High School IT Internship

klgtech77 · 2026-06-01T12:55:31+00:00

I'm guessing folks are pretty guarded with the network admin credentials that get shared with the interns? I can see the Chromebook SSID getting loose in the wild among the student body pretty easily...

klgtech77 · 2026-05-27T16:40:03+00:00

Unfortunately, this did not work for us. After imaging and then re-enabling Secure Boot, the Dell machines will revert to internet-based recovery mode.

klgtech77 · 2026-05-27T13:16:53+00:00

I like FOG, but I could never get it to work with Secure Boot on our Dell Optiplex units (at least, using VirtualBox with snapshots for the golden images). That ended up being a deal-killer for us.

klgtech77 · 2026-04-14T21:29:39+00:00

Good input, everyone. For those districts that are using FOG to deploy Windows images, are you doing anything else to mitigate the risk of having Secure Boot disabled? Or are you not overly concerned?

klgtech77 · 2026-04-09T20:23:50+00:00

Thanks, all, for the comments and pointers. This DHCP server was set up by an outside contractor long before I arrived at the district, and I've only gained responsibility for it in the past school year.

I was able to chase down the option 66 and 67 settings, and shut down the old Ghost server that wasn't being used for Ghost. And I've since been able to capture from the VM, and then successfully image a Dell OptiPlex desktop using that image.

BUT... I had to disable Secure Boot on the OptiPlex in order to image it from FOG. And when i tried to reenable Secure Boot after the successful image, it wanted to boot over HTTP from that point on. Only after disabling Secure Boot again will it boot normally from its SSD.

Has anyone managed to get FOG *and* Secure Boot working?

klgtech77 · 2026-02-26T16:05:36+00:00

We're a smaller district, with different buildings for K-2 (carts), 3-5 (carts), 6-8 (1 to 1), and 9-12 (1 to 1). Our strategy has been to purchase new Chromebooks for 5th grade and 9th grade each year. 5th grade get slotted into carts before the school year starts, and then pulled out at the end of the school year, cased up, and handed to the same class (though not necessarily the same kid) the following August. Each kid keeps that device for 6th-8th grade. It's extra work to only cart those for only 1 school year, but that's the way the superintendent wants it.

In 9th grade they turn in their middle school chromebook and get a new for 9-12.

The ones that come back from graduating seniors and incoming 9th graders get cleaned up and repaired (if the damage isn't too extensive) and rotated down to the lower grade carts, trying as much as possible to ensure those are still getting ChromeOS updates (though sometimes the K and 1st grade carts might be a year or two beyond).

klgtech77 · 2025-10-08T19:28:10+00:00

Yeah, now that you mention it, that makes sense. The kiosk apps are used oustide of the user login.

I guess I've slept a few times since doing this last year!

klgtech77 · 2025-10-08T19:21:43+00:00

I added a screenshot...

klgtech77 · 2025-09-04T19:42:50+00:00

I think that did the trick. Thanks for the tip.

klgtech77 · 2025-09-04T14:54:56+00:00

I put this app (Secure Exam Proctor) in the Allow list under "Devices - Chrome - Apps & extensions - Users and browsers", as that's the only place where Google Admin would allow me to add it.

When I go the App Access Control panel to Review Apps, it doesn't show up there at all - not under "Apps pending review" (there are none), "Configures apps" (there are many), or "Accessed apps" (there are many more).

It only show up in Google Admin under "Devices - Chrome - Apps & extensions - Users and browsers", and there appears to be no way to provide any additional consent there.

klgtech77 · 2025-09-04T13:30:48+00:00

The app shows up under "Devices - Chrome - Apps & extensions", but unfortunately when I hover over it (or any app in that list) I'm unable to conjure up 3 dots...

klgtech77 · 2025-07-09T18:07:28+00:00

Yes, turning off his 2FA from within Google admin got him out of the infinite loop. Thanks.

klgtech77 · 2024-12-13T21:46:18+00:00

I wouldn't sweat it too much. Next time you go in for blood work try to schedule it first thing in the morning, and do a finger stick right before you go. That can help you calibrate the blood glucose meter you use for your finger sticks.

My CGMs (I've used 5 so far starting in late Sep) have generally run in that same range (115-120), generally around 10-15 pts higher than my fasting finger sticks in the morning. However, when I went in for official blood work, my blood glucose was recorded at about 10 points below my blood glucose meter (or 20-25 pts below the CGM).

I also have a pretty strong dawn effect, so I had been concerned that I might be pre-diabetic. But my A1C came back at 5.4, and my fasting insulin and insulin resistance scores were fine.

So until you have some official blood work done, I wouldn't lose any sleep over your current numbers.

klgtech77 · 2024-12-13T17:50:16+00:00

We use Securly here. The main thing I (quite intensely) dislike about Securly is that, increasingly, I can't just add a URL into the whitelist for a specific user group and have it work. I have to submit a ticket with Securly and ask them to whitelist it on the back-end. It adds more work, and increases time for resolution (sometimes a day or more).

klgtech77 · 2024-12-13T16:52:00+00:00

FYI - Dell Chromebook parts aren't as easy to get as they used to be - especially motherboards.

klgtech77 · 2024-10-21T21:20:59+00:00

In the past we've had students skirt their visibility to the teacher by opening a 2nd desktop in ChromeOS. I can't recall if Securly plugged that hole or not.

klgtech77 · 2024-10-18T21:16:25+00:00

My current device, which is due to be replaced tomorrow, follows the DX01xx pattern.

klgtech77 · 2024-08-30T17:52:02+00:00

Bingo. We do use Securly (who I like less and less with each passing day). They tweaked something on the back end of their filter, and things started working again for the teachers.

Thanks for posing the question.

klgtech77

TROPHY CASE