r/k12sysadmin

Hi all, long time lurker here and just wanted to say thank you to everyone in here as this sub has been really insightful for me in my career.

I was wondering whether anyone has had any experience working with Ubiquiti APs before?

I have used them in small environments a few years back but my current school has 90 APs and from what I’ve read, it’s not as good in an enterprise environment. However, I’d love to know if anyone thinks different.

We currently have Aruba IAP-315s which are now EOL and I need to plan a refresh. School is in a bit of a deficit right now so I am thinking of ways to save money. I had to question our suppliers when they sent over the Ubiquiti pricing!

What are the main drawbacks of using Ubiquiti? And for any UK sysadmins, would it be fully compliant with DfE standards?

Also, what about their switches? Never worked them before so not sure about them and their robustness and longevity. The Aruba switches and APs were installed 8 years ago and have been running strong (kinda sad to get rid of them) but it’s now time for a replacement. I only started a few months ago and this was one of my first concerns.

Any experiences, alternatives and advice are appreciated!

Well, school is out for the summer. I survived another year of constant complaints from administration, teachers, and staff—not to mention endless chromebook repairs and internet outages. (Of course, none of it caused by me.)

welcome to summer!

Good day all! I am finishing up provisioning a load of Chromebooks that were originally purchased to stay at the school and just used by students each day. I set the wifi policy accordingly to prevent students from using their hotspots and other networks. Now, I am faced with an executive decision to go 1 for 1 and allow them to go home. I am worried that if I remove the network policy, we will be regressing back into the same issues we have had before with BYOD. The students abuse everything and used their hotspots and vpn's a lot to get around our filters and such.

I am just curious if I am being too paranoid. Do you all open up the network policy for 1 to 1 devices? Should I protest against allowing them to go home? Just need some outside recommendations. Thanks!

I've been working for the past two years for my school, private and independent, to upgrade the equipment that was originally purchased in 2019.

We are 100% Windows. I've been told class size should be 23 students. They plan to implement some graphic/video editing software as well. The lab would interact with a total of 200 students over each academic year.

My original plan was to purchase 24 units so that there is a quick replacement if needed. I also was looking at micro form factors to reduce footprint.

Challenge is cost.

At the start of this school year I presented this project to my new leadership my cost at the time was 22k. Leadership pushed back on it until 3 weeks ago. When they gave me the go ahead they mandated I had to make this happen at the quote I gave them almost 6 months ago. That quote was also for 2 less units.

My quote today is 30k.

I've revised the quote to not have new keyboard,.mice, and monitors. It also went from 24 units to 23 and I took the warranty from 5 years to 3. I was able to get it to 23,500k. Every other quote I've worked is 24k or more.

I'm reaching out to see if maybe someone has an idea that I'm just not thinking of.

Final share, yes I know they should not of used a quote that was 6 months old, they've been told every week prices are going up. However this cost avoidance isn't stopping my two leadership from purchasing 3k apiece Mac pros.....

We've had Google SSO set up and working for Follett Destiny for a while, until some time in late November when we found it no longer working. We contacted Follett support and they told us it was a Google issue. I've had a case open with Google support since then (yes, over 6 months!)

Google support now says we need to populate the Start URL (which was never populated to begin with). So I contacted Follett support again. This time they told me that they don't support the App Waffle shortcut and can't provide a Start URL.

So, long story short I'm hoping anyone uses this can confirm it's working? Or alternatively provide the Start URL if one does in fact exist.

Long shot, I know but I appreciate any help!

Good Evening All,

We have organization wide MFA for staff email. Even so, we have staff occasionally fall for scams. They'll give up their passwords AND get scammed into giving up their second factor. OTP code, hit a button on their phone to approve some bogus request, etc. We remind, remind, remind that nobody in the organization will ever ask for any of this. Yet it still happens. Short of requiring hardware keys, we're having a hard time fixing the humans around here. There is Board policy governing this. We're working with our HR department to see if they want to start enforcing it with some sort of disciplinary action.

The question is: do any of your districts enforce such policies? If so, how do you do it? Do you make staff sign something they are responsible for their accounts and there are consequences if they don't? Do they get a written warning first offense? Ever had it lead to something serious like dismissal?

I have several pc in our intune and keep having issues with the pcs staying up to date. I was physically touching each one each year to do updates. However, this year they do not want me to physically touch devices to update. I don’t know if there is a setting or something on intune I need to fix. I have configurations setup and no compliances setup. Not certain what I would need. I am running Ninjaone and have not been impressed because it is not helping them stay up to date. Looking for ideas and thoughts.

Thanks in advance

I am looking to see if anyone has any creative rules for trying to catch more of the drive share phishing attempts? We see a lot of phishing attempts where a docs file is shared with a large group of people, via the drive-shares-dm-noreply@google.com email, which cannot be explicitly blocked. I have played around with a few content compliance rules, none that were great. The idea is I would like to try and quarantine any inbound drive shares that appear to be phishing, whether that is too many recipients, etc. More just seeing what rules others have built to try and catch more of these pro-actively!

Whats everyone doing for Android apps on Chromebooks?

We've always had a hard no for past security issues, but we're starting to get push back from a few who want to or are already using Labster. They're having performance issues on Chromebooks and Labster's support is saying that we need to allow Android apps to fix that as the app just runs better that way.

So, what's the deal in 2026. Are we allowing it? I'd assuming whitelisting only the apps we need. Is it still a big security threat bypassing filters and what not? Anyone have experience with Labster?

What are everyone's thoughts?

Over the last several months, I am constantly having to reach out to school districts all over the country because my users are being spammed with compromised emails originating from staff accounts from other districts that have been compromised.

The latest SPAM email that I just dealt with was even worse, the account that forwarded it was from School District X meanwhile the form that it was linking to in its email was from School District Y in completely different states.

When this occurs, I reach out to the school district that the compromised account originated from to let them know of it and nine times out of ten, I get zero response back from that district. I even reach out to multiple people listed on the school district website as I know from experience that districts often do not keep their district webpages updated.

Multi-factor authentication could prevent at least 99% of these issues from even occurring so if your school district doesn't use it, why not?

**EDIT**

For those that do not have MFA, do you all carry cyber insurance? As often times, it's a requirement for it.

I’m on an extended medical leave (spinal fusion) and I need a Linux project before I go crazy (don’t worry. My wife is helping with any lifting. I’m mainly on the software side).

I was wondering if anyone perhaps just had a major security cam overhaul and would be willing to part with 5-7 older IP cams. I can pay for shipping. I’ve been running my own Proxmox environment at home to prepare for the inevitable move and now I’m curious about the viability of a Linux-based cam system with web and windows clients. I’m the kinda guy who needs to run this stuff before I dive in professionally.

State testing going on, our Chromebooks are pushed to 144 for a few weeks now, the ones in question are on 144, but they are getting this error that they're using an unsupported browser. A powerwash fixes it, but is anyone else seeing this or do they have a quicker solution?

We are switching filters. The current one is just not reliable.

We are down to Securely and goGuardian.
We want classroom control portion, which both have
We want reports that “people other that it staff” can run (parents admin)
We want filter.

Any advise? Any experience with either?

Tyia

Note we are windows based for students and teachers.

Has anyone done this move? Intune was brutal five years ago when I last tried it, and you’d have to install so many custom profiles, but I’ve heard it’s come a long way. Intune is included in our E5 licenses…. Mosyle is extra….

Before we test it out, I thought I’d see if anyone else has any experience with it. Pros? Cons? Flags? Lost features?

We currently have fortinet with my district and it always seems to have issues when a windows update rolls out each month or when the fortinet gets an update. I'm honestly getting sick and tired of dealing with all the issues we've faced with fortinet. We have fortinet APs, switches, and a firewall. I'm looking on input on anyone who has left fortinet for Ubiquiti. I've got a few certifications in Ubiquiti and honestly love it since it's budget friendly, easy to work with, and less issues from what I've experienced.

Please give me the good, the bad, and the ugly if you're using Ubiquiti in your district. I know switching from fortinet to Ubquiti will be a lot of work, but I'm over fortinet. Had to contact fortinet engineers over a bug in their updates once again.

I promise I don't mean to post a vent, but I do think it may help to share a bit. First off, I admire teachers. It is a hard job. This is my first full school year, I took a job in k12 about 1.5 years ago. Any idea of being a teacher went out the door fairly quickly.. What a tough job, but I work with teachers who are passionate and care about their students, which again I really admire. My job is to provide teachers, staff, and students with the technical tools they need and support them the best I can. That is what I get paid for and I beleive it is meaningful work.

I've been in IT for about 6 years now and before that I did work several jobs in my 20s. Drywall, starbucks, painting, retial, etc.. Then I went to school and started out in help desk tier 1. Which no one likes the nonstop calls. Then I got promoted to tier 2 and I enjoyed that alright. I say this, to make the point that working at a charter highschool has been one of the hardest working experience I've had and the unique challenges of supporting teachers has been a surprise.

I do feel disrespected at times, scapegaoted for problems, and see weaponized incompentance to shift blame on me. I end up hiding with my office door shut for lunch, becuase it is the only way to not be inturrupted over technical questions. I truly feel that no ones wants to talk to me unless they have a technical problem. Maybe not everyone, but most.

There was no ticketing system when I started and I still am trying to get staff to use it. I get negative remarks on it, as if it is silly. When I started I had people inturrupting me in the hall and my office, just walking up to me hoping I'd drop everything or remember what they said and get back with them. I had people g chatting me on different emails, etc. I have worked hard to fix this, but not without resentment from some staff.

We have day loaners and I finally got library/study hall to take it, but Admin wants me to just take the day loaners back due to knowing that a study hall staff member was creating drama for me. Which is exactly why I end up being the only one handling it, and then get students all day at my office. Even when I tried to explain to admin why it helps to have day loaners off my hands, they shrugged it off like I didn't want to do my job.

I have a few teachers that decide to do class-wide testing that involve all students needing school chromebooks so that they can monitor the students better. I have told staff so many times to notifiy me in advance and I made another notice about it this week letting staff know that they must notify me and explained that it was cuases logistical issues and creates unplanned inturruptions. A teacher responded very snarky to me in chat and the entire staff saw it. I responded very professionally, but even another staff said It was very disrespected. Which I try not to take personally, but with the way things are right now things are starting to feel more personal.

I guess I came in trying to be nice with staff hoping I could build positive relationships, then to realize over time that maybe Teachers (not all) don't have to like me at all.

Is that what it is like? A good example is a teacher coming to my office door saying "printer is out of staples" and I thank them for letting them know and tell them I will take a look once I finish up what I am working on. For them to scough and say something to the extent " I guess I'll have to print tommorrow then".

Or if I have a spreadsheet of 110 students and I had one or two typos, suddenly I start hearing remarks as if I am being setup for the blame if testing goes south. Testing season is extra bad, becuase last year the person in charge of testing gave me bad numbers, and we were very short. Becuase of this there is so much scrutiny and pressure on me and I am just trying to get through this.

So sorry for the venting. But how do you'll build trust becuase I am struggling. Teachers are making me feel like the bad guy for making boundaries that should have always been in place. I feel this overall resentment towards me and it sucks becuase I am truly trying to support the best I can. I just am overwhelmed often. It is a chaotic environment.

I've not be a sole tech before, so I am not used to having no one on my team. I think most of this, is stress. When staff is stressed someone gets to be the punching bag and IT is an easy target. Plus this whole Canvas thing got everyone more stressed. I am just tired of feeling like I have no team. I am not perfect, so I'll take critisism at times, but this is exhuasting.

How is it for you. Am what I am describing normal? Or are there ways to manage this to build better relationships with staff?

The Admin Team at our school is ALL in on AI. I'm not against use by any means, however, they are purchasing top level licenses and asking for department to give them access to all data, etc. Our school admin are not the most tech savvy and they are blindly following instructions as given by AI without any true thought as to the consequences. They now think they know all things tech thanks to their AI chats.

We have run into an issue where Claude has caused wifi instability on their devices. They are blaming our department for the issue even though it is only affecting our users who have Claude Cowork installed.

Today, we were ask to help provide access for a Claude agent to our SIS . It seems that things are getting out of control.

How is this going at your school?

For some additional background...our IT Director is not on the Admin Team and we are relegated to support rather than part of the schools overall tech strategy.

Our CTE program is attempting to test through Credentia. Credentia uses ExamRoom.AI for its lockdown browser (the ExamLock Lite extension, to be exact). ExamLock prompts users to remove extensions related to our content filter, which, for obvious reasons, I will not do.

I tried reaching out to both companies, but the only support I received was the suggestion to use a personal device.

Does anyone have experience supporting this test environment, and if so, how are you making it work?

This is the plan I'm using: ChatGPT for Teachers (https://chatgpt.com/plans/k12-teachers/)

I've installed codex on both Windows 10 and Windows 11. I get the same error: "To use Codex with your ChatGPT plan, upgrade to Plus: https://chatgpt.com/explore/plus."

I have enabled Codex for my workspace as I am the ChatGPT/openAI admin for my company: https://chatgpt.com/admin/permissions?tab=general

All my research says this should work, but it doesn't. Any ideas?