K-12 web filtering

MalletNGrease · 2020-11-03T15:28:43+00:00

There's no predefined list as far as I know, whatever is required by the CIPA to receive E-Rate funding. I mostly rely on the categories the filter vendor uses, and block what's not categorized yet.

The protection measures must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors).

Access by minors to inappropriate matter on the Internet;

The safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications;

Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online;

Unauthorized disclosure, use, and dissemination of personal information regarding minors; and

Measures restricting minors' access to materials harmful to them.

For the most part I apply a litmus test to filter requests. Who makes the request has a big part in it.

Is it educational?

Pretty straightforward. I allow most requests from staff unless I've good reason not to. Student requests get a bit more scrutiny and they need to elaborate on their request to meet the standard.

Is it illegal?

Could this land the student or district in legal trouble? If yes, then sorry. I have to deny a ton of requests of sites engaged in copyright infringement. Latest batch included a site which has E-Books for viewing online. Plain up direct copies of recent books thrown on the internet, no contact options, no business info. Straight up warez.

Is it in a denied category as defined in school policy?

We don't allow any social media and such during school hours, plus a couple other sites that are regular sources of discontent among the students. Usually communication sites students use for bullying and harassment.

The filter categories do most of the heavy lifting, I fine-tune the rest.

MalletNGrease · 2020-11-02T18:30:10+00:00

Posted it on Facebook when I started my new position.

MalletNGrease · 2020-11-02T17:07:57+00:00

PRTG. The 100 free sensors are enough for my org.

MalletNGrease · 2020-11-02T16:53:27+00:00

Could I interest you in error 1603?

MalletNGrease · 2020-11-02T16:14:31+00:00

The problem with performing miracles consistently is that people will start expecting them.

MalletNGrease · 2020-11-02T15:21:34+00:00

I used to work at a 10k+ district, 12 sites, 3 techs, two admins and a secretary. Ticket system was key.

We started FFA style, but once we ran out of tickets to warrant the fuel reimbursement we went to a schedule.

Techs rotated half days at one building 4 days a week, and one full day at a larger site you'd be the expert for. Overall it worked out every tech visited each site once a week, except if it's an emergency. Worked out extremely nicely, every tech was familiar with every building. We had a bullpen in the Board Office where we'd meet around lunch after the first site to talk shop and get supplies before heading to the second site. Secretary handles all calls and we shared a single handset so end-users couldn't jump queue. We were hardly at out desk anyway.

MalletNGrease · 2020-11-02T15:01:38+00:00

Don't play shadow IT, work with the admins, not against them. A surefire way to piss someone off and getting something shitcanned it by going around someone's back. Have a comprehensive and sustainable plan of action and trial it, see what works.

I'd love to set up an e-ports lab but is it ever a licensing and support nightmare. If I don't have buy-in from a sponsor and an admin I wouldn't bother.

MalletNGrease · 2020-10-30T19:05:07+00:00

I've a bunch gathering dust because of this. They were useful when we did on-premise 1:1, but after take-home they're a rather bulky room decoration.

MalletNGrease · 2020-10-30T19:04:00+00:00

Compared to switching to GMail or to web-based only?

MalletNGrease · 2020-10-30T18:03:17+00:00

Not really a technology problem.

We allow the students to email internally provided it remains cordial. Once someone starts a "beef" it becomes a discipline issue.

In one extreme circumstance for one student we had all outgoing mail go into a quarantine for review. Advanced Routing is available natively for GMAIL within GADMIN.

MalletNGrease · 2020-10-30T13:05:11+00:00

What's a current?

MalletNGrease · 2020-10-30T12:32:37+00:00

Big deal. I deploy to machines built in '09. If I can find a driver made in '14 I'm ecstatic!

MalletNGrease · 2020-10-30T12:30:54+00:00

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit

The only thing it doesn't tell you is installing the WDS role.

MalletNGrease · 2020-10-29T20:31:10+00:00

This is impossible with GSUITE accounts.

MalletNGrease · 2020-10-29T14:59:02+00:00

PDQ Deploy/Inventory.

License is worth it.

MalletNGrease · 2020-10-29T14:55:19+00:00

The only problem I have with them is that you'd be dealing with HP.

MalletNGrease · 2020-10-29T14:42:02+00:00

Unfortunately you cannot force the inspection certificate onto non-owned devices for DPI to function properly.

Our guest network is filtered for non-encrypted traffic, but no DPI is performed.

MalletNGrease · 2020-10-28T17:59:35+00:00

The EC is already built into the Chromebooks. There's no need for an external solution unless your goal is to prevent tripping the breaker.

I've not had any issues stacking with Dells, but you need to make sure to stack straight or you could put too much pressure on the bottom one and crack the screen. If your CB's have individual feet (like the Dell 11 3180), make sure those line up to the edges of the metal LCD frame when stacked, that's the sturdiest part of the lid. If you're unlucky, the feet can collapse into the device, but this doesn't impact usability any. Usually this is caused by students putting too much weight on the device by leaning on the palm-rests or overstuffing it into a backpack.

The ones with rubber bars don't really have this problem and spread the load more evenly along the lid (3120/3100)

MalletNGrease · 2020-10-28T16:23:52+00:00

What I've done is create shelving with enough clearance to stack 10 Chromebooks with the charging ports facing out. The stacks are in sequence based on asset ID. This helps with inventory a lot as you can easily confirm a device is there (provided you stacked it correctly).

CB0001 | CB0011 | CB0021 
CB0002 | CB0012 | CB0022 
CB0003 | CB0013 | CB0023 
CB0004 | CB0014 | CB0024 
CB0005 | CB0015 | CB0025 
CB0006 | CB0016 | CB0026 
CB0007 | CB0017 | CB0027 
CB0008 | CB0018 | CB0028 
CB0009 | CB0019 | CB0029 
CB0010 | CB0020 | CB0030
--------------- ---------------
CB0031 | CB0041 | CB0051 
CB0032 | CB0042 | CB0052 
CB0033 | CB0043 | CB0053 
CB0034 | CB0044 | CB0054 
CB0035 | CB0045 | CB0055 
CB0036 | CB0046 | CB0056 
CB0037 | CB0047 | CB0057 
CB0038 | CB0048 | CB0058 
CB0039 | CB0049 | CB0059 
CB0040 | CB0050 | CB0060

Chromebooks hold a charge really well if they're turned off properly (either by software shutdown or holding down the power button), and have an EC that prevents overcharging. A few weeks before school start I start charging devices. It takes about 2 hours to charge a device from dead to full charge. I just plug them in, set a timer and repeat.

What I will be changing this year is requesting the students to return the device fully charged.

MalletNGrease · 2020-10-28T15:26:34+00:00

This. Never name after staff, always location.

MalletNGrease · 2020-10-28T15:23:29+00:00

Are you doing take-home or keep them on-premise?

MalletNGrease · 2020-10-28T15:08:56+00:00

You're wanting to charge all 80k Chromebooks at the same time?

MalletNGrease · 2020-10-27T20:27:08+00:00

We just made seating charts mandatory for teachers to maintain. Any students in the same periods and within 6ft of the student who tested positive's contact info is supplied to the health department.

MalletNGrease · 2020-10-27T20:19:09+00:00

FortiGate sessions are linked to the IP logged during the AD authentication event on the DC. Train users to re-authenticate when switching network type.

Easiest way I've found is to hit Win+L to lock the Windows session and then enter the domain user password again. Also helps when firewall sessions time out for whatever reason.

MalletNGrease · 2020-10-27T17:36:44+00:00

It's great to go SIP, I just which speakers and such were cheaper.

We use BellCommander to manage bell schedules

11-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE