Friday, 19 March 2010

The week <21-3-10>

This has been a lot of fun, from looking at how to get an SMS to do reporting, new SMS developments and an NComputing thin client terminal.

The SMS market in NZ is having some interesting developments as vendors look to the next generation of web-based systems. Integris’s G2 product which is now standardised across UK and Australia holds a lot of promise if, when, it makes it to NZ. Meanwhile, incumbent Musac is steaming on towards an initial release of its Symphony product. Of course the much smaller and less well known eTap and eMinerva products have been available for some time in a web based configuration. (Note that this is quite different from the existing hosted Integris and Musac products, both of which are being hosted presently on Terminal Server)

It is interesting that RM has really dropped the ball and failed to capitalise on its market leader position back in the days when it was the MOE’s solely accredited SMS and pilot program vendor of choice. The tables have been turned rather effectively by Musac since the MOE forced them to bring their offerings up to scratch.

The NComputing L230 is reviewed in the previous posting of this blog. As Insite Technology now have the agency for it after a few false starts, we can expect to see a lot more of this technology in education in the future, especially as Microsoft Multipoint Server has been released to exploit its specific capabilities.

NComputing L230 Thin Client Terminal

Several years ago, NComputing released a series of thin client terminals suitable for the education market. These are of two types, the X series connect to a PCI card in the host computer and there can be 3 or 5 terminals connected. The L series connect over a network to a remote host server. The photo below shows the L230 terminal interface attached to the rear of a typical LCD monitor.

IMG_1845

As you can see it is pretty compact, a lot more than the computer that it replaces. The keyboard, mouse, display, network cable and power adapter connect to the sockets on the sides of the unit. You can also connect microphone and speakers and one USB device.

There is nothing particularly new about thin client hardware, but most of it is industrial and has not attempted to address the low end of the market before now. Our review unit was supplied by Insite Technology, who are now the main distributor of the product in NZ, a very insightful choice due to their heavy market penetration in education. There is not much in the box, basically the unit, its power adapter and the bracket to mount it to the back of an LCD screen. Once it is all connected up, download the Vspace software from NComputing.com and install it on the host server. When this is running the client will automatically find the server and the client’s setup menu can be used to do the most relevant level of configuration.

One thing to be aware of which I noticed straight away is that not being Windows Terminal Server, the Start menu of a logged on user is not adjusted to remove the Shutdown option. In a Windows RD/TS session this option is removed to the Windows Security dialog which is off the Start menu. However in any case you should configure your users to remove the Shutdown option in a GPO.

A very useful feature built into the client setup is a kiosk mode, in that instead of loading the desktop it can run an application which is effectively the shell interface. For example you can load a web browser. I did find limitations in what you can enter as command line parameters for this though, for example no quote marks which some applications require to be included when there are spaces in the command line. When you close the web browser it would then log you off automatically.

It is natural that there will be some limits of performance according to what the host computer can deliver. One of these limits could well be in the area of video playback, as normally this is resource intensive enough that it is not possible to do in a RD/TS session. I am guessing though that provided the host computer is powerful enough it should be able to run a number of sessions of lower powered software like word processing and so on.

Pricing for the L230 currently sits somewhere below $300 but check with Insite as bulk pricing options are available. You have to provide a keyboard, mouse and screen but these are easy enough to obtain new or used. One useful feature of the L230 is that it is supported by Microsoft’s new Multipoint server, which is a stripped down version of Terminal Server designed especially for thin client applications. Multipoint Server has within it the advantage of providing a simplified configuration interface specifically with classroom usage in mind. Although there is a cost to set up the server, a classroom with 30 of the L230 terminals and the server would be a very compact and cost efficient setup with a huge space, power and heat saving, no reliability problems with old computers and no need to maintain these computers.

Wednesday, 10 March 2010

Nonsensical use of file permissions and temporary files by Microsoft Office

Rant of the week, and I’ve written about this one before.

There must be, for any administrator, situations where you want people to be able to open, read and save files, but not to delete them. You want to protect shared pools of files against accidental deletion, but otherwise people can do anything else sensible with them.

It sounds like a great scheme – except that it’s not possible if you’re using Microsoft Office (especially Word/Excel) to edit the documents.

Word and Excel create temporary copies of documents as they are edited, in the same folder as where the document is saved. This behaviour is rather in contrast to other types of applications, which generally create temporary files in the user’s Temp folder. Obviously, you’d expect that an application can delete the files in the Temp folder when it closes, and in fact most applications do this automatically. But for some particular reason (and it might in principle be a very good reason, like being able to recover the temporary versions if the application crashes), Word and Excel (and maybe other Office applications) save temporary versions of a document into the same folder as where the user chooses to open or save the permanent version of the document.

The net result of this behaviour is that if you apply Deny permissions for Delete Files to this folder, Word/Excel can’t save a file at all. The reason Word/Excel can’t do this is that it fails to delete these temporary files, so because of a bug in the way it is written, it refuses to save the permanent file into the same directory (even though it can do this without deleting the temp copy).

There is a document here that describes some of this functionality and the use of file locations by Word. There is also an option in the Options (Save tab) to make a local copy of files that are on a network share. This option may or may not have an impact on this setting. However it is very clear by now that Word/Excel’s use of the original Save folder for temporary files is a flawed system because the minimum amount of permissions required to edit documents must include the Delete permission, and this precludes any possibility that an administrator could deny Delete Files permissions in order to protect Pool file areas against accidental mass deletions of files or folders (a common enough problem, I would think, when dealing with shared file pools if our own experience is anything to go by). I’m not going to try any more tweaking with either Word or Excel (in any case the latter doesn’t have that setting). We are simply going to have to revisit our ideas of what shared pools are about, and either change the structure of them, or limit what they can be used for.