Stephen Klein

A PowerShell-based identity management system that automates staff account provisioning and lifecycle management across eight enterprise platforms. Handles onboarding, offboarding, and role updates from a single execution, reducing onboarding time from 44 minutes to 2.5 minutes (94% faster) and offboarding by 93%. Features stage-based orchestration, multi-system verification, dry-run support for safe testing, and an Entra-gated web interface for team-wide access.

A PowerShell tool that queries local Active Directory for accounts with expiring passwords, then automatically generates Sherpadesk helpdesk tickets by matching user UPNs to their Sherpadesk accounts. Tickets are assigned to the user's building-specific technician, ensuring the right tech is notified before passwords expire. Eliminates manual tracking and reduces password-related lockouts.

Contributing to the migration of endpoint protection from Sophos to Microsoft Defender for Endpoint across the district's device fleet. Involves coordinating the rollout to minimize disruption, validating policy parity between platforms, and ensuring continuous protection coverage during the transition period. Time-sensitive project driven by licensing deadlines.

Migrating approximately 700 staff MacBooks from JAMF Pro to Microsoft Intune for unified endpoint management. The primary challenge is executing the migration without wiping devices, requiring careful planning around MDM profile removal, Intune enrollment, and application redeployment while maintaining user productivity.

Centralizing identity management by configuring Microsoft Entra ID as the primary identity provider across enterprise platforms. Enables single sign-on for staff, reducing password fatigue and improving security posture. Currently implementing Entra as the identity provider for Google Workspace and researching macOS Platform SSO to sync local Mac accounts with Entra for self-service password resets without requiring district network connectivity.

A web-based status feed aggregator monitoring real-time health across 26 vendor platforms with color-coded severity cards, live WAN throughput graphs for dual ISP links via the FortiGate API, and a firewall health panel showing firmware, uptime, CPU, and memory utilization. Designed for a wall-mounted display with auto-refresh and glanceable status visible from across the room.

A PowerShell tool for Computer Technicians that detects stuck print jobs and provides an option to clear them. Eliminates the need to manually navigate through print queue interfaces or restart spooler services when jobs get jammed.

A PowerShell utility that streamlines device offboarding by automating the removal of devices from multiple management platforms. Handles Active Directory, SCCM, Intune, and Azure cleanup in a single execution, reducing the risk of orphaned device objects. Paused for future development when bandwidth allows.

Initiated the deployment of a self-hosted district-wide knowledge base with role-based access controls via Entra ID integration. Designed to centralize documentation for staff, students, and technicians. Project has been handed off to another team member for continued development.

A shell-based automation tool for deploying and managing self-hosted services via Docker Compose. Features a menu-driven interface for spinning up media servers, download clients, and monitoring solutions. Includes encrypted secrets management and cross-platform support for Linux, macOS, and Windows (WSL2).

Website management for a seasonal vacation rental business operating five lakefront cabins on Long Lake in Harrison, Maine. The site provides cabin information, rates, amenities, and contact details for prospective guests looking for lakeside retreats.