A few days ago (although I’ve just now had time to discover and read about it), Nick Nicholaou, and Steve Hewitt of Christian Computing Magazine, announced that they are starting a Ministry IT Certification! You’ve probably already heard about it from Jason Powell, but this looks like it could be pretty exciting! I’m looking forward to more information when the Ministry Technology Institute site is no longer a placeholder!

We have a couple visiting from the Netherlands (from the church our choir on tour helped plant in an indirect way, over two missions trips) on vacation for a month (vacations in Europe make me a bit jealous :-) The husband’s name is Jeroen (pronounced something like “jerOOn”) and he has a web development and IT background, and he’s helping me Monday through Thursday starting last Monday, through August 2nd. We’ve been staying very busy, which is why I haven’t had the opportunity to post much lately. We’ve accomplished a lot in just a week, including getting the Youth Internet Cafe up and running finally, and moving the nursery check-in system to another wall per leadership’s request. Both projects need at least two people, so having a second pair of hands has been great, not to mention that just having another IT person around has been wonderful!

I’m waiting to have a few spare minutes to post the details of the internet cafe. We decided at the last minute to test (and then use) the recently-released Microsoft Windows SteadyState rather than the Fortres Grand software we were evaluating (Microsoft does the same functions good enough for us, for free). But that’s for another post! We’ve off to finish mounting the cafe computers to the wall, and then run some network wires with another volunteer, do some web stuff…keeping busy!

FolderSizes and Duplicate File Detective are a pair of utilities that I’ve tried (not bought yet) that are very useful for helping to track your file server and see who is using your disk space and where you have duplicate files stored. They are both relatively inexpensive, the demos are very informative, and the tools are a lot more flexible than other free tools I’ve seen that do approximately the same things. Free is good, but these tools seem to go the extra mile if you have gobs of files to sort through and report on.

One of my favorite features when I tried FolderSizes is the ability to report on what files each Windows user owns. This was the reason I found the product in the first place, and I just haven’t had time yet to purchase and pursue my original goal.

With our 45-day trial expiring this coming Monday, we’ve decided to purchase HelpSpot for use as our internal helpdesk. But wait, there’s more! We’re also going to be using the system not just for IT, but the Hospitality, Maintenance, and Marketing/Communications (MarCom) departments as well! We have yet to work out the specific details of how each of the non-IT departments will use the system, but I have a meeting with our People Resources person (HR) next week to brainstorm the best workflow, and we’ll go from there.

I have been using HelpSpot for IT department help tickets (HelpSpot calls them “requests” which is much more end-user friendly, one of the great things about HelpSpot) during the trial, and it’s been very easy to use and useful. So far we have 53 tickets in the system, from the beginning June through today, with 8 currently open and 45 closed. I’m looking forward to beta testing version 2, with some really useful new features like HTML support, request merging, batch responses, improved custom fields, integrated help, and an API that should make it even more extensible and flexible (I see potential for integration with Spiceworks or some other inventory system through the API, depending on specific details).

Barry Buchanan over at Church IT Help posted an entry yesterday that resonated strongly with my own experiences and frustrations. His gist? Staff members don’t read IT emails with important information that they very badly need to read. I’ve notice some of the same things he’s mentioned, and I haven’t found a solution. However, I have discovered these five facts and tips that have improved the amount of attention paid to my important IT notification emails:

1. People don’t read their email. If they do, it’s not in a timely manner (if I get any email that looks remotely important I’ve read it within an hour almost any time between 7:30am and 11pm, on my Treo or a PC, so this is foreign to me).
2. If people read email, they won’t read long ones. And by long, I mean a lot shorter than what I consider long. I tend to write books rather than emails :-) I’ve had to work on this a lot; shortening communications to just the necessities. It’s good practice, but sometimes my short emails are still longer than people are willing to read for some reason.You have to put the most important information up front.
3. Preferably, use bold, italics, and color to highlight important phrases at the beginning and throughout the email. Action steps, a summary of changes, or some such very short “if you get nothing else from this email, get this” must be the first sentence or two. Provide details after that (some people will read it, and others might if they see from the beginning that it really needs to be read). A bulleted list with under-one-line summaries of steps or changes should either be first, or if you use another short summary up front, end with a bulleted summary.
4. Keep the quantity down, but repeat yourself twice when possible. Announce something as early as possible. Then at least when someone says “I never got an email about that” you can pull up their email box and locate the email you sent (unless they’ve deleted it — if only they would! That and all the other accumulated junk causing your Exchange server to whine and complain. Well, users do seem really good at deleting the daily emails about their mailbox being over the size limit…). But also send an email the day before, or as close to a change as possible while leaving people a reasonable amount of time to receive and read it. Two days ahead of time is too early.
5. This was part of number 3 above, but it’s very important: action steps. Include what is required of the user, up front and emphasized. “You must log out and log back in for these changes to take effect.” Even emphasize if it’s just a notification. “When you log in tomorrow, the icon will be red instead of blue. You don’t need to do anything different, this should happen.”

The problem is not solved. Users will always be…users. But mine are getting better! :-) And a lot of that is due to me working on my emails to make them better and more easily understandable. Any other suggestions I’ve missed?

As a side note, I am contemplating a simple intranet setup as a gateway to our new helpdesk system and to allow for announcements, forms distribution (and eventually business process automation). Posting all IT announcements there should also (hopefully) help. After I get people using it in the first place. (And after the best intranet solution is determined and set up!)

I just thought of an idea — what about pop-up “IT Announcement Ads”? Modify some adware to display ads from the IT department only, and have banners pop up on people’s screens with the information. Now there’s something they’ll pay attention to! (“My computer says I just won a laptop…is that true?!”) Granted, it might negate all the instructions about how users should ignore pop-ups, but might it be worth it? ;-)

If all else fails, I’m with Barry in recommending a ban of all users from the network :-)

If you would pray for my dad today I’d appreciate it. I’d rather not explain the situation (long, complicated history) but my family really, really appreciates the prayers! Thanks.

Mike Mayfield over at Pleasant Valley Baptist Church IT (“pvcbit”) posted a question about VPN remote access permissions. I wrote a blog post in March with a little bit of information on this relating to the Microsoft ISA 2004 firewall, but we’re actually using a combination of services for remote access right now (I mentioned LogMeIn on my prior post as well). Here is another quick look at what we’re currently doing for VPN.

Basically, because we have ISA, I can limit what particular user groups are able to do over their VPN connection, just like any other firewall rules. Very few people get file server access at all (actually, me and one guy who connects from his church laptop) over VPN. The rest are limited to Exchange server connectivity or Remote Desktop primarily, although now that we have RPC over HTTPS in place, it’s much simpler than VPN for the user and so that’s used almost exclusively for remote Outlook access now, and is as much as most people need (if they have a laptop they have an offline copy of most of their files anyway).

For those that still require remote access to their desktop at work (especially if they don’t have a church-owned laptop), I’ve been moving from VPN with Remote Desktop access (complicated to train someone to use since the connection is separate from the RDP client) to LogMeIn.com for remote access. There’s a free version and a Pro version, with remote printing and file transfer being the main additional features of Pro. The main benefit? It’s easy and just requires a web browser, it’s fast, and not very expensive (with the special we got anyway, or the free version is of course free!). I have run into an issue with a new remote user that hasn’t gotten LogMeIn to work on their own but I haven’t had a chance to troubleshoot this yet (I’m sure it relates to the steps to get the ActiveX or Firefox plugin installed for LogMeIn initially).

We have a Terminal Services server with a handful of user licenses that we use for some volunteers that need remote access from their home computer but don’t have a dedicated desktop at work. I haven’t attempted LogMeIn through Terminal Services, but I assume it wouldn’t work properly with the multiple sessions that make Terminal Services useful, and would only allow access to the console session. For this, we still use VPN, with a CD created from the CMAK along with an auto-running tutorial created with Wink that walks users through installing the VPN connectoid (which has all of the settings preset) and starting a VPN connection. Using custom commands in the CMAK connectoid, I’ve included a Remote Desktop settings file that automatically runs upon connection, automatically opening and connecting to the Terminal Server inside the VPN once it’s connected. When Remote Desktop is closed, the connectoid logs off the VPN. The integration of VPN and Remote Desktop isn’t perfect, but it’s a lot easier this way (most of the time) than trying to get people to understand connecting to the VPN first, then connecting with Remote Desktop manually, and disconnecting in reverse. The more automated the better! These VPN connections are of course limited through ISA to be allowed to connect only to the Terminal Server, and only through the RDP protocol.

One thing’s for sure: when allowing an unmanaged computer on the network, especially as unsupervised as a remote connection is, it pays from a security standpoint to keep the leash as tight as possible! And it’s the unintentional risks (spyware, viruses, etc.) more often than malicious users that cause a problem. The best part is, protecting from one helps to protect from the other (in general).

Normally, I really like the cans of soup or fruit that come with the pull-tab to open, rather than requiring a can opener. Generally easier to open, and not messy. Plus, you don’t have to find the can opener.

However, it’s very bad if a can comes with the tab broken off the top (it looked attached, but came off when I touched it). It’s bad because, at least with Progresso Chicken Soup cans, regular can openers don’t work and there’s not an immediately obvious alternate opening method. This one required some ingenuity, courtesy of a suggestion from my wife. “How about you use a butter knife to pop it open?”

I very strongly, highly recommend not using the blunt end of a butter knife to hammer down the edge of a can top such as this. It explodes. Not just a little. It goes “pop” and ends up all over your hair, shirt, shorts, the floor, the counter, everything on the counter…you get the idea. And in this case, it wasn’t the generic, hypothetical “your,” it was me. My hair, shirt, shorts, etc. Did I mention ear? Yep, it went in my ear (one of them). And nearly my eye. I had my eyes closed after this happened to protect from the splatter, so I couldn’t see my wife on the couch watching me. In a concerned voice she asked “are you okay?” but was otherwise silent. I wiped the soup out of my eye and looked at her only to notice she was trying very hard not to laugh very, very hard. Not trying hard not to; laughing hard. I chuckled to show I saw the humor and she burst out laughing. It was actually pretty funny, minus the cleanup which is most definitely not funny. That’s okay, I’ll have help. I was making the soup for her, after all, and following her suggestion.

Now, if I could just get all the soup out of my ear…

We use proximity (“prox”) card readers with our Parent Pager Plus system to assign pagers (and optionally assign a prox card to each family) for sign in and emergency contact purposes. When we added a check-in station several months ago, we purchased a used prox card reader but received no power plug for it. So it’s been sitting unused while we used that station as an administrative station, but we need it to work now for reasons I’ll spare you.

In the past, we had one of our prox reader plugs fail, and I was able to replace the failed plug with a generic Radio Shack plug that worked fine. It was a Radio Shack model 273-1773 adapter, and it provides 12V output up to 500mA. The original plug provides 12V output up to 300mA, so that model should have and did more than do the job. Radio Shack has apparently updated their adapter product line in the year or years since I purchased that unit, and now they have a new model number, 273-1774, that’s a bit smaller and lighter, but looks the same and has the exact same output specifications (up to 500mA). I purchased two of them, so we’d have a backup, and even tried plugging in the prox reader I took to the store before I left and sure enough the power light came on!

That was last night on my way home. Today, I go to plug in the adapter, and the power light comes on on the prox reader but it won’t scan (it beeps upon successful scan, and it won’t beep and won’t output to the computer). We have several readers, so I mixed and matched adapters (and interchangeable tips even), and the readers all worked no matter what (even on the old Radio Shack adapter with the exact same adapter tip) — unless they were plugged into either of the new adapters, when they didn’t work.

Why? I don’t know. If you do, let me know! There’s no logical reason why the new adapters shouldn’t work just fine.

There is happy ending. I returned to Radio Shack and was able to test their 3-12V adjustable AC-to-DC adapter, with up to 1000mA (1A), model number 273-029 (the box says 273-0029, the adapter and website say 273-029, and a search of their website using either brings up the right unit). These adapters cost only $0.85 more each, and they work perfectly fine, with the same adapter tips. Other than a wasted two hours and 10 mile round-trip for the exchange, the fix wasn’t too bad and it’s still going to be functional by Sunday. But I still have no idea why the adapters that didn’t work, didn’t work! The salesman when I exchanged them even tested one of them to make sure they were providing 12V. And like I said, I had two identical adapters that both refused to function properly! The mystery remains…

I’ve returned from a much-needed two-week vacation! But I decided to test out the recommendation from some security professionals (I can’t find the original posts right now) that suggest that when you leave the office, you don’t tell the general public that fact if at all possible. No out of office email, no giveaway voicemail message, and obviously no blog post with the announcement! I went as far as pre-writing several blog posts with advance publish dates, so they would automatically appear every few days as if I were still around. The idea is, if someone is going to try and pull off some hack or break-in, why tell them when you’re gone and give them the chance to strike? I don’t think the experiment was entirely necessary, perhaps, but it was fun, if uneventful. And I ended up with internet access more often than I anticipated on vacation — I didn’t write any blog posts but I did some Google Reader reading and posted a few comments on some blogs, etc.

I also updated the HelpSpot LAMP VirtualAppliance to the newest version (1.0.131 is now based on Ubuntu Server and allows you to install any Ubuntu module!) to fix the issue I had with DNS resolution, which I haven’t run into on this new version; outbound DNS works just fine now, and the PHP IMAP module installs! (As yet untested, however.) But hey, that was fun, and you’re supposed to have fun on vacation, right? At least I did it from a cottage overlooking the ocean in Maine :-) And there were minimal interruptions from the office the entire time (what there was I instigated by checking my email :-) and I returned to no emergencies or exceptionally urgent or unexpected requests. All-in-all a very good vacation! I could’ve used a little less time in the car (1300 miles in the last three days and that was just the return journey), but I’m not complaining (too loudly ;-)

Anyway, I’m back! And now you know why my posts have been sparse and not full of detailed technical info. Truthfully, I’m actually running low on detailed technical post ideas for the moment (and I do have some catch-up to take care of along with some personal stuff, which is why I’m posting this today even though I returned to work on Tuesday), but I’m sure that won’t last long. Stay tuned! I have a post coming this afternoon about a power adapter mystery/adventure that just happened, in fact…