All posts by Brian Pool

Google Drive Sync to a Network Folder

<![CDATA[Recently Google Drive stopped syncing to a network folder.  This has been a conundrum for many of us that put it there so we can access it from various locations.  There is a work around.

  1.  Download the old version of Google Drive that did work.
  2. Uninstall Drive and install the version above.  You can point it to any share during the install process.
  3. Disable Google Updates in the Task Scheduler.  If you don’t it will just update and break itself.  This will disable Chrome updates as well, so it is a trade off.
  4. Make a new registry entry to disable Drive Updates.
    1. Regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
    2. Right click on the right hand pane and select New- Key, and name it Google
    3. Click on the new Google key (looks like a folder) to enter the folder.
    4. Right click in the right hand pane and select New- DWord 32bit value
    5. Name it DefaultUpdate and make sure the value is 0
    6. Reboot

Fingers are crossed that this works until Google changes it back to allow network shares again!
 ]]>

GPO for Default Applications

<![CDATA[You can do a GPO to force default applications for computers in a given AD container.
The GPO is in Computer Configuration->Policies->Administrative Templates->Windows Components->File Explorer.
Turn on "Set a default associations configuration file" and point it to the xml file containing your default setting.
To create the XML file the easiest way is to simply set your defaults on a system and then export them.  Use the exported file (delete what you don't want to force) to set the new GPO defaults.  Open an elevated command prompt and run

dism /online /Export-DefaultAppAssociations:"c:\DefaultAppAssociations.xml"

This will make the file you will then point to in your GPO.  Make sure to put it in a location your users can access.
Examples for Chrome and Firefox.
Forcing Google Chrome
<?xml version=”1.0″ encoding=”UTF-8″?>
<DefaultAssociations>
<Association Identifier=”.3gp2″ ProgId=”WMP11.AssocFile.3G2″ ApplicationName=”Windows Media Player” />
<Association Identifier=”.htm” ProgId=”ChromeHTML” ApplicationName=”Google Chrome” />
<Association Identifier=”.html” ProgId=”ChromeHTML” ApplicationName=”Google Chrome” />
<Association Identifier=”.MP2″ ProgId=”WMP11.AssocFile.MP3″ ApplicationName=”Windows Media Player” />
<Association Identifier=”.mpeg” ProgId=”WMP11.AssocFile.mpeg” ApplicationName=”Windows Media Player” />
<Association Identifier=”.oxps” ProgId=”Windows.XPSReachViewer” ApplicationName=”XPS Viewer” />
<Association Identifier=”.tif” ProgId=”PhotoViewer.FileAssoc.Tiff” ApplicationName=”Windows Photo Viewer” />
<Association Identifier=”.tiff” ProgId=”PhotoViewer.FileAssoc.Tiff” ApplicationName=”Windows Photo Viewer” />
<Association Identifier=”.txt” ProgId=”txtfile” ApplicationName=”Notepad” />
<Association Identifier=”.url” ProgId=”IE.AssocFile.URL” ApplicationName=”Internet Browser” />
<Association Identifier=”.website” ProgId=”IE.AssocFile.WEBSITE” ApplicationName=”Internet Explorer” />
<Association Identifier=”.xps” ProgId=”Windows.XPSReachViewer” ApplicationName=”XPS Viewer” />
<Association Identifier=”.htm” ProgId=”ChromeHTML” ApplicationName=”Google Chrome” />
<Association Identifier=”.html” ProgId=”ChromeHTML” ApplicationName=”Google Chrome” />
<Association Identifier=”http” ProgId=”ChromeHTML” ApplicationName=”Google Chrome” />
<Association Identifier=”https” ProgId=”ChromeHTML” ApplicationName=”Google Chrome” />
</DefaultAssociations>
Forcing Mozilla Firefox
<?xml version=”1.0″ encoding=”UTF-8″?>
<DefaultAssociations>
<Association Identifier=”.3gp2″ ProgId=”WMP11.AssocFile.3G2″ ApplicationName=”Windows Media Player” />
<Association Identifier=”.MP2″ ProgId=”WMP11.AssocFile.MP3″ ApplicationName=”Windows Media Player” />
<Association Identifier=”.mpeg” ProgId=”WMP11.AssocFile.mpeg” ApplicationName=”Windows Media Player” />
<Association Identifier=”.oxps” ProgId=”Windows.XPSReachViewer” ApplicationName=”XPS Viewer” />
<Association Identifier=”.tif” ProgId=”PhotoViewer.FileAssoc.Tiff” ApplicationName=”Windows Photo Viewer” />
<Association Identifier=”.tiff” ProgId=”PhotoViewer.FileAssoc.Tiff” ApplicationName=”Windows Photo Viewer” />
<Association Identifier=”.txt” ProgId=”txtfile” ApplicationName=”Notepad” />
<Association Identifier=”.url” ProgId=”IE.AssocFile.URL” ApplicationName=”Internet Browser” />
<Association Identifier=”.website” ProgId=”IE.AssocFile.WEBSITE” ApplicationName=”Internet Explorer” />
<Association Identifier=”.xps” ProgId=”Windows.XPSReachViewer” ApplicationName=”XPS Viewer” />
<Association Identifier=”.htm” ProgId=”FirefoxURL” ApplicationName=”Firefox” />
<Association Identifier=”.html” ProgId=”FirefoxURL” ApplicationName=”Firefox” />
<Association Identifier=”.htm” ProgId=”FirefoxURL” ApplicationName=”Firefox” />
<Association Identifier=”.html” ProgId=”FirefoxURL” ApplicationName=”Firefox” />
<Association Identifier=”http” ProgId=”FirefoxURL” ApplicationName=”Firefox” />
<Association Identifier=”https” ProgId=”FirefoxURL” ApplicationName=”Firefox” />
</DefaultAssociations>]]>

Why Virtualize?

<![CDATA[There are a lot of reasons to consider virtualizing your servers.  Here is a short list.

  1. A virtualized server is easier to backup.
    • You can export, snapshort, image, or use a vendor provided backup option.
  2. A virtualized server is easier to move to new hardware when needed.
    • Easier hardware upgrades!
    • Backup and restore to the new machine with increased capability.
    • Add virtual drives, NICs, on the fly and they just appear on the server.
  3. You can separate server roles so that if you are upgrading a single role, only one server is affected.
    • I can’t oversell separating roles!  If you have an AD, DNS, DHCP, File Server, Print server…you need to separate some things!  While AD, DNS, DHCP may go together, print and file servers do not, they belong on their own servers.
  4. You maximize your computing resources.
    • You can afford a better machine if it is running 5 VMs on it, and when it needs power, it is there.  Sharing 8 cores and 32Gb of RAM is cheap and runs 4 VMs easy.
  5. It is more energy efficient (Go Green!)
    • One PSU running those 4 VMs is 1/4 the power, enough said.
  6. You can extend the life of old applications.  If you have a piece of software that only works on an old OS, you can move that machine to a VM and have it rock on the new hardware.  I hate keeping 2003 around, but the software only works on that OS, so we stripped everything else off of the server, virtualized, and can keep it running until the new software comes out.
  7. Fast deployment.
    • When I was asked if we could make a 2012R2 system for the new video surveillance system in a meeting I had the new server up before the meeting was over.  (I have a 2012R2, 208R2, 2016 Sysprep and can make a server in 6 minutes)
    • Did that impress my administrative team and the vendor?  You bet.  Be a IT superhero!  🙂
    • I have a separate VM with no active machines on it for these fast requests and immediate needs.  I move them later to the “right” place.
  8. It is FREE!  While there are obviously versions that do cost.  VMWare ESXi is free and HyperV comes with your copy of Windows Server.

Our current VMWare servers are 20 core i7s with128Gb of DDR4 RAM.  We use a 2Tb M2 SSD as well as additional 2Tb 850 Pros as needed.  The server can maintain 10+ servers without seeming to be running more than 1.  The cost per server are around 4000.  We reuse the server cases but include new gold rated PSUs with a new build.]]>

What every K-12 Windows District Needs

<![CDATA[Note: This post assumes you are reading this as part of the technology staff of a K-12 Windows based school district.  I am not a MAC guy and would not presume to know what a MAC district needs.  I won't bore you with my credentials, but I have been in IT a while and in education since 2003.
I have recently been helping a new tech director and came to realize that there is little guidance out there on the minimum things a good district needs.   Some of the things I have been suggesting are not at his new district and I would have assumed any tech staff would have those things.  I realize that some readers may feel some of these are unnecessary and that other items should be added.  Feel free to add your ideas in the comments section below.  These are NOT in order, I think they are all required so order seems unimportant.
1.  A VM (Virtual Machine) system.  I have almost every server virtualized.  Until 2012 I did not believe that  a virtual server could run as well as a physical one.  I was at a Spiceworks meeting and an acquaintance convinced me to try the free version of VMWare.   I now use ESXi for all my virtualization.  There are alot of reasons to virtualize servers.
2.  A helpdesk system.  I just mentioned Spiceworks so I might as well list that next.  It is great, free, fully customizable, and runs easily on any Windows machine.  There are others, but Spiceworks has a huge community and runs great.  I LOVE spiceworks!
3.  A Windows Server Update Services (WSUS) machine running and configured in your network.  After it is setup (2 hours max) and added to your group policy all your machines will stop downloading updates from Microsoft (a big deal if you have 100s of machines) and just get them from you server instead.  Mine is virtualized and on a 500Gb drive due to the size of downloads.   A properly configured WSUS downloads and accepts your defined approvals automatically.  You should not have to touch this again after setup.  You configure your AD to point to it and how the clients will process the updates.
4.  A Key Management Server (KMS) to distribute your Microsoft keys to your servers and clients.   Installing actual keys on every client takes time and puts your key out on every machine a student logs on to.   Instead, you can put your keys onto a KMS server and never activate anything again.   And, if a laptop is stolen, it will deactivate and stop working eventually.  KMS was not a must with XP when we had corporate keys that were unlimited…that is no longer the case.  Just do it!
5.  Look into the Microsoft EES agreement.  I am not a software renter by nature, but the EES agreement covers your operating systems on clients, servers, and CALs for a fraction of the cost.  It covers unlimited clients with the price based on the number of employees in the district, not the number of computers.  If you have anything close to 1:4 then you are way ahead going this route.  We added Office (again way cheaper than buying even every 10 years) and employees can install it at home as well on the base price.  It covers all the servers I am mentioning.
6.   An Imaging solution.  We use FOG.  I know there are lots of options and I have tried a couple.  I have been using it for several years and am very happy with it.  Free, PXE client boots, and works with everything we have tried.  In the educational environment we reimage machines all the time, if you don’t you should.  Labs are done almost monthly.  It refreshes the KMS server count and makes sure that the testing systems are ready to go each cycle.  I have all my servers pulled with FOG as well as images for my labs and other machines.
7.  Fresh images for your machines.  It goes without saying that being able image without having good images is worthless.  I have a VM that holds the pertinent images.  I update them there and repull them before doing anything major.  Having a good imaging server and good images makes your life so much easier.  These two items alone are worth their weight in gold.  Every time we start a testing cycle I reimage (it is just a click on the Web GUI) all my testing machines.  I know they are all fresh and ready to go.  I also know that if I am spending more that 30 minutes on a software issue that instead I can just image a machine in 10 minutes (6 minutes to image and 2 reboots to rename and rejoin…all automatic.)
8.   2 AD servers.  I think it goes without saying that a sole AD is a terrible idea.  But I do know at least one tech director that only had one, and then it failed.   I have one physical and one virtual.  I would recommend one at each campus if you are a multi-campus district.  The AD should be organized in both the user and computer categories so you can have manage them with good group policies.  My AD server does DNS and DHCP as well.
9.  Group Policies you can easily maintain.  If your AD is well organized, then good maintenance of your network is much more efficient with good policies.  I install all printers, network drives, software installs, all through policies.  That being said, too many policies can slow your network and ruin the user experience.  Take care!
10. An LMS (Learning Management System.)  There are a number of good ones.  We use Moodle.  It is the most full featured, very configurable, and the most powerful.  It is not the easiest or the most intuitive.  It will require PD, especially for your less tech savvy teachers, but is without doubt the best free option.    It doesn’t matter which LMS you choose if you at least have one.  No school should be without an LMS is this day and age.
11.  Become a Google district.  Even if you use Office 365 (which we could but don’t) then there are enough things to make GAFE a great choice and make it worth your time.  It is of course free, with unlimited storage, and a requirement to use Chromebooks in your school.  It is worthwhile just to provide your teachers each a YouTube account to save classroom videos.   It is also a great place to keep all PD videos for your district.  I record almost every PD session and more to provide a repository for staff to peruse at their convenience.
There are alot of parts that make up a good district.  These are just some that seem to be missing in some districts I have helped.]]>

Thin Clients really can win!

<![CDATA[I will say from the onset of this article up until recently I would have called myself a thin client opponent, not a proponent.  My early experiences with thin clients were not pleasant.  Servers stretched to thin, poor performance, and inexpensive PC options made thin clients seem like a bad choice.  But two years ago we purchased an Firefly 208R2 Server and L300 thin client lab for a hot, poorly powered room that changed my mind.
This setup worked out so well we decided to look into configuring like systems inhouse.  We used old Dell D600 laptops and set them up to autologon and connect to a 2008R2 remote desktop server.   This ue of low end, old machines connecting to a Dell Optiplex 780 seemed like a perfect match.  We setup the system similar to the Firefly system with a VelociRaptor Hard Drive and 16Gb or RAM.  We found that 25 clients seemed to be the sweet spot, with 30 being a max for the system.
A great thing happened just as we were getting started, we got 210 free WYSE Z90D7 systems from the military DoDCFL program.  These Windows 7 thin clients had 4Gb DDR3 RAM sticks and with a little experimenting were easily setup.  We actually pulled the 4Gb sticks to use in the 780 systems and put 2Gb in them.  Furthermore we purchased SSD drives for them.  To say they rock is a vast understatement.  We put a 780 in every few classrooms (they were a workstation as well as a the server) so that no server  had more than 20-25 clients.
Systems logon in just a few seconds.  Students only make 1 profile per server.  I only need to update  5 systems for the entire middle school…I could go on and on.  The main takeaway is that making a thin client server is easy, and very responsive.  Just like using VMWare on a server to host multiple servers, you can use 2008R2 to host multiple workstations.
If you haven’t tried thin computing lately, I suggest you give it a try, you will not be displeased!]]>

If you don’t FOG, you are nuts!

<![CDATA[FOG Project
FOG stands for Free Open-Source Ghost.  I used to use Ghost, purchased before I came to NTLS, but I refused to spend the amount required for the new version.  I have used FOG for some time, and frankly is was very useful.  We use version 0.32 to clone drives in our tech room.  We utilize old Gateway laptops with external USB drive docks to easily drop drives in, image, and replace back in machines.  We had tried the new version of FOG but went back to 0.32 when the new version was incompatible with external USB drive connections (tried several.)  We were content with our usage.

Last week,  I attended the OETC Conference and found out how underutilized our implementation truly was.  We went to a FOG session hosted by Casey Ailiff from Kent City School District and Chris Carman of Roosevelt High School.  I humbly give credit for the changes we made and everything that follows, to them.

FOG 1.20 can be hosted from a centralized location virtual server, easily setup and deployed on a Ubuntu 12.04 (my favorite currently) VM in about an hour. The installation is easy and fairly detailed on their webpage. The problem is that in the past I had simply installed FOG and used it right out of the box with no additional configurations.
The first thing I found I needed was to connect FOG to my active directory.  FOG will automatically rename and join newly imaged system IF this step is taken.  This is actually pretty simple.  The first step is to make a new account on the AD that you will set and forget.  This user has to have permissions to join systems to the AD.  The password should be complex.  You will put the password into the FOG Crypt program that is found by clicking the FOG Client/FOG Prep link which is at the bottom of every FOG page.  This link takes you to the page that you can download Fog Crypt.  This program you put the AD password into and it converts it into the string you then put into the AD configuration page in FOG.  This is one of the most important parts of maximizing FOG.  Don’t skip it!

The  next step is to prepare your image.  Use the smallest drive in your inventory and make sure you format the drive with a single partition before you install Windows 7.  Windows 7 by default makes a 100Mb partition that ruins one of the benefits of FOG.  By using a single partition image and your smallest drive (ours is a 60Gb SSD) then the image will fit on any other drive and FOG will automatically expand it to the full size of the drive when it installs.  We install Windows, do all the updates, install all our core software, and install the FOG Client Service.  We actually put everything on this image that any teacher or HS/MS student would need.  It uses 28Gb on the drive.  It is now our core image.  We then sysprep our image by copying the unattend.xml file and prepit.bat into the windows\system32\sysprep directory.  Then click on prepit.bat and it will sysprep and shut down.  We used the file that we got at the OETC class and referenced it to make our Windows 7 Enterprise version.   Yes there is a product key there, but it is the KMS one.
So now we can FOG to any Intel based PC in our district.  We made another version with all the elementary school software and sysprepped that for the elementary school.  Two images….pretty cool.  We will probably end up with a few more, but not as many as the 20+ we used to have.  But we aren’t finished yet.

The next step is to setup your machines to PXE Boot first and register them with the FOG server.  This entails hitting the down key three times when it boots, selecting Perform Full Host Registration, and letting the system boot into the FOG system.  The first thing it will ask is the system name.  You simply need to enter the name and hit enter about 8 times to get in on the system.  You can take the extra time to select an associated image, but it is easier to associate that on the FOG Webpage.  My students accomplish this task around the district after watching this flipped video.
After that you can do the rest from the FOG Webpage.  The first time we cast an image we had the system all configured and the new lab up in about an hour.  Those new systems now all have the FOG Service which allows you to do alot, including sending a new image without ever going down to the room.  If you enable the renaming service, and have the  Active Directory Join after Image Task checked, it will rename and join on its own.
About this point I was really geeking out.  In two days I had every lab in the district redone, and the hard part was making the images and remembering everything.   I used to Image systems every year, and recently I was stretched to every two or three.  Now every time I want to do a major upgrade, or just clean off all the student user accounts, I can re-image them in a flash.  There are alot of extra things you can accomplish with the FOG services, and I am just touching on a few of them.  I encourage any IT department to install FOG, play with all the options it provides, and appreciate how much this open-source program improves your school or business.
Thanks Casey and Chris!
Resources from my Apr 2015 Ohio Technology Summit Presentation  can be found here.
FOG version 1.4.4 Changes
The one change that affected us with the upgrade was the fact that the new FOG service breaks a sysprepped image.  The workaround is fairly simple.

  1. Disable the FOGService in the PC services.
  2. Drop a file in C:\Windows\Setup\scripts\SetupComplete.cmd
    1. The text inside this file is as follows.  It will reactivate FOGService when the sysprep is complete.
sc config FOGService start= auto
shutdown -t 0 -r

]]>

Need a new school lab?

<![CDATA[Frequently technology coordinators are faced with the option of adding or upgrading a new lab at school.  Usually we just look at our current setup and upgrade to newer hardware, OSs, and associated software.  This past year I was faced with the possibility of adding an additional lab in a very old (low tech) building.  When our building supervisor looked at it he immediately said we would need a new sub-panel and wiring to support 28 new PCs in the room.  His estimate for that was $7500.
Instead of going for the wiring and the traditional approach, I decided to look into greener options.  The nComputing L300 option immediately popped out in my Google searches for low power PCs.  I am not a fanboy of thin computing and was very skeptical about the statements concerning it’s performance.  I contacted several other Technology Coordinators and got their feedback and recommendations.  All of them gave the system high praise, once they got their labs configured correctly.
The problem with this approach, and probably any thin computing lab, is proper configuration.  Two schools both recommended a fully configured option from FireFly Computers.  Their entire business is built on one thing, building nComputing Labs really well, and it turns out that they do just that.
IMG_0040We purchased their Firefly 1200 rackmount server and put it in our server closet.  We did a 28 station lab in the existing classroom (with no additional electrical added.)  The Ethernet (it is an all Ethernet connection back to the server) all goes through Gb switches to a single Gb copper line to the server.  The setup could not have been more simple and the performance has been exactly as advertised.
I would recommend this path for any new lab.  The price per workstation is much lower than ANY PC and the energy savings are great.]]>