Our school's IT is dumb. I need help!

[GDRRiley]

On 10/31/2017 at 2:21 PM, ianspy1 said:

.... our School has a own Server room but doesent use the Server and the securty Software dosnt work so we have a Virus on every pc

we have 5-6. 2 for the multi media academe(1 main and 1 for our TV studio), 1 (we have 4 rooms for light circuitry but that is about it so I didn't count those) for theater and 2 for network switches and 1 of those has some security stuff. 

 

[GDRRiley]

2 hours ago, Ryois said:

Although I love our 120/120 internet speeds. 

wow that sucks, We have 1gig up and down but almost 3,000 students with most being able to use a computer at any given time. 

[bcguru9384]

On ‎10‎/‎30‎/‎2017 at 7:14 PM, Ryois said:

So at our school, the IT is clueless about what our teachers and students need/want out of our technology.

• First of all, we cannot change our password https://gyazo.com/e113ef17fdf965644b8fabaf16fd2199. Our passwords are six digit numeric only passwords.
• Secondly, students cannot email and we cannot receive emails outside our domain. Example my@gmail.com to myschool@assigned.email
  • other teachers that are not our teachers
  • other students
  • outside our domain
• Third, our website is absolute trash. It's not mobile friendly, it takes many clicks and going back to view a simple page.

 I need help on trying to communicate these problems with them. Should I try to talk in person with them or send them an email assuming I can email them or what? Other students are frustrated with these problems.

i snail mailed your IT

this thread should be removed by site admins

they have a forum account and have shown more than sufficient knowledge

[leadeater]

2 hours ago, kagarium said:

Students should be able to change their passwords. We had issues with students using other peoples accounts to do things they weren't supposed to. One of these incidents even involved the police coming in and locking down our school. Since then we started allowing password changes, and actually forcing password changes every semester (6 months).

That's either a password security issue or a password sharing issue, being able to change your password doesn't actually prevent that. You can still force a password change every 6 months, a password not set by the student.

[Nacimota]

On 01/11/2017 at 8:04 AM, KhandakeF said:

Username checks out

If it did, it would be BadluckBwian, surely.

Spoiler

 

[Ryois]

7 hours ago, themctipers said:

nothing is blocked  unless you count anything that's not web traffic. (so 80 and the one for SSL)

so far ive only seen one teacher use a laptop, and it was a 1st gen i5 machine with a dying HDD. 

 

ah, america..

 

glad so far my teachers work on a 'you respect me with that, ill let you fuck around on it'

so, don't pull out your phone and game in class, but do check notifications / time / send one message during talks

 

except for one.

no phones.

there's no clock..

it feels like complete shit having that one freedom taken away. can't even check the time, cant send a quick boop, can't even fuck around waiting for other people to finish their work, which is very frequent

 

6

oh, everything is blocked except port 80,443, email ports, and DNS ports. Whenever I get done ahead of other people I read books... this past week I've read 3 300+ pages books.

[Ryois]

6 hours ago, kagarium said:

Previous school IT assistant here.

 

Students should be able to change their passwords. We had issues with students using other peoples accounts to do things they weren't supposed to. One of these incidents even involved the police coming in and locking down our school. Since then we started allowing password changes, and actually forcing password changes every semester (6 months). All passwords had to be a least 6 characters, and contain at least 1 number or symbol. It's not super secure or anything but its enough to keep people from using other peoples accounts. If someone forgot their password, they just had to go to the library or main office, where they could reset the password via active directory. The student then logs in with a default password (123456), and is forced to change it before they can get to the desktop. All of this was done with active directory, and synced with our google cloud management services, and the nutrikids lunch service. This way, students had the same usernames and passwords for Windows login, Chromebook login, google service (drive, gmail, etc.), and for their lunch accounts. Made things much easier on the IT end of things, as it was all done through one service.

 

Our student emails were set up to only work within the school domain. The elementary and middle school did not have e-mail accounts. High school did. They could e-mail any teacher or faculty member, or any other student, or any other trusted domains we set up (for example, the lunch service, other services our school used such as easybib, and any domains associated with our google cloud services). This wasn't really our choice, as the state of Connecticut board of education demanded it, although it probably saved us plenty of headaches. The students could also set up mail forwarding so they could send all their school emails to their personal inbox for their convenience, and were also allowed to set the email up on their phones if they preferred.

 

Most school websites are pretty much garbage. Ours always had been, and we never really cared because no one every really complained. We had some spare budget leftover one year and decided to hire a company to rebuild our website, and it turned out decent enough. Good enough that it worked on mobile, and it looked fine on both. It was never really a huge concern however, and for the IT department it really shouldn't be. Believe me, there's enough work to worry about internally than trying to deal with a stupid website that 5 people end up using.

 

That's just my 2 cents on my experiences working in the field. 

Password changes change the password on the AD server which is synced with aspen, and it's used as an sso for edulastic, canvas, and other stuff. All 1-12 grades have emails. We can only email certain teachers and other higher placed workers like district offices. We can't receive emails if it's not inside our domain, so no GitHub with our school provided email, no Grammarly with our emails, and such. The website scores low on page speed, doesn't use SSL, it doesn't even use directories it uses GET, and other crappy designed stuff. https://gyazo.com/d50761bef9b961afeb707bc73749c7c2 trust us with your technology! 

. 
 

[Ryois]

5 hours ago, GDRRiley said:

we have 5-6. 2 for the multi media academe(1 main and 1 for our TV studio), 1 (we have 4 rooms for light circuitry but that is about it so I didn't count those) for theater and 2 for network switches and 1 of those has some security stuff. 

 

we have like 4 ethernet jacks for each room. Each room has a wifi access point. One server is the router _{i think so}  that connects to the main VLAN  _{i think so}  and the other is a 500gb storage server that we don't use because of the 1tb per person cloud. We have one HDNVR.

5 hours ago, GDRRiley said:

wow that sucks, We have 1gig up and down but almost 3,000 students with most being able to use a computer at any given time. 

We have around 600 students so 120/120 isn't bad it never gets slow or feel like we are using all of our bandwidth.

[Ryois]

5 hours ago, bcguru9384 said:

i snail mailed your IT

this thread should be removed by site admins

they have a forum account and have shown more than sufficient knowledge

are you just joking?

[Ryois]

5 hours ago, leadeater said:

That's either a password security issue or a password sharing issue, being able to change your password doesn't actually prevent that. You can still force a password change every 6 months, a password not set by the student.

our passwords never expire. Staff is forced every 90 days. We are "not supposed to share our passwords" because it was in the pages of computer usage.

[chiller15]

Just because the computer system isn't as open as you'd like doesn't mean the people who implement it and/or manage it are dumb.

 

You're in for a shock when you grow up and go into work if you have problems with restricted IT systems. Even if you go into college/university...their computer systems will also be locked down. Messing with those could well get you thrown out.

[Tcrumpen]

On 10/31/2017 at 12:14 AM, Ryois said:

So at our school, the IT is clueless about what our teachers and students need/want out of our technology.

• First of all, we cannot change our password https://gyazo.com/e113ef17fdf965644b8fabaf16fd2199. Our passwords are six digit numeric only passwords.
• Secondly, students cannot email and we cannot receive emails outside our domain. Example my@gmail.com to myschool@assigned.email
  • other teachers that are not our teachers
  • other students
  • outside our domain
• Third, our website is absolute trash. It's not mobile friendly, it takes many clicks and going back to view a simple page.

 I need help on trying to communicate these problems with them. Should I try to talk in person with them or send them an email assuming I can email them or what? Other students are frustrated with these problems.

Changing password restriction i can understand in a way; the amount of kids that would prank each other with password changes would make administering that such a frustration. Only they'll be able to change the passwords, think about it you have 12 to 18 year old who are naturally going through their rebellion phase; everyone knows that teenagers can be the worst so allowing someone to change someone else's password (which is very easy to do) would create a IT admin's worst nightmare

 

Not receiving emails outside of the internal domain again is done to prevent malware and ransomware; although it's a bit overkill, what they should do is block everything but then slowly open up certain email domains; known as whitelisting

 

The website won't be done by IT it'll be done by a third party designer/web developer, chances are the IT admins won't even have access to the web server let alone the source files

[Ryois]

Just now, chiller15 said:

Just because the computer system isn't as open as you'd like doesn't mean the people who implement it and/or manage it are dumb.

 

You're in for a shock when you grow up and go into work if you have problems with restricted IT systems. Even if you go into college/university...their computer systems will also be locked down. Messing with those could well get you thrown out.

It's just inconvenient for the students and teachers.If student's want to share a file they have to manually type in the word url or if they're smart use bit.ly. I'm hoping to be in Network Engineering, not IT.  

[Ryois]

1 minute ago, Tcrumpen said:

Changing password restriction i can understand in a way; the amount of kids that would prank each other with password changes would make administering that such a frustration. Only they'll be able to change the passwords, think about it you have 12 to 18 year old who are naturally going through their rebellion phase; everyone knows that teenagers can be the worst so allowing someone to change someone else's password (which is very easy to do) would create a IT admin's worst nightmare

 

Not receiving emails outside of the internal domain again is done to prevent malware and ransomware; although it's a bit overkill, what they should do is block everything but then slowly open up certain email domains; known as whitelisting

 

The website won't be done by IT it'll be done by a third party designer/web developer, chances are the IT admins won't even have access to the web server let alone the source files

You have to sign in first then CTRL+ALT+DEL if we could change our passwords. Email ok. Website, they can change the website but they have to use the crappy theme that comes with it.

[chiller15]

1 minute ago, Ryois said:

It's just inconvenient for the students and teachers.If student's want to share a file they have to manually type in the word url or if they're smart use bit.ly. I'm hoping to be in Network Engineering, not IT.  

Since you have the ability to email those inside the school's domain, can't you just email the link to yourself, your fellow pupils or your teachers? Since you're using Office 365 (and I am presuming you're using Exchange Online as part of that), you can access your school email from home or anywhere in the world. Then you don't have to mess around with other links.

[Ryois]

Just now, chiller15 said:

Since you have the ability to email those inside the school's domain, can't you just email the link to yourself, your fellow pupils or your teachers? Since you're using Office 365 (and I am presuming you're using Exchange Online as part of that), you can access your school email from home or anywhere in the world. Then you don't have to mess around with other links.

nope...

[leadeater]

5 minutes ago, Ryois said:

It's just inconvenient for the students and teachers.If student's want to share a file they have to manually type in the word url or if they're smart use bit.ly. I'm hoping to be in Network Engineering, not IT.  

Network Engineering is a field within IT, probably better so say you do not want to be a Systems Administrator or Systems Engineer.

 

Does sound like you are actually interested in networking though, you do know that VLANs exist and that is reasonably rare for high school students to know anything about.

[chiller15]

1 minute ago, Ryois said:

nope...

Care to expand on why you can't do that?

[Tcrumpen]

3 minutes ago, Ryois said:

You have to sign in first then CTRL+ALT+DEL if we could change our passwords. Email ok. Website, they can change the website but they have to use the crappy theme that comes with it.

Never underestimate the stupidity of end users; that's what i've learnt working in IT. Just because you might leave your machine locked when your away from the computer doesn't mean everyone will

 

As for the website thing again that's down to the requirements. The developers have to work within the requirements even if they are shit; the client gets what the client wants

[Fetzie]

7 hours ago, Snipeon said:

Well, you can always try and compromise the whole network. Just do it anonymously, make sure you do not use any data or such for your own personal profit, and make sure it would be easy to know that you have compromised the whole system. They would have no choice but to take action. Or they can take the other route and just ignore it... Well, still a worthy bet.

That's just going to get you suspended or excluded (and possibly facing criminal charges) unless you get permission to do so.

[Ryois]

22 minutes ago, leadeater said:

Network Engineering is a field within IT, probably better so say you do not want to be a Systems Administrator or Systems Engineer.

 

Does sound like you are actually interested in networking though, you do know that VLANs exist and that is reasonably rare for high school students to know anything about.

I think were in a VLAN because of they way the network is setup. We have the high school then across the county via internet we have the elementary schools and high schools, but all of the schools can access the devices at any school.

21 minutes ago, chiller15 said:

Care to expand on why you can't do that?

Sorry I was running late so I just did a quick reply. I cannot email other students, I can email some teachers but they have to be teachers that are teaching me.

21 minutes ago, Tcrumpen said:

Never underestimate the stupidity of end users; that's what i've learnt working in IT. Just because you might leave your machine locked when your away from the computer doesn't mean everyone will

 

As for the website thing again that's down to the requirements. The developers have to work within the requirements even if they are shit; the client gets what the client wants

When ever I leave to go do something even just walking up to the teacher I always win+l so that way people cant mess with my stuff.

[Tcrumpen]

Just now, Ryois said:

When ever I leave to go do something even just walking up to the teacher I always win+l so that way people cant mess with my stuff.

As i said, you may do that but not everyone will and from an IT Admin's perspective the best way to administer a system is to put measures in to alleviate most of the damage that stupid end users could do

 

So to stop end users changing each other's password or changing it themselves and forgetting they block the ability to allow for end users to do that. This also cuts their workload down as IT Admins often have a lot more to do than basic end user support (Which trust me can take up a lot of your time)

 

Unfortunately in the IT admin world "smart" users suffer because of the stupid ones; the ones that would click on a link in an email without a 2nd thought to the potential damage it could cause.

 

Why would Jane from HR be sending a student and email; that user isn't thinking that, they see an email and see a link and click it

[Ryois]

Just now, Tcrumpen said:

As i said, you may do that but not everyone will and from an IT Admin's perspective the best way to administer a system is to put measures in to alleviate most of the damage that stupid end users could do

 

So to stop end users changing each other's password or changing it themselves and forgetting they block the ability to allow for end users to do that. This also cuts their workload down as IT Admins often have a lot more to do than basic end user support (Which trust me can take up a lot of your time)

 

Unfortunately in the IT admin world "smart" users suffer because of the stupid ones; the ones that would click on a link in an email without a 2nd thought to the potential damage it could cause.

 

Why would Jane from HR be sending a student and email; that user isn't thinking that, they see an email and see a link and click it

I wish we could fill out a google or microsoft forms and we could request a password change.

I never click links without looking at it its just my habit. 

[Tcrumpen]

Just now, Ryois said:

I never click links without looking at it its just my habit. 

That's what everyone SHOULD do but again you'll be surprised how many people just blindly click links without fore thought; there is a phrase i discovered in teh IT world

 

IT Admins have two problems

 

- Stupid users

- Smart users

 

Also i learnt that a lot of problems are PEBKAC and PICNIC

[Ryois]

Just now, Tcrumpen said:

That's what everyone SHOULD do but again you'll be surprised how many people just blindly click links without fore thought; there is a phrase i discovered in teh IT world

 

IT Admins have two problems

 

- Stupid users

- Smart users

 

Also i learnt that a lot of problems are PEBKAC and PICNIC

I found accounts that had simple passwords and full access... then over the summer they blocked signins on that account, the thing is I found more accounts that are similar to that. I try to find loopholes.