Friday, 21 November 2008

Windows Server 2008 and Hyper-V

As we are upgrading one of our servers at present, we are also buying a new Windows Server 2008 64 bit license for it. This allows us to have 8 GB of RAM in the server, and it will also have a RAID-5 disk array. The use of a 64 bit operating system is a first for our school and for my personal experience, and it is an obvious move, yet one that has some definite challenges to it.

One of the nice things that you can get with Server 2008 64-bit on a new box, provided the CPU supports Intel’s hardware based virtualisation technology, is Microsoft Hyper-V, their industrial grade virtualisation solution for Windows. It is definitely a step up from the previous offerings of Virtual PC and Virtual Server, and is intended to compete with VMWare Infrastructure rather than desktop based offerings like VMWare Workstation. A Hyper-V server can support a number of virtualised servers, allowing users to create multiple servers for different purposes and isolate them from one another.

In our case, we have the prospect of compatibility issues with Windows Server 2008 especially 64 bit. An obvious example is printer drivers, which must be 64 bit to work on WS2008/64. We have one or two older printers that have had drivers released for Vista, but only 32 bit versions. To be able to make use of these drivers in a server context, the server will have to be running a 32 bit OS. The obvious solution is to virtualise a Windows Server 2003 server and use that to deploy and manage the print queue for that printer(s), and that is what I will be doing in our setup. Hyper-V has some nice features in that it can automatically start up and shut down the virtualised server instance(s) when the host server is started up or shut down. There is also a Hyper-V MMC snapin available for Windows Vista that can be used just like a remote desktop connection to access the virtualised server instance from another PC.

Sunday, 2 November 2008

ISP Choice

I can now report that a clear choice has emerged in my quest to find a new ISP that offers a good and competitively priced package for my communication needs. That is Slingshot, whose nDSL offering will be of more use to me than a full featured broadband/phone package. This is because my home phone is little used. Another nice feature that Slingshot has is IMAP mail, meaning I can always access all my messages on their webmail system.

The main issue with nDSL is Telecom’s restrictions in which it may prove necessary to change phone number etc. I am yet to contact Slingshot to find out what is involved in making the actual changeover. I expect them to have much better service overall than Telecom, which since they went onto the Yahoo system, have really sucked in their service … not that they were much good before then. There is a perception that they are only concerned with profit in their change to Yahoo and moving their call centres offshore, both of which would come at the expense of customer service. Slingshot’s Voice IP offering looks quite good with the Easyphone features, particularly voicemail to email.

Monday, 27 October 2008

Latest version of WLM fixes feed updates limit; new WLW out

The latest version of Windows Live Mail (currently in development) has addressed a major reason why I couldn’t switch to it, the failure to update feeds. When it was clear that IE was able to update its feed count, there seemed no clear reason why WLM, which uses IE to supply it with feed XML, couldn’t work out that updates had occurred. Maybe this means that Outlook’s RSS feeds will work as well. It should now be possible for me to switch to two email clients instead of three at home. The mail system has stopped flagging Gmail’s “[Gmail]” IMAP folder as a problem, though it needs to understand that its own junk mail folder is not part of Gmail and it should not flag errors for that folder.

WLW, which I’m using to write this post, has also been updated and now has a toolbar with justification buttons on it. It seems to be able to display inline Google maps now without crashing. One thing I dislike about both is the insipid colour scheme, which replaced strong UI background colours with washed out ones.

Thursday, 16 October 2008

Rolling out Vista to the student desktop NOT

Unfortunately it didn’t take long to burst my bubble over the idea that we were going to roll out Vista on student desktops. It was not easy to predict. We have a modest amount of experience with Vista mainly on my own desktop where I have been using it all year, and I saw few problems in getting it to work (but then I log on with a domain administrator’s account). It was a whole different story getting it rolling for a student’s account. First was a little matter of creating a v2 mandatory profile. Then it would not update the user’s policies when we made a change in GPMC. Turns out you need to give the Domain Computers group permissions to access the base OU for the computer account. With such arcane and obscure technicalities as that to overcome we were not able to progress further, as Folder Redirection GPOs refused to execute. For most of our users, redirecting My Documents is important. In Vista, even when it is redirected, there is still a shortcut to the local Documents folder in the user’’s profile.

Friday, 10 October 2008

Rolling out Vista to the student desktop

We’re about to deploy the first Vista desktop for pupil use at our site. The hardware itself is nearly a year old, but has been in storage for most of the year. With 1 GB of RAM, I expect it should give satisfactory performance with this OS. When it comes to cloning this box, there is going to be a bit of work learning how to use the new version of SysPrep, given I’ll be imaging with Ghost Solutions Suite 2.0. So far, there have only been a few small issues to resolve, such as creating a new Vista mandatory profile. Due to our use of Start Menu redirection in the policy and Vista’s use of a different folder location for the old All Users start menu, I think it’s now time to create a hardcoded specific path on C drive for the built in menu, that is never changed between OS versions. With the introduction of Vista will also come the use of Office 2007 for pupils, leveraging the advantages of a new separate profile over previous versions of Windows. As is now the case, Office policy settings will be used to specify that the default file save format is Office 2003 or earlier. I’ll be watching closely to see how well Vista performs with the highly locked down environment that we impose on pupil PCs.

Epson Perfection V200 Photo Scanner

Last year I posted a brief review of the Epson V100 photo scanner. The V200 succeeds the V100 at the low cost end of the photo scanner market and has similar features and pricing to its predecessor. Setting it up is very easy to use, with a USB connection that created none of the hassles I remember from old parallel port scanners or certain HPs that would be forgotten every time the PC shut down. Whereas the V100 I looked at was a work scanner that I’ve used rarely, the V200 is my home unit and was bought to scan all of our extended family’s slide and photo collection. As there are only small differences between the V200 and V100 you should read the earlier review for more indepth information about the scanners as most things written there are equally applicable to the current model. The maximum optical resolution has been boosted to 4800 dpi in the V200.

To begin scanning my family’s slides, I’ve used Full Auto mode throughout, even though it doesn’t scan at more than 300 dpi by default. Still, a typical 35mm slide produces a file of approximately 1800x1200 pixels. Although as noted before the plastic film holder is fiddly to load and unload, the easiest way to insert the slides is to place the holder onto the platen first and then put the slides into the four openings by pressing them flat against the glass. Removal is a simple step of lifting up the holder and pushing the slides out to fall onto the glass, then collect them up. As with the V100, the scanner’s great redeeming feature is its ability to automatically identify the slides in the holder and produce up to the number of files required for the number of slides or negatives loaded without any user intervention, selecting the area to scan, or trimming off borders after scanning is completed. There were a few small points I would like to see rectified in future editions of the software:

  • Setting changes are not saved between sessions
  • Slides are best scanned horizontally. Vertical scans often have original detail omitted and extra black bands on each side of the result.

If you have a few originals that are vertically oriented, you can use software such as IrfanView to perform a lossless JPG rotation of the scan output file so to reorient it correctly without resaving the file and losing more quality. So far the first four boxes of originals, all Ektachrome and retaining the original colour accuracy well, up to 40 years for the majority of slides, have scanned flawlessly without a single hitch. Due to its combination of ease of use with the low price point, as before, this scanner definitely gets the thumbs up from me for film scanning; it is a great bargain at a typical retail price of $299.

[UPDATE: The so called “300 dpi” minimum resolution for slide scanning, it turns out, is actually 1200 dpi, and the 1200 dpi setting is closer to 4800. One wonders why the software lies this way, because changing to professional mode and setting those dpi numbers directly produces radically differently sized images from the obviously falsely labelled Full Auto mode’s choices]

Sunday, 31 August 2008

Canon Powershot S5 IS & Speedlite 430EX II: First Impressions

Well, I have had these two and so far I have taken about 66 pictures. That isn’t going to set the world on fire, but next week I’ll have a big event at work and be able to take a couple of hundred in my official role as recorder. One of the cameras I’m comparing it to, mentally, is the Sony F717 which was really the thing to have a couple of years before I bought my S1. Obviously the 717 outperformed the S1 in certain ways but it was not a huge difference from my perspective. One of the features the 717 did have was a hot shoe, as did its successor, the F828, but oddly enough this feature has been dropped in the latest high end Sony compact, the H50, which leaves the S5 and its higher-end stablemate the Powershot G9 pretty much on their own as hot-shoe prosumer compacts.

So far my impressions of the combination can be summarised as follows:

  1. The flash performance is out of this world. The Speedlite 430EX is a very powerful unit with a guide number of 43 metres. I have taken most of the pictures in rooms with reasonably low ceilings meaning I can use the head angling capability to bounce the flash off the ceiling, the result of course being no red-eye. The ability of course to take lots of photos close together without waiting for recycle is also fantastic
  2. Like the S1 and successors, the S5 features a rotary zoom controller around the shutter release. This is a two speed arrangement with the slow speed being obtained by turning the rocker partway in either direction and the fast speed by pushing it all the way round. To date I keep seeming to engage the fast speed all the time, or else the slower speed is just too fast. Every time I try to zoom I end up overshooting and have to pull back, yet I can’t get it right without blipping the controller instead of letting it run continually.
  3. The shutter release likewise is a two step arrangement so beloved of most digital cameras with a half step which causes the camera to focus and set the exposure reading, once these have locked the camera lets you know that you can press the shutter the rest of the way to take the picture. In my experiences to date, it is very hard to find this halfway point. It seems to be a very light pressure at the point where this half step engages and easy to overshoot, or more likely, the release feels more like it has three stages instead of two. Since this is my fifth Canon digital, it can be inferred that I never noticed this problem before with the other four cameras.

In comparing my experience to date with the first ten review links I found in Google, including points not mentioned above:

  • I did not find the battery door hard to fasten (DPreview) – it’s much improved over the S1 in terms of the pressure required to close it.
  • DCResource had a similar experience of difficulty with the speed of zooming on the “slow” setting. Since another review described the speed as “glacial” I am really confused at the moment :)
  • Photography Blog contradicted my views on the shutter release.

One thing all the blogs have in common is slating the lack of increase in the zoom range (still 12x as seen in the S3) and certain issues of picture quality such as colour fringing and noise at higher ISO settings. For me, those things aren’t major issues, but I think Canon should try to fix them in this year’s model.

In rechecking with the camera at work the next day, the zoom problem is definitely with the slower speed which really is much faster than the S1, and the shutter release has unnecessary slack in it which effectively creates a three stage operation instead of two. Both these points need to be addressed in future Canon cameras of this type.

Thursday, 21 August 2008

Windows Vista and Microsoft Access

When I got my work PC with Windows Vista on it, I installed it alongside my existing XP PC and kept both running. In fact I still use the XP PC occasionally, but obviously as time went on I switched as many things as possible to Vista. At the time I had one major MS Access database that I ran in XP over a network drive, and several attempts with both Access 2003 and Access 2007 to get this running on the Vista box were unsuccessful, as each time the database file would become corrupted and have to be restored from backup. (The error message typically being “Not a valid bookmark” followed by “Unrecognised database format” or similar)

I have now got the database to work satisfactorily on the Vista box by changing it over to the C drive of that PC (C:\Users\…\Documents). It has not become corrupted since that time and being able to do this marks a major milestone in my transition to a fully functional Vista system. We can only speculate as to the cause of the corruption problems over the network connection. Long experience has taught me that some manufacturers put out buggy network card drivers; in this case I’m using an Intel NIC as those of this brand have been very reliable in the past. Another problem in the past has been network redirectors in Windows with numerous patches issued, so it wouldn’t surprise me if that turned out to be a factor, though I have yet to see any fixes from MS in these areas.

UPDATE: Microsoft announced this is fixed in SP1 of Vista. The folder-redirection is to blame for this problem.

Powershot S5 / Speedlite 430

I have now received these and had a play with them. The main changes in the S5 that I noticed immediately over the S1 are the larger LCD screen, of course the hot shoe on top, and small incremental differences. In features and functionality it is very much like the S1 I have grown to enjoy. The flash shoe is the main reason for me to buy this camera, with a flash that costs almost as much, but which is highly desirable due to limitations caused by the low performance of the internal flash. The S5 also comes up to date with some of the feature set of my A460 such as the super macro which in theory could focus on a fly walking across the lens. I’m looking forward to the improved capabilities of this camera which is largely used for work related occasions where up to several hundred photos are taken each day.

Tuesday, 19 August 2008

Ghost vs RIS/WDS/Software Install Policy

Today I installed Ghost Console on my PC for the first time in years, and it brought back a lot of memories. We bought a suite of new PCs back three years ago, and got Ghost licenses with them all, which entitled me to receive the Ghost Solution Suite 1.0 CDs and manuals. At that time I installed and used the Console extensively and had the client installed on all the PCs. A year later another 34 PCs came along with 50 licenses and GSS 1.1, then 2.0. In those days we had only two Linux Samba servers, and that was one of the main reasons I used Ghost a lot. But then at the start of 2006 we got our first Windows server. That didn’t immediately change things, and I still used Ghost a lot. But at the end of that year we made that server into a DC, replaced one of the Linux servers with a dedicated mail/firewall/filtering solution, and turned the other Linux server into the second Windows DC. Then after that I got into GPOs, RIS and stuff like that and didn’t bother much with Ghost or the console.

Fast forward to 2008 and dust off that old Ghost console again… why? Well, Ghost still has the capabilities I need and I have the existing experience to build on. With the console I can remotely image and load machines, which I can’t do at the moment with WS. True, Ghost costs money over and above WS, but Windows doesn’t actually provide the useful functionality that Symantec have wrapped into the console. So I expect to get back into the Console in full force pretty soon.

A460_20080815_023

Ten PCs waiting to begin a multicast session. They were all locally booted off the RIS server via PXE and loaded the UNDI boot image to start up Ghost, then loaded this sysprepped image in about two hours. 29 of the 30 PCs in the suite have now been reimaged in the past few days with no user reported problems.

Monday, 18 August 2008

TELA Laptops: HP vs Toshiba

Many schools in NZ are taking advantage of the Ministry of Education’s TELA laptop leasing program which pays about two thirds of the costs of the lease and also provides mobility insurance and pickup or onsite service. Our school has been using these laptops for several years since the program was extended to include primary schools, and now is onto our second round of leases for both teachers and the principal (the latter being on the Leadspace program). There have always been three brands available: HP/Compaq, Toshiba and Apple. As a PC site we use the first two only. In our first round of leases, we predominated with Toshiba but experimentally tried two Compaq NX5000s. Although the hardware quality was comparable, the service arrangements were less satisfactory falling below the standard provided by the Toshiba agent. In the new round of leases that we signed up for in 2008, HP offers the Compaq 6710b laptop (and the 8510p in the Leadspace program) with an onsite service warranty, which is the first time this has been available to my knowledge for any TELA laptops. Basically the previous return system used by both Toshiba and HP is to require you to either deliver the laptop yourself to the service centre or have it collected by a courier. This requires the school to have additional resources to make a backup of user files, and perhaps another laptop to loan to the affected teacher while their laptop is away for repair. This could easily take a week or more, and the time required by the school IT staff to copy the user’s files back and forth, packing up the laptop and finding a convenient time to exchange it is a major consideration.

So it was with considerable interest that I noted that HP has now started to offer on-site service of their laptops starting late in 2007 or possibly earlier. We took out a lease at the end of 2007 for one Compaq 6710b laptop as this model at the time was considerably cheaper to lease than the Toshiba S200 model. As it now turns out, Toshiba has also reduced their prices, but doesn’t differentiate on the question of the level of warranty service from before. The 6710b was the earlier GX785PC submodel, and overall I found its performance compared well with the Toshibas. Based on satisfactory experience of this Compaq laptop, we placed an order recently for eleven more of the same type, although they are now the KM361PC submodel. We have had occasion to call on the service of HP for site visits twice, which has proved convenient both times. However, I would be a little concerned about having two laptops out of 11 having faults from new. The Toshiba S200 is broadly similar to other Toshiba models in the past; the main enhancement that the user notices is when switching displays with an external display connected. The laptop now displays a popup menu when Fn and F5 are pressed, and this includes the very convenient option of enabling extended desktop. The Compaq doesn’t have the exact same functionality when using its Fn and F4 key combination, but it does have a special Presenter button which gives the same options. This button along with others for information, wireless mode and sound levels, is placed on a strip of convenient touch sensitive buttons above the keyboard. The 6710b also has a better placement of the sound jacks on the side rather than the front.

Overall I would say these two models are much of a muchness, but HP’s onsite warranty service is much more convenient as long as the fault can be repaired at the school. One of the laptop repairs we had done involved taking the whole laptop apart and completely replacing the system board, which was completed in about half an hour or so, so I suspect it would be a rare fault that would require the laptop to go back to base. With the laptops being so new we haven’t had any indemnity repairs yet, so I don’t know if the process for these is different. I also haven’t yet encountered a situation where the repair couldn’t be diagnosed on the basis of the initial support query, i.e. where the serviceperson would need to perform additional testing at a service centre to determine the fault. Those types of situations might result in the laptop needing to be sent to the service centre and resulting inconvenience for the school. So my comments about onsite service really only apply to the situations we have seen so far in our case. One interesting technical difference between these model laptops and older ones is that the earth pin of the power supply cord is connected to external metal surfaces on the laptop itself. The older generation of laptops (Toshiba anyway) had 2 core mains leads so obviously the mains earth could not be connected in this way. I’m not sure why these laptops are electrically connected that way but it means they are now a Class 1 appliance instead of Class 2. It may be this is necessary for adequate RF noise shielding, always a problem with plastic cased devices.

Sunday, 17 August 2008

More on Automating Windows Installations with Ghost and Sysprep

Overnight from Friday and during Saturday I multicasted two groups of PCs in our computer suite. This can be quite a tedious process getting all 8 or 11 (in this case) clients up and running and then the multicast itself can take up to several hours depending on how fast the slowest client is going. In this case the work took practically all Saturday to complete due to various problems. It can get very annoying when you discover a small omission in your image that means you have to load it to a PC, fix the problem and then make a new image on the server. Three of the group of 11 didn’t have the right disk partitioning and I tried running Diskpart from the XP recovery console, but the problem was that while this created the partition, it did not make it bootable – I don’t know how I would have done that, as normally Ghost doesn’t seem to have this issue. So when I chose to only load a partition on those 11 PCs, these three only got the partition contents and not its bootable status; lacking in the knowledge to fix that, I changed the Ghostcast server over to a full disk image and left them running overnight Saturday (and Sunday) on another multicast disk load.

As I chronicled in my previous article, I started this kind of thing initially on Ghost, way back in our Windows 98 days (I started working in my present job on 26 July 2003, and first used Ghost when we set up our original 30 PC suite at the start of 2004) and then experimented with RIS for a while; then we got Ghost Solutions Suite 1.0, 1.1 and 2.0, but I fell a bit behind with my knowledge of what Ghost can do. All my experience of imaging is based on what we used to do with Windows 98 PCs. We would run the Ghost Multicast Server (as it was then called) on one PC, and go around all of the other PCs with boot floppy disks starting the Ghost client which would then hook them onto the multicast session. When you had all the number, and it could be the whole thirty if you wanted it to, which had hooked onto the multicast server session, the multicast started and in perhaps a couple of hours all of those PCs would have the new image loaded onto them. Since we got XP I didn’t use Ghost much except for loading the console client onto all our new PCs and trying out what it could do, but this didn’t include any imaging; all the new PCs were loaded by the factory when they used Ghost themselves. When I did start to look at imaging again, I tried out RIS.

What changed it for me was RIS being updated to WDS, RIS not being capable of doing .NET installs, and the wider use of laptops when it became advantageous to use Ghost to image them in a batch. But most of that imaging was done one PC at a time using conventional techniques. When I found that the 16 bit DOS client would not boot on some laptops, I created a Windows PE boot CD from our Vista license installation and used that to boot the laptop then start up Ghost32. Hurrah for the end of the NIC hardware specific DOS boot floppy or CD! It is only as we have got into the second half of 2008 that I have made a conscious decision to continue building on my existing Ghost knowledge and leverage that to continue imaging and updating our PCs into the future. In so doing I have learned that it is possible to image a machine without physically visiting its location using the Ghost console. This is a capability that will further enhance our use of this technology to maintain our PCs, much as Microsoft has moved to embrace concepts such as these with their Zero Touch install technology.

In another previous article I wrote about the need to undo the PushPrinterConnections printer deployment when moving from the use of printer deployment to printer preferences in Group Policy. This is actually the only way it can be done so far, attempting to automate this using Sysprep.inf GuiRunOnce section has not worked as expected. Basically there are several steps:

  1. While the PC is being imaged, move its account into an OU that runs PushPrinterConnections.exe with no deployed printers to remove all previously deployed printers
  2. After the PC is restarted, finishes Sysprep stages and comes up to the Windows logon for the first time, move the account to the preference based GPO
  3. Log in, run gpupdate /force /boot to force the new GPO to be implemented. This will restart the PC.
  4. The PC should now have implemented the preference based printer settings.

The important note about preference based settings is that the user can choose to remove them and they will not be reinstated the next time the user logs on. Preferences are a one time thing that run only when the GPO is created or updated. So, for pupil user accounts where preference based printer settings are used, you should disable the account’s ability to delete printers.

Friday, 15 August 2008

Canon Powershot S5 IS and Speedlite 430EXII

After three years of using my trusty Powershot S1 IS, I will be upgrading very shortly to a Powershot S5 and accessory Canon Speedlite 430EXII flash. The S1 was almost end of line when I purchased it, and the S5 is also end of line and has been discounted in some parts of the world or dropped from product stock by some retailers. Canon, however, is yet to announce the replacement “S6” model and the speculation is that it might be different enough from its predecessor for me to not want to wait as I have these past few months (new S series models have typically been announced in the first or second quarter). My experience in getting the S1 was interesting in itself. I originally was looking at one of the Fuji Finepix models in similar spec range, and the Canon was a very late change of option that stretched my budget enough that for the first month I used only alkalines to run it. But it has turned out a much better choice, from the high quality video through the USM lens motor, the articulating screen and lots of other nice features that it has, apart from Canon’s well deserved reputation. One of the reasons I was willing to wait around for an S6 is that the lens spec of the S1 is one thing that hasn’t changed much since, going from zoom of 10x to only 12x in the S5. There’s rumours of a gain in the S6, maybe 15x – 18x. But then I don’t use my S1 and wouldn’t use it for many shots where extra telephoto would really matter anyway, and with the high resolution CCDs these days you just blow up the picture which is almost as good.

Wednesday, 13 August 2008

Pushing printer settings to client PCs

When I first started working with a network, we just set up each staff PC with locally installed printers, even though all the printers were TCP/IP devices. Pupils PCs got their printers mapped as shared network printers using login scripts. We just figured it was easier to set staff up that way in case there was a problem with one of the servers meaning they couldn’t print.

Then along came Windows Server 2003 Release 2 (R2) and one of the nice little technologies that comes with it is the ability to deploy printers in Group Policy. You need to use the DC that has R2 installed to create the GPO, and run PushPrinterConnections.exe in your login or startup script. Still, I found I couldn’t set per user printers, only per machine. This was nevertheless, good enough to allow me to deploy everyone’s printers, even staff.

The latest thing out is with the Vista version of Group Policy Management Console and that is GP Preferences. These let us set the printers for a user yet another way. You can also set a default printer this way.

When going from deployed printers to preferences, the machine account needs to be moved from its existing location in ADUC, to a special OU with a group policy that runs pushprinterconnections.exe with no deployed printers in the GPO. This cleans out all pushed printers from the computer. Then move the account to your OU that has the GPO that makes use of user set Preferences and the right list of printers will come up, running gpupdate /force /boot on the client after each move in ADUC.

Since we have two sites and only one computer suite, the pupils’ computers are now being put into OUs with loopback GPOs that set the printer list and default printer for that user based on the OU of the computer account. This provides a very effective means of providing the correct printers depending on the physical location of the PC.

Wednesday, 6 August 2008

Automating Windows Installations with Ghost and Sysprep

As this blog has detailed, I have gone through a process of various automation systems for imaging PCs using Windows XP.  When I started working at the school, We had few XP workstations at that time, as most of our PCs were too old to do XP and Windows 98 using Ghost was the thing. You needed multiple images for 98 but they didn’t need SID changes so it was easy enough to do.

Then in May 2005 the school took delivery of its first cluster of PCs, 30 altogether, which would have XP Professional installed from scratch. Still there was no real issue. We prepared a reference machine at site and the manufacturer cloned it exactly (without using Sysprep). I had to hand prepare every one of those PCs unjoining them from the domain and running Ghost Walker to rename and generate new SIDs for them.

Still, there wasn’t a great need for loading images up to that point. In 2006 I learned how to automate a vanilla XP installation for the first time, taking information from MSFN on how to create an unattended XP setup CD. That was a great start in the automated installation learning curve. We changed to a Windows domain in 2007 and I started to learn about RIS. Here it seemed was a system that would replace Ghost and not require extra license costs. The vanilla RIS does have certain advantages like prestaging machine accounts and booting directly off the network with almost no user interaction. This was the point at which we first began testing the deployment of entire machine images in XP. I got a few set up, but that came to an end because of two factors:

  • Microsoft brought out Windows 2003 Service Pack 2 and replaced RIS with WDS
  • Office 2007 with its use of .NET introduced reparse points into the image, which RIS can’t handle.

It became clear I would have to start all over again with WDS and the new imaging technology which Vista includes. While this on the face of it is all great technology, I have to start learning again from scratch, and that is just too much work. I have looked into and played with the technologies such as ImageX, but there is a whole lot of new stuff I would have to learn. It is simply a fact that our network is not really big enough to justify that kind of resourcing at this time.

So where to now? Well, back to the tried and true, Ghost augmented with XP Sysprep. The System Preparation Tool is the same kind of system that RIS uses to prepare a PC (RIPREP), but it uses Ghost to create the image instead. This gives a few more choices on how to deploy images, including using a USB hard drive, as well as the familiar network deployment approach. We first started this approach with new laptops from the Ministry. Using Sysprep means you can automate SID regeneration (no more Ghostwalker) and also automate the inputting of certain parameters like the volume license key, regional settings, administrator password, joining the domain and so on. You set up your reference PC, run Sysprep on it, boot to an alternative OS and run Ghost to image it, then load the image and then Sysprep will automate the steps where information has to be put into Windows at startup. And then you can deploy.

Running Ghost is the fiddly part which I wanted to do away with when I went over to RIS. My remembrance was of having to create endless floppy disks that could boot in PC DOS. When we got Toshiba laptops, they simply refused to run PC DOS to start Ghost this way. But there are, as it turns out, a few elegant solutions to this. The first, available to licensed Vista users, is to make a bootable CD or USB flash drive using Windows PE and put the 32 bit version of Ghost on it. That works on those Toshies. The second is to use some means to deploy the Ghost UNDI image which has a network driver that works out of the box with all kinds of network cards. In this case I found I could actually use RIS to deploy the UNDI image, so on some of our PCs this is the way to go.

Creating the Sysprep.inf file for is easy enough, use the Setupmgr.exe application from the Deploy.cab files provided with Windows XP. I have tweaked mine a little and finally got it to work the way I want it to, just asking me for a computer name and the username and password to join it to the domain. This is less information than is asked for if you don’t use the inf file, and you can keep that in your head, so I don’t need to carry around pieces of paper with the license key written on them. We are just about to deploy a new image across that same 30-PC suite. Actually, there will be two images. I expect now that Ghost supports Vista, I will continue to use it for the foreseeable future even though there is a license cost for each PC, when I last checked it was about $30 for OEM PCs.

Using Mini Setup also gets around a nasty little problem where MSOOBE will crash when your reference PC has Windows Media Player 11 installed on it. You can run Sysprep with all the relevant command line settings as follows:

sysprep –reseal –mini –reboot –quiet

This automatically starts Sysprep in Reseal, Mini setup, and reboots for you to start imaging immediately once it has completed its reseal tasks.

HP Laptops with “Removable” Built-In Broadcom Gigabit Network Interface

The HP Compaq 6710b and 8510p laptops supplied under the NZ Ministry of Education TELA and Leadspace programmes have a very strange hardware configuration of an onboard Broadcom Gigabit Network Card that is configured as a removable device, and will appear as such in the “Safely Remove Hardware” list of removable devices that is accessed from the task tray of the laptop.

If a user inadvertently stops or “removes” the network card then they will not be able to connect to the network until such time as the laptop is rebooted. I have never seen this configuration before on any computer, laptop or not. It is an issue of the way the hardware is configured in these laptops and is not resolved by installing new drivers. I raised the matter with HP through the TELA support service, but the explanation they gave was unsatisfactory, since it is likely your site will be faced with extra costs supporting users who have accidentally stopped or “removed” the card from their laptops. There is no logical or commonsense reason why this is the case, but HP is unwilling to make what would appear to be a simple configuration change in their laptops.

Wednesday, 30 July 2008

Vista Tablet Input on non-tablet PC

If you install software for an alternate input device, such as a slate or electronic whiteboard, Vista may helpfully decide that you are using a Tablet PC, and enable certain features that are irrelevant to the fact that you may just be using a normal desktop or laptop that doesn’t have the alternate device connected all the time.

I installed the Promethean Activboard software on my desktop, and since then, Vista gives me an onscreen keyboard at logon, and it also gave me the Tablet PC Input Panel, which sat on the edge of my desktop and got in the way whenever the mouse accidentally went over it.

Whilst I haven’t yet figured out how to get rid of the different logon screen, the Input Panel can be turned off in Control Panel –> Administrative Tools –> Services. Find the service named “Tablet PC Input Service”, stop the service and change its startup setting to Manual.

Windows Live Mail and Gmail

Back here I dissed WLM quite badly. Since then, WLM has had another update and is not quite so bad at handling Gmail IMAP accounts. In fact, it works better although there are still some minor issues. The big improvement over Thunderbird is that TB keeps prompting me to re-enter my password for each of my Gmail accounts, over and over, every time it checks for new messages (10 minutes). The main issue that WLM still has with Gmail IMAP is the [Gmail] and similar “pseudo folders” that it can’t quite work out how to handle, as they aren’t normal mail folders that WLM can recognise.

WLM also has a nice feature of being able to log into a Hotmail account that I have and let me see the messages for that on my desktop, without having to go to the website to log in. (Chch Polytech has switched students’ mail over to Hotmail)

Brickbat: RSS feeds still don’t update automatically. I’ve got one PC at home running XP, and one at work running Vista, and they both have this problem.

Saturday, 19 July 2008

Classroom AV 4: Activboard Mounting / more Cable Terminations

A few articles back I talked a little about the Promethean Activboard and our chosen method of hanging it. Promethean supplies these with a kit of parts that include brackets designed to hang the board directly on the wall. Because most of our classrooms already had whiteboard tracks installed, we decided to make a custom track mounting frame for the Activboard instead.

A460_20080512_002

In this picture at the right centre you can see the grey metal hook bracket which is part of the original Activboard kit, as is the grey metal bracket at lower left. The frame hangs on track wheels just as the original whiteboard panels do. The frame uses angle aluminium to reduce flex plus the cross bracing shown. It would be useful to fit a stop on the track itself to prevent having to recalibrate each time the board is slid into place.

A460_20080718_003

This photo shows the Activboard mounted on its frame in a new classroom. It looks only a little different from the normal sliding panel. The cables will be enclosed in spiral tubing called “Easy Wrap” and attached to the wall on the right hand side so that the tubing stretches out and drops back as the board moves on the track.

A460_20080718_002

This picture shows the cable faceplates in their actual mounting situation on a wooden wall. The speaker terminal plate got mounted on a low profile mount block because of the bolts and terminals that would have required additional drilling of the wall, this just saved a bit of work without making it too obtrusive. The main change to the VGA/video connector plate is a clamp to hold the video cable to the plate. I anticipated before that this would prove necessary and so it has. The bolthead that you can see aligned with the mounting hole is where the clamp bolts to the faceplate. Once I had got that in and resoldered the video cable to its socket for the third or fourth time, it all came together very smoothly.

Panasonic TZ Series vs Canon SX

Consumer’s Institute in NZ reviews digital cameras regularly and have just issued their latest report. Basically from their POV the competition for the top P&S spot is down to Panasonic and Canon, and I agree. I’ve compared the Canon and Panasonic offerings for some time and I would continue to choose Canon first time every time. Although Panasonic was first off the block with the TZ1 ultrazoom compact, Canon after a couple of false starts (the weird TX1 for example) eventually responded with the SX100, with the probability of an update this year. I took a few moments to check out the SX100 against the latest Lumix TZ4/TZ5 models. My choice for all four digitals so far has been Canon and would remain so in this particular segment, the SX100 being preferred for the following reasons:

  1. Uses AA batteries; you aren’t tied to proprietary expensive power solutions.
  2. Uses standard USB cable; don’t need an expensive proprietary cable (Panasonic uses a special one with the A/V signal pins added to it)
  3. More exposure control options on the SX100. It has a full range of manual settings just like the S5, in fact this camera is really just a scaled down S5 in features. Panasonic has a few scene type settings, more like my A460 which is much cheaper.

I’ll credit the TZ4/TZ5 Lumixes with HD video, battery metering and some other useful features. With the inbuilt lithium power source, you do have the advantage of having less bits and a charger supplied with the camera. Lithium may be more predictable than some NiMH solutions. However my experience of AA cameras has been that I have got out of more than one sticky situation by carrying a set of Energizer Lithiums along with my usual sets of rechargeables. You can get a choice of charger as well and right now I have one that can plug into a USB port or car in addition to the mains. The latest advances into low leakage NiMH cells shows a very promising trend of improving their capacity and retention which in my experience in the first six months of this year is going a long way towards lithium-like performance in an economical package.

Would I buy an SX100? Yes – if I didn’t already have the preference of the A460 / S1 combination. The SX100 is just a little too bulky compared to the A460, yet lower featured than the current S series models. My current choices suit me well as the basic A460 can still do a lot of things when I carry it with me everywhere and is cheap enough to be updated every couple of years. The SX100 is a great camera if you can compromise enough or don’t need the extra performance of the S series.

Monday, 14 July 2008

Portable Appliance Testing (PAT)

In April 2005 the NZ Ministry of Education issued an advisory notice to schools encouraging them to carry out electrical testing of portable appliances. The suggested means for doing this is a Portable Appliance Tester (PAT). This work can be carried out by a competent person – who could be a suitably trained staff member in a school, not necessarily someone holding an electrical certificate. The legal requirement for schools to carry out this testing basically comes from Occupational Safety and Health (OSH) and the MOE guidelines cite the specifications of AS/NZS 3760:2003 as the basis of the testing procedures to be followed.

I’ve started looking at PAT checks at our site and have noted some things already which may not be too obvious. One is that modern laptops, for some reason, are earthed and should therefore be tested as Class 1 appliances. When we took our first delivery of TELA laptops several years ago, they all used a 2 core mains lead and plug into the mains power adapter, meaning they were double insulated, as you would generally expect for a plastic cased device that runs from both battery and mains power. The latest Toshiba and HP laptops, however, all use a 3 core lead with 3 pin plug and socket fitted. When I put these on the Class 1 test, they all proved that a metal connection on the laptop case (such as the VGA connector screws) is electrically connected to the earth pin on the mains plug. Why the manufacturers have changed from double insulation to earthing, I don’t know, but if a laptop doesn’t have the double insulated symbol on its power supply then it must be considered earthed and tested as a Class 1 appliance.

Secondly, the laptop, both physically and electrically, consists of three parts: the mains cord, power adapter and laptop itself. The test is carried out using an earth connection onto the laptop with the mains cord plugged into the PAT, and then stickers are applied to each of the three parts, otherwise how can you be sure which part the sticker applies to (as all three parts are separable and interchangeable with other people’s laptops)?

Thirdly, and this is relevant to the above, the retest interval for flexible cords, like the power cord and the adapter, is less than the laptop itself. The laptop can possibly be given a retest interval marked at 3 – 5 years. The power cord and adapter, perhaps just 12 months. You may, however, need to connect all three parts together to do any retest just as I did with my original tests. The trickiness of this is to know which part actually failed if the tester shows such a result.

Sunday, 29 June 2008

Digital Camera Stats

Numbers for all digital cameras I have owned so far:

  • Powershot S1 IS: 239 (8871 / 37 months)
  • Powershot A400: 285 (6000 / 21 months)
  • Powershot A450: 362 (3260 / 9 months)
  • Powershot A460: 280 (1400 / 5 months)

Currently I still use the venerable S1. Due to it being heavier and less convenient I prefer to use its sophisticated features for special events where I take several hundred pictures a day. These keep its totals up considering it lies idle much of the time.

My other current camera is the A460 which replaced the A450 (dust got into the lens) in turn superseding the A400 (sold). I bought the A400 one month after the S1 as I always intended to have two cameras, following my film model of an expensive sophisticated camera and a small cheap pocket model. Hence the picture total of the three small cheap (about $200) cameras is somewhat greater than the S1 (cost around $700) and they have all been used almost every day because the A450 and A460 have been permanently carried around on my belt.

Currently we are awaiting the announcement of the Powershot S6. I did not consider it worthwhile replacing the S1 until the advent of the S5; the lens has not gained enough performance to make it worthwhile so far compared to other makers. Last year of course I chose to spend my dollars on bikes instead. The hotshoe addition on the S5 is a great feature. I would hope the S6 goes to a 15x lens. Rumour has it we could see this camera out sometime around August-September.

Have looked a few times at low end digital SLRs but unless they come down well below $1000 it's not going to fly for me. Basically I love the ultrazoom lenses, to get that on an SLR would cost heaps more. Sure, you can get a higher quality picture but is that worth the extra cost? There are still people who claim that digital doesn't come up to the quality of film and who are willing to spend thousands on film cameras and the film itself. You are just not going to get me joining them. I simply regard such people as too obsessive about such things. Unless you are a professional who must have the highest quality then I simply don't see why people in our society spend thousands of dollars on camera equipment, like thousands on bikes or whatever, these become pretty expensive hobbies.

Saturday, 21 June 2008

Update

I have been too busy to write much for a while, but life/work continues with a lot of interesting things happening. I'm going back to Polytech to finish my CertSA qualification which involves four papers, including Microsoft Exchange and Microsoft ISA Server. We may yet get a server running the latter. Both of our existing Windows servers have had their capacity bumped up to the maximum possible by adding a 500 GB IDE drive in each case. How long this will last remains to be seen. We have a laptop lease expiring mid August, the impending holidays will cause great havoc with this unless the Ministry can be persuaded to bring forward our renewal date.

Saturday, 7 June 2008

Classroom AV 3: Cable Terminations [1]

The original edition of this article made reference to solutions that we have decided not to implement at our site. Hence, the revised posting makes only passing commentary on those options, focusing instead on our preferred choices.

In Article 1 I referred to faceplates and connectors for VGA and USB connections. Today it's time to get into the nitty gritty of these and actually terminating off the different cables that you will have. In our case, these are:

  • VGA cable to the projector
  • USB cable to the smartboard (if used)
  • Speaker connections for the sound system's wall mounted speakers
  • RCA video connection to the projector.

These cables are brought down the wall, preferably in some kind of ducting. An electrician would be able to supply the ducting from trade brands like Clipsal. Then the various sockets have to be mounted on some kind of panel or enclosure. In our case the new classrooms will have these cables built into the wall. Existing classrooms will have the cables terminating inside a shelving unit that is attached to the wall.

The VGA faceplate (if you choose to use it) is available from several electrical accessory manufacturers. PDL supply the Cat 514VH9/I, but this may be out of production now. A similar product is the HPM 770/1D1PL plate.

First job is to fit the PDL plate for the VGA cable. The enclosure is the right size to mount the plate on the side, rather than the front. This works well with the VGA cable having a ferrite core on the end of it and therefore needing a reasonable amount of space inside the box to be turned through 90 degrees to attach to the plate. Since there is enough room on the plate, I drilled a hole to mount an RCA socket for the video connection.

IMG_0921A

This picture shows how to modify the VGA moulded plug to fit into a plate. Remove the thumbscrews on either side by pulling all the way back and turning until they come right out. Use a hacksaw to cut off the minimum amount of plug shell on each side to expose the metal plate with its two holes at the connector end of the plug. Then use a couple of threaded nuts through the plate's mounting holes - see Article 1 for details of what to buy. (I would like to thank my good friends at Breezes Road Baptist Church for this idea)

IMG_0924A

This photo shows another option using the USB feedthrough on the VGA plate instead of an RCA connector. The feedthrough gives you a USB socket that can be mounted onto a wall plate. The reversible insert has a female B connector one side and a female A connector the other. It is mounted on a standard XLR base and will also fit into panels pre-punched for XLR sockets.

IMG_1298

Here we have our chosen option, the RCA video socket mounted side by side with the VGA connector on the latter's faceplate.

 IMG_1299

Speaker terminals are mounted onto a blank plate which has been drilled to suit, this needs 6 closely spaced holes.

The next article will show the Activboard mounting frame and the cables connecting to it.

Low Loss NiMH Rechargeable Batteries

Nickel metal hydride (NiMH) rechargeable battery technology is a great step up from the more familiar nickel cadmium system. For the first time we are able to buy a battery that has similar capacity to alkalines. Unfortunately both types of rechargeable do not as yet approach the charge retainment of alkalines, which can be stored with full charge retention for several years. Additionally, many NiMH rechargeables tend to have reasonable retention times only when new, and often lose it after a few months of use. I own two cameras, both of which use AA cells. The only alkalines which can give the same longevity as a near-new set of NiMH rechargeables are Energizer lithiums, which are extremely costly, whilst regular Energizer cells typically only last for a few shots. I've found from experience, however, that even NiMH cells which have been charged and discharged a mere dozen times lose significant capacity and retention within a year, and must be replaced completely to be of any use. There have, unsurprisingly, been several major events in which I used my cameras extensively, where the NiMHs have lasted only a handful of shots and where lithiums or ordinary alkalines that I always carry a set or two of have saved the day.

Sanyo of Japan is a major manufacturer of NiMH cells, including numerous OEM rebrands, and has now developed newer NiMH technology which boasts a great improvement in charge retention. Their own brand of these cells is "Eneloop", and various other suppliers are now advertising similar products, probably under OEM arrangements. I have purchased several sets of Eneloop and Varta "Ready2Use" cells. How well do these work? The Eneloops are in use in my bigger camera, which requires four, and are presently giving excellent service, both in terms of longer cycle life, and retaining charge for long periods of disuse. The Vartas are in my smaller camera used in pairs. They are showing similar capabilities. So far, both have been exceptional in service. I would like to wait another six months to see if they are still making the grade and keeping my cameras running without the expense of annual battery replacements.

Thursday, 17 April 2008

How about better service from NZ's biggest ISP

  • Make your website less confusing so I can find my login to the Xtra/Yahoo Bubble more easily, especially my Sub Accounts. There are three different Telecom Xtra websites at http://nz.yahoo.com, http://xtra.my.yahoo.com and http://www.telecom.co.nz/myaccount that all overlap in the functionality they offer and these should be properly integrated together so users don't have to mess around trying to work out which website they should be visiting for what.
  • Fix those several major parts of Yahoo Xtra ProMail that, after months, are still "under construction".
  • Fix the bug in http://xtra.my.yahoo.com that will not let a user log in using a different email address if the last one they used is no longer valid. Goodness me, now I have to hunt down the cookie that is storing this obsolete email address and delete it before I can log in to Yahoo Bubble.
  • If a user can sign up for an additional Xtra Email subscription on a website, they should be able to close it down as well, I think.
  • I didn't ask for my Xtra email address to be made into a Yahoo ID so that I have to sign out of my existing Yahoo ID before I can sign in to Yahoo Xtra Bubble, and then have to sign out of Bubble and sign back in again to my existing Yahoo ID to access services loaded onto it.
  • Fix whatever dumb bug stops me from removing email aliases that I don't use any more from Xtra ProMail, yet ensures that I still get mail sent to those addresses delivered to my inbox.

Thursday, 10 April 2008

How to find out what kind of hardware is in your XP or Vista PC

If you've ever worked on a laptop or some kind of PC that has a proprietary motherboard (Compaq etc) then you've probably encountered the situation of not knowing where to get drivers because you don't know who manufactures the device in question. Fortunately the PCI standard requires that each device on the bus is identified by the vendor and device, and this information can be used to look up in a website called pcidatabase.com.

For example, a particular Toshiba Satellite Pro A200 I am working on has an "Ethernet controller" that I don't know if I have drivers for.

  1. Open Control Panel
  2. Open System
  3. Select Hardware tab
  4. Click Device Manager button
  5. Double click the device
  6. Click the Details tab
  7. Many entries including usually the first one will have a code starting with "VEN_". In this case "VEN_168C" which turns out to be Atheros
  8. The device is identified by a code starting with "DEV_", in this case "DEV_001C".
  9. When these codes are put through PCIDatabase.com it tells me that the device I am looking for is "Atheros a/b/g" which is a wireless adapter based on the VGN-cr220e chip.

These distinctions are necessary because hardware manufacturers have a tendency to change the hardware specs often. The same model laptop might have two or more different network cards or wireless adapters depending on the exact subvariant. Sometimes you won't know which subvariant you have, so this is a useful way of being able to select one manufacturer from a list.

Wednesday, 2 April 2008

Classroom AV 2: Projector Mounting Systems

It's been a long time since article 1 of this series was published. We have been busily beavering away getting things organised behind the scenes to move along with our big project, which is happening across twelve of our classrooms in various forms. Projectors are best mounted inverted from the ceiling. This is at least in part because most of them are designed to throw a picture that is higher than the top of the projector when upright. Invert the projector and you can put it very high while getting a picture lower down on the wall and importantly, keeping within the keystone capabilities of the projector. At our school we have one projector that is mounted upright on a high shelf, tilted down to a lower screen. Apart from having a huge tilt on the projector, the controls are on top and inaccessible, the indicator lights can't be seen, and if the shelf is high enough there might not be enough keystoning adjustment available. Invert and most of these problems go away. Every projector known to mankind can rotate the picture to get it the right way up when inverted.

The brackets we bought cost $99 each. There are lots of manufacturers of brackets, and you can easily pay $200 or more for a manufacturer's own branded bracket. There are lots of universal ones available with some kind of adjustable legs or mounting points to cater for different kinds of projectors. These are quite easy to set up. We bought our projector mounting brackets from Dark Star Imports in Christchurch.

IMG_0916A

This is what one of the brackets looks like attached to a Sony projector. Many projectors only have three mounting holes so one of the feet gets unbolted from the central piece.  In the top right you can see that I have dispensed with the adjustment part and attached the foot directly. The reason I have set the bracket up this way is to get the balance right. I try to have the projector properly balanced in both directions so that it will hang level on the bracket. This is a lot easier when lifting the projector onto and off its mount and probably simpler to adjust as well, depending on situation. In this scenario with this particular projector we could undo the dust filter at left without taking the bracket off. This is great as it simplifies the maintenance of the projector. On many projectors this won't be possible without completely unscrewing the bracket.

Apart from the part you see here there is a separate part which screws to the ceiling and the projector part hangs off a couple of posts, so it is simple to hang the projector on there and then put in a couple of small bolts which lock it on and also lock in the tilt adjustment. This bracket also has sideways tilt which compensates for a sloping ceiling. In our case the amount of longitudinal tilt in the bracket was not enough. It is not that the projector can't be tilted that much (it can); it is that the bracket doesn't have enough tilt adjustment built into it. I am now experimenting with tilting the whole bracket backwards by jacking out the ceiling mount part.

The major issue is that ceiling mount. What kind of ceiling do you have? Drop ceilings are the trickiest because many panel types will not be able to support the weight of the projector. Most of our ceilings are made of flimsy acoustic softboard material (commonly but incorrectly described as "pinex") with the consistency of Weetbix. Some drop ceiling tiles may be made of Gib board. Neither is strong enough to support a mount like this and would require some sort of backing plate. My preference is a complete solid tile like metal or wood. Situations will vary. Should the tile also have a power outlet on it for the projector? Etc.

One thing to be careful of when doing the mount is to work out the picture size on all inputs before you fix the bracket in place. Play a DVD and put something through the computer input just to be sure you have got the projector the right distance from the screen. Most of the lower end projectors have a limited zoom range. Set up the keystone while you're at it. Get the projector square onto the screen as well. This can be checked by looking at the top and bottom of the picture. If they are not both square then the projector is not at right angles (side to side) to the screen. The amount of vertical tilt (the adjustment that changes the height of the projector) doesn't matter so much because the keystone of the projector compensates for this. However the vast majority of projectors do not have a keystoning adjustment that can compensate for horizontal tilt. If you can't get both top and bottom square you may be able to get just one of them correct, but probably the sides will be out as well.

Thursday, 27 March 2008

NZ Daylight Savings Time updates for XP and Vista; SP1 for Vista

  • The NZDST update patch for Windows XP is KB933360. It is categorised as an Update Rollup.
  • The NZDST update patch for Windows Vista is KB942763. It is categorised as an Update Rollup.

The patches are required because of 2007 changes to NZ Daylight Saving Time which now commences on the last Sunday of September and ends on the first Sunday of April.

These patches will not be automatically approved for installation if the Update Rollups category is not set for auto approval. They will not be available for detection on any client if the Update Rollups category is not set for synchronisation on the WSUS server. This has caught me unawares, finding that the WSUS server was not set to download this category of update, let alone approve it for the clients. As Update Rollups is not a category I had considered making available to clients before, it was not really a surprise in retrospect that all my handful of Vista clients were showing the wrong time since 16th March.

SP1 for Vista is now out. It can be downloaded standalone for individual installation on clients and can also be imported manually into WSUS. It will become automatically synchronisable via WSUS at some later date, according to Microsoft.

Now that we have SP1 available I hope we will soon see Vista on the TELA laptop programme.

Friday, 22 February 2008

Windows Live Mail is very flaky!

Sorry but there is no other way to write that. I have just had it up to here with the flakiness of WLM compared to Outlook Express and Outlook. Especially on IMAP accounts. WLM's support even of ordinary IMAP is patience-testing enough before you try to set up access to Gmail IMAP and get a further increase in the voluminous error messages that every send/receive operation generates.

When I first saw WLM I liked it a lot. The interface design is very modern, it being designed for Vista. But beneath that appealing appearance is a product that is flakier than its predecessor. WLM went through a public beta program that I participated in. It is quite the norm to get lots of error messages when downloading mail, particularly on IMAP. Yet MS could make IMAP work on Outlook and Outlook Express. Even Gmail works just fine on those platforms.

Next gripe: neither of Outlook 2007 or WLM can do RSS either. Apparently there is some component that has not installed itself properly and none of the feeds will automatically update. Thunderbird can do everything and doesn't throw the errors like WLM can. Out it goes!

Thursday, 21 February 2008

Using Loopback Policy to set a per-location default printer

Last year I talked briefly about how loopback policy works. This is the system that Microsoft has built into Group Policy to enable a user policy to be applied to a computer that is dependent on the OU that the computer's account is stored in. This is a great system because it enables a policy to be applied to a user that can be targeted by according to the physical computer that they are logging onto. One obvious example of this is to set a default printer for a user that changes depending on where the nearest printer to the room they are in, is located. Because the setting is set for each user individually, it can't be done in an ordinary GPO, because the computer account does not set user policy settings; these are set by the directory location of the user account.

Previously to set the default printer, we would have a mandatory profile with the printer default defined in it. The best we could do with this is to define that users in one particular part of the school would have a particular mandatory profile for the nearest printer to their home room. But if that user or users went to another part of the site, their default printer could not change to reflect the fact that they had moved, so this system has obvious limitations.

One important issue to deal with when using loopback policy is the way in which it becomes retroactive on other GPOs in the same branch of the directory tree. When I did my MOC training classes at the local polytech, all the material showed the use of the same OUs to store both computer and user accounts. Naturally this is the method that I followed to set up our school's directory tree for users and computers. However this gets messy when a loopback policy is applied to an OU because the user policy is combined with other user policies and these policies get applied to every user, not just the users they were targeted at. For example, in a school, commonly pupils are going to get a locked down desktop with a restricted Start menu and limits on local hard drives, say.  A teacher or technician on the other hand might not have the same restrictions and they should have a full Start menu and be able to access all drives. If your user and computer accounts are in the same branch of the GPO tree then applying a loopback policy to a computer in that branch will also result in the rest of the user GPOs applying to every user who logs in to a computer in the branch, regardless of the user accounts being in different OUs or some of them (not all) being in different branches. The fix for this is to put computer and user accounts into different OUs that are in different branches and then the loopback policy will only have effect on specific user GPOs.

Setting the default printer itself is easy, just two lines of VBScript code in a logon script:

Set objNetwork = CreateObject("WScript.Network")
objNetwork.SetDefaultPrinter "\\DC02\18_Colour_Printer_4050_Vista"

One thing to watch out for is that the default setting will not show up in your printer list (i.e. a checkmark next to a named printer). This fooled me in the past when I did this in a login script because it looked like the script wasn't working. This time around I tested it out and it does indeed work, but the lack of visual confirmation in the user interface is offputting. There are several ways of setting the default printer including registry settings but the login script is probably the simplest to apply across a site using GPOs and thereby leveraging the advantages of centralised administration with the server tools.

UPDATE: If you are using printer deployment policy on Windows Server 2003 R2 you may find your default printer connection script fails with a message saying the printer cannot be found. The solution I have found to this is to insert a new second line in the above script so that in this example it reads:

Set objNetwork = CreateObject("WScript.Network")

objNetwork.AddWindowsPrinterConnection "\\DC02\18_Colour_Printer_4050_Vista"

objNetwork.SetDefaultPrinter "\\DC02\18_Colour_Printer_4050_Vista"

Monday, 18 February 2008

Classroom AV 1: USB & VGA Faceplates

This is the first part of my forthcoming series of articles on classroom AV system installation. This article will specifically address, the thorny subject of how to get USB and VGA cables into wall plates. Firstly, we much prefer to use premade VGA cables, which have moulded plugs on each end of the cable and are supplied in standardised lengths. Making your own cable up is very fiddly due to the tiny little pins cramped close together being very hard to solder. I know of one organisation which found that the wires tend to break off and had to have both plugs resoldered on at considerable expense because of the difficulty in working on the plugs. So, even if you are installing a cable inside a wall, use premade cables if at all possible.

Second point is, don't use flying leads except at the fixed end. That is, the end which connects to your ceiling mounted projector (or a wall mounted device such as an electronic whiteboard, etc). That's OK because the connector won't be disconnected that much and the equipment for the most part doesn't get moved that often or is out of reach anyway. But it's a different story for the end that connects to the PC. The cable will come out of the wall. The plug will be connected and disconnected often. The wear and tear is enough that the plug could get damaged easily as well as the flying cable. You don't want that plug getting broken or that cable getting damaged because then you have to replace the whole cable.

Thirdly, use a female connector at the PC end of the cable, even though the PC requires a male plug. That is because male connectors have the small pins that can get bent or broken easily. Far better to have the fragile male connector on another attached lead that can be replaced easily rather than your in-wall cable.

Now, how to get the cable to come out into a faceplate. There are two ways that I have investigated. The first is a specialised faceplate connector made by Switchcraft called the EH Series. These are essentially a gender changer mounted onto a faceplate. You may be familiar with VGA gender changers already which are a male and a female plug or socket connected back to back in one metal shell. They make very handy cable joiners as well. Switchcraft make their EH series VGA faceplate adaptors in all possible combinations and they are reversible. The biggest issue is that they are not readily available in NZ, and will have to be shipped to you from Australia or the US at considerable expense. I was quoted around $12 each in a quantity of 10, but postage was a minimum of $40 from either Australia or the States.

The second option, which I have used before, is to mount a modified cable plug to a special plastic faceplate supplied by electrical manufacturers. PDL and HPM both make a special version of their standard faceplate series which have a VGA shaped cutout and the standard mounting hole spacing. HPM make variants which will carry two connectors. To fit a premade cable's plug into one of these you have to modify the connector shell, which I'll show how to do in a future article; basically you cut off the thumbscrews which gives you access to the plug's mounting holes and you attach the plug to the faceplate using hex threaded nuts (which you can buy from Jaycar as cat no. PM0852).

Once you have this mated to the faceplate then you can use a standard male to male patch lead to connect the PC into the wall.

The USB connectors are also available in the same Switchcraft series, with the same availability and cost drawbacks. This time, however, I was able to find a similar product made by Neutrik which can be purchased by mail order from Farnell or over the counter from Jansen. The NAUSB is a reversible A-female to B-female gender changer mounted on a standard Neutrik faceplate assembly, designed to fit onto a standard XLR panel. Let's suppose you have a standard USB cable coming out of, say, a projector or electronic whiteboard. There is a B female socket on the equipment which you connect using a standard A male to B male USB lead. The end to the PC will be an A male plug. Instead of bringing that out of the wall as a flylead, you set up one of these faceplate connectors so that it plugs into the NAUSB's female A connector. On the open side is the female B connector. You connect another standard A male to B male USB cable to this connector and the A male plug goes right into the back of your PC without any other adaptors needed. The NAUSB costs $10 from Farnell (ex GST) or $12 over the counter from Jansen (incl GST). 

The insert can be reversed to place the ends on whichever order suits your situation. For example suppose you want to use one of these to get the signal into the wall from the equipment. You would set it up so that the A end faces the equipment and the B end faces the wall cable. It works perfectly every time. The only other connector of this type I was able to locate on my travels of the Internet is an IP68 rated connector on a flying lead that Jaycar sells. Not only do they cost almost $20 each, they are on a short lead that terminates in a five way header. You would have to fit a matching plug on your USB lead to connect it to this adaptor. Both the Switchcraft and Neutrik adaptors have the advantage that the cables just plug in on both sides. The one issue for both these and the VGA connectors is the depth needed behind the panel in the wall. If you have limited space you may have to find an alternative way of mounting the faceplate to allow for this.

Classroom Audiovisual System Series

I'm going to write a series of articles on AV system installations with particular relevance to school classrooms. A full AV installation embodies a number of possible components:

  • A projector or other display device
  • A sound system
  • AV source such as Video player or Computer
  • Electronic whiteboard

These are the ones I'm familiar with. Over the next few months I'll be doing 13 permanent projector installations at our school, many of them in conjunction with electronic whiteboards. These articles will cover all of the technical aspects related to the different parts of a classroom audiovisual system.

Wednesday, 13 February 2008

Windows PE REQUIRES 512 MB RAM!

This short little article is the postscript to an extremely frustrating afternoon at work trying to image a PC using Windows PE as the OS environment. It is stated somewhere in the WinPE documentation that 512MB of memory is required to boot. However if your PC has less than this, you won't see any warning message; instead, your computer will just behave strangely and bizarrely, causing you huge frustration. The following are the problems that were encountered on a PC that, unbeknown to me, only had 256 MB of memory, and appeared to boot WinPE normally:

  • External USB devices were not detected and could not be used
  • Diskpart hung and could not complete some commands
  • Some applications would not run at all
  • Some applications would give a spurious error message like "The system cannot find the file specified"
  • Some applications would terminate abnormally with error messages like "Not enough storage is available to process this command".

My last resort after trying many things such as burning additional CDs with different software on them, trying to copy applications to the PC's hard drive and so on and so on, was to take the HDD to another PC whereupon everything worked normally. It wasn't until the next day that I remembered the 512MB memory requirement for WinPE and that this PC only had 256MB. I increased the PC's memory and then reassembled it with the HDD and this time everything worked properly.

Thursday, 7 February 2008

Logitech Z4 2.1 Speaker System

If you've ever set up DVD players with projectors in a school classroom, you know that you need something better than the tinny little speakers in the projector itself for sound. It was quite apparent that small computer speakers, which often have an output of 2 - 3 watts, would also be unsuitable, lacking both power and fidelity. We started off using wooden Genius PC speakers, which cost about $60 a pair, and have an output of 10 watts. These produce enough volume but are not high on sound quality. We have begun to install projectors permanently mounted off the ceiling in our classrooms together with electronic whiteboards and it was an opportune time to look for better speakers.

After a bit of hunting around I ordered in a set of Logitech Z4 speakers for evaluation. I already have a set of X230 speakers attached to my work PC, which can be thought of as a step down from the Z4; they have similar functionality overall but less power and are cheaper, and the speaker cables are permanently attached to the satellites, which is not convenient for any application where the speakers need to be much further apart than the width of a computer screen. We had a look previously also at the Altec Lansing MX5021 system which is a more powerful edition at a higher price. The Logitech speakers have enough power however to fill an average classroom.

Inside the box is the sub, the satellites, a wired volume control, power cord and audio cable. Setting it all up is easy enough. The sub plugs into the mains and then all the other bits connect to the sub. The speakers each have an attached lead fitted with an RCA plug, so that they can have extension leads fitted if more distance is needed. An audio input socket is provided on the rear of the sub. The volume control, which also provides power switching, bass level adjustment and a second input socket as well as a headphone output, connects by a cable using a 9 pin D plug. The sound quality is about what I had expected; whilst not perfect it is very good for the price of the system, and the speakers handled being cranked up to nearly full power, very well. The wired remote volume and bass adjustment controls are very convenient and the sub is well made, with a good solid grille that should withstand the rigours of classroom use. The satellites have a screw slot for hanging on the wall and a cable guide which is accessible after removing the attached stands.

I expect these systems to handle all of our classroom needs and be a much more worthwhile setup with the electronic whiteboards and hung projectors in the classrooms that we are fitting out for these.

Monday, 28 January 2008

Trying... (grrrrr!) to have a USB Key to boot Windows PE

I have two Sandisk Micro Cruzer 512MB USB keys that I bought cheaply as they were end of line. These devices have a unique and excellent feature of a retractable plug built in, thus there is no cap to lose. The size is quite useful for many things. I got one of them formatted as a Windows 98 boot device using an HP utility that I got off the net. It is formatted as FAT16 and the whole capacity is available for use. I use this one mainly to boot to DOS to flash BIOS updates on PCs.

The second one is formatted as FAT32 and I set it up fairly recently as a boot device for Windows PE. The problem is, it keeps getting corrupted somehow. Then PCs can't boot off it, and they say there is a "disk error". Then I have to use a CD to boot Windows PE (but I can still run applications off the key, just not boot off it).

This has happened twice now and I am getting grumpy. I have swapped the keys over but still the Windows PE key gets some sort of corruption and stops being able to be booted from. What is going on here?

Using Sysprep on Windows PCs running Media Player 11

In a word, don't. When the master PC comes back up after sysprepping, it will crash in MSOOBE and refuse to complete setup. It then reboots, and repeats the whole schmozzle. There is no way out of this except to follow the steps set out below. This is caused by an incompatibility between MSOOBE and Windows Media Player 11.

The MSKB lists a number of steps that can undo the effects of running SysPrep. In my case, just the first step, copying a temporary System registry hive into the Config folder, let me restart Windows enough to get to the Control Panel's Add/Remove Programs option and uninstall WMP11. While you're at it, uninstall WMP11 Media Runtime as well. Then go back to Recovery Console, rename the temporary System file to something else, and rename the original hive file back to System. Restart your PC, and Windows should start up properly and run the msoobe wizard as it normally does after a sysprep.

The next step is to install WMP10. If it refuses to install, make sure WMP11 Media Runtime is uninstalled. Then try installing WMP10 again. Once you have got it installed, Sysprep again and this time, everything should be just fine.

UPDATE: I’ve now discovered how to stop this from happening. To work around this problem, use Mini Setup instead of MSOOBE when Sysprepping your reference PC. There is a box you can check when you run SysPrep that sets this option. Running Mini Setup should be done in conjunction with a Sysprep.inf file to minimise the number of options you have to enter in the wizard when it runs.

Tuesday, 22 January 2008

NT 4.0 Server System Policy Registry Tatooing

Registry tatooing refers to the old style workstation policies that Windows NT4 Server used. You also see these on a network if you are connecting to a Samba server, because it uses the old System Policy model. Policy changes in this system are permanently applied to the Registry as values that are never undone unless you explicitly remove them or change them to a different value. On a client, you edit these policies using the System Policy Editor and then the Config.pol file gets downloaded to the client at logon and is applied to the registry as keys and values.

Windows 2000/2003 Group Policy works in a different and much better way. The policy settings that are applied from GPOs do not make permanent changes to the registry. If you remove a setting from the policy, it will automatically revert to the default value for that setting. This makes policy operation more efficient since you don't need to set a value for every policy. It also ensures that default values that are defined in the GPOs will work when they say they will.

Tatooing is the effect of the old style policies onto a workstation running Windows 2000 or later. The System Policy model was used by older desktop versions of Windows, including all Win9x systems (95, 98, ME) and Windows NT4 Workstation. However it can also be applied to Windows 2000/XP workstations when the PDC is Windows NT4 or Samba (may vary with version of the latter). The GPO model that we have today was introduced on Windows 2000 Server and Windows 2000 Professional. There are two parts to it, the server component and the desktop client component, and you have to have both of them to use it. Hence, an older desktop OS connecting to a Windows 2000 or later server still uses the old System Policy model, and a modern desktop OS (Windows 2000 or later) connecting to an older server (NT4/Samba) still uses System Policy.

We came originally from a Samba server to Windows 2003 domain controllers, and we saw these effects on our XP workstations. One of the first ones that I remember was connected with the policy setting that reads "Connect home drive to the root of the share". When you set up a user account you specify a home drive letter and path. This policy setting overrides the path so that only the share is used and the drive letter connects to the root of that share. The default for this setting is to be disabled, but we found that we had to specifically disable it because, I presume, the default had been overridden by tatooing.

Another possible example I have just noticed is remote shutdown. We reinstalled a pile of machines, and they all started to give "Access denied" errors when we tried to run a script on the server to shut them down remotely. There must have been a setting tatooed into the registry that allowed the remote shutdown to occur with the right user permissions (the script is running as the domain administrator). There are a few options I have to try to see which is the best way of resolving this.

Saturday, 19 January 2008

Imaging Vista part 2A

The next PC to try imaging was an old Compaq Pentium III/800. I had previously installed Vista on it and had bumped up the memory to 512MB and the HDD to 40GB. This PC is one I kept around for just this sort of testing. The biggest issue is its lack of USB ports especially as one was needed for the mouse and the HDD at startup needed both its plugs connected for power. I decided to do without the mouse and boot WinPE from a CD. Getting the image reload going is no problem off the external HDD. The main delay in this case is due to this old computer having only USB1.1 and therefore transferring data off the external HDD slower. About 90 minutes being the estimated load time in this case. Actually it took about 60 minutes, and it worked just the same as the other PCs.

Imaging Vista part 2

Getting this started turned out somewhat difficult due to the way the PC recognises USB boot devices. I had both a USB key and a USB external HDD plugged into the master PC for the imaging. The key drive is used to boot Windows PE and the HDD is used to store the image. The problem seemed to be, at first, in getting the key drive recognised - the first one had some sort of corruption or other problem making it unrecognisable for booting. Trying another one, the problem seems to be that with the USB HDD connected as well, it tries to boot that, fails and doesn't get any further like trying other USB devices or other devices.

I'm not really sure what the problem was, but after a lot of work I got it booting PE off the USB key, and then plugged in the HDD partway through boot. I still don't know if WinPE supports hotswapping and automatic detection of USB devices. However it evidently does include the drivers for most of them as both devices were able to be accessed in the command prompt.

The first step of making my image is to Sysprep the master PC (step 3 of the guide). This is easier on Vista because Sysprep is now included in a subdirectory of \Windows\System32. Once this was done, I proceeded to the imaging (step 4). Note that you can use alternative forms of boot media; the Windows PE help included with the WAIK describes how to do this. Now run ImageX with the appropriate switches. I tried two images: one on the external HDD and one to a second partition of the internal HDD. The first took about 30 minutes to create a 5.5 GB file; the second about 20 minutes. The original files on the HDD are 13 GB so this is slightly better than a 2:1 compression ratio.

When the original PC was restarted, there was a period of disk activity for about 10 minutes and then the PC restarted and came up with various screens asking for information - as is usual when starting a Sysprepped image. The PC then started normally. I went to Step 5 of my instructions to apply the image to the other machine, after first following the steps to partition and format the HDD. This PC had Linux installed, but there were no problems in removing the partition information and Grub, and applying the image from the external HDD. On rebooting the PC followed the same process as the master.

The issues which I want to fix for future deployments are

  1. Drivers not installed (even though the master had them). In this case the display adapter was the only device not installed, even though originally I had to provide Vista with network and sound drivers as well. Vista provides a Package Manager to inject drivers to an image
  2. No automatic domain join. Riprep knows how to do this automatically if the answer file specifies it. Sysprep on XP if an answer file is not provided still knows that the PC was previously joined to one and asks the user if they want to join a domain and carries that out.
  3. Product key not asked for. Sysprep does do this on XP. At this stage I would still have to reenter the product key and then activate this PC.

Most of the questions/issues can be addressed using the tools which Microsoft provides. The Package Manager for driver injection, the System Image Manager for creating the answer file, and some technique that I haven't yet discovered to put the answer file into this image. At this time we want to automate the whole process even more.

The next trial step is to apply my existing image to another completely different PC. This is an old Pentium III with just enough memory and HDD, the first real challenge being whether it will even boot WinPE or be able to read the USB HDD. WDS also looks more promising, but there is still a lot of work to get it there, and the server's disk is filling up with all the different RIS and Ghost images.