ScriptLogic Desktop Authority 7.6

I've been testing the latest release candidate for Desktop Authority. For me, the most important aspect of 7.6 is Vista awareness. I'm not looking to go to Vista until the next desktop refresh at the earliest, but I like that DA will be ready for me when I'm ready to jump in the pool.
For Vista, ScriptLogic has included general awareness so your profiles can be applied to Vista computers (or not, as you desire). You can also work with Vista's new firewall and UAC through DA, use IPv6 in your validation logic and get Vista-compatibility reports to help plan your rollout. Oh, remote control is now Vista-ready, too!
Besides Vista, DA now supports Office 2007 and IE7. But the new feature that has me the most stoked is VMware Virtual Desktop support. I've recently started thinking about this as an alternative to images. I'm going to think about it a lot more now that DA is getting on board. They warn that this is their initial foray into the field, so I'm not expecting too much in this release. But the fact that they are in the game this early gives me hope that they will be able to build something nice in this area.
Overall this isn't a groundbreaking release or a major change for Desktop Authority but it does set the stage for future growth and keeps pace with today's environment. That's what a point release should do, right?

Spiceworks v1.5 Released

I've been using Spiceworks for a few months now and really like the product. Today, they released version 1.5, so it seemed like a good idea to discuss it.

As you can probably tell, I am a big fan of free (as in beer) software. Something about free seems to fit my budget very well. Spiceworks is a network management solution (among other things) that is freely available due to advertising that appears along the right side of the screen. If advertising bothers you, it shouldn't in this case. I barely even notice it there.

This is a great application for the small IT shop. It:

• discovers devices on your network without installing agents,
• tracks error conditions (you set the conditions),
• sends emails or SMS messages if an error condition is met,
• provides help desk trouble ticketing,
• keeps an eye on the patch level of your computers,
• reports for all of the above,
• and access to community forums to discuss Spiceworks and other IT issues with your peers.

New in 1.5 are the ability to create trouble tickets from emails sent by users and the ability to have multiple people log in to view reports or work trouble tickets.

If you've been looking for a way to keep tabs on your network assets and user requests/issues but can't afford the expensive network monitoring solutions or don't have time to roll your own solution from open source, this is definitely a product you will want to look at.

Patch Management With WSUS

Q: How do you maintain the patches on your Windows PC?

A: You don't. Get Microsoft to do it for you.

Windows Server Update Service
WSUS is a free download from Microsoft that installs on a Windows 2000 or 2003 server and an Active Directory domain. If you are running Windows Server 2003, sign up for the release candidate of WSUS 3.0. It sounds like the reporting and administrative aspects have greatly improved. Unfortunately, I won't have a 2003 server to try this on until summer. I'm making do with 2.0.

Installation is easy. You'll need IIS installed on your server, then install MS SQL. For Windows 2000, you'll need MSDE Release A. For Server 2003, you'll need MS SQL 2005 (the Express version will work). Run the IIS Lockdown tool to harden your web server.

Once everything is set up, WSUS will use AD to find all the Windows computers in your domain. It then checks each computer for Microsoft patches. It lists all installed and missing patches for each computer. It also lists patches that failed to install. All patches can be allowed or denied by you, so you can block patches until you have had a chance to evaluate them.

I tried using ScriptLogic's DesktopAuthority patch management option. The big problem there was that patches could not be scheduled to occur overnight. Patching only occurred when the people were logging in or when they were logging out. This is a big problem in a school environment where students are logging in and out all day long. Some of the patches took so long to install, the class was over before anyone was able to use the computer. The best feature (IMHO) of WSUS is the scheduling of updates. I can have the computers patch overnight and the computers are ready to go when classes start in the morning.

So, there's another free offering that you really need to take advantage of in order to keep control of security in your organization. Hopefully, I'll be able to do a write-up on version 3.0 this summer.

LogMeIn

Wow.

When I was looking up the links to do my last entry, I got to looking at the LogMeIn website a little closer. I found that they had a free version of their remote control program. As you recall, I was a little disappointed in GenControl because of its slow refresh. I was hoping that the LogMeIn product would be an improvement in that area.

Before I headed home for the day, I signed up on the LogMeIn website and ran a quick installation on my work computer (XP Pro, in case you wondered). My first opportunity at home found me on my laptop to see if the remote desktop experience was any better with LogMeIn. Let me tell you, I am not going back to GenControl!

Accessing my work computer from home was as simple as logging in to the LogMeIn site and choosing my work computer from the list of computers available to me (if you can call a single computer a list). LogMeIn recognized that I was using Firefox and recommended an extension to install. That one time install took all of 30 seconds (tops) and then I was accessing my work computer.

First, the refresh is many times faster than GenControl over Hamachi. You don't need the Hamachi client so you don't get that overhead. Also, you're not using VNC so there is improvement there. (VNC has never seemed particularly quick to me.)

After being pleasantly surprised by the speed, I was blown away by the features. I have a dual-monitor configuration at work. With GenControl, I could only see my primary monitor. That's easy enough to work around, but LogMeIn allows me to pan so that I can see both monitors. I can also use Y'z Dock and Dexpot remotely, neither of which worked with GenControl. LogMeIn allows me to set whether I want the remote computer to lock automatically when I disconnect, whether I want the remote screen to blank while I am connected and whether I want the remote keyboard and mouse to lock while I'm connected. I was also able to magnify the screen or shrink it.

Like with their Hamachi product, LogMeIn sells versions of their remote control software. I assume that you get more features than the Free version offers but I haven't looked into those yet. Right now, Free fits my budget and does exactly the job I need. Thank you LogMeIn.

Hamachi & GenControl - Work From Home!

I really don't want this to turn into solely a review blog. That said... Here's one more review for y'all!

Where I work, they have outsourced the administration of the WAN. Someone else is controlling the firewall, routers, etc. that connect all our buildings. I can have them make changes for me, and wait for them to get done -- or have my requests rejected due to some policy I didn't know about. Or I can take matters into my own hands.

Hamachi
Hamachi (recently purchased by LogMeIn uses P2P technology to create a secure VPN tunnel between computers. It features:

• NAT traversal


• Block ciphers and chaining modes


• Diffie-Hellman key exchange


• Public key encryption


• Message authentication codes

They are presenting it as a way to share files with friends, play LAN games over the Internet, and even IM through a secure network. I use it in conjunction with GenControl. (More on GenControl in a bit.)

Hamachi is not open source, but it is free. There is also a "Premium" version available for a cost which gives you more administrative control over your network and allows you to remove the security overhead if you cannot have any lag (i.e. gaming).

GenControl
GenControl remotely installs VNC on any computer where you have administrative access. It then removes VNC when you end the session. It's an open source offering from Gensortium. Using it with Hamachi, I can access my computer at work from home.

The problem with GenControl is that the screen refreshes are awful darn slow. Otherwise, this is a great system for patching my servers in the middle of the night without having to drive in to the office to do it!

Ncomputing

What to do if your budget covers only 1/4 (or less) of the computers you need to purchase? I'm hoping the Ncomputing Xtenda X300 holds the answer.

The Situation

One of the school buildings I work with needs a computer lab. There isn't enough money to put 30 computers in the lab. I use thin clients in the other buildings with good success but this is an elementary school. These kids use Reader Rabbit styled educational games. Anything that graphics and audio intensive is not going to travel well over our WAN.
Ncomputing takes the thin client concept and applies it on a PC level.
Ncomputing takes the thin client concept and applies it on a PC level. Essentially, the PC becomes the terminal server for up to seven users. With this technology, I should be able to use our existing monitors, keyboards and mice. I may even be able to convert some of our newer computers to the Ncomputing platform.

To my way of thinking, there are three big benefits here:

1. Reduced power consumption from fewer PCs,


2. Reduced mainenance (again from fewer PCs),


3. Reduced costs (from purchasing fewer PCs)

What Is the Xtenda X300?
The Xtenda X300 is a PCI card, three small boxes (called access terminals) and three Cat6 STP cables. Installation of the PCI card is a snap and the included CD automatically installs all of the necessary drivers and software. The only trouble I had with installation was in picking a computer without the minimum required RAM (it needs a minimum of 512 MB with a 2.4GHz CPU if you are hosting four users.) Once I switched to a beefier PC, installation was a breeze.

With the PCI card in place, simply run the three cables to the location of the three remote users and plug them into the access terminals. Each access terminal has connections for VGA, two PS/2s and one audio jack. Plug in your monitor, keyboard, mouse and speakers or headphones. Realize that there are no USB ports, so don't expect to use USB keyboards or mice with the remotes. I was told by my salesperson that they only had luck with Logitech optical mice, but I've used a range of balled and optical mice with no ill effects.

The Results
Ncomputing states in there literature that this won't work with certain applications. In my initial testing I found that Mavis Beacon Education Edition worked for only one user at a time. I had no problem with Office, IE, or other standard apps. You will want to check your apps before getting too far into this, though. Make sure you undersand your license agreements, too.

Summary (for now)
This is looking like it has real potential for our lab. I'm scheduled to set our test unit up in a classroom to get some real-world feedback on it. I'll be sure to post updates as I know more about the capabilities of this promising technology.

Google Apps

The current buzz is about Google Apps Premier Edition which gives you access to Google Apps without advertising plus extra tech support. They'll even throw in APIs to tie your existing apps into the Googleverse (did I make that up just now or am I subconsciously recalling it from somewhere?), all for the low price of $50 per user per year. But I'm not seeing a great amount of discussion about Google Apps for Education, which is more intriguing to me. (My current position is as the entire IT department for a local K-12 school district.) This is a shame because it could be very interesting in a school environment.

What's in Google Apps?

Google Apps for Education includes the standard Gmail, Google Talk, Google Calendar and Docs & Spreadsheets. Additionally, they throw in the aforementioned APIS and tech support. To sweeten the deal, they give a start page with a WYSIWYG HTML editor to create a page for your staff and/or students to access. This is the same package as the Premier Edition. The difference between the two? For qualifying educational institutions, this will cost the grand total of FREE.

Of course, you never get something for nothing. You'll have to put up with advertising in order to take advantage of the deal. Curiously, Google will allow you to block ads in Gmail but not the rest of the apps. My question is how closely Google will be monitoring the ads. I would hate to subject young minds to inappropriate advertising. Also, with CIPA-mandated web filters in place, Google will have to be careful that the ads will actually be viewable by users in schools. Otherwise, the advertisers are getting the short end of the stick.

Pros

From the perspective of the Lonely Tech, this program (either the Premier or the Education Edition) has a few things going for it. First, you can offload your email infrastructure onto Google. Imagine no more corrupt Exchange databases, no more email server backups or patches, and no more email system upgrades. Heck, that's a pretty good selling point right there.

Our school system outsources the email server to a host. I can't fault their uptime, it's been terrific. The biggest complaint I get from users is that the Exchange OWA setup they use does not allow offline email viewing. If they allowed POP3 access, I doubt I would even look at Google Apps. Gmail does allow POP3 access, so my users can access email with Outlook or Outlook Express they are already used to. (Heck, maybe I can get them to use Thunderbird!)

Additionally, you get a barebones document management system. Docs & Spreadsheets allows for collaborative development of documents. Again, this is all offloaded onto Google, so there is no additional storage or installation of software to make this work for you.

Finally, you get Google Calendar. This is a pretty good way to share a calendar with a select few or the entire world. You can even set up a master calendar and include it on your Start Page to keep the entire organization up to speed.

Cons

Additional Reading

Your data: safe in your hands? by ZDNet's Phil Wainewright -- I can't believe people commenting on the launch of Google Apps are still recycling the tired old mantra about hosted applications being untrustworthy. It's users that can't be trusted with important data, not SaaS vendors.

The first thing that springs to mind is: What might Google do with all the information that will be stored on its servers? Could they sell information to marketers? Could sensitive information end up exposed to the web? Probably the bigger question is: How well am I protecting my organization's info? It's likely Google would do better than you at protecting it. Still, it is a legitimate concern and you had best verify compliance with whatever regulations ail you before diving in.

The next thing (and a bigger concern than privacy, IMHO) is application upgrades. Currently, if I want to teach my fellow employees the new ribbon interface for Office 2007 then I can go ahead and upgrade from Office 2003. If I don't have the time or feel that the employee's aren't inclined to learn, then I can hold off on that upgrade. With Google Apps, everyone is getting upgraded when Google decides to upgrade. I am giving up some control in this exchange.

My final concern is the pricing structure. Sure, it's $50 per user per year for Premier and free for Education now. What will it be in the future? Can anyone seriously guarantee prices won't drastically rise someday? And if I opt out at that point, I'm going to be scrambling to scrape together an email server and get an office suite installed quick!

Wrap-Up

All told, I can't overlook the price with my current budget. Google's uptime is rock-solid and while giving up control over certain aspects is a little scary it is also liberating. Google Apps could give a whole new level of interactivity between the students and teachers (and administrative staff) for no investment.

I'll be sure to post if we go through with this and give updates as to the process. In the meantime, let me know what you think of Google Apps.

Password Control

20% of the problems take 80% of your time. It's an old wives' tale perhaps, but it certainly seems plausible when password resets are eating away at the time you need to complete other projects. Organizations that can afford entire IT departments often have help desk personnel to handle password resets. Wisesoft has developed Password Control to help them reset passwords without giving them too many privileges in AD or teaching them how to use the unwieldy AD Users and Computers MMC plugin.

What can this utility do for the Lonely Tech? Read on and see!
This program does exactly what it claims to do and fills a very large need.
My Situation
I work for a public school system. There are less than 1oo employees but hundreds of students with user accounts. I don't have to tell you that people forget their passwords on a daily basis. Because I am working in multiple school buildings throughout town, I am frequently unable to fix password issues at a moment's notice. This occasionally leaves students unable to access a computer in time to use it during a class period. Imagine explaining to your boss that employees or customers couldn't log in because you were "too busy". It's clearly an unacceptable situation.

Password Control
Essentially, Password Control is a simplified front end for resetting passwords in an Active Directory environment. Put some users in a security group with delegated privileges in AD, install this utility for them, and... Voila! Instant help with your password issues. Without a difficult learning curve, you can quickly enlist an army of helpers and turn your attention to more technical issues.

Preparing for Installation
The first thing you need to do is determine who is going to have the privilege of resetting passwords. In our High School, we have one person who helps. In our Intermediate School, I'm moving to give all teachers this utility. Create a group for these people in Active Directory and place them in the group.

You'll need to delegate privileges to this group in order for the users to actually reset passwords. The Wisesoft site has excellent instructions for performing this task. Make sure you read those instructions carefully as you can expose your organization to unnecessary risk by carelessly blundering through.

The purpose of creating the group and delegating rights is to avoid putting your helpers in the Account Operators group. Account Operators will give users the ability to reset passwords -- and a whole lot more. The beauty of Password Control is that it allows people to reset passwords without giving them more power than necessary.

The beauty of Password Control is that it allows people to reset passwords without giving them more power than necessary.
Installation
The install is straightforward. For the record, I have only attempted to install this on XP. I have no idea how Vista will react, let me know if you try.

I had to temporarily elevate users to local admins to get the install to take. If I installed it under my domain admin account, the program only worked for me. After installation, I bumped the user back down to Power User on the local machine. Without Power User status, the user could run the program but received errors once they were in.

The actual install is a matter of taking defaults. I love installs that do that. Click OK several times and then click Finish. To quote Mark Knopfler -- "That ain't working, that's the way you do it."

Use
Using the program is even easier than the install. Type in the user name and the program displays the user's information. This makes it easy to verify you are dealing with the right person. (We wouldn't want to reset Jane Doe's password instead of John Doe's, now would we?) Type in a new password, verify it and hit Enter. Wasn't that easy?

If you aren't sure of the user name, press F3 to search by first and/or last name. If you can't think up a suitable password on your own, press the "G" button to generate a new, random password. If you want the user to change their password on the next log in, there is a checkbox for that. There is even an option for enabling disabled accounts (or disabling enabled accounts).

If you are uncomfortable with giving so many options to your helpers, there is a configuration file where you can disable many of the options (i.e. Enabling accounts).

Conclusion
Password Control has three things going for it:

1. Ease of install
2. Ease of use
3. Price (free!)

Most importantly, this program does exactly what it claims to do and fills a very large need. I highly recommend this program to the Lonely Techs out there.