:::: MENU ::::
Browsing posts in: Church IT

Central Illinois Roundtable

Next Central Illinois Church IT Roundtable:

 

Feb. 19

Dinner at 5:30pm

Roundtable Discussion at 6:30pm

(until the Mountain Dew runs out)

Agenda:

Round table discussion

Presentation from Dell

  • Present and demonstrate their Storage Technologies

Hosted at

Northwoods Community Church

10700 N. Allen Rd., Peoria

Cost

$10 includes dinner 

questions, etc., to j.lee(at)nwoods(dot)org

What’s a Roundtable Discussion?

A roundtable is a peer-learning event where the participants are both teachers and learners. A roundtable is small enough to emphasize interactive learning, led by a facilitator and peer, includes participants who have an affinity with each other, and does not include a strong agenda beyond sharing knowledge. The participants set the agenda, and interaction among participants takes precedent over presentation by “experts.” In fact, in one-way or another, most of the roundtable participants are already experts. In this group, we intend to learn from each other about how to better resource, equip, and train ministries in the areas of computer hardware, networking, server support, web services/sites, telecom services, etc. It will be geeky and fun. 



ACS Facility Scheduler

Our Ministry Partnership with ACS has had their scheduling application locked its sights for almost a year now.  Working on a weekly basis their team developing and going live with the product last fall.  Well finally we are live on campus with Facility Scheduler. While we did have some heart burn rolling out the application the overall consensus is that Facility Scheduler is proving to a great reliable tool.   The start of the new calendar year was our date that we selected to migrate away from multiple calendars.

For years our ministry has struggled with global ministry calendaring and FS has been a great help to remove heart burn for our staff when trying to schedule ministry events.  Briefly here is a list of what we combined into on location when Facility Scheduler went online:

  • Master Calendar
    • We had an outlook calendar that was basically a glorified 10000 ft overview of what was happening in our ministry without many details and often not updated after things changed in our global planning meetings.
  • The Ministry Scheduler
    • This was the predecessor to Facility Scheduler and was used by our Campus Services team to schedule equipment, rooms and other resources. (yes TMS Could have done more i know.)
  • Personnel Rotation Calendars
    • We had multiple calendars in crazy places (those specific calendars will remain nameless to protect the innocent individuals who inherited those calendars in crazy places); one in Publisher, one in excel and one in a hybrid of Excel and Outlook.

Now all that data has been entered/migrated into Facility Scheduler (iIoften remind the team at ACS that their new product does far more than schedule the facility and it needs a tune up on a better name… I know they needed to differentiate the new product from the OLD TMS but it was really a better name….maybe we’ll have a naming contest later.)  Anyway… Now our staff can go to one application and view when their events, or personnel are scheduled.

One feature I like about FS is the granular security, we can grant the appropriate permissions to user groups for scheduling specific resources.  In our case each administrative assistant can schedule their own conference room and other area specific resources or personnel without submitting an event request form.  So ministries who "own" a resource can schedule that resource without the hassle of "requesting" to use it.  This is really helpful since now these ministry "owned" resources can be viewed globally when planning large scale events as well as individual ministry needs.

While I am thrilled with the progress we have been able to make I am patiently anticipating some of the development that is on the horizon for Facility Scheduler including:

  • Scheduling Requests via  workflow that will get the approval of multiple departments for an event to take place
  • Viewing the Calendar (read only) from a view in Outlook
  • Management of event registrations that are being processed in  Access ACS (or Our branding Northwoods.me) 
    • When you are setting up all the information for the event you can click on a button and configure the online event registrations for that event’s participants.
  • Making Requests via an Outlook Meeting Request plug-in
  • Displaying the events in Facility Scheduler on our close circuit TV monitor facilitated by a Facility Scheduler ‘Add-On" (development project name "BroadCast")
    • If you haven’t heard anything about this product leave me a note and we’ll get  you connected with the appropriate people this is proving to to be a really really sweet tool!   For those of you using FS and also for those of you who aren’t ACS customers!!!!
    • I am super exited about this one, it has been one of my soap box items since day one….  The data is already in our scheduling applications why isn’t there a tool to display it.  This tool looks like it will support multiple data sources not just ACS facility scheduler.
  • Auto-magically generating pages on the fly for each event so that events and registration links can be published via the web without manually setting up those pages (all available to the public without the need for knowing any credentials)
  • Alerts telling the FS admin that Online Registrations are nearing capacity or are full to aid in selecting a location for a specific event.
  • Alerts Reminding the event planner that their event is scheduled and what resources are included a few days before the event.

 

I know others of you are also diving into Facility Scheduler and I would be interested in hearing your success so far as well as your heart burn.  Anyone interested in an online roundtable discussion about FS?

I know several are in the process of moving to Facility Scheduler you might check out their blogs for more information too:

Shawn Ross’s blog

Jeff Suever ‘s blog
Jeff has been posting a bit about his experience with Facility Scheduler too.  I would also weigh in to our friends at ACS that Jeff is absolutely on the right track FS needs to be able to accommodate Links to an event page outside the ACS generated pages and would push a little more than Jeff to say the event description editor needs to be able to natively accommodate hyper links rather than dropping code into the description (one because this might do wonky things to "BroadCast").  Also Jeff has noted that the individual event page links expire after 24 hours… and while I understand the security that is in play, we need to be able to have a link for each event that doesn’t expire after 24 hours.  Additionally I’ll add it would be nice to be able to configure what displays on these pages…. some may want some data to appear others won’t (example you might want to toggle on or off the "confirmed" line to the general public.

Overall Facility Scheduler is a great product and it is moving forward a great speed.  If you are an ACS customer and haven’t looked into Facility Scheduler don’t miss out…. and if you are looking for a Scheduling application And AREN"T an ACS customer this should be one of the applications on the top of your list.


Windows Deployment and MDT Links Fixed

In a recent series of posts I documented the process that we used to deploy Vista in our test scenarios and then to several Dell 755 machines that are now in production… Problem with those posts, the links from the first post to the subsequent posts were wrong.  Those links have now been updated and added below incase you had issue navigating thru the documentation.

 


Windows NameSpace and ABE

Giving a bit of a face list to our File server we have decided to proceed with a Windows DFS Namespace.  One big reason for moving this direction rather than the traditional file shares is quite simply being able to present data in once space and still having the flexibility to distribute the data across several servers.  In this process we have elected to migrate our existing shared network drive to a new location so when we migrate each department we can talk thru storage best practices.  One major reason was to offload our Media storage to a separate server so there was less pain felt when mondo files were being archived on the servers from our Media folks.

NamespaceWe added DFS (2003R2) to our existing file server and configured it to host the name space.  In both 2003 and 2008 server this is a role that needs to be added for the service to be available.  A second server was named our media server and also was added to the namespace.  Here is a good article on the step by step to adding a Domain Namespace.

One item that wasn’t clear to me was DFS Creates a share that houses the links to your data when you add a server to the namespace the local location of the DFS Links SHOULDN’T be the location where your data exists.  The DFS Roots are simply a file structure that tells the namespace how to work and where to point… Don’t make the DFSRoots Shared folder your data location.

Now users can go do domain.orgNamespace and access their departments files even if those files live across two separate file servers. 

All was quickly working well except for one of our requirements for this project, enabling Access-Based Enumeration, Microsoft’s name for security trimming on a file server.  While the permissions were working and users couldn’t get to another departments data they could still see the other departments…. and learning from experience if people don’t have access to data then things are better if they can’t see that data is there…  So then started a quest to enable ABE on the namespace. 

We converted our new File server to Server 2008 since we read that DFS Namespaces support ABE.  The problem is the fine print, for ABE to run on a 2008 Namespace you have to have your domain functional level at 2008 to enable a 2008 Namespace.  We aren’t quite there yet since one of our DCs is still a 2003 DC so the quest continued.

Next we found this support document which explains the DFSRoots for each link in the namespace have to have the same ACL as the ACL on the target. 

From KB 907458

If the ACL on the DFS link is not set to match the ACL on the target, the following conditions may be true:

  • If the ACL on the link is more restrictive than the ACL on the target, the link will not be displayed. However, if the user knows the name of the link, the user can locate the appropriate path and see the contents of the target.
  • If the ACL on the link is less restrictive than the ACL on the target, the link is displayed. However, when the user locates the link, the user sees an “Access Denied” message.

One item wasn’t clear from the support document on our first attempt was fact that the default permissions on the DFS Roots directory overrides ADE and displays all directories to all users, even if they don’t have the rights to actually open those directories. This is because by default on the server ‘servernameusers’ (the local users account on the server) has read permissions on all directories in the DFSRoots directory.

Example:
Department 1
Has data living on Server 1 X:NameSpaceDataDepartment1 with Permissions DomainDept1: Full Control
Department 2
Has data living on Server 2 X:NameSpaceDataDepartment2 with Permissions DomainDept1: Full Control

We wanted to present both as directories in domainNamespace as
domainNamespaceDepartment1 and domainNamespaceDepartment2

Both appear in the namespace when ABE is enabled since the links to both directories (located in X:DFSRootsNameSpaceName) have rights for the local ‘users’.

Its good to now even though they could see the other departments the users without permissions to the other department get “Access Denied”

For our installation the DFSRoots were located e:DFSRootsNameSpaceName and the Data was located on the server on E:NameSpaceData.

We had to set the Permissions on e:DFSRootsNameSpaceName:
Administrator Full Control (This folder, subfolders and files)
LocalUsers: Read, List (this folder only, NOT This folder, subfolders and files)

Then use the CACLS utility to add read permissions to each department’s group to the appropriate link by navigating the command line to the e:DFSRootsNameSpaceName and running the following command:
cacls”DepartmentLinkDirectory” /E /G “DomainSecurityGroup”:R

This sets the ACL on the Department’s DFS Link to give the domain security group read permissions.  
The Switches
- /E edits the existing permissions vs. replaces the permission on the Link
- /G Grants Specified User access Rights and R is Read.

To set multiple groups:
cacls “DepartmentLinkDirectory” /E /G “DomainSecurityGroup”:R /G “DomainSecurityGroup2″:R

After the ACLs are set for the Target Data and the Links when you browse the namespace the user sees the department directories that are appropriate for that user.


Great Support and a Couple Bugs

FacilityScheduler Earlier this week we were putting the final touches on deploying Facility Scheduler to all our users.  This is an exciting event since we have been in the development stages of FS for over 18 months with the team at ACS and it was finally time to make it available to all our staff. 

We elected to make this available to our staff the same way we have made ACS Desktop available, with a terminal server. 
We followed the steps to install Facility Scheduler on the terminal server several weeks ago and it worked with no problems.  Since we installed the application there had been an update, which we ran under the admin user account on the server.  Jeremie made the application avaiable to all users so we decided to check that the application would work for all users.  It was a good thing we checked since the application for each user went into a loop trying to update the application even though it was already updated.  A quick call to support pointed us to the Program Manager for Facility Scheduler, Darci Shelley.  We work with Darci often and participates in our confrence calls that happen every other week with ACS so we were confident Darci could help us fix the problem… except she wasn’t on call and I didn’t have her contact info… so Jeremie and I sent Dean Lisenby a tweet for some help. We explained to Dean our problem of the next day’s go live demo for all staff and quickly Dean responded and had contacted Darci at home and told us she was online and available to assist us once her kids were in bed.  Once Darci was online she helped us work thru our issues with the application and troubleshooting our problem for over an hour all while at home.  While working with Darci we identified a bug in the current version of Facility Scheduler running on a Terminal Server that will have to be updated before the next release.  So two thumbs up to Darci for providing top notch support even when she didn’t “have to”.

Instructions for deploying Facility Scheduler on a terminal server:
1) Install ACS Facility Scheduler as an administrator.
2) Once the installation is complete, go to C:Documents and SettingsAdministratorLocal SettingsApplication Data.
3) Copy the ACSTechnologies folder.
4) For each user on the Terminal Server, paste the folder in the following location: C:Documents and SettingsusernameLocal SettingsApplication Data.
5) To place a shortcut on the Terminal Server desktop for all users, go to Start->Programs->ACS Technologies, right click on ACS Facility Scheduler, and select Copy.
6) Go to C:Documents and SettingsAll UsersDesktop, go to Edit, and select Paste.
Now when any user logs into Terminal Services, they will have an icon on their desktop to launch ACS Facility Scheduler. The first time they open Facility Scheduler, it will show the admin user name, but once they have entered their user name for Facility Scheduler, this name will be saved and will show for each subsequent login.

Optional Alternative when installing Facility Scheduler:
You can copy the ACSTechnologies folder to the C:Documents and SettingsDefault UserLocal SettingsApplication Data.  Then any new user profile created will include the Facility Scheduler application.  This worked for us since we had to do some account clean up to get rid of old Terminal Server profiles.  We deleted all TS profiles except the admin user’s profile and had users login “fresh”.  When they logged in the users had the icons and access to the application.

Now a FYI on a couple ACS bugs we have found this week
Bug #1
The update feature for Facility Scheduler application doesn’t work for any users other than the admin user who’s login you used to install the application.   The temporary work around until the fix is released is to follow the above procedure again and overwrite the ACSTechnologies Folder for all users.
Bug #2
When updating to 10.0.12 from a previous version the Icons for Ministry Scheduler and other ACS modules vanish for all users including the local administrator.  After running the 10.0.12 update our users noticed that random ACS icons that were on their desktops or in the start menu were gone.  After a call to the MegaChurch support group we found out that support has noted this is a know issue that they though was resolved, but obviously hadn’t been fixed.   The solution is to go into ACS Utility Manager by going to Start>All Programs> ACS> ACS Tools> Utility Manager and then selecting Rebuild Program Group.  This utility recreates all the default shortcuts in the start menu and desktop for the all user profiles.
 
And lastly just while I am on the topic of ACS “issues” I am left wondering the status of some past “Big Ticket” issues (I realize they aren’t small tasks and I don’t expect solutions overnight…but how are the projects coming along?):

1) When will ACS Desktop Suite allow a username to be more than 8 characters?  The 8 character limit was something I raised concern about over a year ago (11/5/07) but this issue still isn’t resolved.  If we had the ablity to use more than 8 characters we could use the Windows login integration in ACS but since almost 100% of our userIDs are more than 8 positions we cant… When will this be resolved?  Or better yet when will the ACS Desktop suite integrate to AD for authentication and setting rights thru AD groups?

2)  When will the Exchange/GAL Sync tool be ready for beta testing?  Rumors were that it would be ready for the ACS convention in the Spring… now its November…

3)  What is the status of the ACS Outlook Plugin and Vista Gadget  to search ACS records from Outlook and the Vista Gadget tool bar?  Rumors are that the Outlook Plugin is ready now and the gadgets are comming soon… how do we find out about this stuff?

4)  What is the status of the Silverlight Screen Display Beta that was expected to be released by mid October?

5)  When will ACS technical services have a blog or some vehicle to communicate these types of bugs to the users rather than the current scenario where customers have to “find” these bugs before ACS support says “Oh, yea we knew about that”.  I know this type of info isn’t appropriate for the corperate blog, but there shold be some way that customers that want this information to be able to subscribe to this via a RSS feed.


Tom Rogers new ACS tech President

I recently posted about the shocking news that our trusted ChMS partner, ACS Technologies, dismissed their President and CEO

Late Last week Marvin Owen of ACS Technologies posted a link to a press release on their company blog officially announcing the election of Tom Rogers as the President.  And Executive IT Director, Dean Lisenby posted this on his personal blog.

I am glad that the company released the information publicly and hope this is just one of several steps to communicate this leadership change with the customers.  

It is my hope that ACS has a plan to more “actively” communicate to the whole customer base.  I think it’s safe to assume the vast majority of the customers are completely unaware of this election since they don’t frequent the corporate blog. I have had several fellow customers ask me about this leadership change and I have to admit I know nothing more than what I have posted in my previous post and what I have read on the two blogs referenced above….Maybe a email to the entire customer base would be good next step detailing some of the answers to questions that are being asked.

If you don’t follow the ACS corporate blog I encourage you to check out the post and leave your own comments or questions… Or post your questions here.


ACS Technologies Dismisses CEO?

News today, confirmed by reliable sources inside ACS, is that the Board of Directors of ACS Technologies, our trusted ChMS partner, has released CEO and President Hal Campbell.

Significant leadership changes always generate waves, so here are the thoughts and questions that came to mind in conversation today with my colleague Kirt Manuel, communications director at Northwoods.

  • We have been very pleased with the partnership that has grown between us and ACS, even to the point of “Woah!” when ACS told us they were reorganizing their entire company to better serve megachurches like Northwoods. A sudden leadership change like this makes me think that the board of directors doesn’t approve of the company’s new direction. As our ministry operations are tightly wound up with ACS, we’d like some comment and explanation.
  • ACS has earned some recent “street cred” with the introduction of iPhone and Windows Mobile applications as well as talk of widgets, gadgets, and such. With Facility Scheduler and AccessACS , they’ve built on a modern, robust framework and released sweet APIs. They’re building hooks, links, and syncs with third-party tools such as Outlook/Exchange, Planning Center Online, Constant Contact and the like. We’re putting a lot of eggs in those baskets, but now we’re feeling a fear getting scrambled. What can you say to reassure us that ACS will continue this forward-looking, leading edge work?
  • From out here, ACS seems to be performing well in terms of product development, customer service, etc. Is that same performance excellence not carrying over to profitability? Is this decision a financial one?
  • If this is a difference of vision between the now former president and the other primary shareholders, perhaps, we the customer base, can clarify things and help you craft a vision that serves us well.
  • Who will take over this critical leadership role? Will you seek to hire from within or will you search some new outside expertise and vision?

Tanner and Chuck two thumbs up!

I have noted when tech support has performed below our expectations in the past so that means I should also note when we receive excellent support too, right?

During our MDT Deployment I had had enough and decided that I wasn’t going to spend any more time on trouble shooting the issues… Thankfully we recently purchased a MSDN subscription and that included 4 telephone support incidents so Jeremie and I decided to give it a try.  I called the 800 number and was quickly routed to Tanner S. a senior support engineer who specializes in MDT and WDS.  I stated the issues we were having and Tanner quickly resolved our issue and I was on our way to success… so I thought.

After I completed the call with Tanner we came upon several other issues so I responded to the email he had sent me with the case number and asked 2 more questions which he quickly resolved.

After those issues were resolved we found a couple more problems and we contacted Tanners backup Chuck W.  who helped us resolve those issues.

These guys helped us resolve multiple issues which included:
- Windows PE not loading
- How to edit the startnet.cmd file when we had a timeout issue connecting to the WDS host
- Drivers not getting installed on images
- Including Intel Chipset drivers that are packaged and aren’t included in the OOBdrivers
- Application Installation errors during the MDT install

So needless to say these guys went over an above to get us going.  They could have simply said that the subsequent questions were not part of the case and closed the case but they were willing to conceder our support request all encompassing from the setup of MDT to the final deployment to our Dell 755s and we were allowed to ask questions along the way.  They solved our 1st problem and multiple other smaller issues afterward.  They both did it in a very gracious, and kind demeanor.  While they both could have told us to go find the answers on live.com or to read the documentation they were willing to answer all our questions… Even staying after their shift ended to make sure the test deployment completed without any errors after we made changes to the boot images. 

Kudos to Tanner and Chuck… Great customer support and a job well done!!!


Deploying Vista 64 bit to Dell 755

After we were able to get the deployment of Vista 32bit out to our Dell 755s tackling the install of Vista 64bit was next on the agenda.  The primary reason for pushing out 64bit was because of the memory threshold limit on 32bit.  Several of our old Dell 740s had 2 gb of added memory we wanted to move over to our new 755 boxes which put us over the 3.5gb limit.  Not a huge issue, but I also new down the road we would want to deploy 64bit versions of Server 2008 so we might as well work out the issues now.

Before you can start a 64bit install you have to add a 64bit OS to the list in MDT.  This is the same process as adding a 32bit OS and creating the task sequence as documented in the first MDT post.  When you include your 64bit OS in a task sequence, be sure in the title and description to note that this is the 64bit installer so there is no confusion later. After the OS and Task Sequence are added you will need to add any 64bit Out of the Box Drivers this is the same process that you did with your 32 bit drivers.

Lastly you need to make 64bit a supported platform with your deployment point.  Up to this point when you updated the boot image MDT only updated the 32bit .wim file so now you need to tell MDT to also update the 64 bit boot image.

Go to Deployment Point, and Choose Properties for the Deployment Point and then on the general tab tick the check box next to x64 and choose OK.  Lastly update your Deployment Point.

64bitDeployment

 

After your deployment point is updated you will need to add this new boot image to your WDS server.  Go to Server Manager and navigate to the boot images in your WDS server.  Right Click on Boot images and select new boot image.  This time you will select the 64bit boot image, LiteTouchPE_x64.wim, found in:
DistributionBoot.  You can leave both the 32bit and 64 bit boot images enabled so when you pxe boot off your server you select the appropriate architecture for your install.

When you PXE boot off the WDS Server you will be presented with the two LiteTouch boot images, select the x64 image.
BootManager

After you select the x64 image the WindowsPE installer that you have seen in the 32 bit installs will display… this time with one exception, the Operating systems displayed as tasks available are the 64bit options you added in the task sequences.

 

64 bit OS Install “Got-Ya’s”

1.  The intel sata driver for the Dell 755 appears in MDT as a driver that is both 32 and 64 bit.  Its not.  When you boot into WindowsPE the first time after adding all your drivers and updating the boot images you will get a lovely error like the following:
File: windowssystem32ddriversiastor.sys
Status: 0xc0000359
Info: Windows Failed to load because a critical system driver is missing or corrupt.
64bit Boot Error

This happens only after you update the 64bit boot image from MDT.  The original 64bit boot image has the needed storage controller driver but when you update MDT it includes the OOB drivers you added.  Since intel’s storage driver is really not a 64 bit driver like MDT thinks it is the 64bit WindowsPE bombs.   So what do you need to do?  The easiest way to do fix this is the following steps:

  • Delete all drivers from the Out of Box Drivers in MDT
  • Download both the 64 bit and 32 bit Intel Matrix Storage Manager Drivers.
  • Add only the 32 bit Driver to OOBD
  • Open the properties of that driver and un-tick the x64 check box.

IntelDriver-1

  • Next add the 64 bit driver.  This time you will have to select “Import drivers even if they are duplicates of an existing driver”

AddDrivers

  • Next you will need to edit this newly added driver.  The easiest way to find this driver is to sort all OOB Drivers by Platform.  The newly added driver will display x86, x64.  Edit that driver to only support x64 platform.

IntelDriver-4

  • After your drivers are updated, import all your drivers again and update your deployment point.

 

See other Posts on Vista Deployment with MDT:


UA-2932131-1