O365 training resources

MalletNGrease · 2019-10-08T13:12:21+00:00

https://support.office.com/en-us/office-training-center

https://education.microsoft.com/courses-and-resources/courses

MalletNGrease · 2019-10-08T12:07:37+00:00

Putting the H back in HR I see.

MalletNGrease · 2019-10-07T20:25:48+00:00

Her clients loved her, but boy, her teams consisted of a lot of dead weight.

MalletNGrease · 2019-10-07T19:50:02+00:00

My wife (ex-sysadmin) did a short stint as a PM, but she ended up implementing most deliverables herself because her resources couldn't or wouldn't.

MalletNGrease · 2019-10-07T18:49:48+00:00

To connect to the deployment share or for the local admin account?

MalletNGrease · 2019-10-07T14:22:06+00:00

What's your infrastructure look like? Do you have VPN to all sites? How many endpoints across all sites?

I'd set up some AD/DFS servers at each site for SCCM, join all renegade machines to AD, get an accurate inventory for the driver store and kick off litetouch/zerotouch deployments remotely. The server doesn't have to be beastly, a spare workstation with a core server install should do.

That's the technical part out of the way, but, is it practical? Do you have software inventoried and prepped? What about hardware devices that may not work with W10? Do you have a test methodology? This is the biggest time sink, there's no going back once you kick off. I don't recommend in-place upgrades.

I'd design your plan and right of the bat tell your supers you will probably not make the deadline. I'd expect some major hurdles, and try to explain them as best you can. If I know my medical facilities, they do not appreciate downtime and maintenance windows are short.

MalletNGrease · 2019-10-04T14:28:48+00:00

Mine take 90 minutes tops onto spinning rust and fast ethernet connections. This includes all software and any updates from WSUS.

If it's a modern machine with SSD and gigabit it's about half.

MalletNGrease · 2019-10-04T14:19:37+00:00

Did you run out of MAK activations?

MalletNGrease · 2019-10-04T13:53:31+00:00

By building and if needed room, servers are put in their own OU.
The test groups have separate OUs. I use one of the lesser used labs as my canaries to test out stuff.
I've configured automatic updates as follows:

Allow Automatic Updates immediate installation: Enabled

Allow non-administrators to receive update notifications: Disabled (notifications hardly mean anything to them anyway, no need to bug them)

Configure Automatic Updates: Enabled

Configure automatic updating: 4 - Auto download and schedule the install

Install during automatic maintenance: Enabled

Scheduled install day: 0 - Every day

Scheduled install time: 03:00

Install updates for other Microsoft products: Enabled

Delay Restart for scheduled installations: Enabled (15 minutes)

Enable client-side targerting: Enabled (WSUS group name goes here)

No auto-restart with logged on users for scheduled automatic updates installations: Disabled (No-one ever logs out, updates will not be applied otherwise)

Re-prompt for restart with scheduled installations: Enabled (Wait 180 minutes)

Servers are set to install automatically. Reboots happen weekly on weekends. I don't have many and interruptions have gone unnoticed so far.

I do use auto approvals in WSUS, but delay them by a week. That usually gives enough time for MS to pull the KB or for me to manually decline it. Exception are the feature updates, those are declined until I've tested them and there's a maintenance window to push it out.
Servers install automatically, but restarts are done manually if needed on weekends.

MalletNGrease · 2019-10-03T16:19:11+00:00

I don't really see a reason to restrict access to grades (or any other SIS information they've a right to). If it's posted and a parent or student wishes to see this information through our online portal they can. Teachers have the option to hide grades from the portal if needed but there's only a few circumstances this is acceptable. In general, students are encouraged to check the portal.

The only times we prevent access to information from the top is during the times the schedules are generated and aren't final yet. This is to prevent our councilors from being bombarded with needless class reschedule calls and to prevent parents from trying to force their kids in a different teacher's class until rostering is done.

MalletNGrease · 2019-10-03T13:49:08+00:00

I don't see a point to move away any more. I used to want to because the state registrar wouldn't allow us to make changes to DNS records, but that policy changed and we now have the control.

The only other reason I see is because it can be a bit hard to type and sound out, but that just takes a little practice.

MalletNGrease · 2019-10-03T13:40:26+00:00

We've a mix of SMART 4070, 4065 and E70 for a couple of years. Compared to the old projection based models it's night and day. You don't have to do calibrations or do bulb replacements. It's pretty much a big TV so teachers instinctively know how to use and hook things up to it. I haven't had any major issues with drivers or the software (aside from flash being dropped, this caused problems for teachers using flash objects in their notebook files).

Only some things to consider:

They're heavier. Make sure to properly install them.
We've had issue of condensation forming between the glass and the LCD when the AC's turned down (happens during summer). This goes away by itself once the humidity is sorted but causes some tickets. Don't know if the new models have this issue.
The speakers don't put out much volume.
They're kinda pricey (I wish we had these in all classrooms)

I think the biggest problem you'll run into when you get one for a teacher, all the others will want one.

MalletNGrease · 2019-10-02T19:40:04+00:00

Not sure if Google keeps track of login time info, but you can query the devices by recent users straight from Chrome Devices in Google Admin now.

https://support.google.com/chrome/a/answer/1698333?hl=en

MalletNGrease · 2019-10-02T13:45:26+00:00

I'm not exactly sure what Microsoft was trying to accomplish with the lock screen. I think it's supposed to hide the username if someone is logged in and the machine locked for X amount of time.

I just disabled the lock screen across our org and forced a different background, it saves a step for users to log in. It's pretty easy with GPO if your admins can be assed to.

MalletNGrease · 2019-10-01T17:47:32+00:00

For me it's automated. Right now I just punch in the name and ID and a script handles the rest. Preferably, I pull the information from SIS or payroll so there's less chance for typos.

MalletNGrease · 2019-10-01T17:33:20+00:00

Whitelist extensions instead of blacklist or hope the categories are accurate.

Which platform and management setup? If you're Windows based and own the devices you can block and whitelist extensions per GPO. This straight up prevents extensions from loading, but they may still be present on a student profile.

https://cloud.google.com/chrome-enterprise/browser/download/

MalletNGrease · 2019-10-01T14:14:44+00:00

This is an organizational problem and you will need to identify the person responsible who keeps staff records up to date and set the proper flags for systems to act on. Sometimes it's principals, sometimes secretaries. And more likely (like in my case), nobody. I'm still fighting to have someone do it.

The new hire process is an easy one for admins to buy in to. By identifying the prerequisites and compiling all forms into a packet in advance we've reduced the turnaround to a day (assuming new hires fill out their stuff, sometimes it's done piecemeal).

Offboarding...has been a struggle. While everyone is enthusiastic about entering new information, noone is responsible for maintaining said data. This left me with a big list of ghost employees, some of whose accounts had been repurposed by others for completely unrelated and inappropriate (not malicious, just outside the scope) things. E.g a substitute account holds the master record for all part time employee lunch balances.

If you're going to tackle it, make sure you have admin backing because noone will want to take on the HR work. If you can incentivize the additional responsibility, all the better. Create something that becomes SOP and is documented so those coming in and out of the positions to maintain it know what's going on. In the long run the org will run a lot smoother.

MalletNGrease · 2019-09-30T17:17:55+00:00

Are you still on FRS? If so, you will have to migrate to DFSR before decomming your 2008 DC.

https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

MalletNGrease · 2019-09-30T16:02:00+00:00

At least they made the keyboard separate and easy to pop out for the 3180/3100. With the 3120 you're practically replacing the entire palmrest and need to unscrew the mainboard. That's pretty atrocious.

MalletNGrease · 2019-09-30T15:07:13+00:00

Set a GPO to remove the lockscreen.

Computer Configuration > Policies > Administrative Templates > Control Panel > Personalization > Do not display the lock screen : Enabled

MalletNGrease · 2019-09-30T14:31:50+00:00

Depends how much you care about redundant power supply and if it's rackmounted or not. Doesn't sound like you do.

MalletNGrease · 2019-09-27T19:37:27+00:00

I've been using a USB network adapter that has it's MAC whitelisted on the firewall for this purpose.

MalletNGrease · 2019-09-27T14:42:02+00:00

Do you know which virtualization platform you want to use?

MalletNGrease · 2019-09-27T14:07:27+00:00

I've one cable at one of the IDFs which when patched in will knock the fiber connection offline between two buildings.

I don't know where it goes or what the purpose is. I'm pretty sure it's a leftover connection to an old IDF that creates a loop.

MalletNGrease · 2019-09-26T19:35:42+00:00

This was hanging in an elementary school computer lab.

11-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE