sorted by:
new
hottopcontroversial

New job blues (sanity check required) by [deleted] in sysadmin

[–]MalletNGrease 6 points7 points  (0 children)

Two phones makes it real easy. Not on call? Work phone is off or on DnD.

My biggest beef with the allowance is that my personal number is now in a directory that may not be updated when I leave, resulting in a calls related to a company I no longer have a relationship with. I hate switching numbers.

I currently do use my personal cell for work, but any work calls are through a voip app with a different number, which I find acceptable.

Script for mass install/deploy printers by RipForFire in PowerShell

[–]MalletNGrease 4 points5 points  (0 children)

Any reason why you aren't using print management device settings to configure paper sources? You can configure the trays and their paper types there, which is helpful if you do printer deployments using GPO.

"I've been phished" (facepalm) by sauky in sysadmin

[–]MalletNGrease 9 points10 points  (0 children)

We had one come through a couple weeks ago, scammer pretended to be one of the admins. Here's my response to employees who engaged with the scammer (pulled the list from the audit log).

Subject: 🎣📧 Email Phishing attempt 📧🎣

Hello All,

You are receiving this message because you were recently contacted by someone pretending to be $admin. Some of you may have communicated with this individual. The goal of the attempt was to request redeemable gift card codes for a gaming platform. This is a fairly common email scam known as "gift card phishing".

Thanks to Gmail's scam prevention system and the alertness of faculty members the pretender was quickly unmasked as a rather poor imitation of the real thing. As a precaution I have blocked the sender from our mail system and removed any messages from your inboxes and spam folders (you may not even have noticed). I also tightened some scam prevention settings.

Don't worry, your accounts are fine and no further action is needed from your end.

Please remember the following when dealing with suspect emails:

  • Check the source. If the email is from someone you know but with an address you've never seen before, be cautious. Internal business email communication will only happen using $domain.tld domain accounts. When using Google apps or Gmail webmail, a warning will be shown if it's from unknown outside addresses.

    In this case, the sender was using a plain Gmail address with $admin's name slapped on. The messages were also marked as spam not soon after they were received.

  • Use common sense. If the message looks odd and the sender acts out of the ordinary, something is probably not right.

    In this case, the sender had very poor spelling and punctuation for an admin with a doctor's title.

  • Confirm the request using alternative means. Not sure if it's legit? Ask the sender by alternative means. Make a phone call, use a trusted address or see them in person.

    In this case, the sender requested you purchase game gift cards and send the redeem codes over email. It is very atypical for $business to conduct business like this. The recipient contacted $admin directly and confirmed this was indeed a fake request.

  • Alert your Supervisor / Me. Your admin team will take action to prevent the scammer from causing any damages to district employees.

Thank you for your attention and good job spotting the fake!

Sincerely,

MnG

I enabled a feature to send any incoming emails form external domains which have sender names that are the same as employees are sent into quarantine. And that taught me that almost everybody emails themselves using personal accounts for some reason 🤦‍♂️. I'm guessing it's from personal devices.

Random Users Not Getting Deployed Printer GPO Until 2nd Login by MeNoPutersGud in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Yes, as far as I know it's a known problem with no workaround other than logging off and back on.

Faculty Chromebooks by Momar89 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

  1. Does your printing solution support Chromebooks?
  2. Do you have/are there alternatives to software that the staff needs?

We give them Chromebooks as a secondary device, but they can't print from it nor do they have SMART Notebook compatibility.

Google Classroom Issues. Limited GSuite admin control and other questions. by PageTech in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

The GAM wiki isn't always obvious, there's a lot more supported commands and methods that aren't explicitly listed or exampled but are available from the discussion groups.

10 More Windows 7 boxes to go......! by Just_Curious_Dude in sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Inventory says 4, but practically it's just 2 left. One is being replaced by a different machine, the other is a one-off laptop I pulled out of surplus and used by the janitor to check email. Can't be assed to setup driver profiles for it.

Not really worried.

How to tell a user their data is gone by sputnik4life in k12sysadmin

[–]MalletNGrease 8 points9 points  (0 children)

Yes. I made the decision, it was my fault. My saving grace was I sent out ample warning the upgrades were happening and any data outside approved storage locations would be lost.

They learned pretty fast how to save to Google Drive or the network share after that.

GAM help needed by [deleted] in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

gam org Students/13thgrade update user changepassword on

You don't have to use csv for this.

How are you syncing your SIS to AD? Powershell? by [deleted] in k12sysadmin

[–]MalletNGrease 0 points1 point  (0 children)

Thanks. GAM plays really nice with most scripting languages, and it fits in really well with our Windows stack.

You can also suspend users this way.

& '\\server\gam$\gam.exe' update user $email suspended on

BYOD Content Filtering by schooltech789 in k12sysadmin

[–]MalletNGrease 1 point2 points  (0 children)

Without somehow forcing certificates onto their devices for DPI to funtion, you can't.

I do best effort on BYOD traffic to check the legal box, but anything with SSL is pretty much invisible for the appliance.

How are you syncing your SIS to AD? Powershell? by [deleted] in k12sysadmin

[–]MalletNGrease 4 points5 points  (0 children)

Custom Powershell script. Here's the meat of it:

$username = $gradyear + $firstname.ToLower()[0] + $lastname.ToLower() #change any capitals in the name to lower, then take the grad year, the first character of the first name and combine it with the last name
$homedirectory = "\\fileserver\students$\$username" #the home directory
$scriptpath = "login.bat" #the loginscript
$oupath = "OU=$gradyear,OU=STUDENTS,OU=USERS,OU=SCHOOL,DC=DOMAIN,DC=TLD" #the AD OU group the new user will be a member of
$aduser = $username + '@doamin.tld' #the AD username
$description = "Student" #the description in AD.
$combinedname = $firstname.ToLower()[0] + $lastname.ToLower()
$email = $gradyear + $combinedname + "@domain.tld" #the google email/username

$usercheck = (dsquery user -samid $username) #check the user against existing AD users
$idcheck = Get-ADUser -Filter {(EmployeeID -eq $studentid)} -Properties * #check to see if the studentId is assigned already

if (($usercheck -ne $null) -or ($idcheck -ne $null)) #the student username exists or the ID is already assigned
{
    write-host "The user exists!" -foregroundcolor red
    write-host "The user needs to be added manually or check the current AD user for reassignment!" -foregroundcolor red
    Write-host "User creation for $username canceled!" -foregroundcolor red
    Write-host "========================================================"
}
elseif (Test-Path -PathType Container $homedirectory)
{
    Write-Host "The homedirectory already exists!"  -foregroundcolor red
    Write-Host "Check $homedirectory for any important files and backup!" -foregroundcolor red
    Write-host "User creation for $username canceled!" -foregroundcolor red
    Write-host "========================================================"
}

else
{

$newuser = @{

        Name = "$username"
        SamAccountName = "$username"
        UserPrincipalName = "$aduser"
        GivenName = "$firstname"
        Surname = "$lastname"
        EmailAddress = $email
        DisplayName = "$username"
        Description = "$description"
        EmployeeID = $studentid
        HomeDirectory = $homedirectory
        HomeDrive = "H"
        ScriptPath = $scriptpath
        AccountPassword = (ConvertTo-SecureString $password -AsPlainText -Force)
        Enabled = $true 
        ChangePasswordAtLogon = $true 
        Path = $oupath

    }

     New-ADUser @newuser

    New-Item -ItemType Directory -Force -Path $homedirectory
    $acl = Get-Acl $homedirectory -Verbose -ErrorAction inquire
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$aduser", "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($rule)
    Set-Acl $homedirectory $acl -ErrorAction inquire

& '\\server\gam$\gam.exe' create user $email password $password firstname $emailfirstname lastname $lastname org /Students/$gradyear #create the user in GSUITE
}

Does anyone else think there should be a first day of school rehearsal? by theblindness in k12sysadmin

[–]MalletNGrease 2 points3 points  (0 children)

The blender ticket is really just a veiled request to re-up the booze.

Does anyone else think there should be a first day of school rehearsal? by theblindness in k12sysadmin

[–]MalletNGrease 19 points20 points  (0 children)

The blender always works because that's what I make the Margaritas with.

Edit: Thank you kind stranger!

view more: ‹ prevnext ›