BaronOps

Combines Wake-on-LAN and Session Management with a smart Logon ToS Bypass script. Features a background Auto-Refresh Engine to continuously poll live states without interrupting the user. Features a instant Remote Control Gateway to streamline support calls.

Wraps the local Deep Freeze CLI to bypass the sluggish enterprise console. Allows multiple technicians to Thaw, Freeze, or Lock labs simultaneously without server-side bottlenecks.

Cross-references Sassafras data to identify "Dark" systems that have not checked in for over 7 Days. Pinpoints hardware failures and network disconnects that missed the weekly wake cycle.

Queries 25Live to identify safe maintenance windows. Includes a Testing Ground finder that locates empty labs with 3+ hour vacancies for hardware repair or image testing.

Enables Real-Time Deployment (Thaw-Deploy-Freeze) between classes. Includes a Software Scanner for auditing and a Remote File Manager for bulk file collection or deletion.

Validates lab readiness via remote Printer Test Pages. Includes System Purge for one-click AD/SCCM removal and Time Set Manager for Sassafras schedule syncing.

Beyond standard power commands to wake, restart, and shutdown mass systems, this feature utilizes a smart Auto-Logon Bypass. Instead of relying on fragile UI automation to "click" buttons, BaronOps temporarily modifies the Windows Registry to suppress the legal Terms of Service notice, instantly triggering the native student auto-logon sequence for an entire lab.

v1.0.1 Update: Introduces a background 15-Second Auto-Refresh Engine. The UI silently polls the lab for live session states ("Quiet Mode") without throwing loading screens, giving technicians a near-instant read on lab utilization.

Bypasses the sluggish Deep Freeze Server process entirely. BaronOps wraps the local Command Line Interface (CLI) for instantaneous, direct control, allowing multiple technicians to Thaw, Freeze, or Lock systems simultaneously from anywhere on campus.

v1.0.1 Update: Implements State Caching (Memory Snapshots). If a machine is rebooting into a Thawed state and temporarily times out from the network, the UI intelligently preserves its last known lock state rather than dropping it from the console, eliminating data flicker during lab resets.

A streamlined UI for the SCCM Remote Control Viewer. It bypasses the bulky SCCM console and its complex context menus, allowing technicians to instantly identify a target (student or instructor) and launch a session, saving significant time during support calls and maintenance.

v1.0.1 Update: To streamline the user experience and reduce menu clutter, the standalone Remote Control tab has been removed. All Remote Control functionality has been integrated into the Power & Session tab.

Verifies lab readiness by querying a random online system in the selected lab. It checks driver status and spooler health on that single unit to validate the configuration for the entire lab, ensuring class readiness without checking every PC manually.

Eliminates the "Wait & Hope" anxiety of overnight SCCM maintenance windows. Relying on scheduled tasks often leads to silent failures, systems that fail to wake or hang during installation, forcing staff to scramble the next morning to manually patch machines before deadlines.

BaronOps replaces this with a deterministic Thaw -> Deploy -> Verify -> Freeze workflow that executes in minutes, allowing admins to confirm 100% success immediately between classes.

Audits every computer in a lab to compare installed versions. It identifies "Silent Failures" where a specific machine might have missed a deployment that the rest of the lab received. It also facilitates Mass Uninstall commands to retire old software from a room instantly.

Uses a "Representative System" model to browse the file structure of a frozen lab. Admins can analyze one system to detect unwanted files (e.g., unauthorized shortcuts) or verify configuration placement. The tool supports Bulk Deletion and Bulk Collection (pulling logs/configs), as well as pushing files to the entire lab simultaneously.

Scans room schedules to identify maintenance windows of 1+ hours. Includes a Show Schedule detailed view for granular planning, allowing technicians to view all active classes to make their own decisions on planning maintenance tasks. Features a "Summer Mode" toggle to exclude Fridays during summer hours if applicable.

Scans specific rooms for systems that have not reported online in over 7 Days. Since labs auto-wake weekly, a system flagging on this report confirms a hardware or network failure, giving technicians a targeted repair list.

Aggregates Ghost Hunter data across the entire campus, providing a high-level health map of all labs and identifying safe maintenance windows for the day. Helping technicians prioritize their day and plan proactive repairs before students or faculty report issues.

A unification tool that removes a decommissioned system from both Active Directory and SCCM in a single action, ensuring clean records before reimaging.

Scans the campus for labs with 3+ Hour vacancies (Today or Tomorrow). This allows SysAdmins to identify a safe "Sandbox" environment for testing new configurations without risk of interrupting a class.

Syncs Sassafras usage reporting with 25Live term schedules. This ensures analytics only track usage during actual class hours, providing accurate data for decision-making. It also includes a dedicated Holiday Manager tab, allowing admins to define campus closures so reports automatically disregard "closed" stretches during breaks.

BaronOps eliminates "Version Drift." On every launch, it silently queries the central deployment share (`\\mtladfs2019\...`) for updates. If a newer version is detected, the UI logic intercepts the terminal event flag to gracefully display an "Update Available" button. Users are presented with the changelog and can initiate a seamless self-update process, ensuring all technicians are always on the same stable build.

Technicians can submit bug reports or feature requests directly from the console. This establishes a direct feedback loop between IT staff and myself as the developer, allowing for rapid identification and patching of edge-case errors found in unique lab environments.

BaronOps does not rely on local passwords. Upon launch, it queries the Active Directory domain controller to validate the user's live group membership.

• Technicians: Granted "Least Privilege" access. They can perform routine Lab Checks (Wake, Restart, Deep Freeze, Printer Health, System Purging, and Reporting) but are strictly blocked from destructive actions.
• SysAdmins: Detecting the "BaronOpsAdmin" token unlocks the "Red Zone" features: Software Deployment, Uninstalls, File System access, and Sassafras Time Set Management.
• UI Locking: Unauthorized features are not just hidden; they are physically disabled in the rendering engine. A technician cannot "accidentally" deploy software.

Hard-coded passwords are strictly prohibited. BaronOps utilizes a "Just-in-Time" loading mechanism for sensitive API keys (Sassafras, Deep Freeze, SCCM).

• Air-Gapped Source: Credentials are never stored in the application binary or source code.
• Secure Fetch: Keys are loaded at runtime from a secured, network share (`\\mtladfs2019\...`) restricted via NTFS permissions to IT Staff only.
• Encryption at Rest: The configuration file on the server is Base64 encoded and obfuscated, preventing casual reading even by authorized staff.

To prevent "Man-in-the-Middle" attacks or script tampering, BaronOps does not execute loose `.ps1` files from the disk.

• Embedded Resources: All 20+ PowerShell automation scripts are compiled directly into the application DLL as Embedded Resources.
• Tamper-Proof: A bad actor cannot modify a script (e.g., changing a "Wake" command to a "Format C:" command) because the code is baked into the signed executable. The app only runs what was compiled by the developer.

BaronOps respects and enforces the institution's existing security policies regarding remote management.

• Policy Enforcement: The application relies on Windows Remote Management (WinRM). Access to this protocol is strictly controlled via Group Policy Objects (GPO).
• Deny by Default: Even if a non-IT user obtained the BaronOps executable, the underlying network infrastructure would reject their connection attempts. The application cannot bypass the operating system's native firewall or user access control lists (ACLs).

A dedicated module for non-lab classrooms. Support staff can simply select a building and room number (e.g., "Laurel Hall 314") to instantly view the power state, network connectivity, and currently logged-in user of that room's single instructor station.

Extends the existing Remote Control Gateway and power / deep freeze automation tools to these individual systems. This allows Help Desk agents to immediately launch a remote session, bypass auto-logons, or trigger background restarts the moment a professor calls in, completely eliminating the friction of hostname discovery.