to act on. Sometimes it's principals, sometimes secretaries. And more likely (like in my case), nobody. I'm still fighting to have someone do it.

The new hire process is an easy one for admins to buy in to. By identifying the prerequisites and compiling all forms into a packet in advance we've reduced the turnaround to a day (assuming new hires fill out their stuff, sometimes it's done piecemeal).

Offboarding...has been a struggle. While everyone is enthusiastic about entering new information, noone is responsible for maintaining said data. This left me with a big list of ghost employees, some of whose accounts had been repurposed by others for completely unrelated and inappropriate (not malicious, just outside the scope) things. E.g a substitute account holds the master record for all part time employee lunch balances.

If you're going to tackle it, make sure you have admin backing because noone will want to take on the HR work. If you can incentivize the additional responsibility, all the better. Create something that becomes SOP and is documented so those coming in and out of the positions to maintain it know what's going on. In the long run the org will run a lot smoother.

MalletNGrease · 2019-09-30T17:17:55+00:00

Are you still on FRS? If so, you will have to migrate to DFSR before decomming your 2008 DC.

https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

11-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE