Slashdot Mirror
Advice for the K12 Tech Guy?
small fish asks: "I am a newly dubbed 'Technology Coordinator' for a K-12 school district. Things here technology-wise are not well. People here are ignorant technology-wise--which is fine, as being tech-savvy is my job. However, they do not seem to trust my judgment on anything except changing printer cartridges. I'm being measured against a former teacher who filled the role for a while and was VERY comfortable with using Microsoft products. Are there any other Slashdot readers out there in similar straits? If so, what advice do you have for me?"
"For starters, there is no firewall, all IPs are exposed to the public, they are relying on Windows NT 4 boxes to sustain operations, and they seem to love their Exchange for doing email and address books, although I have only one user who migrates between two different computers. The Exchange server died due to a spam overload and will not restart, so I set up a BSD box for handling mail and DNS. To make things worse, there is no real disaster recovery here and virtually no backup power. As I type my carpets are still wet from last night's rains that poured through the machine room wall - and this happens every time it downpours I'm told.
My coworkers do not want anything to do with Macintosh computers, they have never heard of Firefox, and Unix was a strange foreign word I had to explain to some before I gave up entirely. What tips do you have for surviving (even thriving) in this type of environment?"
My coworkers do not want anything to do with Macintosh computers, they have never heard of Firefox, and Unix was a strange foreign word I had to explain to some before I gave up entirely. What tips do you have for surviving (even thriving) in this type of environment?"
Don't make another Kutztown 13. I'm serious. If there's a hole or flaw in one the system you coordinate, work with students and faculty, but don't try to get students thrown in jail for an error that's been made below you.
Kids are gonna push their technical limits, but don't be a nazi. They'll learn with time.
And get rid of the NT 4 boxes. Well, that's what I'd do, anyway.
- dshaw
The last guy was a friend of the staff and just filled in. No real policy or leadership there (my guess) before. Now a new guy has come in and wants to change things. You're not going to be liked initially.
As another poster suggested, Macs are great. I'd try to force a change to them, but good luck. If you stay, you will be servicing old Windows boxes forever, and trying to get Linux to cover everything the old NT boxes did without anyone noticing (because they'll complain you changed something "for no reason").
Run.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Are you "The Guy" or are you a pawn of someone bigger. If your say-so carrys weight, use what you know. Put it though some pilots first (if it's in your budget), then say, "This is how it's going to be."
(If Linux) When faced with budgeting concerns, show them how much you'll save by using, say, Debian w/firefox, openoffice.org, etc. Even better, use the NX client/Server and terminal serve everyone with Knoppix CD's.
Some people are like slinkys. They're useless, but it puts a smile on your face to push them down the stairs.
At any rate- try to be a teacher, not just a tech guy. You can do a lot by contacting FreeGeek in your area and getting a donation of a few linux boxen. In addition, NEVER refuse a donation, no matter how outdated you think it is- there's always a student living in poverty who could use a computer. Some of my most interesting high school computer experinces were spent learning ISIS II, the operating system of an old Intel Chip burning computer that was given to the high school that they didn't know what to do with.
Also, remember to think age-appropriate- nothing beats old TI-99 4/As (20 years old!) with speech synthesizers for kindergarteners- they're easy to maintain because the OS is in Rom, and the kid does not need to know how to read to learn how to type.
In other words, think outside the box- and don't limit yourself to one platform or operating system. Apples, IBMs, old 8-bit computers that might have been sitting in the closet for 20 years, all are usefull for kids.
OTOH, when it comes to the teachers- internet connected systems that are all alike but have Firefox, a standard IM program, and a floppy or R/W CD based e-mail program are the way to go. And don't forget Open Office for teachers- spreadsheets and word processors are the most usefull programs for their line of work.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Disclaimer: I'm not in your situation, nor have I ever been, I'm still in high school. I do believe that these methods could work.
Try to show them visually. People can get confused if they are simply told about something. Also, maybe prepare a persentation and show why the new ways are better than the old, especially showing the benefits.
In fact, one of my teachers had no clue about Firefox. Trying to explain the extensions system among other things didn't seem to help. After showing him visually, he immediately looked into it.
If they liked the previous guy, don't try too hard to dissociate yourself from his policies. If they believed in him and considered his advice good, don't oppose his policies publicly. Work on winning people over first, then proceed to force your religious beliefs (Free Software) on them :)
In the end, you'll be just as highly considered as your predecessor was, and more-so with the money you save the district.
Get them a box with the best stuff you've got. You know, responsive, boots quickly and has the goodies they're interested in (Email, Internet and wordprocessing, spreadsheet etc.) but use your selections for the goodies, even cheat by ripping off icons, look-alike skins for the desktop and apps-- even each icon's position on the desktop is important.
Bend over backwards to keep the teacher you select happy with their new box. Even if it means undeleting a file from the hard drive that they fat-fingered or rearranging the desktop icons.
Once this teacher's satisfaction increases, word will get around and teachers will be approaching you to "fix" their computer just like you did for Teacher A.
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
Exchange is very popular with users. What are you wanting to replace it with? Postfix? Good luck. You will quickly find out that only 5% of the users use the shared calendars, and that those 5% make up 95% of the complaining when you take them away...
the key thing is that as you upgrade equipment, add neat new features and reliabilty, they will start to respect you, and feel that you understand what you are doing. I know it sounds silly, but teachers hate to have to learn outside of their area. I have never figured this out, but a teacher gets very, very stuck in their ways. They have something that "works" and will almost never, ever change. So you need to move slowly at first, and make damn sure that they have only positive experiences. Make sure to point out the benefits, and most importantly, the time savings.
Oh, and congratulations.. this is one of those jobs that takes a lot of patience, but becomes very, very rewarding after time.
What are we going to do tonight Brain?
Build a firewall, Smoothwall is a great solution and it's free and you can use some old boxes.... if you migrate will they know?
Continue to improve the spam filtering for the mail, DO the filtering your own way inbetween the internet and the exchange server.
Find ways to build an foundation below everything they have so it remains ultimatly protected.
Assess the damage of the rain. Show them that the building can burn down due to sparks and shorts because of water seaping in.
Other then that if you want to change other things like purchases... then build a game plan for power, and backups solutions. Lay it on a table. Show that if this isn't done there is a chance the school will loose a lot of valueble information.
When i was in that same situation i did things that was invisable to users but covered my ass and protected the security of the job and data. I hope that helps :)
Andy
One of the most iportant things I've picked up from my aunt who worked in a K-12 schoolboard.
The tech's there, made a magic-marking system so that the creation of comments and maintaining of a permanent record. Sounds like a good idea, it is. Implementation of technology in moderation can increase productivity, but only with certian precautions.
Anyways, tis marking system was in its first year of operation, the teachers grudgingly entered in their marks (It was a webapp, in the sense that things can be done simpeler and from anywhere). On the second day of the designated marking-weekend for the teachers the system died and they had to revert to a 12 hour backup. If you go by something like this, be sure to backup. Any information that it is entered over a rapid period of time needs to be backed up at least every hour.
UPS-Wise, K-12 systems aren't that mission critical. If you can configure the bios and everything on the systems to boot up silently without any human intervention. Make it so that once the power gets back on, everything gets back up.
Warming teachers up for technology is very hard. It is easier to talk to the tech-teacher, and get him/her to migrate first if he already hasn't. To warm them up to firefox start talking about how annoying popups and ads are, then explain to him that firefox with adblock can stop them. No use catching them on the compliancy/usability, catch them on the annoyances.
The most important thing I see is to avoid CMS's integrated accross the system. My school started using FirstClass which which is marketed towards the K-12. Teachers will probably love this. In the end, students and teachers will end up hating it. (A freind of mine's in HS and his tech only knows two words; FirstClass and IBM). He dosen't get much email from his teachers or any contact because he can't have any email forwarded.
If you want to use something like this for assignment tracking/calendars, use a system that can integrate it with email. And offer the teachers the posibility of forwarding email to their home address.
If you can come up with enough old boxen suitable for linux, you can do what a freind of mine in the K-12 tech position did. He started some labs which cluster together for use with Firefox/OpenOffice. This only works for the kids, but it still makes a low cost environment.
Again, if you find that some kid gets into your system. Don't get all high and mighty on him, let him audit your network and school and *work for you*. It makes it better for the student as he dosen't get into trouble and still is nutrured for technology.
...before you can start thinking about replacing everything with BSD or Macs.
It sounds like there are lots of problems, and you aren't going to be able to fix them all at once. Try and point out, in as professional a way as possible, what the risks are. What exactly would be lost if machine X, for which there is no backup, failed?
From a functional standpoint in a teaching environment, there may well be very valid reasons to keep using Microsoft products. Like it or not, that's what people will probably end up using in the outside world, assuming that their job is a little more fulfilling then "do you want fries with that?
There are also very valid reasons for NOT using Microsoft servers as infrastructure (cost of sale being an obvious one) but you aren't going to be able to get close to influencing any decisions if you're just seen as some sort of zealot.
So be helpful, be "a team player" and try and change the world a bit at a time, not all at once.
Oh, and the very best of luck. With water coming through the wall it sounds like you might need it.
This is good advice. If you walk in and dump everything for a concept that is totally unknown and alien to them, it does not matter if it's well thought out, they will oppose it and find fault with it even if there is none. And, as a post above suggests, don't roll out some huge untested plan, run a test program and build on its success.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Explain your situation in as no-nonsense of a way possible: Your predecessor clearly got by in your role on a huntch and some stupid luck, and that luck happened to run out on your watch because of the lousy infrastructure he built. NT wasn't built to take the abuse a school will put it through: My school district learned that the brutal way around the time I took over at my school.
If your paid, you have a lot more time to work on this than I did: Imagine being the only guy doing that job, training your replacement, and still maintaining a full high school course load and getting decent grades, without pay. My life, 1998-2000...
Help us build a better map!
I work as a consultant for a systems integration firm. We have a large number of customers who are K-12 schools. Many of the technology coordinators were the technology dude from last school year and need a lot of assistance. This might be a bit of rambling, because I don't have time to make it shorter.
First of all, your budget is going to be limited, while you might be able to get E-rate money to pay for a lot of network gear, and possibly some servers, you can't use erate for staff. You need to standardize so you get work done centrally. This allows you to hire 1 or 2 smart network admins, vs a horde of drones. Hardware, software, processes, etc... all need to be standardized. Get a good handle on what software you own and where it's installed. Put some policies in place to keep teachers from pirating software; which they will do in massive amounts. Make a business case to the administration that you need to have tight control on software and hardware. You can have every l33t tech teacher running around being their own little network admin for their cluster of 30 PCs only for so long, this will fail really, really badly. This isn't just about control, it's about establising a consistent learning environment for students who will switch between classrooms and schools; as well as teachers, some of whom will have little or no technology experience and will be befuddled by 2000 computers that all act a bit different.
If you don't have a centralized imaging system, get one. Altiris is nice, Ghost is nice. CA makes a very nice (but pricy) product that will do scripted Windows installs as well as packaged or scripted app installs. Their best feature is that it will keep track of all your app installs and where they're supposed to be, reinstalling them automatically when you reimage PCs; basically handling all your license tracking for you.
Do you have network monitoring for when an errant broom handle takes out the power to a wiring closet? HP Insight manager will monitor your stuff and is reasonably easy to setup (also free). Obviously there are tons of other options, but you'll probably never find the time to devote a week to setting something (anything, anyplace) up.
Chances are you'll have people from 4 corners writing and being awarded grants that use technology. Get in on the ground floor with these folks, make sure they understand that computers need desks, network ports, AV licensing, etc... Establish an approved hardware list, and make sure people only buy stuff on the list. This reduces the number of types of printer carts you need to stock and PC images to build. Figure out a per PC cost for network support, make sure they build it into their grant.
Realize that the point of the network is to teach, not to push an idealology. Most business use windows, you'll probably be using it too.
Again, centralize. Use login scripts, group policies (time to upgrade from NT to 2003), network based apps, etc... If you don't have some remote control software, at least on all the teacher and admin machines, get some - VNC is great.
Avoid peer-to-peer apps like the plague. One of my customers has a very nice (from a teaching standpoint) app called CCC. From a technology standpoint, it's a total nightmere. It even has a hardcoded backdoor password. To function at all, everyone has to have full control over all the files; guess how often a student nukes the database... Firefox is good, but chances are, you'll run into at least one app that only works in IE. Do you want to support 2 different browsers? A lot of educational software is poorly written. Your users won't be logging in as local admins, which will break a lot of apps. Make sure you test any apps before you buy them. Again, this goes to making the policies, users shouldn't be buying software until you look over it.
Make sure the department heads are with you and can enforce rules with their staff. You don't want each librarian at each school buying different card catalog software.
Obviously you h
Don't even think about trying to switch people to Macs or introduce folks to firefox. If you have any success at all, you'll only be increasing the entropy in the environment making it even harder to manage. If you don't have success, you'll probably just end up with a bunch of suspicious users.
If the office is comfortable with Microsoft products and the old IT guy was comfortable with Microsoft products then you better get comfortable with Microsoft products asap. I'm not just talking about IIS/Exchange/Active Directory/SQL Server, but Outlook, Access, Word, Excel and Windows... the kinds of programs people use every day. It's a lot easier to change yourself than it is to change everyone and everything else.
That said, use what you know when you can.
- Project 1: Create a reliable backup strategy for any systems that are not going to be completely rehauled in the next month. If you have funds, consider buying something like a buffalo terastation or scraping together a single system with massive storage and raid5.
- Project 2: Add a nix based firewall or whatever you are comfortable with. If for whatever reason you can't do this, turn the firewalls on in the clients (assuming xp).
- Project 3: Fix Email. If people use exchange features, use exchange but protect it from spam by running a nix based host with spam filters in front of it.
Focus on one thing at a time. Once you get these three things done, then start looking at the little things you can do to improve things. Do you have servers to monitor? Install nagios. Are there any trouble systems? Take care of them. Do you have problems pushing patches and auditing machines, solve it with SUS or other tools.Once all of the critical systems are under control, start looking for low hanging fruit, not for yourself, but for your clients. Is the grade reporting system a piece of crap that everyone hates? Find something better. Is there a teacher somewhere teaching intro programming using notepad as an editor, set them up with something better and free whether it's sharp develop or jedit or whatever. Change things to improve people's lives, things that no one is going to fight to prevent you from changing.
Once you have built a track record of success, once people trust your judgement, then you can start exploring whatever preference based changes you think are best. When you suggest using XYZ, they will listen. Do you think your office should make a strategic commitment to Macs? Propose a pilot program using a single computer lab or a group of willing participants. Do you think people will benefit from using firefox? Pitch it to people and let viral marketting due its work. Maybe the foreign language teachers will be impressed by the translation extensions. Maybe the english teachers will fall in love with a form spell check extension.
Lastly, learn to work within your constraints. Eg... Do you really need backup power or will a couple of UPS's do?
The fastest way to gain the respect of others is to start writing grants. Once you are bringing in new equipment and monies from grants, people will start to trust you.
No matter how stable and secure the network and computers are, staff will still believe they are unstable. It's just something you have to shrug off.
What, me worry?
If you march in and tell them everything they know is wrong, of course they're not going to trust you. Trust is something you earn. And you don't earn it by belittling the knowledge and skills of the people you're working with.
Which is not to say that you shouldn't try to re-educate them. You're quite right to want to move away from Microsoft products. But you have to do it without screwing up their lives. That's a gradual process they they have to be active participants in.
You've got no money, no staff, no power, and a hazardous environment.
You are adept at unix/linux/bsd.
You are capable of writing scripts.
Forget expensive machines, you'll never get them.
If I were you:
Let the users run windows, it's good enough for the desktop, and you already have licenses for it (came with the machines, no?)
On the servers:
A firewall, pix ($350 on ebay)
A spam filter (repurposed pc)
An email server. Looks like you have that covered.
Try to get 1 windows 2003 server for active directory, stick the teachers on the same domain and play with the policies to get permissions right.
You will be setting up 2 networks: one for the school to get work done, one for students to play with: firewall them from each other.
Build your infrastructure on non-windows stuff. Keep exchange down.
Document everything.
Remember that you cannot secure the machines students have access to. Some will boot from CDs. Some will reformat and put linux on them.
Spend most of your money on hardware. You can code software from scratch, but you can't get "make" hardware.
Try to get graduates who have moved on to local colleges talking IT courses to help out. Offer internships for college students. Nothing like running a high school network on a shoestring budget to get your feet wet.
Use what little money you have left to buy a good library of books. I would stick with O'Reilly, Wiley and Sons, and Addison Wesley. Remember, the admin after you should be able to learn on the job.
For the teachers, they just want the stuff to work with minimal effort. Find out how many use hotmail or yahoo at home. You might be surprised. ask them if they would be ok with a web-based email program.
The only thing that matters is that you deliver stable service. Doesn't have to be fancy, doesn't have to be fast. It has to be reliable.
Finally, a word of advice: document absolutely everything. Make copies of everything, and make memos of all conversations, and print them, and keep them in file folders. In a high-school, you have to be extra careful. But you knew that.
"Piter, too, is dead."
As I type my carpets are still wet from last night's rains that poured through the machine room wall - and this happens every time it downpours I'm told.
Jeebus! Tell them to fix that immediately, and if they say no, ask the local fire marshall to take a look at it. That would probably motivate them to fix it.
In general, I'd say you're in for a class-A headache. As I learned in high school, most teachers know jack shit about technology. Even basic terminology is a problem. (I heard all about this from my AP Comp Sci teacher.)
"The newly born animals are then whisked off for a quick run through a giant baking oven." --heard on Food Network
5 & 7: At my school we just rolled out images with DeepFreeze on them. Best thing ever. A lot of our boxes have <10Gb hard disks and the students roaming profiles get huge after a year- having 50 of them on one harddisk (in a lab) will fill the disk up right quick- DeepFreeze prevents the profiles from sticking around after a reboot.
2: The one thing keeping us on exchange (OK, two things) is calendaring (and its cousin, scheduling meetings). We have an exchange calendar for everything. I know there are alternatives, but I cant justify the cost of switching since a parent donated our Exchange 2k3 licences for free.
Someone above said that a UPS isn't important. Bull shit. Maintaining your SIS records is one of your top priorities, next to the financial records. If those go down (expecially in a disaster) your school (district) will have a harder time getting back on its feet.
When I first got where I am, my predicessor had spent the last 6-8 months doing nothing but putting out fires. The first thing I did was get the backend up to specs, and everyone (well, almost =P ) was happy about it- the servers were more reliable and people had fewer problems. Then I got all the computers running 2k or XP (also donated to the school) and most of the problems went away.
Good luck!
What you do need to do is to prepare a list of issues, graded in order of system and network critical prioriy. Make up your own rating system 1 to 10 or A to F, and assign each item a rating, timeframe and resources required. This doesn't mean a quote for new equipment. For example, Linux or BSD firewall, internal, DMZ and external segments. Reconfigure IP addressing. Priority 2, need to repurpose a Pentium III and added NICs. This is a to do list that could span out 3 years or so. The budget cycle probably means you won't be able to just go out and buy what you need, although having this list will make it easier to jump on funds that come up for re-allocation. Don't try to do everything all at once. Set priorites and leave time for crisis control.
Go to town and prepare a power point or just write down your list, but sit down with who ever is "grading" your performance and work out what they think with your input. You need to have the job defined, do you make everybody happy and don't rock the boat or do you get the job done and set policy? Setting policy is best done by writing your draft and having it approved by someone in administration. Speaking of which you need to find out if any district and state guidelines apply. You could find addtional support and resources at the next level up.
Don't try to wing changes, if you're going to be effective you need backing. That means getting admin on board and having a defined role. If you don't get backing then you should set up a wireless access point and get a laptop for Slashdot and porn until things fall apart. If you're lucky you can point the finger at lack of administrative support and burn your boss. That's where documentation of issues comes in handy.
My manager says if I don't p*ss off at least one person each week he knows I'm skating. We're pretty relaxed but there are rules, including corporate guidlines that my little address space has to follow.
It sounds like the job is still very vague. This can be a curse or chance to write your own job description. Take advantage. Look at the pay scale descriptions and assign yourself the responsibilities to justify a raise and prompotion.
My workplace has a dozen people, very little turnover, and *must* use Windows because of a Windows-only primary application. However, security is very important in our industry. I hammered at them for weeks that IE and Outlook were the hackers primary targets, and had countless holes in them. The transition to Firefox went fairly smoothly-- I told them to use it for everything expect business-critical sites that required IE. I set up Adblock on Firefox and weeded out ads from the common sites.
Every week I send out a list of new security holes, and the impact. If it's an IE 0wn-u bug, I warn them not to open IE until the patch comes out. Every week, even if there are no new bugs, I warn them not to use IE, because there are still unpatched vulnerabilities.
I point out other businesses in our industry which have made the 5 o'clock news because they were hacked. And remind them not to open attachments or use IE, everytime. Or we could be next.
After a few months, everybody is using Firefox all the time, and they don't think anything of it. They do not open email attachments, they install patches when I ask them (I check).
---
Go to each computer and clean each one for viruses, spyware, bad cookies. Log the results. Post the results, but don't use names. You are not trying to embarrass anyone, just trying to show them how their systems have been obeying some other masters. Tear down their SEP fields. Discredit the "don't ask, don't tell" security policy. ("If I don't know my system is hacked, then it doesn't affect me.")
Put in a firewall. Log everything. Open up every legitimate outgoing port, for AIM, Folding@Home, whatever. Show them the attacks.
Show them logs from trojans phoning home. Chances are nobody is running a legitimate chat server, or is doing ftp or heavy traffic late at night.
Get them to *pay* for their software. (This may be the hardest.) As long as they are stealing software, Windows is an obvious, though short-sighted win. But when you point out the increase in piracy lawsuits, and get them to use only legal software, $3000 for Exchange (Exchange/CALS/OS) seems pretty pricy.
Switch out a couple systems (from volunteers) for Macs. They can coexist. I use my Powerbook 50% of the time at work.
Insist on installing OpenOffice on all systems, but that either MS or OO can be used. Insist that all Microsoft Office software be paid for. Ask them for reports or forms in PDF format, then act astounded that MS Office can't handle such a simple task. Insist that all software be paid for. Include 0wned bugs for Office in your weekly report. Mention at the cooler that the only viruses that exist on the Mac are Microsoft Office viruses. Point out new vulnerabilities found in Office apps, and what they allow into their systems.
Insist that all software be legit. Not pirated. After all, it's a lawsuit-happy world out there, and Microsoft is getting more willing to go after those pirates.
Expect the whole process to take a full year.
* Hammer home the security risks. Don't let them hide behind their lack of knowledge.
* Firewall-- first thing. Close off everything they don't use. Then tighten the worst holes.
* Firefox-- second thing. Your spyware scans should back you up. Mandatory install on every system, and lock down the settings in IE (using group policies on xp/2k workstations) every time you touch someone's system.
* Use the MSBA to scan all the systems weekly. It fairly automatic, but you get to see who's refusing to keep up with patches.
* Mandatory OpenOffice install, but optional to use. Request PDFs for the school website and forms.
* Hammer home the piracy idea. Lawsuits. Lawsuits. Lawsuits. Bad publicity. They are sending a message of lawlessness to the students.
Everyone is entitled to his own opinions, but not his own facts.
Having done BOTH, I strongly Disagree with point 5. Sysadmins can have a useful input into systems planing, even more so if the higher ups know nothing. Working at McDonalds the only input you have into designing burgers is the ones that you eat yourself in the break room!
What you need to do is to tactfuly suggest some small changes, to build up their confidence in your skills. Don't go at it like a bull in a china shop, trying to change everyting at once. This will get you nowhere fast. Go for the simple quick wins. Maybe you can replace a NT file server with a SAMBA Linux box. Maybe move some of the teachers to OpenOffice on Windows. Move slowly but confidantly, and be prepaired to show the benefits in advance, then show the benefits again when tings have been in for a while, just to remind people. Sometimes just checking up that a previous problem has been cleared up by what you have done can help.
I'm just here to regulate Funkyness
One of your biggest problems is going to be spyware, do yourself a favor and setup a DNS blackhole. We've set this up here at the Iberia Parish school district in Louisiana and love it.
Get some kind of imaging software like Symantec Ghost, try to keep your software installations as identical as possible.
Give each user a share on the server and make them save their documents there instead of on their hard drive (you can redirect My Documents to a share with Group Policies). Makes recovery much easier when you need to replace a hard drive, or re-image a Windows install that's overridden with viruses/spyware/etc.
Leave Windows on the workstations, but install Linux on old servers to be used for DNS/web caching/samba/whatever.
When you setup your firewall be sure to block the ports of AIM/Yahoo/MSN/IRC/Kazaa/Gnutella/and whatever else you can think of. If you don't, I can promise you the students will do nothing but chat and download music all day.
Take some time and examine your goals here. What are you personally looking to get out of this assignment?
The facts are:
#1. Any changes you make will be "wrong" compared to what the last guy did.
#2. Unless something is done about the water, your systems will eventually fail (and you will be blamed because the last guy never had that problem).
#3. You'll be spending a lot of time and effort on making friends just to accomplish your technical goals.
#4. No matter how great you are, there will always be someone on staff who talks to a friend who uses Windows and will tell everyone that no one else is having the problems you have with Windows.
If you're going to put yourself through all that stress, be sure you understand why you are doing that to yourself. And it is you doing it to yourself.
Too many times we tend to see the people who use the systems as the problem. Maybe they don't agree with your goals, but is that really a problem? Instead, examine your goals and see if you really want to fight that fight, under those conditions to achieve your goals.
And be realistic in your goals. They will not worship you for bringing them to the promised land of a firewalled sub-net. They don't even know anything is wrong. The best you can do is to be respected by a bunch of people who can't remember their own username/password's.
Sometimes not getting involved in a disaster is the best option.
I was a tech in a secondary school so this may not completely apply...
1. Log everything.
2. Review your logs.
Logs are what allowed me to discover a student logging in to a restricted teacher area, a number of weird log entries (logins at 4AM) which lead me to a number of compromized machines, etc.
3. Imaging software is your friend. Ghost, Acronis, even dd if you have to. Machines will be compromized, messed up, or even residual files will be left over summer. I went as far as building the image to automatically ask for the machine name and I could reimage a lab of 30 workstations in under 30 minutes.
4. Disable downloads.
This is the only thing that kept me on IE - you can choose to disable downloads. We had to tweak it a bit by adding a number of sites to one of the zones (to allow downloads from intranet, etc) but it really cut down the support calls.
5. Ticketing system. This may or may not work (it didn't for me as problems were always phone calls or walk ins), but if you need to justify additional spending/resources, it's great to be able to say "I handle X calls a month. Give me $Y and I can reduce calls from X to Z". If you do a lot of site visits, write down what you do.
6. Each student signs an AUP. No AUP, no account. Most students won't be a problem, but a few will decide to "test" your network security and you need to be able to keep them off the computers.
7. Watch how your resources are used. Every friday I'd run a scan for files in home directories over 1MB. This caught most of the MP3's, games, etc while filtering out the word documents. My AUP (also posted in each lab) stated academic use only, so anyone with MP3's had to explain themselves.
8. Get the staff on your side. You can't be everywhere and they're the ones who will be in the labs - picking weak passwords, allowing locked-out students to "borrow" another account, etc. Administration will be dealing with problem students and they need to know why things are a problem. They're not techs.
At the end of the day, you're a support service. You exist to support staff and students. There might be better ways, but non-techs need to use it. Don't bore people with details (they don't need to know that you've migrated from NT4 domains to a samba server. It's just an upgrade) - but, samba needs to work if you do this. Gradual transitions - don't take word away and replace it with OpenOffice. Install both for the year.
I use Macs to up my productivity, so up yours Microsoft!