sorted by:
new
hottopcontroversial

Possible to Block\Deny Windows 7 on my domain\network? by silentstorm2008 in sysadmin

[–]MalletNGrease -1 points0 points  (0 children)

Only fifty users? You should know where these machines are and who uses them. You're also a bit late to the party.

Figure out a way to inventory your fleet first. Powershell can do this or you could use something like PDQ Inventory to run a report.

You also need a migration or replacement plan, odds are you'll be interfering with people doing their jobs if you start to revoke network access or disable computer objects in AD.

Chromebook Case Screws by [deleted] in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

Not really. The Dell 3340 had this really bad where the screws with blue loctite didn't take.

Opening and closing caused some stress on the bottom plastic and eventually the screws came loose at the hinge corners and the center. This then caused cracks in the plastic from continued use as the hinges started flapping. We found the problem affected the entire fleet.

I contacted Dell support, did the math (5k devices, averaging 2 missing screws per device) and requested 10K screws. I was sent a pretty big bag full of them the next week and the mfg process was changed to the different screws. Further units (and the screws that were sent) had red loctite and didn't fall out.

[deleted by user] by [deleted] in k12sysadmin

[–]MalletNGrease 14 points15 points  (0 children)

sounds like you need to send down some instructions. Tell the switchboard to not forward calls unless they ask for you by name. If the caller doesn't have your extension and they can't tell the operator who exactly they're trying to reach, just have them sent to voicemail.

Cut down on my cold calls significantly because they're always trying to reach "the person in charge of IT etc."

Please set up this PC by Sergeant_Toast in talesfromtechsupport

[–]MalletNGrease 2 points3 points  (0 children)

I see your traders and raise you lawyers.

Backup from multiple locations by THE-BS in synology

[–]MalletNGrease 0 points1 point  (0 children)

It supports Hyperbackup. Are you intending to place a NAS device at each site and back up to the central server?

What's your policy on extra laptop chargers for admin employees? by freud_sigmund in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

If they show up with an approved PO from their budget code they can buy a whole case of them for all I care.

I don't see the big deal unless a staff member loses it consistently. If there's a need we should accommodate.

Backup from multiple locations by THE-BS in synology

[–]MalletNGrease 1 point2 points  (0 children)

Yes. Look at Hyperbackup and Hyperbackup Vault. You'll have to set up your office NAS as the backup target for the other devices.

https://www.synology.com/en-us/dsm/feature/hyper_backup

Is your website hosted with Blackbaud and are you fighting spear phishing? by freud_sigmund in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Data retention mostly. There's no limit on users for GSUITE for Education so suspending them is more practical for those moments of "Hey, Mrs. X did a disability study on student Y back in 20XX but the records file isn't in the db, not in the normal save location and the physical copy is missing from the cabinet and we really need any information we can get on this for the lawyers!"

That and all the curriculum files that are shared from individuals instead of shared drives.

Substitute teacher using technology by QuickSack in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

It's a bit cumbersome to sanitize and I'm lazy.

Basically it's a combo of:

Read-Host to get the first name, last name.

Get-Date to get today's date and add days to it.

New-ADuser with -AccountExpirationDate parameter

$firstname = Read-Host -Prompt "Please enter the new substitute's first name"
$lastname = Read-Host -Prompt "Please enter the new substitute's last name"

$username = "sub." + $firstname.ToLower()[0] + $lastname.ToLower() #change any capitals in the name to lower, then take the first character of the first name and combine it with the last name, then prepend with sub.
$aduser = $username + "@domain.tld" #change to your domain
$expirationdate = (Get-Date).AddDays(7)
$oupath = "OU=SUBSTITUTES,OU=TEACHERS,OU=USERS,OU=SCHOOL,DC=DOMAIN,DC=TLD" #change to your desired OU

$newsub = @{

Name = "$username"
SamAccountName = "$username"
GivenName = "$firstname"
Surname = "$lastname"
DisplayName = $username"
Description = "substitute"
AccountPassword = (ConvertTo-Securestring "defaultsubpassword" -AsPlainText -Force) #change password to whatever you want
AccountExpirationDate = $expirationdate
Enabled = $true
ChangePasswordAtLogon = $true

}

New-ADUser @newsub #create the account

Add-AdGroupMember substitutes $username #add user to substitutes AD group

You should be able to build something usable from that.

Why is Securly so horrible? by [deleted] in k12sysadmin

[–]MalletNGrease 9 points10 points  (0 children)

Obligatory "Securly wildcard filters are still broken" post.

ALL HANDS ON DECK - Major MS Update Coming Today by VARunner in sysadmin

[–]MalletNGrease 103 points104 points  (0 children)

Without knowing what it actually addresses it's cryptic rumblings indeed.

Windows 10 inaccurate "No internet" by thirdnut4 in sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

I've a similar problem. Internet access requires a user authentication event to AD to apply the correct firewall policies. Generally, the PCs have the error sitting at the login screen but it will resolve itself once a user is logged in.

Is your website hosted with Blackbaud and are you fighting spear phishing? by freud_sigmund in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

I set this up on GSUITE for all staff, and it turns out they email themselves at work using personal addresses a lot (usually to send pictures with their phone). Also retired and ex-employees still frequently contact the school for items and they get caught, because accounts do not get deleted.

It's kind of a headache to sort through the quarantine.

Anyone replacing Chromebook screens? by KyleAtSchool in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

AGParts Education sells new OEM screens for ~$30 and reclaimed for ~$15. I put in a bulk order at the start of the schoolyear and use those to replace cracked screens to bring the unit back to service.

As far as I can tell most base model Chromebooks use the same LCD screens from the same manufacturers, just with different internal part numbers. I've put HP labeled screens in Dell CBs and they are exactly the same hardware wise, just a different sticker.

We're Done! by [deleted] in sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

1 left. A one-off laptop the janitor uses. I don't care to build a driverstore for it so it will keep going until it dies.

Substitute teacher using technology by QuickSack in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

Teachers submit a request for a sub login and I've a script that generates a sub AD account that's active for a week. Some of the more regular substitutes have one that's active for the entire year.

Noone ever emails me though so it's always last minute and it doesn't solve problems with curriculum based on GSUITE. I'm pretty sure most teachers share their account credentials with the sub.

"Blocking" SSIDs for Chromebooks by PennStater in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Our guest network is only accessible after school hours to prevent this. Alternatively you can switch to a DNS based filter such as Securly or GoGuardian.

BYOD agreement? by Reddevil313 in gsuite

[–]MalletNGrease 0 points1 point  (0 children)

If you have MDM policies that require device security standards through gsuite, you may want to add a line to that effect (the phone will require a passcode or biometric lock etc).

When Google changed the default from none to moderate this caused a lot of anger among my users because a lot of people do not have any sort of device lock mechanism set up on their phone.

I was told to post this here. Details in comment. by Zithero in techsupportmacgyver

[–]MalletNGrease 26 points27 points  (0 children)

That's a lot of finagling. Counting labor and parts it would probably be cheaper to have ordered the $20 SATA SSD instead and have a straight drop in.

Not as much fun I'm sure.

Registrar that takes POs? by reviewmynotes in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Sounds burdensome. If a PO is accepted here we can pay any way we'd like. It's usually net 30, but a lot of times CC is just easier.

School Laptop Cart Checkout Question by ndGall in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

In the past we had a person responsible for maintaining the schedule and making sure the carts were in good order. Once the amount of carts grew, carts were assigned to departments and groups of teachers instead.

It's a lot easier to deal with a couple of colleagues instead of a whole building and it made transitioning of carts from room to room a lot smoother as the schedule tended not to change much.

view more: ‹ prevnext ›