:::: MENU ::::

Outages are Annoying

So today I was quickly reminded why we schedule planned outages for maintenance and how annoying unplanned outages are for end users.  Typically we are so busy scrambling to fix the problem we don’t think about how it feels to the end users when systems are down.

This year I am trying TurboTax.com to help navigate our Tax filings… I started using the tool online on Saturday morning and have gotten thru most of our filing… The “wizard” like tool even navigates charitable giving and a housing allowance…

The price for the Online tool is cheaper than downloading the software and since I don’t need to e-file more than once the online version worked.   Until today.  I had the  morning off and thought I would finish up our taxes until I was presented with this lovely little greeting….

TurboTax

 

At least they have a nice pretty graphic to put up when things go down… Hopefully it won’t die too many more times before April 15.


Central Illinois Roundtable

Next Central Illinois Church IT Roundtable:

 

Feb. 19

Dinner at 5:30pm

Roundtable Discussion at 6:30pm

(until the Mountain Dew runs out)

Agenda:

Round table discussion

Presentation from Dell

  • Present and demonstrate their Storage Technologies

Hosted at

Northwoods Community Church

10700 N. Allen Rd., Peoria

Cost

$10 includes dinner 

questions, etc., to j.lee(at)nwoods(dot)org

What’s a Roundtable Discussion?

A roundtable is a peer-learning event where the participants are both teachers and learners. A roundtable is small enough to emphasize interactive learning, led by a facilitator and peer, includes participants who have an affinity with each other, and does not include a strong agenda beyond sharing knowledge. The participants set the agenda, and interaction among participants takes precedent over presentation by “experts.” In fact, in one-way or another, most of the roundtable participants are already experts. In this group, we intend to learn from each other about how to better resource, equip, and train ministries in the areas of computer hardware, networking, server support, web services/sites, telecom services, etc. It will be geeky and fun. 



Winter in the Midwest

While its no secret I really enjoy winter… especially the snow.  Its not that I dislike summer (because you sure can’t go water skiing today), but I really do enjoy the changing seasons. 

Today though I am starting to rethink my love of winter… maybe its not love but a favorable association…. especially when you start to see numbers like these on the little weather station in the house and thermometer in the car.

Morning Temp 1/15/09

 

I decided to let my car run a little this morning since the .6 mile commute doesn’t exactly get the engine warm and this is the temperature I was greeted with when I was ready to drive to work.

Morning Temp 1/15/09

 

Its crazy to see that 2° above just 12 hours before seemed like a heat wave… especially when the high today is suppose to get to a blistering -2°

Temp 1/14/09

 

And finally a nice winter sun rise..

Winter Sun Rise


That’s My Boy

jonathan headshotWhile Admitting my wife has been putting me to shame with her consistent blogging…. I am shamelessly just going to link this post to her blog

The pictures say it all. 


ACS Facility Scheduler

Our Ministry Partnership with ACS has had their scheduling application locked its sights for almost a year now.  Working on a weekly basis their team developing and going live with the product last fall.  Well finally we are live on campus with Facility Scheduler. While we did have some heart burn rolling out the application the overall consensus is that Facility Scheduler is proving to a great reliable tool.   The start of the new calendar year was our date that we selected to migrate away from multiple calendars.

For years our ministry has struggled with global ministry calendaring and FS has been a great help to remove heart burn for our staff when trying to schedule ministry events.  Briefly here is a list of what we combined into on location when Facility Scheduler went online:

  • Master Calendar
    • We had an outlook calendar that was basically a glorified 10000 ft overview of what was happening in our ministry without many details and often not updated after things changed in our global planning meetings.
  • The Ministry Scheduler
    • This was the predecessor to Facility Scheduler and was used by our Campus Services team to schedule equipment, rooms and other resources. (yes TMS Could have done more i know.)
  • Personnel Rotation Calendars
    • We had multiple calendars in crazy places (those specific calendars will remain nameless to protect the innocent individuals who inherited those calendars in crazy places); one in Publisher, one in excel and one in a hybrid of Excel and Outlook.

Now all that data has been entered/migrated into Facility Scheduler (iIoften remind the team at ACS that their new product does far more than schedule the facility and it needs a tune up on a better name… I know they needed to differentiate the new product from the OLD TMS but it was really a better name….maybe we’ll have a naming contest later.)  Anyway… Now our staff can go to one application and view when their events, or personnel are scheduled.

One feature I like about FS is the granular security, we can grant the appropriate permissions to user groups for scheduling specific resources.  In our case each administrative assistant can schedule their own conference room and other area specific resources or personnel without submitting an event request form.  So ministries who "own" a resource can schedule that resource without the hassle of "requesting" to use it.  This is really helpful since now these ministry "owned" resources can be viewed globally when planning large scale events as well as individual ministry needs.

While I am thrilled with the progress we have been able to make I am patiently anticipating some of the development that is on the horizon for Facility Scheduler including:

  • Scheduling Requests via  workflow that will get the approval of multiple departments for an event to take place
  • Viewing the Calendar (read only) from a view in Outlook
  • Management of event registrations that are being processed in  Access ACS (or Our branding Northwoods.me) 
    • When you are setting up all the information for the event you can click on a button and configure the online event registrations for that event’s participants.
  • Making Requests via an Outlook Meeting Request plug-in
  • Displaying the events in Facility Scheduler on our close circuit TV monitor facilitated by a Facility Scheduler ‘Add-On" (development project name "BroadCast")
    • If you haven’t heard anything about this product leave me a note and we’ll get  you connected with the appropriate people this is proving to to be a really really sweet tool!   For those of you using FS and also for those of you who aren’t ACS customers!!!!
    • I am super exited about this one, it has been one of my soap box items since day one….  The data is already in our scheduling applications why isn’t there a tool to display it.  This tool looks like it will support multiple data sources not just ACS facility scheduler.
  • Auto-magically generating pages on the fly for each event so that events and registration links can be published via the web without manually setting up those pages (all available to the public without the need for knowing any credentials)
  • Alerts telling the FS admin that Online Registrations are nearing capacity or are full to aid in selecting a location for a specific event.
  • Alerts Reminding the event planner that their event is scheduled and what resources are included a few days before the event.

 

I know others of you are also diving into Facility Scheduler and I would be interested in hearing your success so far as well as your heart burn.  Anyone interested in an online roundtable discussion about FS?

I know several are in the process of moving to Facility Scheduler you might check out their blogs for more information too:

Shawn Ross’s blog

Jeff Suever ‘s blog
Jeff has been posting a bit about his experience with Facility Scheduler too.  I would also weigh in to our friends at ACS that Jeff is absolutely on the right track FS needs to be able to accommodate Links to an event page outside the ACS generated pages and would push a little more than Jeff to say the event description editor needs to be able to natively accommodate hyper links rather than dropping code into the description (one because this might do wonky things to "BroadCast").  Also Jeff has noted that the individual event page links expire after 24 hours… and while I understand the security that is in play, we need to be able to have a link for each event that doesn’t expire after 24 hours.  Additionally I’ll add it would be nice to be able to configure what displays on these pages…. some may want some data to appear others won’t (example you might want to toggle on or off the "confirmed" line to the general public.

Overall Facility Scheduler is a great product and it is moving forward a great speed.  If you are an ACS customer and haven’t looked into Facility Scheduler don’t miss out…. and if you are looking for a Scheduling application And AREN"T an ACS customer this should be one of the applications on the top of your list.


Windows Deployment and MDT Links Fixed

In a recent series of posts I documented the process that we used to deploy Vista in our test scenarios and then to several Dell 755 machines that are now in production… Problem with those posts, the links from the first post to the subsequent posts were wrong.  Those links have now been updated and added below incase you had issue navigating thru the documentation.

 


‘Tis the Season

A few more things this weekend that point to it being the Christmas Season. 

I volunteered at our Christmas productions this weekend with our Creative Arts Tech teams.  It was fun to help out and see that team in their element…. and of course having me back on a headset in a tech booth is fun for all! (Right Dave!)  

The men’s service team and the creative arts teams did an awesome job building the set again this year!  A two story Mall scene has taken over the stage.

Christmas Program

 

Traveling to Ohio with my FAMILY was a smooth trip despite the 30-40 mile per hour winds….  Have i told you how much i love winter!  We found ice covered trees all the way to the Indiana border.

Traveling Home

 

At times you couldn’t tell if the snow was drifting or falling from the sky.

Traveling Home


Winter is here

Life with a 2 month old has been lots of fun, although it has reduced my time to blog… But some how my wife has found time,  so I’ll break the recent silence with some ‘fun’ photos from when I went out to our cars this morning.

Last night’s winter storm dumped a half inch of ice on the the cars that are back outside. (the property where we were storing our boat for the winter was sold two weeks ago… so if you know of a storage location in central Illinois… on the cheap leave a comment)

Ice Storm 12/19/08

Ice Storm 12/19/08Ice Storm 12/19/08


Windows NameSpace and ABE

Giving a bit of a face list to our File server we have decided to proceed with a Windows DFS Namespace.  One big reason for moving this direction rather than the traditional file shares is quite simply being able to present data in once space and still having the flexibility to distribute the data across several servers.  In this process we have elected to migrate our existing shared network drive to a new location so when we migrate each department we can talk thru storage best practices.  One major reason was to offload our Media storage to a separate server so there was less pain felt when mondo files were being archived on the servers from our Media folks.

NamespaceWe added DFS (2003R2) to our existing file server and configured it to host the name space.  In both 2003 and 2008 server this is a role that needs to be added for the service to be available.  A second server was named our media server and also was added to the namespace.  Here is a good article on the step by step to adding a Domain Namespace.

One item that wasn’t clear to me was DFS Creates a share that houses the links to your data when you add a server to the namespace the local location of the DFS Links SHOULDN’T be the location where your data exists.  The DFS Roots are simply a file structure that tells the namespace how to work and where to point… Don’t make the DFSRoots Shared folder your data location.

Now users can go do domain.orgNamespace and access their departments files even if those files live across two separate file servers. 

All was quickly working well except for one of our requirements for this project, enabling Access-Based Enumeration, Microsoft’s name for security trimming on a file server.  While the permissions were working and users couldn’t get to another departments data they could still see the other departments…. and learning from experience if people don’t have access to data then things are better if they can’t see that data is there…  So then started a quest to enable ABE on the namespace. 

We converted our new File server to Server 2008 since we read that DFS Namespaces support ABE.  The problem is the fine print, for ABE to run on a 2008 Namespace you have to have your domain functional level at 2008 to enable a 2008 Namespace.  We aren’t quite there yet since one of our DCs is still a 2003 DC so the quest continued.

Next we found this support document which explains the DFSRoots for each link in the namespace have to have the same ACL as the ACL on the target. 

From KB 907458

If the ACL on the DFS link is not set to match the ACL on the target, the following conditions may be true:

  • If the ACL on the link is more restrictive than the ACL on the target, the link will not be displayed. However, if the user knows the name of the link, the user can locate the appropriate path and see the contents of the target.
  • If the ACL on the link is less restrictive than the ACL on the target, the link is displayed. However, when the user locates the link, the user sees an “Access Denied” message.

One item wasn’t clear from the support document on our first attempt was fact that the default permissions on the DFS Roots directory overrides ADE and displays all directories to all users, even if they don’t have the rights to actually open those directories. This is because by default on the server ‘servernameusers’ (the local users account on the server) has read permissions on all directories in the DFSRoots directory.

Example:
Department 1
Has data living on Server 1 X:NameSpaceDataDepartment1 with Permissions DomainDept1: Full Control
Department 2
Has data living on Server 2 X:NameSpaceDataDepartment2 with Permissions DomainDept1: Full Control

We wanted to present both as directories in domainNamespace as
domainNamespaceDepartment1 and domainNamespaceDepartment2

Both appear in the namespace when ABE is enabled since the links to both directories (located in X:DFSRootsNameSpaceName) have rights for the local ‘users’.

Its good to now even though they could see the other departments the users without permissions to the other department get “Access Denied”

For our installation the DFSRoots were located e:DFSRootsNameSpaceName and the Data was located on the server on E:NameSpaceData.

We had to set the Permissions on e:DFSRootsNameSpaceName:
Administrator Full Control (This folder, subfolders and files)
LocalUsers: Read, List (this folder only, NOT This folder, subfolders and files)

Then use the CACLS utility to add read permissions to each department’s group to the appropriate link by navigating the command line to the e:DFSRootsNameSpaceName and running the following command:
cacls”DepartmentLinkDirectory” /E /G “DomainSecurityGroup”:R

This sets the ACL on the Department’s DFS Link to give the domain security group read permissions.  
The Switches
- /E edits the existing permissions vs. replaces the permission on the Link
- /G Grants Specified User access Rights and R is Read.

To set multiple groups:
cacls “DepartmentLinkDirectory” /E /G “DomainSecurityGroup”:R /G “DomainSecurityGroup2″:R

After the ACLs are set for the Target Data and the Links when you browse the namespace the user sees the department directories that are appropriate for that user.


Pages:1...78910111213...28
UA-2932131-1