David Szpunar: Owner, Servant 42 and Servant Voice

David's Church Information Technology

February 21st, 2012 at 9:45 am

State of the Blog

As you might have noticed, I haven’t updated this blog lately. I’ve been too busy to blog much at my current job, and I’ve also set up a different blog that I’m using instead of this one for new content, on the rare occasions I write! I’m still pretty heavily involved in the Church IT Roundtable in the chat and on Twitter and attending the in-person conferences, and I suggest you do the same! The national one is coming up in Dallas April 18-20, you should be there! (Registration details at the CITRT site.) There’s still some good info around here and I’ll probably reply to any constructive comments.

March 30th, 2011 at 7:34 pm

Jimmy Wales & Nicholas Carr debate at DePauw University Live Blog

in: General

My live blog of the debate between Jimmy Wales and Nicholas Carr:

(Note, the service that was hosting this post, CoverItLive, has been discontinued and is offline, so this post has no content any longer. Sorry! This was a fun day and I’m sad the record is gone!)

December 4th, 2010 at 11:22 pm

Blog On The Run

in: Blogging

In February 2010, I started working at PC Help Services and left my full-time position at Lakeview Church, although I am fortunate to have been able to continue supporting them even now. One of the great things about my new position is that I get to work with even more churches than before (including Lakeview) in addition to helping other small businesses in the greater Indianapolis area! (PC Help Services does residential in-store and on-site service in addition to supporting small businesses on a walk-in or contractual basis, if you happen to need computer help!)

I said back then that this blog would eventually be moved to a new location with some changes (once I had time and figured out where I wanted to put it). Well, on December 4th, 2010, I moved this blog to http://infotech.davidszpunar.com from http://infotech.lakeviewchurch.org. All historical posts are intact and all of the old URLs redirect to the new ones, so for now at least it doesn’t matter how you got here. I haven’t decided for sure, but if I continue blogging, I may start a new one and leave this one as-is for posterity. Or I may continue here, you’ll just have to wait and see :-) Thank you for reading, if you have, and commenting, if you did. It’s been great!

Until then, I’m loving my new job, though it keeps me busy! And since they are coming up in a few short weeks, I’ll say it early: Merry Christmas and Happy New Year!

P.S. You can find me on Twitter or on other sites, I’m still active at some or all of them! And the IRC channel of the Church IT Roundtable where you should be too, if you work on volunteer in Church IT!

March 19th, 2010 at 5:35 am

Church IT Roundtable Recap Spring 2010, Saddleback Church

I attended the national Church IT Roundtable event last week, this time held at Saddleback Church around Los Angeles. I was asked by the editor of IndyGeek.net if I would write up the event and, since my blog is in transition (and somewhat unattended :-) and he asked nicely, I’ve posted the article over there. Here’s an excerpt followed with a link to the full thing:

Last week, listening to my iPhone while traveling home, I heard the first verse of the song Calling All Friends by The Low Stars:

Calling all friends, and people I met on the way down.
Calling all friends, and people I don’t even know.
Calling on high, I wanna believe there’s a way now.
I’m too tired to pretend I don’t wanna be alone, I’m calling all friends.

For those working with Information Technology in churches, it’s easy to feel isolated and alone, trying to figure out what the best technology solutions are (and how to afford them!), how to best support your staff, recruit and manage volunteers, and figure out how to communicate your needs and solutions to leadership and users in ways they understand, go along with, and fund. Most churches have either a volunteer IT staff, a paid staff member who does IT as part of their job, or perhaps one full-time IT position. If you’re really large and fortunate, you may have a small team of two or more to support your environment, creating some camaraderie, but it’s still easy to feel alone, isolated and seldom understood.

Read the rest at IndyGeek.net. (NOTE on Dec. 12, 2011: IndyGeek.net is no longer operational. I am republishing the rest of the original article below, picking up from where I just left off above.)

Fortunately, Jason Powell, the IT Director at Granger Community Church (GCC) in Granger, Indiana felt that way himself several years ago, and decided to do something about it: he started blogging. The online community created by Jason’s blog led him to invite other church IT folks to GCC and have a “roundtable” discussion to see if they could benefit from sharing with each other. This was the first official Church IT Roundtable (CITRT), a term that now encompasses an unofficial group of people, discussions and community that connect from around the US and even the world so no one has to “go it alone.”

Roundtables are generally held a couple of times a year. The most recent Roundtable was held at Saddleback Church in Foothill Ranch, CA on March 10th through 12th. Approximately 75 people from churches around the country (and a small number of vendors) attended.

On Wednesday night, officially the optional “pre-roundtable” dinner, old friends and new ones gathered for some excellent dinner provided by the on-campus foodservices at Saddleback and some even more excellent socialization. Sharing technology and technique are excuses to have a Roundtable, and don’t get me wrong, the both were shared in abundance and the knowledge and experience is invaluable. But the real, just as tangible but less quantifiable, reason to get together is to share life with each other and forge long-lasting friendships with peers who just happen to often have resources they’re willing to share with you at and after the Roundtable. For all the technology, there’s at least a triple dose of inspiration and connection.

Why get together in person? That’s a good question, one that geeks of all stripes would probably ask in a similar situation. After all, technology and the Internet are pretty powerful now. Why not leverage blogs, social media, online chat and streaming video to accomplish everything remotely? Because that already happens, and it’s not enough! Relationships developed online can be good, and even somewhat deep, but it’s not often they are as rich, full and close as ones developed when eating, laughing, sharing and telling stories together around a table or tables. The “roundtable” events often happen around square tables, and the CITRT geeks enjoy pointing out the irony of this fact—however the national Roundtable at Saddleback actually took place around round tables! Additionally, it’s much easier to focus on sharing and developing friendships in an environment removed from daily workflow and life.

That doesn’t mean that the CITRT group foregoes the use of technology! In between Roundtable events, the group does leverage Twitter, Facebook, wikis, blogs, and IRC (Internet Relay Chat, a very old and once more widely used Internet chat protocol where the chat rooms are called “channels”) to communicate regularly, and for those who have met in person it’s that much easier to continue those friendships in between get-togethers when everyone is spread around the country. There’s a social aspect, but every day there are usually multiple technology problems and questions answered by others in the group in the IRC channel, saving those who ask countless hours of their own research, trial, error, and often even the cost of hiring a contractor or outside expert to provide advice and/or solutions.

And that is the focus of the daily Roundtable sessions in California on Thursday. In addition to a daily keynote speaker, there were two Roundtable discussion times on Thursday and one on Friday. Wednesday’s discussion started revolving around how the spiritual life of Church IT staff was affected by working in a church. Generally, a moderator stands up at the front of the room and takes topics from the group, writing them on a whiteboard. That’s how the rest of the sessions worked, but because most geeks would rather talk about technology, the spiritual discussion was a pre-picked starting topic foisted on the three rooms of Roundtable groups at the opening session (with 75 attendees, the sessions are much more manageable and more can participate if they are divided up into groups of around 25 each). After the spiritual discussion, the groups moved on to pick a set of topics ranging from email systems to storage solutions, networking to working with volunteers, and many more. The afternoon session on Thursday was divided up into four groups by type, with infrastructure in one room, management in another, helpdesk and user support in another room, and web design and support in the final, while the Thursday morning Roundtable was an open discussion of any remaining topics.

Attendees are admonished at the beginning: if the topic you have questions about isn’t covered, it’s your fault! Speak up, join the conversation, and participate so everyone can get what they need most from the group. Yes, geeks often are shy and reserved, but it’s much easier to open up with friends. Many in the group are already friends, some have met at prior Roundtable events and some were only friends online until this week, but even for those there for the first time, the pre-existing online friendships created a fast connection.

On Thursday afternoon, an unscheduled visitor stopped by, Pastor Rick Warren, founding pastor at Saddleback Church and author of the bestselling Purpose Driven Life book. For him to take an hour and a half out of his busy schedule to greet everyone individually, give a very insightful talk and stick around for individual pictures was not only unexpected and very welcome, but demonstrated a down-to-earth man with a heart for service and Christian ministry.

Friday morning was opened with a keynote from Scott Smith, CEO of Solerant, a company that was founded to provide IT services and support to churches, although they have corporate clients as well. Solerant has been a long-time supporter of the Roundtable online and in person, and Scott delivered a much-needed message from a CEO’s perspective about how communicating as a technology person to leadership needs to be carefully constructed to provide information that the leaders care about in a context of the things they care about, rather than spewing techno-speak that may very well be correct, but won’t translate into a concrete reason to provide support and resources. Scott focused on how to position projects and requests through high-level descriptions and especially by using stories and analogies that are easy to relate to outside of the geek mindset. Geeks in all fields could benefit from using his tips.

The daytime food and events were just the icing on the cake, as most attendees continued their discussions after dinner, often late into the wee hours of the morning in their hotel rooms, the hotel lobby, and for some, the pool and hot tub! This could range from group discussions to one-on-one or two-on-one teaching or assistance. The knowledge transfer happening at all levels is something most organizations probably wish they could leverage on demand.

It’s an event that’s hard to describe, as much as I’ve attempted here, and a lot of people who might benefit from the event, even if they already participate online, have wondered if it’s worth the time and expense (travel is most of the cost as the registration, including food, has always been under $100 thanks to sponsors who not only bring technology and services to display, but also in most cases participate in the discussions and truly help just like everyone else—the group encourages vendor engineers and technologists to attend and become part of the community, not just sales people!). However, without fail, first-time attendees enthusiastically said at the end that it was indescribably valuable, that they’d forged new and deep friendships, gathered excellent ideas to take home and implement, and that they couldn’t imagine not making this a part of their regular schedule whenever possible. This is my personal feeling after attending all but three Roundtable events since they started, but it was by far a widely shared opinion.

The CITRT main website is currently a wiki located at http://www.citrt.org. The site provides links to participant blogs, Twitter lists, ways to connect to the #citrt IRC channel on the Freenode IRC network, and information and registration information for future in-person Roundtable events around the country as it becomes available (they move often or will break down into multiple regional Roundtables around the country in some cases), along with other information, and allows anyone to easily get involved. And because it’s a wiki, anyone connected to Church IT can request an account and add/update information on their own—just one more way to connect and collaborate! Every church, contrary to what it sometimes feels like, has many similar technology needs and those supporting them are not alone. And sometimes, that makes a big difference.

Also, for more technical notes, Tony Dye posted his excellent rough notes of Day 1 and Day 2, my article is a high-level overview but Tony provides a blow-by-technical-blow of the sessions he was in (and the main ones), even though it’s unedited there’s a ton of useful information there. Worth checking out, thanks for sharing Tony!

March 1st, 2010 at 2:20 pm

Changes – The Blog Falls Behind

in: Blogging

So I’ve been at my new job with PC Help Services for a couple of weeks now. And this blog hasn’t been updated, nor moved to a new address (this one should redirect for a while). Don’t worry it’s coming, just have to figure out where to move it and have some time to update it! Been busy, you know, working… :-)

January 27th, 2010 at 4:43 am

Old and New: Major Life Transition

I’m excited, nervous, and sad all at the same time. And busy. I’ve decided to leave my awesome, comfortable, flexible, almost-7-year job/family of seven years (as an employee, my family will still be attending Lakeview) and jump into a scary, new position with a small-but-growing local IT service company. Why? Well, Lakeview is running smoothly overall, certainly better than I found it in 2003 when I was hired as the first paid IT staff. We’ve done managed switches and wireless networking, server virtualization (in a big way), a little desktop standardization (this is where I feel there’s the most room yet to grow, see Jason Powell’s reasons why standardization is important!), and a few other things that have increased efficiency and IT responsiveness that aren’t worth detailing here. Helpdesk requests still come in but not usually at a frenzied rate. Frankly, there’s always more to do, and always will be, and I enjoy the calm sometimes. And I love it.

But, I’m still pretty young, and it’s time to move on to an environment that will provide some new challenges and experience in a wide variety of settings. So I’m moving to a small company with a Christian owner that provides residential and small business IT services to the Indianapolis and surrounding communities. Based in Fishers, IN, I’ll be working out of a new satellite office on the West side of Indy, not far from Lakeview in fact, and I’ll be working primarily with larger clients, including several churches in the area. What the job will look like day to day I can’t tell you precisely yet, but that will certainly be part of the excitement! And I’m still going to be involved with the Church IT Roundtable online and in person to a large extent (it’s still relevant as I’ll still be serving churches!), which I’m very excited about, as I have many close friends in the CITRT and their expertise has proved invaluable (and I have hopefully reciprocated with valuable tidbits of my own from time to time).

I’m really going to miss all of the Lakeview family on a daily basis. The staff are basically like close friends and family; it’s where I’ve spent all of my adult life in fact (and some volunteer time for years before that). God gave me peace about moving to this new position and I know He’ll provide, but I already miss everyone and I’m not gone yet!

There are still some details to be worked out about the transition, so I’m sure I’ll have some more to post later, and I certainly appreciate any prayers. It looks like I am going to the Church IT Roundtable at Saddleback Church in California on March 11-12! If you work in Church IT or you support or volunteer with Church IT in some way, you should be there! The cost should be under $100 plus travel, though final details should be coming soon.

My first day on the new job is set for February 10th, 2010 (though a few current coworkers said they hoped when I said Feb. 10th it meant 2011! Nothing like feeling wanted!).

January 6th, 2010 at 5:02 pm

Deploying Microsoft Windows 7 with MDT 2010 and AIK 2010

in: Software

Installing Windows 7 is not hard when installing fresh, it’s pretty fast and easy. But when you’re deploying it in an organization, you should probably automate as much as possible, including the installation of software after the operating system. There are various levels of automation you can set up for Windows 7 deployments, but what I’ve done is some very basic setup using the Microsoft Deployment Toolkit 2010 that works for me without going too deep into setup and configuration–remember I’m trying to save time! I’m not doing a fast deployment and I’m OK with some manual tweaks at the end, I just want to make the initial load faster and preinstall some applications. There are several other resources you can look at for a more in-depth view of the options and configuration; I’m just going to polish the IRC chat I had with Justin Moore earlier mentioning an overview of the process as I did it, along with a list of silent install commands for the apps I’m auto-installing at the end of deployment. For more depth, try these that either I’ve used or friends have mentioned:

First I downloaded MDT 2010 from Microsoft, installed it and then opened the Deployment Workbench. You’ll need the AIK (Automated Installation Kit) for Windows 7 as well for some of the steps later, which is huge (1.7 GB), so you might as well get that started downloading now, too.

What I did to learn is I found some Microsoft pages with info on MDT and some videos that showed the basics, and I watched/followed one of them, but I don’t recall exactly which video it was that I found. You don’t want to focus on the AIK, I did a while back and it’s more for OEMs like Dell making system images for presale. Similar tools; the MDT uses AIK but has the Workbench that you do most stuff from (or that I did most stuff from :-)

I did read the help in Workbench a lot, and did some Googling, plus that walkthrough video that I can’t seem to find. The documentation built-in to MDT is actually pretty good, I recommend digging in. The basic idea is you need to know what steps to go through in the Deployment Workbench. You aren’t necessarily creating an “image” for deployment as you are making the installation more automated, providing install media from a network share and also packaging some applications with silent installs together. You can optionally build a Windows 7 box, capture it with ImageX, and pull that into MDT to deploy (with or without additional applications installed during deployment) but I didn’t go that far, I’m using a stock Windows 7 Enterprise image (I imported both the 64-bit and 32-bit install discs).

Basically in MDT, you go to Deployment Shares, and create a new one. You’re basically creating a network share that will hold all the install files. You take the Windows 7 DVD for example, and Import it into the Operating Systems “subfolder” of the Deployment Share you create within MDT, and it copies the disc into a subfolder of that share for you and lets you set some properties and name the image. I haven’t done so, but there’s another folder called Out-of-Box Drivers you can import drivers into for your specific hardware.

As for application install after deployment, there were two applications I couldn’t get to install silently and thus won’t work to be installed automatically. Those two apps were iTunes and Shelby v5 (our Church Management System). Shelby doesn’t have a silent install option but it’s easy to manually install afterwards. iTunes is supposed to pass your arguments to it’s .exe installer into the .msi files inside, but it failed for me every way I tried it (always left some component uninstalled) so I gave up. You can use 7-Zip to extract the iTunes install file into it’s component .msi files and manually install them (careful of the order) if you want, which works but is “unsupported” by Apple (not that I’ve ever contacted them for support). For now, I’m not installing iTunes automatically either. I spent a few hours on iTunes so I’m pretty confident of how messed up it is :-)

In general, anything you can install silently with command line arguments will work, and anything else won’t. For Adobe Reader, I downloaded Adobe’s Customization yep Reader works fine; I actually used the Adobe Customization Wizard to make an .mst (MSI transform) and install the version with the transform so my preferences are applied and the transform automatically specifies a silent install (based on how I configured it in the wizard).

Within MDT’s Deployment Workbench, inside your Deployment Share’s Applications folder, you add applications that you want to be able to select to install during each deployment. You can create folders to organize the applications (as they display for you to select during deployment), and you can show or hide applications as you wish. You can also crate Application Bundles, which basically install a group of other applications you’ve already defined. You can use both features together to create applications but hide them (even in their own folder, like “Linked Only” or “Bundled Only” or some such), but put them all in a bundle with one name for easy selection at install time. I also created separate folders for apps that have both a 32-bit version and a 64-bit version so I can select the apppropriate one for each system as needed.

For example, I created a Mozilla Firefox application, and one each for Adobe Flash 10 ActiveX and Plugin versions (you must complete a licensing agreement just as for Adobe Reader to get the .msi versions of the ActiveX and Plugin versions of Flash for deployment like this). I hid them and put them in a subfolder, but created a “Firefox and Flash Player” app in the root that is just a Bundle that installs all three at one time, and it works great.

The Deployment Share has another “subfolder” in the tree called Task Sequences. You’ll want to create a Task Sequence for each OS (one for 32-bit and one for 64-bit in my case), giving each sequence a unique number (I just started at one, then used two for the second one, etc.). Make it a Standard Client Task Sequence (the default in the wizard), select the OS version at the next step, and optionally specifiy a product key (you can enter this during deployment or after install as well). Fill out some basic organization name info and default IE homepage, then set a Local Administrator password (optional–I left this blank here and specify it at install time in the wizard as well), and click Next one last time to create the Task Sequence.

Once your apps are defined as well as your task sequences, and your operating system install images are imported, right-click on the name of the deployment share under the Deployment Shares root in the Workbench, and choose to Update Deployment Share. This wizard will create the stuff needed to actually deploy from the share, including the LiteTouch boot images (images are also created in .wim format, and I imagine you can set it up in WDS (Windows Deployment Services) on Windows 2008 (or 2003 with updates) to use PXE booting to deploy as well if you want to get into that). I’m using the boot CD method. After the Deployment Share Update completes, use Windows Explorer to browse to the deployment share folder, and then go to the Boot subfolder. You should find a LiteTouchPE_x86.iso file and a LiteTouchPE_x64.iso file as well as the .wim versions and .xml configuration files as well. Burn the .iso files to CDs (Windows 7 support right-click-and-burn for ISOs, plenty of free options for other OSes).

Now you can boot whichever version you want on a computer, and depending on the architecture version of the CD each will only give you the OS options that are compatible on the deployment share. Basically you boot to a UI from the LiteTouch boot disc that asks for username/password/domain to access the Deployment Share. The share location is all hardcoded during the Update Deployment Share process. I don’t have it in front of me and haven’t done it since Monday, but the basic steps it goes through are: It asks for computer name, and whether you want to join the domain (if you do, it prefills the same user/pass/domain you entered earlier for share access which is handy). Then you pick which OS from the list, and on the next screen it shows you a list of apps in the folders you set up earlier (this list is pulled from the share, so if you Update the share later with app changes you don’t need to burn the disc again, in case that’s not obvious). You just check the boxes of the ones you want (like I have a 32-bit and 64-bit 7-Zip app, and I have to select which. Also, my VIPRE antivirus app has two installers depending on if I want it to be in the Laptops or Desktops group by default, so I pick the right one as well).

Then hit Finish, and come back in about an hour or so depending on the system, and it’s logged in as Local Admin with a status window showing you any errors (or not) from the app installs. I just did it for a new laptop on Monday, was very easy! I still had to install some drivers since I didn’t add them to the deployment share.

Here are the apps I got to install silently: Adobe Reader 9.2, Firefox 3.5.5, Flash Player 10 (plugin & ActiveX), CDBurnerXP, Pidgin 2.6.4, LogMeIn Free 4.0.982, RDP Enable Script (custom batch file that enables RDP and firewall hole for it), VIPRE, 7-zip, and Office Enterprise 2007 (customized with .mst). The Deployment Workbench will actually let you create an Office 2007 customization and run the wizard and everything for you right from the app properties, which is nice, though I had my own .mst already that I used. For each app I created I selected the option to create an Application with Source Files so it would copy the whole install folder to the Deployment Folder. Also, there’s some stuff you can do that lets you automatically run the USMT on XP for example, backing up user profile to a folder on the hard drive or on the network, then have the MDT deployment run USMT again restoring state after the install, all automatically…I saw it in the video I watched but didn’t get it working (I didn’t try).

Here are the silent install commands I used for the apps I got working, for reference:

Adobe Reader 9.2
msiexec /i AcroRead.msi ALLUSERS=TRUE TRANSFORMS=AcroRead.mst /quiet
Microsoft Office Enterprise 2007
You can use the Office Products tab when editing the application definition to customize the app, or if you already have a .mst transform, put it in the Updates folder inside the Office installation structure and it will be automatically applied, no need to pass it in as an argument.
CDBurnerXP (the .msi, available as a separate download)
msiexec /i cdbxp_setup_4.2.7.1801.msi AI_DESKTOP_SH=0 AI_QUICKLAUNCH_SH=0 AI_STARTUP_SH=0 VIEWREADME=0 /qn
pidgin-2.6.4.exe /DS=0 /SMS=1 /S
LogMeIn Free (I’ll leave you to get it; the way I do it it prompts for the account to join it to after install, but it’s possible to find ways to make it auto-join to a LogMeIn.com account)
msiexec /i LogMeIn.msi /qn
Sunbelt Software VIPRE Enterprise (create MSI deployment files from the console)
MSIEXEC /I SBEAgent-ProfileNameHere.msi ALLUSERS=TRUE /quiet
7-Zip 32-bit (.msi is available if you dig on their site as a separate download, default for 32-bit is .exe)
msiexec /i 7z465.msi /qn
7-Zip 64-bit
msiexec /i 7z465-x64.msi /qn
Mozilla Firefox
Firefox Setup 3.5.5.exe -ms
Adobe Flash Player 10 for IE (ActiveX)
msiexec /i install_flash_player_10_active_x.msi /qn
Adobe Flash Player 10 for Firefox (Plugin)
msiexec /i install_flash_player_10_plugin.msi /qn
Java (get the FULL OFFLINE installer here) (thanks to Justin Moore for finding this one and commenting!)
jre-6u17-windows-i586-s.exe /s ADDLOCAL=ALL

I hope that’s helpful to someone! Or maybe me in the future :-)

November 11th, 2009 at 3:00 pm

Exchange 2010: Yeah, we’ve got that!

Microsoft Exchange 2010 became Generally Available on Monday, November 9th. That was two days ago. A few things coincided that made moving to Exchange 2010 a good decision (I think), even though we just finished moving to Exchange 2007 from 2003 about a month ago, including some snapshot/backup issues with my Exchange 2007 server that made me want to build a new box and start fresh. And what better than to migrate to 2010 while I’m was at it? The management interface is similar, there are some cool new features, and it’s been used by Microsoft for their Live@EDU system as well as other testers for a while, so I don’t forsee any major stability problems even immediately after release.

Also, it’s much easier for an Exchange 2010 and Exchange 2007 box to cohabitate on a network and still allow ActiveSync and OWA access than doing the same with Exchange 2007 and Exchange 2003 (which requires a separate Exchange 2007 CAS, or Client Access Server). Granted, making it work with the ISA firewall was a little tricky, but with a little experimentation it went well and is working fully. So well in fact, that only my Mac user and my Blackberry user are on the old 2007 box now until I stuff is compatible (in the Blackberry case) and I can babysit the migration (in the Mac user’s case, with Entourage–Snow Leopard isn’t an option on our PowerPC hardware). Those will come soon enough. But frankly with Google for the help docs and processes (there’s a lot of good information directly from Microsoft out there already!), the process only required two remote nights working until 3:30am, and some time during one day to work out the ISA stuff to keep ActiveSync and OWA working.

I’m not going to elaborate on the entire installation process here. Microsoft documents it well, it requires installing Exchange 2010 on a new server (no in-place upgrades) to do the transition (that’s how I prefer it anyway, and with virtualization that’s easy!). But it was mostly smooth, similar to 2007 in many ways (different enough to require some reading but familiar enough it was much easier to pick up than 2007 was from 2003). And, as I discovered this morning, for Outlook 2003 clients to connect, you should also run this in the Exchange PowerShell console:

Set-RpcClientAccess -Server [servername] -EncryptionRequired $false

Otherwise, Outlook 2003 will stare at you (or, rather, the user) blankly and not connect (at least if you have internal encryption to Exchange disabled, which I do–I didn’t test enabling it).

Do I recommend going with 2010 now? Yes, as long as stuff you use like Blackberry and Mac supports it or you’re prepared to learn how to make it work. Also, your “now” may not be the day of General Availability depending on the size of your environment and current needs and plans :-)

Any thoughts? Do you think I should have gone with Exchange 2010 the week it was released? I think it’s a reasonably well proven product even though I didn’t participate in the testing myself like I did with Windows 7. Are you migrating soon? (Microsoft likes to call moving from one version to another of the same software a “transition.” I like the term “migration” better, but whatever. They reserve that for when you “migrate” from one of their competitors. I don’t care :-)

November 11th, 2009 at 1:03 pm

Exchange 2010: Moderation and Nested Bypass

A new feature of Microsoft  Exchange 2010 (yes it’s out, yes we’re using it now, and yes I’m jumping ahead with this post rather than talking about implementing it :-) is called Moderation. It’s pretty slick, you can basically take a mailbox or Distribution Group and make it moderated so emails sent to it are held and any number of moderators are notified that there is a message they should approve or reject, which they can do easily (from Outlook or OWA) and it’s taken care of from there by the system. The official Exchange blog has a great post with the basics of Moderation (UPDATE: Thanks to E.J. Dyksen, Microsoft Exchange Program Manager and the author of the linked post, the linked article has been corrected, per his comment on this post (I verified it was changed)) so I don’t go into more detail, suffice it to say that we’re already using it and it works!

However, there is a flag you can set on a moderated object that will allow a moderator for a “parent” group to moderate an email once regardless if subgroups also require modification. Think a moderated all-staff list that contains a moderated group for a specific department; by default both the all-staff moderator and the department list moderator would have to approve a message to all-staff before the department recipients would receive it. If you’d rather have some groups like all-staff set so whoever moderates a message to that group auto-approves any subgroups as well (this is precisely why I wanted it, although we don’t have moderated subgroups yet), that’s why they added the flag called “BypassNestedModerationEnabled” which you can set to true with PowerShell.

The problem is, the few places that talk about that flag online call it a completely different name! Sure you can do “get-help Set-DistributionGroup -full” to see all the options (there are many) or you can find the same help online, but it’s not easy to track down if you’re looking for the wrong setting name! The correct syntax to enable this moderation bypass on a group (from within the Exchange PowerShell console) is:

Set-DistributionGroup -Identity "[group name]" -BypassNestedModerationEnabled $true

However the Exchange Team’s official blog says in it’s moderation post, in the FAQ section where it mentions nested approvals (near the end of the post), “If you set the BypassModerationEnabled flag to $true on the parent group, any messages sent to that group will bypass moderation by child groups.” Close, but it’s actually the BypassNestedModeration flag. If you do some searching, you’ll find a TechNet article called Understanding Moderated Transport which, again near the end in the Handling Multiple Moderated Recipients section, says, “To do this, you set the AutoApproveNestedDLEnabled parameter of the moderated distribution group to $true.” Which provides an even farther-off version of the same thing! At least with the correct version, you can more easily look it up in the TechNet Set-DistributionGroup topic where is is correct!

It’s likely the incorrect articles were both correct at the time they were written, during beta and release candidate cycles of Exchange 2010, with the final flag name being changed in the generally available version that came out this past Monday. I don’t know for sure as the GA version is all I’ve run, but it seems a likely explanation given that the articles are almost a month (the TechNet one) and five months (the Exchange Team blog) old. But apparently I’m the first person to write about it outside of them (that Google knows about).

September 29th, 2009 at 4:12 pm

Adobe Changes Licensing, Causes Non-Profit Scare, Probably OK Though

A tweet yesterday from James Edwards (which led to a discussion and a series of tweets) got me a little scared about the future of Adobe Non-Profit Pricing that I’ve written about before. Then today I got an email from Adobe with the subject “Notice of new volume licensing program and temporary Adobe system shut down” with more acronyms than should be allowed in an IT email (and that’s saying a lot…and ILA (I Love Acronyms)!), which was more confusing than anything, I think because I don’t deal with points and discounts for non-profit pricing with Adobe, it’s just a straight price (and better than the points discounts anyway).

I talked to my Zones sales rep, Eric Inabnit (Eric.Inabnit@zones.com, or 800-258-0882 ext. 3361), about it to see what the real deal was. He did some checking, and like James found out from his CDW rep, it appears that Adobe is consolidating their Educational and Non-Profit SKUs to simplify things, but it appears the pricing will stay relatively similar to its present levels, with a few minor adjustments. To quote Eric, he is hearing that, “they will be combining the nonprofit and academic price sheets to simplify management on their end. They are saying that if you qualified before you will still qualify, your sku’s will most likely change however pricing changes if any, will be negligible.”

Adobe will be shutting down its entire licensing system from October 7th to October 14th, however, so you cannot retrieve your license information for existing licenses nor can you order new licenses during that time. I can live with that, I wasn’t planning on any October Adobe orders.

This is good news, and while it’s by no means the final word, it does make me worry less about the potential budget impact it might have on churches! Adobe’s products are already some of the highest-priced software packages we buy that aren’t for servers (and frankly, much of our software (Microsoft, especially) costs a lot less than some single Adobe licenses), even with the reasonably significant non-profit discount.

If I discover any additional information I’ll update this post; send me any new information if you’ve got it! (Leave a comment or mention @dszp on Twitter.) Thanks, James, for bringing the Adobe changes to my attention and checking into it as well.