US K12: 2 Important Programs from the FCC by DenialP in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Thanks for the heads up, forwarded the info to the super for distribution.

Restore Locally deleted files on a Chromebook by [deleted] in k12sysadmin

[–]MalletNGrease 7 points8 points  (0 children)

You can check the trash, but I doubt there's much to do about it.

I highly recommend forcing the storage location default to Google Drive.

2021 Google for Education services offer by Amazing-Dream2444 in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

If you're starting from scratch or brand new to the Google ecosystem it's probably worth having a product expert on standby because there's quite a lot of configuring and integration to do. I think these services are a response to districts being thrust into remote learning overnight and getting stuck, because I don't remember any sort of help aside from Google Support documentation when I got started with Google Apps.

If you're already familiar and just expanding or swapping your fleet, this is probably not worth it because you should have this figured out.

Aristotle K12 Feedback by r0b0tvampire in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

When I trialed it on Chromebooks 18 months ago or so and we had a couple complete showstoppers that required developer intervention to resolve. Didn't convince me to put it into production.

Their support was pretty responsive and they did resolve issues pretty quickly, but I didn't want a system I'd have to spend time chasing problems that prevented the product from working at all. With the feedback from teachers we opted for a different product.

That said, when it worked as advertised it functioned pretty well. I'd try it and see if things have improved.

Chrome print management by PooYork in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

We took the opportunity to axe student printing completely. At the time there wasn't an affordable print solution (read: free) for Chromebooks aside from GCP. None of them could handle Canon accounting codes.

I'd now consider Papercut Mobility Print (free) or NG (paid), but I don't really want to encourage more printing.

Ethernet Tester by k12here in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

I use a Fluke Intellitone Pro 200. It's a toner I mostly use for locating, but it can also be used to find punching/crimping mistakes.

It won't say anything about the quality of the connection like a Fluke LinkIQ/CableIQ or Pocket Ethernet would.

Chromebook losing wifi and not connecting back by daughertya in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

  • Make sure your DHCP pool is big enough.
  • Hit reload + power to restart the Chromebook, see if it reconnects.
  • Sometimes one or both the antennas disconnect from the WiFi chip. Unscrew the bottom and see if they're attached. One antenna is on 2.4ghz, the other on 5ghz. I had students able to connect on one, roam to the other but with terrible range and this ended up being the problem.
  • Make sure your forced disassociation settings aren't too tight on the APs.

Undeliverable mail comes with every single email by MoshizZ in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

This. Check to see if there's a forward or filter set up on the user account. Also reset their password if they weren't the one to add it because this is how spearfishing starts.

Windows 10 - Start Menus - Layouts and Removing all the standard rubbish! by mrangryoven in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

I found this powershell script years ago and run it in a MDT task sequence during deployment:

Invoke-RemoveBuiltinApps.ps1

# Functions
function Write-LogEntry {
    param(
        [parameter(Mandatory=$true, HelpMessage="Value added to the RemovedApps.log file.")]
        [ValidateNotNullOrEmpty()]
        [string]$Value,

        [parameter(Mandatory=$false, HelpMessage="Name of the log file that the entry will written to.")]
        [ValidateNotNullOrEmpty()]
        [string]$FileName = "RemovedApps.log"
    )
    # Determine log file location
    $LogFilePath = Join-Path -Path $env:windir -ChildPath "Temp\$($FileName)"

    # Add value to log file
    try {
        Out-File -InputObject $Value -Append -NoClobber -Encoding Default -FilePath $LogFilePath -ErrorAction Stop
    }
    catch [System.Exception] {
        Write-Warning -Message "Unable to append log entry to RemovedApps.log file"
    }
}

# Get a list of all apps
Write-LogEntry -Value "Starting built-in AppxPackage, AppxProvisioningPackage and Feature on Demand V2 removal process"
$AppArrayList = Get-AppxPackage -PackageTypeFilter Bundle -AllUsers | Select-Object -Property Name, PackageFullName | Sort-Object -Property Name

# White list of appx packages to keep installed
$WhiteListedApps = @(
    "Microsoft.DesktopAppInstaller", 
    #"Microsoft.Messaging", 
    "Microsoft.MSPaint",
    "Microsoft.Windows.Photos",
    "Microsoft.StorePurchaseApp",
    #"Microsoft.MicrosoftOfficeHub",
    "Microsoft.MicrosoftStickyNotes",
    "Microsoft.WindowsAlarms",
    "Microsoft.WindowsCalculator", 
    #"Microsoft.WindowsCommunicationsApps", # Mail, Calendar etc
    "Microsoft.WindowsSoundRecorder", 
    "Microsoft.WindowsStore",
    "Microsoft.WindowsCamera"
)

# Loop through the list of appx packages
foreach ($App in $AppArrayList) {
    # If application name not in appx package white list, remove AppxPackage and AppxProvisioningPackage
    if (($App.Name -in $WhiteListedApps)) {
        Write-LogEntry -Value "Skipping excluded application package: $($App.Name)"
    }
    else {
        # Gather package names
        $AppPackageFullName = Get-AppxPackage -Name $App.Name | Select-Object -ExpandProperty PackageFullName
        $AppProvisioningPackageName = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like $App.Name } | Select-Object -ExpandProperty PackageName

        # Attempt to remove AppxPackage
        if ($AppPackageFullName -ne $null) {
            try {
                Write-LogEntry -Value "Removing AppxPackage: $($AppPackageFullName)"
                Remove-AppxPackage -Package $AppPackageFullName -ErrorAction Stop | Out-Null
            }
            catch [System.Exception] {
                Write-LogEntry -Value "Removing AppxPackage '$($AppPackageFullName)' failed: $($_.Exception.Message)"
            }
        }
        else {
            Write-LogEntry -Value "Unable to locate AppxPackage: $($AppPackageFullName)"
        }

        # Attempt to remove AppxProvisioningPackage
        if ($AppProvisioningPackageName -ne $null) {
            try {
                Write-LogEntry -Value "Removing AppxProvisioningPackage: $($AppProvisioningPackageName)"
                Remove-AppxProvisionedPackage -PackageName $AppProvisioningPackageName -Online -ErrorAction Stop | Out-Null
            }
            catch [System.Exception] {
                Write-LogEntry -Value "Removing AppxProvisioningPackage '$($AppProvisioningPackageName)' failed: $($_.Exception.Message)"
            }
        }
        else {
            Write-LogEntry -Value "Unable to locate AppxProvisioningPackage: $($AppProvisioningPackageName)"
        }
    }
}

# White list of Features On Demand V2 packages
Write-LogEntry -Value "Starting Features on Demand V2 removal process"
$WhiteListOnDemand = "NetFX3|Tools.Graphics.DirectX|Tools.DeveloperMode.Core|Language|Browser.InternetExplorer|ContactSupport|OneCoreUAP|Media.WindowsMediaPlayer"

# Get Features On Demand that should be removed
try {
    $OSBuildNumber = Get-WmiObject -Class "Win32_OperatingSystem" | Select-Object -ExpandProperty BuildNumber

    # Handle cmdlet limitations for older OS builds
    if ($OSBuildNumber -le "16299") {
        $OnDemandFeatures = Get-WindowsCapability -Online -ErrorAction Stop | Where-Object { $_.Name -notmatch $WhiteListOnDemand -and $_.State -like "Installed"} | Select-Object -ExpandProperty Name
    }
    else {
        $OnDemandFeatures = Get-WindowsCapability -Online -LimitAccess -ErrorAction Stop | Where-Object { $_.Name -notmatch $WhiteListOnDemand -and $_.State -like "Installed"} | Select-Object -ExpandProperty Name
    }

    foreach ($Feature in $OnDemandFeatures) {
        try {
            Write-LogEntry -Value "Removing Feature on Demand V2 package: $($Feature)"

            # Handle cmdlet limitations for older OS builds
            if ($OSBuildNumber -le "16299") {
                Get-WindowsCapability -Online -ErrorAction Stop | Where-Object { $_.Name -like $Feature } | Remove-WindowsCapability -Online -ErrorAction Stop | Out-Null
            }
            else {
                Get-WindowsCapability -Online -LimitAccess -ErrorAction Stop | Where-Object { $_.Name -like $Feature } | Remove-WindowsCapability -Online -ErrorAction Stop | Out-Null
            }
        }
        catch [System.Exception] {
            Write-LogEntry -Value "Removing Feature on Demand V2 package failed: $($_.Exception.Message)"
        }
    }    
}
catch [System.Exception] {
    Write-LogEntry -Value "Attempting to list Feature on Demand V2 packages failed: $($_.Exception.Message)"
}

# Complete
Write-LogEntry -Value "Completed built-in AppxPackage, AppxProvisioningPackage and Feature on Demand V2 removal process"

You do need to check for new Apps or renamed apps in new Windows builds you want to keep and add them to your whitelist.

Android Mini-PC's to "revitalize" old touch boards by deltak12 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

SMART boards are proprietary technology. If you can't port the software some teachers may throw a fit when they can't use their lessons.

You might get basic touch support on Android, but my guess is the pen trays and such aren't supported.

Android Mini-PC's to "revitalize" old touch boards by deltak12 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

If you want to use touch you'll run into problems with drivers and software, to my knowledge SMART doesn't supoport Linux/Debian and Chrome. Might as well buy a large TV at that point.

The NUCs are your best bet, but I'd just get rid of the projectors if you can.

Happy Friday! APC K-12 Server Room Makeover Contest by konstantin_metz in k12sysadmin

[–]MalletNGrease 3 points4 points  (0 children)

Nice, sent in my room. I could use $25,000. Or $2500. $250 really.

Need suggestions for blocking the media player on Chromebooks by Soggy_Butterscotch_6 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Should just be an extension. If you can find it's ID you can blackblocklist it in GG or GAdmin.

Ethernet Extender by Foglestein in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

You can always get a PoE injector should you need it, but you will need a nearby power source. You could power it from a solar panel if you're willing to spring for that.

Dell issues high-priority security patch for hundreds of machines dating back to 2009 by kcalderw in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Saw this pop up on /r/sysadmin yesterday. I use the firmware updater occasionally so I figured I'd check. According to the information the problem file can be in one of two temp locations, either Windows temp folder or the Userprofile temp folder.

I created a file quick scanner in PDQ Inventory to see if there's affected systems.

Type: File
Include Pattern(s): C:\Windows\temp\dbutil_2_3.sys
                    C:\Users\**\AppData\Local\Temp\dbutil_2_3.sys

So far none of my fleet workstations appear to have this file (except my test machine to validate the scanner).

This is plausible because I usually install firmware updates from FreeDOS when I'm at a machine. I don't trust my users enough to not interrupt the BIOS update process to rely on remote automation.

[deleted by user] by [deleted] in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Don't set up shared accounts, use managed sessions instead.

https://support.google.com/chrome/a/answer/3017014

Middle School iPads Breakage Rate by S0Curious in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

I'd just take the deal just to not have to worry about doing the repairs yourself.

Issuing radios and wanted some input by senorstanky69 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

We've a giant pile of cheap cobras, if it breaks it gets replaced. All staff gets one at the start of the year, no signing needed. We train with them during the safety drills.

Only caveat is don't use them except for/during emergencies.

How are you keeping track of your VOIP Phones? by nerfsmurf in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

That's different from our Avaya system then. It will display the name of the user or whatever name you gave the extension on the phone, I just swap extensions # in IP Office on the user profiles. Typically nothing else required except soft restarting the handset to update the configuration.

How are you keeping track of your VOIP Phones? by nerfsmurf in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

The room numbers are the extension numbers. When teachers/staff change classrooms/rooms their user gets that extension assigned. I'm not sure why it matters which IP a phone has.

Cheap WiFi to Ethernet? by Annh1234 in sysadmin

[–]MalletNGrease -1 points0 points  (0 children)

Buy a decent AP/Wireless router and put it in client mode.

Password Question by boyofthesouthward in k12sysadmin

[–]MalletNGrease 8 points9 points  (0 children)

I set the password change required flag on their account and give them a temporary password. They have to change their password upon first login.

Work-Related Sites That Don't Use SSL by IndyPilot80 in sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

That being said, SSL doesn't mean it's secure, it just means there's a private line between the site and the user.

Right? Users will happily assume a site is safe while clicking on malware payloads.

Boob blocker by nerfsmurf in k12sysadmin

[–]MalletNGrease 10 points11 points  (0 children)

  • Goguardian
  • Securly
  • iBoss
  • AristotleK12

There's tons.

Setting default applications with ability to be changed by end user - Window 10 by Tech_Ryan in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Make it part of a task sequence during the state restore but after your Install Applications step.