IT Leadership: VOIP Installation

Qos for Video Conferencing:

The first step to set up VOIP was to log into the switch via telnet and run the following 5 commands. These commands enable QOS.

Without QOS enabled, you would get freezing and delay while using video conferencing or VOIP applications. . There is no QOS on the internet.

After QOS was set up, we needed to run the software for VOIP as well as a "sniffing" application to ensure we were using the Gold QOS setting.
We downloaded and installed both the Xlite (VOIP) and Wireshark (sniffing) software .
We made the following settings on our Xlite after it was installed:
a. PBX Domain for Xlite -->192.168.181.251
b. User id 6010
c. Password 112233
e. unselect the domain proxy
f. On the Xlite menu we went to preferences/Network and selected LAN

Our task was to call Lyle. This meant we simply had to enter 6000 in the dial number box.

Our next step was to install Wireshark inorder to look at traffic created by the VOIP.
We were to specifically look for DSCP settings which should be 46 across the Supernet for UDP VC or VOIP traffic.

We soon discovered that the default setting on the Xlite was not set to 46. Inorder to make this change, we went back to the Xlite software and made the following change: preferences/QOS/select Audio QOS/use dscp/Tos value and the default is 46

Chinook High

Our tour of Chinook High was a bit of a disappointment to me. I guess I was expecting to see more technology installed throughout the school (and it may very well be, but we didn't get to see that part). The theatre was a well thought out and a great deal of money was spent there. We have something similar, as we also have an infrastructure grant. Our setup is just a smaller scale. We have the same large screen and expensive back mounted projector; however, I was impressed with the two side projection screens. That was a good plan. We also host Central Office functions where all PD activities/keynotes happen at our school. This would be a useful feature. I was a little unsure about having the video conferencing functions in this room. How often would it be available to classroom teachers? As well, is it practical for small classroom groups? I just wondered if having it available in another setting might have been more practical. Knowing the cost of the lights and how sensitive they are, as well as the sensitivity of the mixing boards, I wonder how much students are able to work with this equipment. I know we have really limited ours. Overall, impressive facility. I hope the classrooms have as much technology functionality.

IT Leadership: Virtual Workstations

Talk to any techie and they will discuss security. In fact security versus educational value is often the debate that happens between educational techs and teachers. Maurice and Lyle presented the reasons why this issue needs to be addressed and the value of security. Our visit to Blackbridge certainly brought this to the forefront of our thoughts. The need for backups and redundancy is a very important in preserving our data.

I have been able to be involved in the backup procedure. Our division is very close to the recommended procedure that Maurice put forth. Our Friday plan is not quite as elaborate as his proposal. We do daily weekly backups and once a month and once at the end of the school year. The encryption of data on USB sticks and external hard drives is something our division has sent numerous emails out about protocols. Working in student services, it is something that I have been diligent about. I was also very aware that emails are not as secure as we would like to think they are. My daughter was a victim of cyberbullying that actually went to court. I was able to provide the Crown Prosecutor's office with the IP information from the Hotmail emails that my daughter provided. We were also involved with FaceBook and tracing the harassment through their site. So, this topic is one that does hit home. The perpetrator of this harassment actually used a U of S workstation several times and they did not hesitate when we had the evidence to take away that account. I think they likely had visions of a liable suit.

Virtual Servers. I can see the potential of what these servers can do for a school division. When I did my research this past fall on NAC technologies, I kept coming across VMware. Today's exercise has made me want to continue researching in this area.To install this software, we needed to retrieve the software from the network shared drive.

2. Install and run the setup_magic disc . This put a icon on the taskbar. When we click on the icon, it allowed us to enable the virtual DVD (e:\).
3. We had to mount the CentOS-6.0.iso in the virtual DVD.
4. When this was mounted we were able to begin installing the virtual operating system on our Windows 7 workstation. Operating Linux (for us inexperienced Linux users was a bit of a learning curve. Why is the left CTRL key any different than the right? Sillyness.)
5. Once this program was done we were able to run the VirtualBox-4.0.10-72479-Win program from the s drive. This program was very simple to run . Just follow the prompts. We kept the standard password: admin5769. (I am sure we will all be entering this as our password for the next few weeks until our brains "normalize"). We did learn (by trial and error ) not to run the default setting instead of the desktop version. The default setting provides only a command line instead of the GUI for this OS. Once it was reran with the Desktop option, it worked fine and we got the GUI This setup also installed the Oracle VM virtual box Manager.
6. Again a password was required: admin5769. Username: js
7. The last install was the Oracle_VM_VirtualBox_Extension_Pack-4. This gave us full features such as the full screen.
8. We initially could not get the Firefox browser to open on the virtual machine. We had to go to the Virtualbox manager/machine/settings/network/adapter 1 and check the enable box.

9. This allowed the network card to operate, as initially it had not, and thus we were able to open the Internet using Firefox.

Awesome possibilities!

IT Leadership: Print Management

Field Trips are fun! I cannot remember the last field trip I went on as a student. We should definitely get to do this more often. Loved Gail's car, John even commented on Gail's torque.

Before the fun began, however, we were to install a network printer. The printer we installed was a Xerox Phaser 4510. It was decided beforehand that we would all install the postscript drive. Lyle explained that if we each chose to install a different driver, we could eventually run into difficulties.

John and I found a wonderful Powerpoint resource that ran us through the steps in record time. Skip the Print Pool part and everything is there!

We did have to download and install the correct driver on our own as Windows Server did not automatically recognize this printer driver. We found the driver on the Xerox support site and downloaded the Xerox universal driver. This download installed all potential drivers on a folder it named and created Xerox. When the time came to install the Xerox Phaser 4510 PS driver, Windows quickly found and installed it. No issues. It was odd that the specific driver for the 4510 Server 2008 would not download. It appeared to be a problem at the Xerox site.

I also realized that we had missed a step yesterday and had not included a policy to ensure that the menu start items were retrieved from the server - aah file redirection. To do this:

1. Create a shared folder on the server. We called our StartMenu. Check security settings. Ensure that users have read rights only.

2. Copy start menu items from one of your workstations to this shared folder. (Note: User the \\JSServer10\home$ command) You can find these items on the c:\drive, in the windows folder. However, you need to ensure that you look at the file options and choose show hidden files and folders.

3. The next step is then to create a GPO similar to the file redirection policy created yesterday. When setting the configuration for this policy navigate to the User Configuration -->Policies/Windows Settings -->folder redirection -->Start Menu. We chose the same settings as yesterday - Basic - redirect everyone's folders to the same local and entered JSServer10\Start Menu as our target (We have learned to use the browse feature versus typing to avoid time lost trying to figure our where the typo is). Close the policy. Enforce the policy. gpupdate /force. Login to a workstation and success is ours!

IT Leadership: Group Policies

Today we were given what again sounded like a simple task. We were to create three policies.

1. Folder redirection

2. Login script

3. No icons on the desktop

1. Folder Redirection

When working with group policies which involve paths, there are many variables that can go wrong.

1. The first step to redirect your user's documents to a shared folder on your server is to create that folder. To do this, create a folder on the c:\ drive of your server. We named ours JSUsers. Change the settings on this to Shared and give proper permissions

Click on the newly Created Folder and click right mouse button then select Sharing and Security

Click on Sharing Tab and then select the Share This Folder Option. Note the exact name

To set proper permission on the share folder click on the Permission button.

On the share permission dialog box select Read/Change allows. Then click Ok and close the dialog box, the click ok on the Share folder properties.

2. The second step is to actually create the folder redirect policy. Go to the Group Policy Management module which can be found on the Start menu through the Administrative tools option.

a. Right-click on the domain name where you wish the policy to be applied and choose Create and Link a GPO here.

b. Click New, and type the name to use for the GPO. We chose JS Folder Redirection

c. Click Edit to open the Group Policy snap-in and edit the new GPO.

d. In the Group Policy console, expand the User Configuration, Windows Settings, and Folder Redirection nodes. All Icons for personal folders that can be redirected will be displayed, choose JSUsers.

e. Right-click the folder name, click Properties, and then the Setting: Basic.

This will redirect everyone's folder to the same location. All folders affected by this Group Policy object will be stored on the JSUsers.

f. In the Target folder location drop down box select Create a folder for each user under the root path. In the Root Path text box, type the name of the shared network folder to use, or click Browse to locate it.

g. Select the Settings tab. Choose Grant the user exclusive rights to My Documents. This sets the NTFS security descriptor for the %username% folder to Full Control for the user and local system only.

h. click Finish to complete the Folder Redirection.

References we used:

Microsoft. (2002, March 1). How to figure folder redirection [Web log post]. Retrieved from http://technet.microsoft.com/en-us/library/cc782799(WS.10).aspx

Shaurya. (2009, January 9). Re: Configuring folder redirection in windows 2008 [Online forum comment]. Retrieved from http://www.itechtalk.com/thread1958.html

De Silva, P. (2009, January 29). Step-by-step guide to redirect users “my documents” to server folder and implement disk quota [Web log post]. Retrieved from http://padmandesilva.wordpress.com/2008/01/29/step-by-step-guide-to-redirect-users-%E2%80%9Cmy-documents%E2%80%9D-to-server-folder-and-implement-disk-quota/

2. Login Scripts Using Group Policy

<!--[if !supportLists]-->1. <!--[endif]-->Create a login script using Notepad. Open notepad and create the following file:

Save this file in the network's netlogon folder. Ensure that you add the .bat extension change the type to all files.)

2. Open the Group Policy Management Console from the Administrative Tools option on the Start button.

3. To apply the script to all JSServer domain users, right-click the domain name and select Create and Link a GPO Here.

4. In the New GPO window, give the new GPO a descriptive name. We call ours JSlogin Script Click Ok.

5. Click on the new GPO. You will be prompted with a message window. Click OK.

6. Right-click the new GPO and select Edit.

7. In the Group Policy Object Editor window, expand User Configuration > Windows Settings > Scripts.

a. Double-click Logon in the right-hand pane.

b. In the Logon Properties window, click Show Files.

c. A window will open. Click the Add button. Browse to the login script on the network netlogon folder. Do not add anything on the script parameter

8. Click Ok.

To update the group policies we used a program called specopsqpupdate. This was a time saver because we could force the group policies out to our workstations and then login to check if the policies were working.

We could manually have replicated the policies by using the command gpupdate at the command prompt. However, this command sometimes even takes time.

To test the login script, we logged in using one of our authenticated users and clicked on the file management tab on the taskbar and looked for a networked drive called s:\

The reference we used:

Petri, D. (2009). Setting up a login script through GPO in windows server 2008. Petri IT Knowledgebase. Retrieved from http://www.petri.co.il/setting-up-logon-script-through-gpo-windows-server-2008.htm

3. Group Policy - No Desktop

1. Open the Group Policy Management Console from the Administrative Tools option on the Start button.

2. To apply the policy to all JSServer domain users, right-click the domain name and select Create and Link a GPO Here.

3. In the New GPO window, give the new GPO a descriptive name. We called ours No desktop. Click Ok.

5. Click on the new GPO. You will be prompted with a message window. Click OK.

6. Right-click the new GPO and select Edit.

7. In the User Configuration, Preferences, Windows Settings, Registry, Right-Click and Click New Registry Wizard;
8. Browse to the item HideDesktopIcons and select.
The final step is to test if your policy works. Run the gpupdate command or the SECOPs program gpupdate and login to your workstations with authenticated users. If there is no desktop, you have been successful.
The reference we used for this was:

Louwers, H. (2010, July 24). Show / hide desktop Items windows 2008 R2 / windows 7 by means of registry and microsoft group policy preferences [Web log post]. Retrieved from http://hlouwers.wordpress.com/2010/07/24/show-hide-desktop-items-windows-2008-r2-windows-7-by-means-of-registry-and-microsoft-group-policy-preferences/

Today's challenges: It is always the small things. Our login script held us back for quite some time. In the end it was simply a space after the s: and before net logon. Thanks Jen! Yes, we can learn from each other's mistakes. We were also delayed when running the folder redirect policy. It had been working for some time before my muddled brain looked at exactly what it was supposed to be doing and it dawned on me that I had been looking for a home directory drive mapping but that is not what I had been asked to do. Yes, my documents folder is redirecting to the server's shared users folder. Aah...

IT Leadership: Active Directory

OK, So I thought today would be an easy, lazy Monday. Wrong. What could possibly go wrong when both John and I have worked with Active Directory numerous times? Perhaps not the back end of AD, but worked with, nevertheless.

Yesterday, I had gone in and discovered that our File Manager network issue had been resolved by the fixes I entered on Friday during coffee break. I had turned network discovery on on the workstations and disabled IPv6. I had also changed the workgroup name to match the server. I wish I had had time to check on this before leaving Lethbridge Friday, perhaps I wouldn't have dreamt in octets.

Our task today was to add the Role - Active Directory Services. This seemed easy enough, we went to our Initial Configuration tasks and chose Add Role, AD Services. When this was completed we were prompted to run the dcpromo.exe which was embedded in the installation wizard. We chose to add a domain controller in an existing forest. Our domain name was network5769.local. We did have some difficulty authenticating this service. What we discovered was that our DNS on the server's network adapter had changed to Lethbridge's. Of course, the Lethbridge router was not going to authenticate our domain. When we changed the DNS to the 192.168.181.50 (Lyle's) and 192.168.10.50 (our switch), we were up and authenticated in no time.

Our next tasks were to join our workstations to the domain. Both John and I were "old-hands" at this.

1. Right-click on My Computer

2. Properties

3. Computer name, domain and workgroup settings. Click change settings.

4. To rename this computer or change its domain or workgroup, click Change.

5. Click on the radial button, Domain and enter network 5769.local

6. Restart

Secondly, we needed to create four containers or OU within our school.

1. Computers

2. Students

3. Teachers

4. Groups

To do this we right-clicked on our school container and chose Create, New OU and labelled the OUs appropriately.

The next step was to move our two workstations in the Computers container within our school. This we could accomplish using drag and drop.

We next created two Students - student.lobo and student.lefebvre. We did this by right-clicking on the Students Container and Create New, user.

We used the same procedure and same naming protocol for the two teachers.

Our next step was to create two groups - teacher and student. We used the same procedure as above - right click on the group container and Create New, group.

After we had created our two groups, we needed to ensure that our two students became members of these groups. To do this we double clicked on the user, clicked on the Members of tab and Added studentJS. There is a shortcut to do this. If you cannot remember the exact name of the group policy, you can type the first few letters and click on the far right FIND link. It will show up with all policies beginning with that search criteria. Then simply highlight the proper choice and click add.

We ensured that our two teachers were members of the teachers group and the two students belonged to the student group. A cross-reference check of this was to go to the group policy and check members.

It looked, in theory, like we were good to go. However, things never seem to work out when that clock hits the magic hour of 11:30 am. Our workstations would not log on to our Active Directory. Err...

To fix this problem, we had to delete our four users and recreate them. We then added our group policies again. For whatever reason, this worked!

I think my partner may have been a little paranoid, he tried logging in again at the end of our school day. And...it worked!

Our references we used for the installation were:

Amaya, Nelson. (n.d.). How to install active directory on Server 2008 [Web log post]. Retrieved from http://forevergeeks.com/how-to-install-active-directory-on-windows-2008

Hall, Aaron. (n.d.). Setup Active Directory (Server 2008). Aaronhall.net: someday, bringing goodThings2Life will become a paradigm. Retrieved from http://www.aaronhall.net/support-active-directory-2008#

McLoughlin, N. (2008, February 26). Install active directory domain services for windows server 2008 [Web log post]. Retrieved from http://itsolutionsdirect.com/installing-active-directory-domain-services-for-windows-server-2008/151/

IT Leadership: Installing Windows 7 Clients

My daughter once told me, the year she worked in Montreal, that she knew she had moved over to French as her first language when she began to dream in French. I have dreamt about DHCP and DNS and numbers in octet format all weekend. I wonder, am I having nightmares, or simply transitioning into binary as my first language.

We began our day with a couple of tasks to cleanup our Server install.

1. We needed to enable remote desktop services. This will allow us to connect to our server remotely from our workstations. To accomplish this:
Start/system properties/remote/select allow connect
To use the server command prompt type oobe
2. In order for our active directory to function properly we needed to set our DHCP Server options to point to 192.168.181.50. To accomplish this:
DHCP services /server options/ general add this dns 192.168.181.50.
(This becomes the second DNS address in our protocol ( the first dns address is our local server 192.168.10.50, the second is the Lyles server 192.168.181.50) as well as 142.66.33.100and 142.66.33.101)

Today we were to set up two Windows 7 Enterprise workstations. The wizard on Windows 7 makes this a fairly painless exercise.

1. Put the Windows 7 system CD in the CD/DVD player.

2. Hard start the workstation and press F12 until you see the Boot menu.

3. Choose Boot from DVD

4. The wizard next asks you to choose the language options:

Language: English

Time & Currency: English (US)

Keyboard: US

After accepting these options choose Next, followed by the Install Now button.

5. The wizard next wants you to accept the license terms, click the I accept the License terms and click Next.

6. The next step is to determine where you want to install Windows. It is usually a good choice to accept the default. I did and clicked OK.

7. The installation wizard then went about its business installing Windows. There were two restarts during this process.

8. After the second restart, the wizard required me to enter a Username for the administrator account, a password and a computer name. My partner, John, and I chose:

Username: admin

Computer Name: JS-BTL83630 (We chose to implement a naming protocol. All our workstations will begin with JS (the name of our network) and the computer number (as listed on the sticky label by U of L tech staff) This will allow a quick identification of workstation for technical staff when troubleshooting)

Password: admin5769 (There was a mandatory retype password to ensure consistency)

Type a password hint: Ask Lyle

9. The wizard then asked about automatic updates. We chose to use the recommended settings.

10. We next reviewed our time and date settings. We needed to change from Pacific to Mountain time. The time was correct. Click Next.

11. To set up the network, we choose Work Network.

12. We next went to the Device Manager on the Control Panel and learned that we were missing two devices - (1) PCI Serial Port; and (2) Communications Manager. We had learned that these were part of the chipset drivers for the Optiplex 755. We then went to the support.dell.com website and downloaded the chipset drivers for the Vista 32 bit operating system (Win 7 was not available and Dell recommended this download for Win 7 workstations).

13. We next needed to authenticate our software with the proper activation key. To accomplish this we right-clicked on My Computer, went to the Windows Activation section and clicked change. I will not put the activation key as it belongs to prrsd. However, we were successfully activated. Woohoo.

14. Our last step in setting up our workstations was to ensure that we completed all updates. This took several restarts. Everytime we thought we were complete, Windows would find more updates.

15. When both workstations were complete, we were to verify through the Windows File Manager that we could see our entire network. On this task we failed and my obsessive tendencies reared their ugly head. We can see all our workstations and we can ping our server or enter the address for our server and communicate; however file manager will not show our server. I spent the noon hour verifying our DNS and DHCP settings; cross-referencing our notes, and Sean and Rocky's servers. The same. So I spent my afternoon Googling possible troubleshooting measures. I did find that this is a common error on Win 7. Some of the possible fixes are:

1. Make sure network discover is turned on

2. Add the client to the Host file

3. Ping Server name: JSServer10

4. Disable IPv6 in adapter properties on workstation

5. Change workgroup name

6. Add computer description on workstation (do not leave blank)

7. disable Homegroup network settings

8. Add DNS addresses manually in IPv4 settings

During the pm coffee break, I tried #4,5,6 to no avail. This saga is to be continued.....

IT Leadership: Installing DNS & DHCP Services

Today was not for the weak of mind and yet I managed. We continued our server installation focusing on DNS and DHCP. We did begin, however, by running the updates for Windows Server. This was a simple process. Our server booted up to the initial configuration options. It was simply a matter of turning automatic updates on (Option 2) and clicking on the Start updates button.

John and I also went back and ensured that IPv6 was turned off. We had noted on our server was choosing v6 as the default. Since we were using v4 static IP addresses, this seemed to be mandatory to our success.

Customize Roles (Option #3 - Initial Configuration Tasks)

Roles = Services. Installing the DNS is as simple as checking the DNS Services button. Although DHCP was in the same services box, we were advised to install one element at a time.

The second service we added was file sharing. We did this through the My Computer interface. On the c:\ drive we created a new folder and named it shared. Once this folder was created we right clicked on it and clicked on the Share tab. Once on this tab, we clicked the Advanced button and then checked off the Full Rights options. By checking off this option, we have given rights to all network users to read and write to this folder. The hazard is that they may also delete the contents in this folder. That is a risk we need to take.

The next service we added was the DHCP. There were several settings that were required for this service.

1. Setting the static IP Address for the server: 192.168.10.50

2. Enter parent domain: network 5769.local, preferred DNS Server: 142.66.33.100, alternate DNS: 142.66.33.101

3. Next, choose the default: WINS is not required for applications on this network.

4. Enter the DHCP Scopes:

Scope Name: J and S Workstations

Starting IP Address: 192.168.10.101

Ending IP Address: 192.168.10.253

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.10.254

5. Disable IP v6

6. Choose the default credentials

7. And....INSTALL.

Your DHCP can now be accessed by the Administrative Tools option on your Start Button. Changes to the DNS Scope can be made through this option as John and I discovered.

Drivers. Drivers can be frustrating for even experienced network technicians. From our install we were missing three drivers: PCI Serial Port, PCI Simple Communications Controller and the SM Bus Controller. After some Googling, we discovered that these were the three chipset drivers which could be found on the Dell Site. Link to Drivers

Our last step of the morning was to verify that our DNS and DHCP was working. We used the Knoppix (Linux based) boot CD to ping other workstations on the network. This was how we first discovered that we were having some issues with our DNS. Once that was fixed, we were able to ping and view other shared folders. Exciting!

-->