17
Reddit’s r_k12sysadmin Credits: @r_channels @reddit2telegram
Prevent customizing fonts in Chrome
Had a student playing with ‘Appearance -> Customize fonts’ in Chrome which made some webpages unreadable since the font was set to Wingdings. 🙄 Is there a way to lock this setting down to prevent future tampering? I couldn’t find anything in my searches and I didn’t see anything helpful under user & browser settings in the admin console.
https://redd.it/1raa3ti
@r_k12sysadmin
Cameras with Audio Enabled
I messed up and told a school admin our cameras can record audio if we enabled it. Well, it became a topic of conversation. Now we have a few school officials who are demanding it gets enabled. I was told to turn the audio on. I reached out to our super intendant and said I’m not enabling this until we get confirmation from the school board and lawyers. I know there are laws around recording audio with our security cameras. I am not too familiar with all the steps we have to take to be compliant. I don’t want the punishment to fall on me hence I said we need to reach out and get others to sign off.
My biggest gripe is we have 3 people who always have the cameras pulled up. I don’t think they should even have camera access unless we need to review footage but that’s not a me decision. Now they’ll be able to listen to regular conversations in the hallways.
I’m just curious if anybody else has ever implemented this and how common it is. As far as I know, we will be the only public school in a fairly large area that is actively recording audio if this goes through.
Yes, teachers and I are actively against this.
Kind of a rant but kind of looking to hear from others who are more well versed in this area.
https://redd.it/1r9yah0
@r_k12sysadmin
Any opinions on Avigilon vs Verkada vs Coram for a K12?
Hey everyone, K12 IT here at a school district. I usually handle tech stuff but now I got asked to “figure out cameras + door access + alerts” (so yeah now I’m kinda security too. Sadly😅).
We’ve got multiple schools, front offices, gyms, buses, after school programs, and lots of staff + subs coming and going all the time. Right now it’s a mix of older cameras and a badge system and honestly its kind of a mess.
Superintendent keeps hearing about Avigilon, Verkada, and now Coram from vendors and wants “a recommendation”. I have heard good things about avi and coram but hatred for verkada.
My main concerns:
being able to see things remotely (I’m not at every campus everyday)
stuff still working if the internet goes down
not getting flooded with alerts / false alarms
being able to scale later if we open another building or add portable classrooms.
Anyone running any of these in K12 schools? (If you are using any of these option please suggest your experience for any). I am interested in your experience.
https://redd.it/1r65yia
@r_k12sysadmin
How do you all let people know, that you have more going on then their problem, without sounding or being rude?
Seriouse question. I can't be the only one who has staff that thinks that their IT guy waits around in their office waiting just for them. That is a common feeling amoung tech, definitly those of us who are solo techs?
I have teachers enter my office and ask that I watch their class for a couple minutes, while I am in the middle of something. Aren't we always in the middle of something?
I have some staff who are impatinet with me. I had a staff member send me an email yesterday, actually several emails about a non-urgent issue and I was busy that day. This morning I get an email following up like they are poking me. I have tickets, you don't jump first in line. This one staff member gets on random things and wants to pull me in, as if whatever they are on that day is more important then anything I have on my plate.
And I've been here for a while and I am still working with staff to use the ticketing system.
There was a culture of no boundaries with techs before me and I've tried hard to fix that, but sometimes I think I won't win that battle.
I really want to start telling people straight to their face that I have a lot more things going on beyond their issue which is not urgent and is not preventing anyone from doing their job. It can wait.
Yesterday I had someone direct G chat me about an issue and I was working on an important email. A student came to ask a question that stalled that email and when I finished the email I found that that staff member had gone to the main staff chat asking if anyone had seen the IT guy. I'm in my office busy with something, is that so hard to consider?
I'm probably sounding really whiny right now so I'll take that criticism, but I've never had this experience in IT before. I've never had people be so inconsiderate to me.
I want to start getting more aggressive, but my job is to provide a service and let my staff feel supported. I can't just start demanding things outright or it could face backlash.
I sometimes want to just tell people that if they message me with a problem instead of submitted a ticket that they should plan on my response taking longer as it is not a proper channel. But to them it is a proper channel and I am the bad guy that came in and setting new rules that don't make sense, even though I've tried to explain to them how I need to prioritize requests.
What kind of communication can I put out to set stronger boundaries without coming across as angry at the staff. Many of them are good people that I do care about supporting, but I am losing my patience today in particular and that is why I listed this as a rant.
https://redd.it/1r2ulyh
@r_k12sysadmin
Goguardian
Did you know GG will not flag inappropriate 18+ video content as explicit? If it’s not on YT, they have no way to filter it. It also will not flag explicit 18+ text on websites with approved categories (such as travel).
What filter do you use? And does it filter things like this?
https://redd.it/1r431je
@r_k12sysadmin
Writing testing apps
We participate in a standardized test called the WrAP every year. The company responsible for the test used to maintain an app that could be downloaded to Chromebooks. The app was a barebones word processor and you could submit the test through the app. We would just force our Chromebooks into kiosk mode during testing to prevent cheating, and all was well. They then deprecated the app, offered no alternative, and now we have to come up with our own solution.
We are looking for a word processor with next to no features (no spelling or grammar check, no dictionary, no aid of any kind) that we can download for Chromebooks. The ability to submit or send finished writing to a teacher or admin would be ideal. Ive been using an app called “Shiny! Shiny!” for the past couple years, and it’s passable but confuses teachers and administrators greatly, and has weird hidden key combos and hidden menus that mess with testing. We also have to manually collect the files via physical USB drives which takes forever.
Thank you in advance for any advice!
https://redd.it/1r3wy20
@r_k12sysadmin
Does Anyone Here Use Apple TV (Device) with IFPs?
I am curious if anyone here has been deploying Apple TVs with their IFPs for any reason. Are there any practical and useful applications for them in schools? Especially when attached to interactive flat panels?
https://redd.it/1r3unee
@r_k12sysadmin
Camera Controversy and Student Data Privacy!
https://k12techtalkpodcast.com/e/cameras-data-privacy/ and all major podcast platforms
We discuss the 74 reporting that federal immigration agents have been tapping Flock license plate cameras, which leads to broader conversation about school and neighborhood cameras (Ring/Nest/home systems) balancing safety and privacy. We unpack a listener email about how K12 techs should approach student data privacy.
https://www.the74million.org/article/ice-taps-into-school-security-cameras-to-aid-trumps-immigration-crackdown-74-investigation-shows/
https://redd.it/1r4nr1s
@r_k12sysadmin
PaySchools Super Admins
I was doing some auditing of account access in my district when I went into our payschools system and noticed that there were over 25 users with super admin access and all of them external to the district.
Apparently whenever a service call is placed for Payschools they just go into your system and give themselves super admin access and never remove it.
wanted to get a heads up for fellow districts to go through and make sure, some of this data is incredibly private in dealing with payments. As well as a connection to our sis.
I contacted them about this issue and they just said to provide a list of users we want removed. I have a feeling this is just going to keep being an issue.
https://redd.it/1r0beao
@r_k12sysadmin
Solution for about:blank cloacking, EagleCraft and a few other outstanding issues.
I've noticed a large gaps that has been left by Filtering Vendors, Classroom Managers, and Google Themselves.
TLDR: Got annoyed at the lack of help and said screw it, I'll do it myself. Made an extension for other people to use if you want.
I'm sure many of you have seen have gotten complaints that your teachers can't see when students are on game sites (or other inappropriate content) with GoGuardian, Securly, or Hapara's classroom managers. A few years ago when I looked into it for the first time, I found the kids were using self hosted / Google sites they controlled, to open a new tab to an about:blank page, and then load that tab with an iframe element to essentially load another site. Tabs with about:blank are considered protected by Google Chrome, so extensions have limited permissions to them compared to others. Once somebody's older brother realized this, they realized they could open various sites in this protected tab, without observation by teaching staff, and without any logs being written to the history file of the device.
Games like eagle craft (Minecraft compiled for the web with WASM), can be saved as an offline HTML file. Something that is also invisible to classroom mangers, and does not appear in the history file. This has also been a nuisance. As I'm sure many of you have learned, blocking file://* in the admin console can be a bad idea.
After getting ignored by Google to make it easier for filtering vendors to get to these tabs for a couple years, I asked ours to get to work on it, it's supposedly in progress and taking too long. I made my own as a stop gap, and share it with others who might also be tired of dealing with complaints.
Essentially it works by looking at the URL of a newly opened / opening tab, if it matches a regex pattern you provide in the policy JSON, it will close the tab without warning. Angering students to no end.
Overrides to the tab closure can be entered in the policy JSON as well. Sites like Canvas still use about:blank for pop-ups and file downloads sometimes.
Conceptually, it will work a lot like the chrome URL filtering, but with regex pattern matching so it can actually be useful.
https://chromewebstore.google.com/detail/unsecurley/icohaaiapabbaoohdadjmfccppedkkfm?authuser=0&hl=en&pli=1
https://redd.it/1r040pq
@r_k12sysadmin
Vendor and firewall
Our vendor for our new firewall only gave us limited admin credentials. So far the only thing we think we can do is whitelist/blacklist URL’s. The vendor is under a temporary contract as our MSP too for a few months to test the waters. They have done all the major networking for us for a number of years so they know our network pretty well.
Before this new firewall, our network admin was the only one that had firewall access so the rest of us didn’t even have a chance to learn as he wouldn’t give us accounts. Well he is no longer employed with us and the Palo Alto firewall was coming up for renewal. The renewal price and the price of a new one were about the same so the vendor/MSP told our super what to go with (Fortinet).
I feel like since we’ve paid for this firewall we should have full admin rights to it.
https://redd.it/1qyi2mk
@r_k12sysadmin
How do you collect decommissioned Chromebooks
Curious to hear what other districts are doing. We have inventory of our Chromebooks, and can produce a report of all the ones that need to be replaced, and can bulk disable/deprovision. But how do you actually go about retrieving them? Do you pick through one by one during the summer? Or do you provide a stack of Chromebooks to the building, and let the teachers return the ones that are disabled and swap it out themselves?
https://redd.it/1qxuyc7
@r_k12sysadmin
Google Workspace, DOH and Umbrella
Long story short, I'm trying to get Umbrella to unblock all the dependencies and assets that some middle school educators need for a podcasting elective class for a certain website. We use Cisco Umbrella DNS filtering and while I've added all the top level domains for these podcasting sites as well as their dependencies that show in Chrome Developer mode, the podcasts themselves won't play on a filtered device. I'm working with Cisco support and they're saying that in order for Umbrella to really work as it should, we need to enable DNS over HTTP (called DOH from here on) for our whole org.
I'm a bit surprised as it's been years and we've never had to do this for 99% of the URLs and domains our network touches and we've had Umbrella all the while, so it's weird that this podcasting site requires that. Has anyone else been through this or something similar, or is familiar with enabling DOH in Google Workspace that can shed some light on this? My main hesitation is that I don't want enabling this in Workspace to mess anything up for the hundreds of sites we DO need access to just because we enabled a setting that 6 fairly unimportant sites need. I don't think that will happen, but my director wants me to document this and have a reasonable assurance it's a safe move.
https://redd.it/1qxsmb4
@r_k12sysadmin
Backup Internet
Those of you that work for larger districts and have multiple Internet connections to your sites, what are you doing? We have 55 fiber connected sites that connect back to two datacenters via AT&T. Each datacenter has their own Internet. DHCP and DNS is centralized. Our single point of failure is the fiber connection to AT&T. If that gets cut or is down, the site loses connection to the rest of the world. We've been testing Starlink at some sites and thst looks promising, but we're struggling with cost doing it district-wide and also providing enough bandwidth for our larger sites (like high schools with 2,700 students).
Just wondering how the architecture looks at districts that have figured this out.
https://redd.it/1qxlgo0
@r_k12sysadmin
NBC interview concerning Google and YouTube in schools
https://k12techtalkpodcast.com/e/google-in-schools-pipeline-or-partnership-%e2%80%94-k%e2%80%9112-tech-talk-ep-249/ and all major podcast platforms
The episode features an interview with Tyler Kingkade, national reporter at NBC News, about his recent reporting on internal Google documents revealed in litigation. Tyler explains how those slide decks describe K12 as a potential “pipeline” of future users and explores tensions around YouTube’s place in classrooms - useful educational content versus algorithmic rabbit holes.
https://www.nbcnews.com/tech/social-media/google-schools-aims-pipeline-future-users-internal-documents-rcna255175
https://redd.it/1qxlfez
@r_k12sysadmin
Moving to 10Gig between IDF and MDF
Excited to upgrade the link between our IDF closets and our Core. Wonder if I’ll even notice if the link is never 100% utilized. I’m doing this mainly for our voip traffic.
https://redd.it/1r9ydjo
@r_k12sysadmin
Fusion Autodesk Student
Question for the group: Is there a way to have Autodesk Fusion (Student version) update automatically? I have a teacher for whom I have to reinstall Fusion on his computers at least three times a year. Thank you for your help!
https://redd.it/1r6a707
@r_k12sysadmin
ExamView
Has anyone found a math department approved replacement for ExamView? I think the main feature my teachers use is the item bank and maybe the test creator. I've read the new software by the new owner isn't a direct replacement. Thanks in advance.
https://redd.it/1r37v56
@r_k12sysadmin
"Docusign" phishing solution (for Google domains)
Lately our area has been getting a lot of phishing attempts/successes from compromised senders firing off an email to all their contacts claiming they need to sign something or other via a Docusign link.
And since these emails are originating from known senders/contacts, Gmail isn't throwing any flags up. But I found a solution worth sharing.
In GAC: Apps->Google Workspace->Gmail->Compliance->Objectionable content: Plenty of customizable options in there, but I just created a rule for inbound & receiving messages containing "docusign" to prepend "THIS MAY BE A SCAM::BEWARE::" to the subject line.
Hope this is helpful to some of ya ;)
https://redd.it/1r330vp
@r_k12sysadmin
Dell Tech Direct vs. Lexicon?
Hey everyone. We're a K-12 district that's been a Dell Chromebook shop for years. About half our fleet has warranty coverage through Dell Tech Direct which has worked well for us. Due to rising costs, we're considering pivoting to Lenovo Chromebooks through CDW with 3-year ADP coverage through Lexicon Tech Solutions.
The Lexicon coverage looks great on paper: unlimited non-eroding ADP, battery replacement, Incident IQ integration, and CDW-managed shipping. But I'd love to hear from anyone who's actually used it in real life.
How are the turnaround times, repair quality, and communication?
How does it compare to a manufacturer warranty like Dell Tech Direct?
https://redd.it/1r3fc7x
@r_k12sysadmin
Which do you choose for endpoint protection?
We are getting ready to choose an endpoint protection provider. We have sophos right now but the bids are back and all very close? I would like to see which you would pick and if you could elaborate that would be great.
Thanks in advance
View Poll
https://redd.it/1r40yn0
@r_k12sysadmin
Chromebook monitoring services
My school is nearing the end of our Blocksi contract. No major issues, good customer service and support. But looking at quotes for the next contract. I have quotes from Blocksi, Go Guardian, and Securly. Any other companies I should be looking at? Does anyone have any feedback for Go Guardian or Securly? Good or bad welcome.
https://redd.it/1r45v15
@r_k12sysadmin
Google Workspace / GoDaddy Forwarding Not staying
Hi,
I've been having too re-updating my DNS 301 forwarding for my Google Workspace domain every few weeks or so.
Instead of forwarding from domain1.com \-> domain2.com, it is going to domain1.com/lander. When I update the DNS it saves for a few days. until it goes back to the /lander
Any ideas on how to make this save?
Thanks!
https://preview.redd.it/lvc94ntn6jig1.png?width=1680&format=png&auto=webp&s=3b99078eb0017a4146f5b2e7abe0ccd5fb071035
https://redd.it/1r0g20v
@r_k12sysadmin
Destiny timeout issues?
Hello,
In the past week or so, we've received several complaints that Destiny (follettdestiny.com) has started timing out sooner than usual. The timeout is set to 480 minutes for librarians and 30 minutes for the Tech Dept. People have reported that using a different browser doesn't help. A tech got signed out after about 10 minutes when using Edge, for example. Anyone else experience this? Destiny support hasn't been much help.
https://redd.it/1r0567s
@r_k12sysadmin
Student BYOD schools - How are you dealing with AI?
What are some of the biggest changes you had to make in response to AI?
https://redd.it/1qzivlh
@r_k12sysadmin
Google SAML Certificate Renewal (200day/47day)
Hey all,
So I have been combing through various systems in preperation for this change. One thing I guess I have overlooked until this moment is that the SAML certs for google will also fall under the 200 day, and 47 day renewal cycle.
At this time, nearly every single application we have uses this certificate. Perhaps I don't fully understand the hierachy but I assume even if we automated Googles renewal of the SAML base cert, that I would then need to load that new certificate into every single downstream app.
That is essentially impossible, especially given the shortened timelines. Right now we do it every 3 years and that is already a hurdle for timing etc.
Am I missing something here? Seems like I need to start having some discussions with various vendors on how they might approach tackling this issue with us. Right now it is always a painful upload process with each companies tech support as very few of the apps even have forward facing SSO/SAML setup. Aside from clever, Incident IQ, and maybe one other I am missing at the moment.
I am really hoping I missed some key take away where this will not impact us haha
https://redd.it/1qxxjlz
@r_k12sysadmin
How we blocked Google AI Mode on student Chromebooks
Well, we did it... I think?
I spent the majority of the afternoon in the Admin Console and I think we have successfully blocked the AI Mode and Overviews in Chrome and Google Search for our Lower and Middle School students. I saw other posts in my research, so thought I'd share what we did:
In the Admin Console:
Turned off every AI option available in User & Browser Settings
Search terms I used to find the settings were "AI mode", "generative AI", and "Gemini"
Under Generative AI, made sure all features for the Gemini app and Gemini for Workspace were turned off
Force installed this extension to student chromebooks. There seems to be oodles of similar extensions, but this was one of the first I tried and it worked, plus it's free (for now at least)
I also know [xfanatical](https://xfanatical.com/blog/how-to-block-ai-mode-in-google-search/) is an option, but we thought we'd try the extensions before buying that
In Lightspeed
Blocked https://www.google.com/search?udm=50&aep=11, as even after we completed the above steps, students could still Google "Google's AI mode" and access the above URL
My colleagues and I tested with several different student OUs and it appears to work.
If anyone else has had success with other methods, please share. I'd love to be in a place where students can successfully use the integrated AI features on a chromebook, but we just aren't there yet.
https://redd.it/1qxuyei
@r_k12sysadmin
Dual Google Tenants, Students Can't Access External Google Sites
Hi all,
To make a long story short, my district adopted Google Workspace before there was the ability to have multiple domains in a single tenant, so we had to create one for students and one for staff, as they have different email domains. This will be resolved this summer when we move all student accounts into the staff tenant. But, at the moment, it's been hell on earth to deal with the miscellaneous issues that spring up due to the need for restrictions on the student accounts.
We (unfortunately) allow Google Sites (at least for the time being), and some of our teachers utilize Google Sites created by other teachers out on the web for their lessons. At the current moment, if a student tries to access one of those sites from outside of our domains, they get a 404 error. However, staff accounts can see it fine. On the flipside, student-created sites cannot be accessed by staff accounts, giving a 404 error as well, despite it obviously existing. Even my admin account within the student tenant can't see all student sites and I get the 404 error as well.
I'm not entirely sure what setting is causing this or what needs changed, or if there is any way to add exclusions to those external sites, but has anyone else encountered anything like this? I wish that managing Google Sites was similar to managing Msoft SharePoint sites, because at least I can see everything that exists on the tenant. Sites sucks. Thanks in advance.
https://redd.it/1qxlf2v
@r_k12sysadmin
ViewSonic vCast vs AirSync
Our district uses ViewSonic Viewboards. For the past few years we have had the teachers using vCast as the video casting solution. Now that AirSync is available we are trying to decided what to use going forward. Is ViewSonic planning on continuing support for both applications? How has peoples experience been with Airsync? Thank You
https://redd.it/1qxmjl2
@r_k12sysadmin
Fortinet/forticlient Wifi Issues
I'm losing my mind over in my district with wifi cutting in and out for all my staff members. My networking teams says it's the device itself, but I think it's the Forticlient agent installed on staff devices doing something with the wireless nic. I've installed the latest intel driver, reset wifi drivers/deleted them, I've ran the Lenovo System Update and still can't figure out this issue. I honestly think it's the Forticlient agent but the networking team doesn't. I've tried all kinds of things and still wifi issues for staff. Students originally had this problem, but the networking team created an open network filtered by MAC address for students. So, students no longer have the issue. I've honestly no idea what to try and the networking team is to hard headed that they don't believe it's the network. It doesn't help that the networking team doesn't really know what they're doing half the time, so troubleshooting with them won't work. They always respond with the following: "Put the device on intune, install latest intel wifi drivers, run all updates, we'll restart the AP." It's like I'm talking to a brick wall because I always confirm all of these actions and they never actually dive into the problem at hand. Any advice or troubleshooting ideas, I would appreciate it. My rant is now over.
https://redd.it/1qxgj09
@r_k12sysadmin
