17
Reddit’s r_k12sysadmin Credits: @r_channels @reddit2telegram
Trouble removing secondary domain
I'm having trouble removing a sub-domain from my Google Workspace console.
Documentation clearly notes that all existing users, groups, and aliases for the domain must be changed before removal. As far as I can tell, I have done this.
I have already escalated this issue with Google support. They are stumped as well and escalated it to another internal team.
Has anyone successfully removed a sub-domain? I'm thinking there must be some weird latent reference to the subdomain that I'm not thinking of (routing rules, auto forwarding?). If you have any insight, please share!
https://preview.redd.it/b83xxqsuv69f1.png?width=771&format=png&auto=webp&s=58bdc9e27c510b9a0e9869577c237622ffbf0037
https://redd.it/1lkpq6m
@r_k12sysadmin
Office 365 A1 Plus for faculty and student - still active
We were led to believe that our free Office 365 A1 Plus for faculty and student licenses were being deactivated in January 2025. So we spent the money and upgraded to Microsoft 365 A3 for faculty licenses at a considerable cost.
Now that it's time to renew, our free Office 365 A1 Plus for faculty/student licenses are still active in the MS 365 admin console. Can anyone explain this? I could have saved $10K at this point by not upgrading if these licenses are never going away.
https://redd.it/1lk5n3u
@r_k12sysadmin
Reunification software
Hello,
I’ve been tasked with identifying a software solution to support mass student reunification across the district in the event of an emergency where students are transported to a secondary location.
The ideal system should include the following features:
• A secure digital interface for managing student check-ins and reunifications
• A way for parents/guardians to check in upon arrival and be verified for student pickup
• A projected display that announces each student’s dismissal when they are released
• An audible notification (such as a chime or alert) each time a student is reunited with their parent or guardian
If you have any recommendations or experience with tools that offer this kind of functionality, I’d greatly appreciate your guidance.
Thank you!
https://redd.it/1ljtahv
@r_k12sysadmin
Image / Photo storage
Just wondering what everybody does with image / photo storage for photos taken throughout the school year.
Currently my school just dumps everything into a Google Shared drive. Eg 2025/ID Photos, 2025 Swimming Carnival, etc.
It can make it difficult when trying to find a photo of a specific student.
Was contemplating some kind of indexing software that can use face recognition / AI possibly. Eg search for Susie Smith, Sports carnival. Obviously it would rely on whoever uploads images to tag students to faces initially, and then tagging events to photos as they are uploaded.
https://redd.it/1ljqqzw
@r_k12sysadmin
Asbestos Abatement In Datacenter?
Who here has gone through anything like this? Here's what Im being told is going to happen, and I don't have a say at all. The architect for the project claims they do this in datacenters all the time. Administrators are following his lead here.
Datacenter must remain live.
Demolition includes "drapes" over our equipment as the only precaution.
Abatement includes jacking up a live server rack filled with 5 nodes and our core switching and firewall, and continuing to run while they use a jackhammer-like prying device to remove tiles from the floor. Abatement includes everything in the MDF wrapped. All networking and servers remain running the entire time during week-long abatement.
Here's my concern. Shit's gonna cook alive. They're jacking a rack filled with spinning disks.
Am I crazy or does this all sound like a terrible idea?
https://redd.it/1ljb7sk
@r_k12sysadmin
Apple?
Does anyone have any experience with a Microsoft Active Directory Domain, Office 365, and only Apple devices?
Our district is thinking about going iPads for all kids and MacBook airs for all teachers. Right now all teachers have Win Laptops, and pk-1 have iPads, 2-8 have Chromebooks, and high school have Chromebooks and laptops.
I think it's a horrible idea as we use multiple network drives, everything is distributed through group policy and the MDM is quite limited.
Also worried about password changes as they expire every 90 days. If there's no PC's then what do we do? We definitely don't want to turn password write back on in the cloud. and since we are pk-12 password changes are already an issue. students have to sign in one by one on teachers laptops to change their passwords. it's a nightmare.
Just curious if anyone else did this transition. I think it's a horrible idea, and is going to cost way too much money for no benefit, only downsides.
Am I wrong and this is going to be easy? I'm up for all opinions
https://redd.it/1lieu39
@r_k12sysadmin
Student ID protective cases/sleeves?
Anyone have a good place to get protective cases or sleeves for student ID badges? Our kids have been defacing, bending, breaking, and eating (yes, eating!) their ID's. We charge for replacements, but I would like to issue some sort of sleeve or case that would prevent damage. I know nothing can prevent 100% of what kids will do. I'd like to make it hard for them to remove the badge from the sleeve/case, and it needs to have a slit for a lanyard clip. Thanks in advance!
https://redd.it/1leqgph
@r_k12sysadmin
Rethinking Guest WiFi
https://k12techtalkpodcast.com/e/episode-218-rethinking-guest-wifi-without-mark/ and all major podcast platforms
Chris and Josh discuss guest WiFi, in particular whether or not to offer it to students during the school day, new employees (training, accounts, and more), and tech dept vacation days.
https://redd.it/1lekcqj
@r_k12sysadmin
Should Your School Enable Google’s Gemini and NotebookLM?
Starting August 1, 2025, Google’s AI tools Gemini and NotebookLM will be ON by default for all Google Workspace for Education domains — unless you opt out.
Full article here --> https://k12techpro.com/should-your-school-enable-googles-gemini-and-notebooklm/
https://redd.it/1lei2au
@r_k12sysadmin
Security Awareness Training
Wondering what you are using for Security Awareness Training? I got a message from my rep about training from Fortinet Security Awareness Training and Phishing special right now. I had seen a demo regarding Cybernut, We had Knowbe4 before and had some issues.
Thanks in advance.
https://redd.it/1l5mqbk
@r_k12sysadmin
Security Watch 6/6/25
On K12TechPro, we've launched a weekly cyber threat intelligence and vulnerability newsletter with NTP and K12TechPro. We'll post the "public" news to k12sysadmin from each newsletter. For the full "k12 techs only" portion (no middle schoolers, bad guys, vendors, etc. allowed), log into k12techpro.com and visit the Cybersecurity Hub.
Chrome to Distrust Chunghwa Telecom & Netlock Certificates by August 1
Starting August 1, 2025, Google Chrome will stop trusting certificates issued by Chunghwa Telecom and Netlock due to repeated industry rule violations and transparency issues. Websites using these certificates may display warnings or fail to load. Google urges affected site owners to migrate to trusted CAs immediately to avoid disruptions.
Fake AI Tools Deploying Ransomware
The AI boom has created new phishing risks. Attackers are launching fake websites that mimic real AI tools—like a cloned version of novaleads(.)app—that deliver CyberLock ransomware via deceptive downloads. These sites often rank high in search results through SEO manipulation, making them easy traps.
ScreenConnect Vulnerability Patched in Version 25.2.4
A serious vulnerability in ConnectWise ScreenConnect (version 25.2.3 and below) allows attackers to hijack ViewState and execute arbitrary code on the server. The latest patch disables ViewState entirely, removing the threat. Cloud users are already patched, but on-prem users must update immediately or apply a backport patch.
Windows 11 Update KB5058405 Causing Boot Errors
Some systems, especially virtual machines on Azure or Hyper-V, are experiencing boot errors after applying Windows 11 update KB5058405. The issue stems from a corrupted or missing ACPI.sys file. Microsoft is investigating and will release a fix. Physical endpoints and Home/Pro editions are mostly unaffected.
https://redd.it/1l50goe
@r_k12sysadmin
Lock Chromebooks to Google for search and block APK files?
Is it possible with the free license of Google Workspace to lock OUs to only be able to search with Google.com or a kid-friendly search engine, and can the download of certain file extensions be blocked? I know it's a classroom management issue, but the teachers and Admins are sleep-walking here, and I fear that we need to be able to block the gap at least temporarily. Thanks!
https://redd.it/1l4rh5a
@r_k12sysadmin
Securly Free going away
I got a call from them today saying that the free offerings for Securly Filter and Aware are going away in mid-July. No way we can afford it when the price goes up next year.
Putting this on your radar in case you're using it, and also wondering what folks are using these days.
https://redd.it/1l4hn2i
@r_k12sysadmin
End of School Year Fun
You know you need to vent.... let it out here!
Here's some of mine to start...
High School students keep their Chromebooks over summer. I've had two randomly turned in - one by a student on Monday who hasn't been back... last day is today (Thursday). Second was turned in today by an offsite/online student. Decided to come in today and turn it in. I asked the office what's up (are they still enrolled), tell them the students that are enrolled are keeping them over summer (as we already informed them) and if the students are still enrolled and the office isn't going to make arrangements to get the Chromebooks back to the students, they need to decide what to do with them, as I'm not storing them over summer. The reply was "Great questions, and I don't have an answer for you"
Email went out to staff stating: "Leave the IT equipment in your room plugged in and powered on so we can maintain it" because every year we get a few that think a computer is like a bookshelf and just needs to be covered with a sheet for the summer or stored somewhere "just in case". I immediately get a ticket - "I don't want my PC next year - should I just unplug it and bring it to you?"
Just had another person stop by. Staff member. "I'm leaving for the summer, here's my Chromebook" (no chargers of course).
Can you tell it's the last day of school? Your turn!
https://redd.it/1l48upk
@r_k12sysadmin
Windows 11 24H2 and GoGuardian?
Anyone else having issues with Windows 11 and the version 24H2?
ETA: Our machines with this version are getting a lot of 80004005 errors.
https://redd.it/1l4397r
@r_k12sysadmin
IIQ Bulk Update
We are recycling 100+ ipads this summer and I'm looking for a way to do a bulk update to IIQ to change the Owner, Asset Status and Location for all items at once.
Is this something I can do with a CSV file? We currently have Jamf as our mdm for iPads.
https://redd.it/1lkco4q
@r_k12sysadmin
UK School looking for cost effective android tablet alternatives to iPads (good camera essential)
Hi everyone,
Our staff use iPads primarily as a camera and I'm finding it to be overkill when we need to replace.
I'd like to explore android tablet alternatives that are more cost effective but still deliver on camera quality.
Does anyone have any recommendations or is anyone doing this?
Thanks in advance.
https://redd.it/1lk0jdo
@r_k12sysadmin
Any other K12 folks running EAP-TLS with NPS and Jamf? How has it gone?
I’m in the middle of rolling out EAP-TLS at our district for staff devices. (Almost there!)
Last year I stood up PEAP for BYOD, but now I’m trying to get district owned devices onto a cert based workflow with SCEP, NDES, NPS, and Jamf handling the delivery to Macs.
The long term goal is to eliminate password based WiFi entirely except for DPSK use cases like IoT and one off vendor devices.
It’s been a learning experience digging into NPS policy ordering, SCEP templates, Jamf quirks, IIS configs, and NDES doing its best to make me hate my life.
Curious if anyone else here has successfully deployed EAP-TLS in a K12 environment. Did it hold up well long term? Any regrets? Any weird gotchas I should watch out for before flipping the switch?
Would love to hear how it’s worked (or not worked) for others.
https://redd.it/1ljsian
@r_k12sysadmin
TurnItIn Alternatives
For over a decade, our school has been using TurnItIn to check for plagiarism and more recently AI detection. As the school's technology director, I manage our subscription. The cost of TurnItIn has increased quite a bit in the last few years since they added AI detection paired with the loss of the ETS grammar services. My principal has asked me to seek out potential alternatives that check for plagiarism and potential AI usage. What services are your schools using to check for plagiarism and AI?
https://redd.it/1ljg6i8
@r_k12sysadmin
Do you enable GenAI tools for all age levels?
Listen here https://k12techtalkpodcast.com/e/the-title-of-219/ and all major podcast platforms.
Join Josh, Chris, and Mark for Episode 219! We dive into the latest news, including the State of Maine's Yubikey deployment, the reintroduction of KOSA, and Google's Gemini and NotebookLM now available for K12. Plus, we'll cover the ongoing E-rate decision.
Our main topic for this episode: How are you deploying AI in your district now that major LLMs are available for K12? We'll discuss what districts should consider before turning on Gemini or CoPilot, whether to deploy to all grades, and the necessity of having an AI policy in place.
Don't miss this essential discussion for K12 tech leaders! For questions, email us at info@k12techtalkpodcast.com.
https://redd.it/1lizvt5
@r_k12sysadmin
Downgrade the classroom display cuz...I don't have time and I'm tired of dealing with it
Context: I am a one man department. Roughly 775 to 900 students. Urban K-8 Charter School in Minneapolis, Minnesota. 95% to 100% of students are Free and Reduced Lunch. Classrooms have short throw Epson projectors (570, 580, and 595) and SMART whiteboards (M600, D600, roughly 10 to 12 years old).
According to the teachers who have been here for 10+ years, the ONLY PD they got on these things was the 1st year they were installed. So fast forward to now, if anything, small or big, goes wrong, I'm called and it's an "Urgent" ticket cuz it affects classroom instruction. When in reality a USB cable came loose or a settings got changed.
And yes, I could do PD. But I also am in charge of the "don't fall for phishing" PD, and "here's how to submit a ticket" PD, and "here's how Securly works" PD, and so on and so on.
Plus we are switching from ThinkPads for teachers to Chromebook Plus for next year so it's not like they are going to be useable like they used to be anyway. I tested Lumio on a CB Plus plugged into the D600 and it was trash.
Not to mention most of the returning teachers told me they just use it to show videos and show what they have on the Doc Cam. Most told me "I'd like training, IF it worked most of time. But it doesn't, so what's the point?"
Do I just remove these things, put up a dumb whiteboard and say to them "You want interaction? Use an Expo marker."?
Head of ELA and Head Math Curriculum told me they're onboard with it.
Principals are ok with it.
And before you say "buy the Epson 700Fi," over 65% of my budget is going to pay for an MSP and I just logged us having a 37% breakage rate for student Chromebooks, most of which are out of warranty.
If you were in my shoes, what would you do?
I'm looking into doing pilots with Vivi and/oror Screenbeam for annotation substitution, but also, money.
I'm also exploring the Merlyn Mind Remote/software to do annotation but again, money.
Should I try something else before "downgrading"?
https://redd.it/1lgh1z1
@r_k12sysadmin
Any K12 Sys admins in the Portland or Seattle metro?
I am the Jamf and Google Workspace admin for a large K12 district in the Dallas-Fort Worth area. My wife and I would like to migrate to the PNW in the next several years and I would love to stay in K12 IT.
For those of you working in this capacity, do you have any tips on scoring a job in a district in Portland or Seattle or the surrounding suburbs? I've periodically looked at the job openings for the districts in those areas and have never seen anything technology related. It's surprising to me because it seems like there's always some sort of technology related opening in the districts in this part of the country.
Also, it seems like a lot of K12 IT in other states work 260 day contracts. Is this pretty common in that area? Nearly every IT position I've seen in Texas is a 226-day contract.
Thanks for reading and any insight you have!
https://redd.it/1lerjjb
@r_k12sysadmin
RADIUS and Bonjour
Hey all!
I’m deploying RADIUS authentication on our staff WiFi for next school year, but having a few issues . The network policy server is running on windows server 2019, and our network is all unifi with a sonicwall firewall.
While connected to the RADIUS authenticated SSID I am unable to see and AirPrint enabled printers, or AppleTVs(unless in Bluetooth range). While on the WPA2 SSID (same VLAN) this is not an issue.
I’m thinking I may be missing a policy or something, but Google is failing me, and gpt is telling me to look for things that don’t even appear to exist on my unifi controller. I’ve never been in an environment using RADIUS and AirPrint, any help, insights, commiseration would be very greatly appreciated!
https://redd.it/1leittu
@r_k12sysadmin
Windows Kiosk for Word desktop
Hey all,
I got asked to build out 2 laptops that could only access word, auto login, no other access etc. I have been looking and trying to setup a single app access kiosk. I was asked today to have this done tomorrow so i’m just looking for the quickest fix…
I have been following the microsoft learn quickstart located here:
https://learn.microsoft.com/en-us/windows/configuration/assigned-access/quickstart-kiosk?tabs=intune
Using the powershell option - i just copy pasted and changed the file path winword.exe and removed the following parameters. Ive also tried using the appusermodelid cmdlet instead of the v4 file path.
One i reboot it, it auto-logs into the kiosk user and then throws a blue-screen saying the app cant be accessed….am i missing something?? It looks like theres more ways to accomplish this but this way seemed the most simple and efficient….
Thanks for any help!
https://redd.it/1ldz3u8
@r_k12sysadmin
Virtualization OS
Hello fellow k12 techs! Today we had one of our hyper-v servers lose data due to 2 drive failures in the same mirror! (Some sort of power issue occurred right before this). All of our server run Windows server. In my homelab I run proxmox and I know of one other school that also does. Do any of you guys run proxmox for virtualization? And what are yalls opinions?
Server hardware: Dell Poweredge 710, 32gb of ram 2 xeon 8 core cpus
https://redd.it/1l5dywe
@r_k12sysadmin
One of my students has a GitHub account dedicated to ChromeOS exploits
Came across a GitHub account that appears to belong to one of my students (the username is one I've seen her use elsewhere) coincidentally and it's all about exploits for enrolled chromebooks. And, like, it's June and I'm tired.
Most of what she's detailed is pretty spicy for the average user (sh1mmer based, though she's also working on privilege escalation without unenrollment apparently?), so I'm not too worried about most of my students accessing it. I've known she's a talented programmer and I have supported her gamedev work by connecting her with folks I know in the industry but I didn't realize her attention was here, too. Part of me is genuinely impressed by her work and another part of me is just tired looking at this. In a number of ways, I care less about this than all of the kids picking keys off of their keyboards, but I also can't just ignore this.
Where do I even start here? She's a great kid, very engaged, and has one more year at this school before she graduates.
https://redd.it/1l4uh1l
@r_k12sysadmin
What does your district do with Chromebook that are completely functional but has excessive cosmetic damage?
https://redd.it/1l4qunn
@r_k12sysadmin
This summer/next school year is going to be a sh*tshow for our district
This summer is gonna be the biggest shitshow since I started working here. The district I work at has a little under 5,000 students. Grades 5 and up are fully 1:1. The lower grades have roughly enough Chromebooks to be 1:1, but they stay in carts and aren’t taken home. We only have 7 IT staff, but really only 3 of us manage the Chromebooks. The repairs have been astronomically high this year, only about half of our CB fleet right now is under warranty. Because our team is so small, students can go months without having their CBs while they’re out for repair, and we are constantly out of loaners too. I’m a network tech, so in addition to handling the CBs, I have about a million other things on my plate. One positive is that next year we’re refreshing our CB fleet so all of the upper 1:1 schools will have warrantied CBs. Still a lot of work to create repair requests and ship them out, though.
Administration posed an idea earlier this school year that grades 5-8 (Upper Elementary school and Intermediate school, around 800 students at each school) should no longer take the CBs home. Apparently, the curriculum doesn’t require them to go home anymore, and a majority of these CBs seem to be breaking while the kid is at home, on the bus, in the hall, etc. Personally, I thought it was a great idea, there should be less CB repairs, hopefully less lost CBs, really only the high schoolers need to take them home, not the lower grades. I was fully on board until I realized that our administration has absolutely no plans to provide us with charging infrastructure or carts of any sort, with the exception of *power strips*. They expect 2 schools, with 800 students each, to be given power strips and they have to figure out how these CBs will be charged. Apparently, it’s up to the schools themselves to figure out how this entire system is going to work, we have no say in it. All we are supposed to do is assign the CBs per student, drop them off in the classrooms and plug them into the power strips, and our work is done. According to our IT director, any other problems are not our issue.
I can already guarantee the teachers will be outraged. It’s such a half-assed idea that, in my own opinion, can only be properly done with carts. Maybe you can get by with charging stations, but for larger schools like this where the students have multiple periods, it will be a mess. But, regardless of our opinion, it will be done. Our IT director is completely disconnected from how anything works in our district. He’s not very tech savvy himself and he hasn’t even been to most of the schools. He has no idea how things are run despite us trying to keep him in the loop, and is constantly coming up with ideas that might sound good on paper but are always poorly executed. For example, we have aging desktop computers that the staff use. About 5 years ago, we made a purchase of laptops to be given to every staff member. His plan was that these laptops will phase out the old desktops. The issue is, almost all of our display tech are 15 year old projectors, that have VGA as the only input. Not to mention teachers have multiple monitors. We don’t have the money to replace the projectors and we don’t have the money to invest in docking stations for these laptops. Our boss has told us we will never buy desktops again, if a teachers desktop breaks they have to switch to their laptop. What should I tell them if they can’t connect their laptop (with HDMI port only) to their board, or multiple monitors? “We’ll deal with it on a case by case basis” ….. this would be a problem with EVERY teacher.
/end rant
https://redd.it/1l4fulf
@r_k12sysadmin
Google Licensing Changes & GCDS
We're having an issue with license assignment & unassignment, as well as the new archiving functionality in GCDS.
After discussing with Google support, they stated that GCDS cannot do license unassignment and archive the user in one sync. We must first perform a sync to remove the Google Workspace for Education Plus license, and then a separate sync to archive the user. Is this what other districts are doing? I find it hard to understand that GCDS cannot remove the license and perform the archive action in one sync.
Any ideas? Is there an easier way to go about this license change?
https://redd.it/1l45y1m
@r_k12sysadmin
Worst thing a student has said to you in an unblock request/bypass password.
I’ve been called several slurs, several just flat out “f you’s”, one kid kept typing the n-word then tried to say our school was racist because he knew that was the password and we changed it.
Anyone else have any funny/bad/outirght bizzare ones?
https://redd.it/1l408ez
@r_k12sysadmin
