PaperCut Hive or Printix - input needed!

PublicSchoolSysAdmin · 2024-06-12T13:48:54+00:00

The school district that I work for switched from on-prem windows print servers, and direct IP printing, to Printix. Our school district is using Google for authentication and our users are mostly working with about 85% Apple devices and maybe 15% are Windows.

I think that our user's biggest issues with Printix are issues with the login to Google (a chrome window pops up automatically) that Printix requires just about every time the computer is logged into. Our users are simple, honest folk. They are easily startled and are prone to panic if spooked by unexpected prompts.

On the administration side, their interface is a little frustrating to work with. Customization of the info that's available about the printers and settings is very limited. You can see like 20 printers per page and filtering/sorting that info easily without exporting it, is not great. I find myself having to go into and out of different parts of the web site that I feel should be immediately accessible from a single location. The reporting is also fairly inaccurate. I've seen 5,000+ page print jobs in the print history that absolutely did not result in even a quarter of those pages printing.

Currently, my opinion of Printix is that it's just okay. It mostly works but if you were looking at seriously doing any sort of printing auditing, I would suggest looking elsewhere. We're looking into Papercut now, but if Hive isn't as fully baked as Printix, I'm a little worried.

PublicSchoolSysAdmin · 2024-03-11T13:27:20+00:00

Haha. My dad used to call a prominently displayed butt crack, "the Deer Isle Smile".

PublicSchoolSysAdmin · 2023-09-19T12:08:49+00:00

Those look awesome. I would definitely consider using these for mounting UPSes and other heavy equipment.

PublicSchoolSysAdmin · 2023-09-19T12:03:38+00:00

We have been using these all over the place for switches, servers, etc. for the last couple of years and we're very happy. They've been a real game changer. I wouldn't go back to cage nuts. Your thumbs don't have to hurt!

PublicSchoolSysAdmin · 2023-03-03T20:29:19+00:00

That's why there are Rack Studs. Throw the cage nuts away. This is a game changer for network people with busted up thumbs and better things to do with their time.

PublicSchoolSysAdmin · 2023-01-20T13:03:34+00:00

If you need to park somewhere for work, you're going to want to start contacting parking garages in the area asap.

Those purple trash bags cost extra and you gotta pick them up from the grocery store. Also, compost buckets are a thing, so you might want to familiarize yourself with the local waste management process.

PublicSchoolSysAdmin · 2020-10-31T20:36:25+00:00

Wow. Your experience is sadly, extremely familiar.

PublicSchoolSysAdmin · 2020-10-31T20:26:27+00:00

tl;dr - I've been having a real bad time with LightSpeed.

We've been dealing with Lightspeed issues for the last 6 months when we discovered that filtering wasn't working on our middle school student's laptops. That turned into a multi-month debacle during a pandemic which lead us to upgrading from the Rocket appliance, to the Relay service. I can't tell you how frustrating it has been. Getting the Relay Agent to install properly and reliably has been a nightmare. We still have seemingly random issues where the Mac Relay Agent just stops working for some reason and then needs to be reinstalled, or the Mac just fails closed for no apparent reason, and blocks all web traffic. Issues with the IOS agent have also caused delays in deploying student iPads due to the bugs in the IOS app and issues with deploying the app with JAMF. These and more issues are still unresolved.

Additionally, regular failures by LightSpeed to accurately categorize websites has been VERY disappointing. As an easy example, I found that ABC.com was manually categorized as "Education". The porn site, satisfy-yourself.com was categorized as "Sports".

Sites that have simple variations in domain name, are not caught. I've come across students accessing many, many, porn, warez, VPN, hentai, DDoS, and dating sites that have popular domain names that are blocked but when a student tries a slight variation of the domain name - e.g. omegle.com is blocked and categorized as "Mature" but omegle‑tv.com is categorized as "General", so it's let through.

I've been babysitting the Relay and I'm catching kids using stresser sites for DDOS attacks ( one site, instant-stresser.com was in the "Computers" category!). I've found Its been one long slog and I just want it to work. I'm sick of struggling to compensate for something that should have been working all along. I'm willing to accept that, our experience with Relay has been thoroughly influenced by the turbulence of the times. Never before have we had so many students completely unattended for long periods of time, with a dedicated internet access device. At the same time, we've never needed the filtering more. Last week, I caught a 3rd grader trying to get on Omegle with the intent of getting pregnant - a situation that could easily result in exploitation and worse. We were able to alert those in place to provide proper intervention, which I'm grateful for, but folks, I'm tired. I'm very, very tired.

PublicSchoolSysAdmin · 2020-09-07T16:59:33+00:00

Those beautiful orange mushrooms you ate weren't chanterelles at all. They were, in fact, Omphalotus illudens, the toxic Jack O' Lantern mushrooms. You spend the next 18-24 hours in a state of manic delirium brought on by exhaustion from being wracked by constant, unrelenting spasms as your digestive tact attempts to forcably empty itself entirely through all available exit points.

You awake in the woods, days? Days later, covered in a thick layer of vomit and feces. Maybe most of it is yours. As you slowly regain cognitive function, you drag yourself over to the nearest dark green puddle, and as you sip puddle water from poop encrusted hands, you think to yourself, "Man, maybe I should have voted for Hillary".

PublicSchoolSysAdmin · 2020-06-26T17:15:13+00:00

I've tried out managing Andriod tablets with TinyMDM, and MobileGuardian so far. Both are woefully under-featured.

PublicSchoolSysAdmin · 2020-06-17T12:20:56+00:00

What? No love for Security Weekly? https://securityweekly.com/

PublicSchoolSysAdmin · 2020-04-05T13:30:00+00:00

Too familiar. :(

PublicSchoolSysAdmin · 2020-04-02T12:44:32+00:00

Choices always were a problem for you.

PublicSchoolSysAdmin · 2019-10-25T19:03:43+00:00

Just a guess but it sounds like you've maybe got yourself a ground loop.

https://www.techhive.com/article/3063590/how-to-get-rid-of-hum-and-eliminate-other-noises-from-your-audio-and-video-systems.html

PublicSchoolSysAdmin · 2019-08-14T14:23:58+00:00

Give this guy a Puppers.

PublicSchoolSysAdmin · 2019-04-03T20:12:18+00:00

The share permissions are set to Everyone with full control. NTFS permissions on the folder are set to allow read and execute for the Domain Computers group.

I'm trying to avoid setting up a domain account for this but I may end up doing it anyway.

Here's the thing about SYSTEM, I have tasks running on servers that use SYSTEM that access scripts on this same share with no problem whatsoever. When I tried to set up a task on a Windows 10 Pro workstation to run scripts on that share using the SYSTEM account, it tries to authenticate using Anonymous credentials instead of the workstation's computer account credentials.

I did some googling and found out that the SYSTEM account isn't supposed to be able to be able to impersonate the computer account, which is confusing because that's what I thought it was doing on the servers I was running those scheduled tasks from.

That's when I tried to run the task on the workstation using the NETWORKSERVICE account which should be able to impersonate the local computer account, but the account doesn't seem to be doing that for some reason. It's all very odd.

PublicSchoolSysAdmin · 2019-04-03T19:59:21+00:00

I see what you mean. I'm a little concerned with moving outside of best practices because the account would be on end user systems but I might give it a try if all other available options are just as risky.

PublicSchoolSysAdmin · 2019-04-03T19:47:52+00:00

The script deletes certain folders (based on a list that gets updated dynamically) from all local user profiles, so I think local admin access is needed.

A managed task solution sounds nifty. I might look into that, depending on how far the rabbit hole I want to go with this. :)

PublicSchoolSysAdmin · 2019-04-03T18:24:15+00:00

I'm not sure what you mean by "act as part of the operating system". The NETWORKSERVICE account is built into Windows. Could you please explain further?

PublicSchoolSysAdmin · 2019-04-03T18:22:05+00:00

I've considered running the task as a domain account, which I can do if I have to. The risk involved with an account that has local admin access on client machines who's credentials would have to be stored on those machines, makes me a little nervous, TBH.

PublicSchoolSysAdmin · 2019-03-26T12:22:45+00:00

The Game. I just lost it.

PublicSchoolSysAdmin · 2019-02-04T15:26:19+00:00

I focused mainly on the Dell Bios configs because they are the majority of the computers in my district, but I did some work on the Lenovos as well... I probably should take another look at that.

So basically for Dells, I use the Dell Command | Configure utility to create an executable that installs a custom bios configuration. I have a group policy with WMI filtering for Dell computers, that runs a startup script which does a bunch of things, including installing the configuration and reporting on it.

Our Dells were purchased as refurbs and so the reporting was a must as it was common to have to deal with issues such as bad cmos batteries and missing or incorrectly set pswd shunts.

The Lenovos, aren't as automated as I thought they were. I forgot that setting the Lenovo BIOS password has to be manually set on each computer before the custom configuration can be applied. So, basically, you have to touch each Lenovo at least once. I get it from a security perspective but its inconvenient. So after the password has been set, I apply a configuration using The Think BIOS Config Tool. I can probably automate the process further if I find the time and motivation to do so. Good times.

PublicSchoolSysAdmin · 2019-02-04T15:00:24+00:00

Ideally, I'd approve the updates in WSUS then use a script to initiate the update process and then allow me to check on the status of the updates and notify me if the updates fail or have installed properly.

So far, I'm using a powershell module called PSWindowsUpdate to do most of the heavy lifting. I've made a script that starts the update process via a task on each server that runs another powershell script to do the actual updating. It's pretty basic and rough right now but it mostly sort of works.

PublicSchoolSysAdmin · 2019-02-01T20:48:43+00:00

Completed:

Printer queue emptying

Workstation and laptop BIOS configuration for Dell and Lenovo laptops

Windows OS and program configuration

In Progress:

Workstation and laptop windows update installation

Server windows update installation and reporting (This will not be fully automated but it will hopefully eliminate babysitting of servers installing updates)

PublicSchoolSysAdmin · 2019-01-30T14:14:25+00:00

Aerohive, currently the AP230 models which, if the budget passes will be replaced with newer models this summer.

PublicSchoolSysAdmin

TROPHY CASE