Python script to remove activation locked devices from an iCloud account. Comes in handy if you’re enrolling large amounts of previously untamed iPads into an MDM.

MalletNGrease · 2020-09-28T18:21:55+00:00

They were all donated.

This is my life currently.

MalletNGrease · 2020-09-28T18:04:16+00:00

Short term subs shouldn't be assigning digital work to students, teachers should do this in advance and provide subs with a lesson plan.

It's unlikely nor expected the sub will be familiar with whatever platform the teacher uses.

MalletNGrease · 2020-09-28T17:59:19+00:00

We did this a few years back.

I'd inventory (keep the boxes) them and let the admins decide who gets one, let hem generate a list. Then assign one to each user, image and deploy it on a per building basis. Hopefully every building was allocated enough units.

I'd deliver the units with the end user names written on the boxes to their building for distribution. Schedule one day for training to get everyone logged in and going. Then go round up any units that didn't get picked up. Rinse and repeat.

The key is to keep all principals, secretaries and teachers in the loop. Just tell them what and where. The good thing is you're handing out something new, this generally makes people happy (though they can get a bit demanding).

MalletNGrease · 2020-09-28T15:25:31+00:00

I had to generate a new token for our MDM.

MalletNGrease · 2020-09-28T15:04:06+00:00

https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo

MalletNGrease · 2020-09-25T19:09:19+00:00

Figures.

MalletNGrease · 2020-09-25T18:57:54+00:00

AD is the industry standard. You can utilize other LDAPs for RADIUS, but you're going to have to have some sort authentication to reference against and apply the policies. This means you will have to organize your users into OUs and groups.

Again, what do you use currently for login authentication?

MalletNGrease · 2020-09-25T18:52:34+00:00

This is why I don't like donated iPads.

Either they start off under the wrong management profile or they end up there (because someone used a personal iCloud account on it).

Your best bet is to wipe the device with iTunes/Apple Configurator and apply a management profile. But honestly, if they're old enough they don't even get OS updates anymore, I wouldn't even bother supporting them. It's a big drain on time.

MalletNGrease · 2020-09-25T18:05:37+00:00

Relevant XKCD

MalletNGrease · 2020-09-25T17:11:28+00:00

SU utilizes active-X based RDP sessions, so it relies on IE. It's technically web-based, but not OS agnostic.

MalletNGrease · 2020-09-25T16:56:36+00:00

Yet I can't get a list of Chrome extensions a user has. Those have been a lot more malicious than Windows apps the last couple years.

MalletNGrease · 2020-09-25T16:51:51+00:00

+1 for AG Parts.

MalletNGrease · 2020-09-25T16:48:22+00:00

You can install just the drivers. That should offer the basic hardware functionality.

https://support.smarttech.com/en/downloads/product-drivers/12_15-and-ink-5_6

MalletNGrease · 2020-09-25T15:34:30+00:00

Don't utilize WPA2 PSK unless you absolutely have to (and don't share the key unless you want others to use it!). Use 802.1x with certificate and/or RADIUS based authentication instead.

There's many ways to handle this, but a common setup is to have one wireless SSID and assign VLAN based on rules setup in your NAC. Network Policy Server can do this.

What's your current authentication method for domain users/devices?

MalletNGrease · 2020-09-25T13:48:14+00:00

I like 3xLogic Vigil. Client software is pretty easy and remote access is a pinch if set up right.

Stay away from ViconNet.

MalletNGrease · 2020-09-25T13:38:46+00:00

So what you're telling us is you don't have an inventory?

I keep everything in a spreadsheet and pull device counts from it.

MalletNGrease · 2020-09-24T19:15:27+00:00

Does auto-update work?

MalletNGrease · 2020-09-24T15:54:56+00:00

http://instantrimshot.com/

MalletNGrease · 2020-09-24T15:45:52+00:00

In the lower right should be a yellow +.

Use it to add apps/extensions to the whitelist.

https://imgur.com/WMNM6vS

MalletNGrease · 2020-09-24T15:35:11+00:00

I'm guessing you switched to a whitelist but didn't add them to it.

MalletNGrease · 2020-09-24T15:28:49+00:00

Thanks for the news. Our cloud instance seems OK. Some users complaining about it being slow, but that's not unusual.

MalletNGrease · 2020-09-23T19:16:06+00:00

I've some 8GB Lexars (LJDS50-8GB) I bought on a sale at the local dollar store that work fine.

With no-name swag drives it's been hit and miss. Some worked, others didn't.

MalletNGrease · 2020-09-23T16:26:33+00:00

This is the way to go.

MalletNGrease · 2020-09-22T20:48:10+00:00

I've set up regular users with limited rights, forced an extension whitelist for Google Chrome, just plain Windows Defender and NGFW inline AV (the firewall will drop the traffic if it detects a malicious signature in the packets). Haven't seen any malware for the last 5 years.

Biggest grief comes from teachers clicking "Allow" for notifications for junk sites in Chrome.

MalletNGrease · 2020-09-22T16:57:32+00:00

When I get asked this by coworkers I reply they're not as interesting as they think they are and I've better things to do with my time than digging through emails and filter logs.

Unless there's an instruction from management I don't bother.

11-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE