1) Rebuild the macs using my (hopefully) robust deployment plan, and set them up on the gig network in B043.
2) Install the Study 1200 trial on the Macs and on the 4 TAPoR text machines.
3) Invite a few people down to help us test the software. We have a 30 day trial, so we should have plenty of time to determine its value. We discussed asking some folks from the ELC, CALL and various instructors from German/Russian, SEA and HispItal to help out in the testing.
Had a chat with UofA regarding the two Sanako packages and found out a few things.
1) Study 1200 is not a low-cost option. We can expect it to be many tens of thousands.
2) There is no group conversation available in Study 1200 so telephone calls are out.
3) Latency is noticeable, especially when students can see and hear the teacher speaking.
4) If we move the labs and replace our existing headsets, we should purchase MB Quart MBK C 800 USB electret headsets (we are currently using an old version of the MB Quart headsets).
To make the decision (move Lab 300 vs. switch to Study 1200) we will need to get a quote for the Study 1200 (headsets for all stations and teacher/student station software licenses) and compare it to a UVic provided ballpark guess regarding the cost of moving the Lab 300, plus buying new headsets and extra licenses to cover the extra stations we add.
I've installed the Tutor (teacher) version of the Sanako Study 1200, a VOIP language lab package on the Mac mini and the Student version on the iMacs. Martin and I took it for a bit of a test drive and it appears at least generally useful. We had some trouble figuring out how to get files to students, though. What it needs is a shared directory where it can find files. It creates a folder structure which duplicates the "sessions" available (A-F) and requires files to be shared to be stored in the appropriate directory. I'm sure there's a method of automating it, but haven't found it in the provided docs yet. Anyway, I got that working. Network speed is, of course, no issue. Also, shared drives (like squash) need to be pre-mounted on student stations before playback can occur. This makes me wonder if we'll need a server OS on teacher stations if ALL materials are on the server. If so, I can fiddle something on the server to accommodate the XP connection restriction AND the teacher desire to bring in materials as they see fit.
I also sent some of Dr. Niang's video files (40-sh to 60-ish MB each) and they just worked. Bang!, they were up and running without having to download the whole thing first. That is fabulous.
The one thing I have not found is a method of doing the telephone conversations that Lab 300 supports. Frankly, I suspect they've dropped that as the network overhead would be crippling.
The system appears to be based around an initial feature set that can be augmented by purchasing modules and incorporating them. The interface apparently remains the same, merely adding buttons and so forth to the existing GUI. Modules to add include Blackboard support (ugh), and a content creation module (audio, video and the like). There are others, but I can't download any to assess their value.
Conclusion for today: I think we should talk to U of A about their experience with it, and get a ballpark quote for the record.
So I've been beavering away on a system that dual (or triple) boots AND provides a local R/W storage partition that is accessible from each OS. Choosing a common filesystem is tough, though:
* EXT2/3 drive exists for Windows, but the only one available for Mac OS doesn't work properly, so that's out.
* HFS+ drivers exist for Linux, but the Windows one costs $40+/machine - too much
* FAT32 is crap for all kinds of reasons.
* NTFS drivers exist for Linux and Mac OS (NTFS-3G) but when I write a file to the NTFS data partition from Mac OS the data is gone on reboot - this not a good thing. I discovered that it is because NTFS-3G is a userspace filesystem it generates a UUID for the partition each time. I *think* this is why the data is toasted, but I don't find others complaining (why?).
* other, more exotic filesystems (JFS, ReiserFS, ZFS, UFS etc.) aren't supported well enough on ANY non-native operating system.
I conclude that this is not worth solving in the context of a lab setup. Here's one solution:
The new labs will require a server to store teaching materials. We can build an inexpensive machine (>$2000) with heaps of storage (~4TB) and multiple NICs, on a gigabit network. The machine will export NFS and SMB/CIFS shares that get picked up by Mac OS (NFS) and Windows (SMB/CIFS). This will provide very fast storage that is available from any machine in the domain.
A useful link from the Apple site:
http://docs.info.apple.com/article.html?artnum=304270 which shows the
mapping between Apple and PC keyboards/functions. Of note is the fact that
the "Clear" key on the Apple keyboard is numlock.
Registry settings for forcing numlock on when booting Windows
Open the registry and go to:
Change the value of InitialKeyboardIndicators to whichever state you wish...
0 - Indicators off
1 - Caps Lock on
2 - Num Lock on
3 - Caps Lock on and Num Lock on
4 - Scroll Lock on
5 - Caps Lock on and Scroll Lock on
6 - Num Lock on and Scroll Lock on
7 - Caps Lock on, Num Lock on, and Scroll Lock on
Close regedit. A reboot may be required.
An alternate solution is a VB script:
set WshShell = CreateObject("WScript.Shell")
Save file as "numlock.vbs" (in quotes to ensure that notepad doesnt automatically name it numlock.vbs.txt)
Then copy and paste the file (OR a shortcut to the file) numlock.vbs into C:\Documents and Settings\All Users\Start menu\Programs\Startup
This causes numlock to become enabled AFTER login (which is the only drawback, if you needed it on BEFORE the login window, for password purposes)
Mac keyboard shortcuts
To adjust the built-in Windows firewall, it is possible to construct a reg file and merge it remotely. An example of the reg file for setting up Zenworks:
Windows Registry Editor Version 5.00
"524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt"
"524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt"
"1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control"
"1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"
A CLI app called netsh is available in Windows to do the config as well. Info here:
A clip from the page:
Using command-line support
Windows Firewall Netsh Helper was added to Windows XP in the Microsoft Advanced Networking Pack. This command-line helper previously applied to IPv6 Windows Firewall. With Windows XP Service Pack 2, the helper now includes support for configuring IPv4.
With Netsh Helper, you can now:
• Configure the default state of Windows Firewall. (Options include Off, On, and On with no exceptions.)
• Configure the ports that must be open.
• Configure the ports to enable global access or to restrict access to the local subnet.
• Set ports to be open on all interfaces or only on a specific interface.
• Configure the logging options.
• Configure the Internet Control Message Protocol (ICMP) handling options.
• Add or remove programs from the exceptions list.
These configuration options apply to both IPv4 Windows Firewall and IPv6 Windows Firewall except where specific functionality does not exist in the Windows Firewall version.
Gathering diagnostic data
Windows Firewall configuration and status information can be retrieved at the command line by using the Netsh.exe tool. This tool adds IPv4 firewall support to the following Netsh context:
To use this context, type netsh firewall at a command prompt, and then use additional Netsh commands as needed. The following commands are useful for gathering firewall status and configuration information:
• Netsh firewall show state
• Netsh firewall show config
Compare the output from these commands with the output from the netstat –ano command to identify the programs that may have listening ports open and that do not have corresponding exceptions in the firewall configuration. Supported data gathering and configuration commands are listed in the following tables.
Note Settings can be modified only by an administrator.
show allowedprogram Displays the allowed programs.
show config Displays the detailed local configuration information.
show currentprofile Displays the current profile.
show icmpsetting Displays the ICMP settings.
show logging Displays the logging settings.
show opmode Displays the operational mode.
show portopening Displays the excepted ports.
show service Displays the services.
show state Displays the current state information.
show notifications Displays the current settings for notifications.
add allowedprogram Used to add excepted traffic by specifying the program's file name.
set allowedprogram Used to modify the settings of an existing allowed program.
delete allowedprogram Used to delete an existing allowed program.
set icmpsetting Used to specify allowed ICMP traffic.
set logging Used to specify logging options for Windows Firewall either globally or for a specific connection (interface).
set opmode Used to specify the operating mode of Windows Firewall either globally or for a specific connection (interface).
add portopening Used to add excepted traffic by specifying a TCP or UDP port.
set portopening Used to modify the settings of an existing open TCP or UDP port.
delete portopening Used to delete an existing open TCP or UDP port.
set service Used to enable or drop RPC and DCOM traffic, file and printer sharing, and UPnP traffic.
set notifications Used to specify whether notifications to the user when programs try to open ports are enabled.
reset Resets firewall configuration to default. This provides the same functionality as the Restore Defaults button in the Windows Firewall interface.
Erik is doing a workshop which requires Skype.
I have pushed the installer to all Lab B machines, and can install it silently from the Ghost console with this command:
c:\documents and settings\administrator\desktop\skypesetup.exe
and the following parameters:
If we want to remove the link added to the desktop, then do:
del "c:\documents and settings\all users\desktop\skype.lnk"
UPDATE: Skype does not need to have a global firewall exception to work. It should, however, have a registry setting applied that denies it supernode powers. The file looks like this:
Windows Registry Editor Version 5.00
The reg file and other info on Skype in an educational settings was pinched from here: https://www.cs.uwaterloo.ca/twiki/view/CF/SkypeConfiguration
Something to investigate if we deploy Skype on all lab machines (at least in Windows) is how to do away with the annoying post-install setup and account setup and firewall warning. I imagine it's just a "Default User" profile adjust and deploy thing.
note: I added 30 minutes to this post for subsequent work on this topic
1) Install Leopard to an external drive
2) Reboot to external Leopard
3) Format internal HDD so that it contains one 30GB Windows partition and a Mac OS partition which takes up the rest of the drive. Make sure that the Windows partition is last. Use Disk Utility for this, or use the command line utility diskutil (instructions are elsewhere in this blog).
3) Using NetRestore, clone the Leopard_clean.dmg image to the Mac OS partition. Leopard_clean.dmg is an image I created from a clean Leopard install using NetRestore Helper.
4) Using WinClone, clone the XPclean.winclone inage to the Windows partition.
5) Reboot in to Mac OS (internal) and install BootPicker. If adjusting its settings do not work, run the following commands in Terminal, one after the other:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker windowsPartition "/dev/disk0s3"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker userChoosesBootOS -bool TRUE
The first one tells BootPicker where to find Windows and the second one sets permission for the user to choose their OS.
*** If you would like to exclude an option from the list (like you don't have Linux installed, so you want to remove the Linux choice from the boot splash), do this:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker linuxPartition -bool FALSE
6) Boot in to Windows - My experience so far is that there will be a disk check required on first boot. I assume this is because of the mismatch between the initial formatting done in step #3 (FAT32) and the internal formatting of the XPclean.winclone image (NTFS).
That should be it, at least on a basic level. Things to consider:
Windows can't read HFS+ dives, so data created in Mac OS is not accessible to the Windows machine. Installing VMware or Parallels and running Windows as a VM will resolve this.
Although Mac OS can mount the NTFS partition Windows lives on it will not be writable, even if you have installed NTFS tools (a binary from http://www.bombich.com or http://www.ntfs-3g.org/ ). This is because the initial mount command run from /etc/rc calls the internal, RO filesystem driver. I believe there is a way around this, but I won't be implementing it on lab machines.
Bootpicker on Leopard seems to be more of a command-line app than GUI. The GUI allows you to make changes, but they are frequently ignored. All functions seem to be exposed for CLI use, though. Until it is totally Leopard compatible, here's the included documentation (only available from within the application).
With the advent of Boot Camp comes the possibility of deploying dual-boot Macs and permitting your end users to choose whichever platform will work best for whatever they'd like to do at the moment. But how do you manage the presentation of this choice? There are a couple concerns to keep in mind:
1) Setting the boot device is an activity restricted to administrative users.
2) Allowing non-administrative users access to this functionality potentially allows them to set the boot device to some external media that they provide (then they can really rape the system).
3) Leaving the machine at the EFI boot picker (hold down the option key at startup), while possible, leaves the previous options open and also leaves the machine in a state in which it cannot be managed or accessed via the network. rEFIt (http://refit.sourceforge.net) allows you to lock down the boot options at startup, however you're still unable to actually manage the machine in this state.
Before developing BootPicker, I came up with a list of requirements that I would insist upon were I to manage a lab of dual-boot Macs:
1) Must work when a firmware password is applied to the machine
2) The boot picker can not interfere with remote administration (e.g. via ARD)
3) The boot picker must allow the administrator to specify explicitly what drives are permitted as boot devices
4) The administrator can disable (remotely) the boot picker at any time
5) When the machine is rebooted, it will always boot to Mac OS X by default and present the boot picker
6) Optionally, the boot picker preferences can be managed via directory services (permits management at scale)
7) Optionally, the boot picker should allow the administrator to provide some guidance to the end user about why they should choose one OS over another
BootPicker satisfies all of these requirements. BootPicker runs on startup immediately prior to LoginWindow. Based upon your configuration, it presents an option to the end user to choose an operating system. Upon choosing that OS, the machine either continues to Mac OS X or reboots to the specified OS. The next time the computer is rebooted, it automatically returns to Mac OS X and the boot picker. Finally, for environments that require management at a large scale, or management while the machines are turned off or booted to a different OS, BootPicker can be managed via a Mac OS X Server Open Directory Master. Got AD? That's OK, you can leverage that as well (see http://www.bombich.com/mactips/activedir.html).
Graphical User Interface Configuration
BootPicker can be configured using the BootPicker preference Pane. At minimum, you must indicate the partition containing your Windows or Linux installation.
BootPicker can be configured locally at each client via a plist preference file or from Workgroup Manager on your Mac OS X Server Directory Service (see http://www.bombich.com/mactips/activedir.html for information on Leveraging Mac OS X Server in an Active Directory environment). Because BootPicker runs before any user is allowed to log in, you must apply BootPicker preferences to a machine group.
Configure BootPicker settings on a particular machine:
At a small scale, BootPicker settings can be applied using the defaults command. At minimum, you must provide the name or device ID of your Windows or Linux partition as well as the "userChoosesBootOS" setting. If a Windows or Linux partition is not specified, BootPicker will exit immediately to the Mac OS X loginwindow.
sudo defaults write /Library/Preferences/com.apple.education.bootpicker windowsPartition "Windows XP"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker windowsPartition "/dev/disk0s3"
To specify the device node of a Linux partition:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker linuxPartition "/dev/disk0s5"
Note that the Windows volume can be specified by name or device node. The Linux volume can only be indicated by device node because it does not generally mount under Mac OS X.
Other preference keys:
To indicate that the user is NOT permitted to choose the boot OS (suppose you want to force booting to Windows or temporarily remove the choice):
sudo defaults write /Library/Preferences/com.apple.education.bootpicker userChoosesBootOS -bool FALSE
sudo defaults write /Library/Preferences/com.apple.education.bootpicker defaultBootOS "Windows"
[Note: To get back to Mac OS X after running the second command, you will need to boot into Single-User mode to delete the /Library/Preferences/com.apple.education.bootpicker.plist file. For a more scalable approach, refer to the "Configure BootPicker settings in Workgroup Manager" section below.]
By default, the additional text below each operating system choice ("justification text") is not present. To make text appear, run the following defaults commands:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker mosxJustification "Mac rules"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker winJustification "PC drools"
sudo defaults write /Library/Preferences/com.apple.education.bootpicker linJustification "Um, Linux"
The OS choice buttons and justification text will be spaced proportionately within the window.
To specify the title of the BootPicker window:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker title "Welcome to Macintosh"
To specify the background picture:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker bgPath "/path/to/image.jpg"
Any image file type supported by the Preview application should work as a background image.
Each command listed above can also be applied using Apple Remote Desktop's Send Unix command. Alternatively, you can make the changes to your local copy of the preference file, then push the file out to your client machines.
Configure BootPicker settings in Workgroup Manager
For centralized management of BootPicker's settings, as well as management control while machines are not booted into Mac OS X, leveraging Apple's Open Directory infrastructure is the way to go. To avoid conflicts with local preference files, be sure to delete the BootPicker preferences stored at /Library/Preferences/com.apple.education.bootpicker.plist on your client machine(s).
1. Launch the Workgroup Manager application in /Applications/Server and log in to your server. You may perform this step at your server or at a remote administration machine.
2. Click on the Machine tab and select a machine group (you may need to create a group first).
3. Click on the “Preferences” button in the toolbar, then click on the "Details" tab.
4. Click on the “Add...” button. Navigate to /Applications/Utilities and choose BootPicker (you may want to copy this to your server rather than installing BootPicker on your server). Click the Add button.
5. Click on the BootPicker item identified by “com.apple.education.bootpicker” and click on the Edit button.
6. Click on the “Always” item and click its disclosure triangle to enable the “New Key” button. Add a new Key.
7. Next to the “New Item” entry is a pop-up button. Click on the arrows to reveal all the preference attributes available within the manifest
8. Choose “Windows Partition Name”. Change the value to the name of your Windows partition.
9. Repeat for each preference key that you wish to set.
Configuring Windows to reboot on logout
Fundamental to the utility of BootPicker is getting a machine to always return to the BootPicker screen when a user is finished using Mac OS X or Windows. Many labs maintain a policy that users must log off of the computer before leaving to protect their data and identity. By enforcing this type of policy, lab managers can leverage this opportunity to reboot Windows to Mac OS X.
To reboot Windows at log off time, do the following:
1. Create a plain text file named "logoff-restart.cmd" with the contents "shutdown -r -f -t 0". Save it to the Desktop (for now).
2. Choose "Run" from the Start menu, type "gpedit.msc" and hit return.
3. Navigate to User Configuration > Windows Settings > Scripts
4. Double-click on the "Logoff" item in the pane on the right.
5. Click the "Add..." button, then click the "Browse" button.
6. Drag the logoff-restart.cmd file into the Browse window. That should copy the file to C:\WINDOWS\system32\Group Policy\User\Scripts\Logoff.
7. Select the logoff-restart file in the browse window and click "Open". Click "OK" to dismiss the "Add a script" window.
8. Click "Apply", then click "OK". Log off to test that the script applied.
Configuring a Macintosh to "Triple Boot" -- Mac OS X, Windows, and Linux
See http://www.twocanoes.com for more information.
To uninstall BootPicker, simply click the "Uninstall BootPicker" button in the BootPicker Preference Pane's Uninstall tab.
How BootPicker "works"
BootPicker is actually an incredibly simple application. By running immediately before the loginwindow process loads, and after the rest of Mac OS X has loaded, BootPicker has the ability to set the boot disk prior to any user is allowed to log in to the machine. To boot into Mac OS X, BootPicker simply exits and allows loginwindow to load. To boot into Windows or Linux, it simply runs the "bless" command with syntax along these lines:
/usr/sbin/bless --device /dev/<devNode> --setBoot --legacy --nextonly
It is important to understand the implication of this simplicity. BootPicker does not participate in the setup required to actually make a Macintosh boot to any particular operating system. In fact, BootPicker doesn't concern itself with the contents of your volumes at all. Consequently, you are responsible for setting up your Mac in such a way that it can boot to your additional partitions given BootPicker's usage of the bless command.
Setting the boot volume of a Mac is an operation that requires administrator privileges. Rather than opening an environment for non-admin users to execute whatever administrative functions they'd like, BootPicker provides a very limited amount of functionality -- it will set the boot disk to one of a set of volumes that you as the system administrator permit. To provide this level of functionality to non-administrative users in a controlled manner, BootPicker runs before loginwindow runs -- before a user is permitted to log in to the machine at all. As such, BootPicker must run as the System Administrator (root) -- only the root user is allowed to connect to the WindowServer prior to login. In general, it is a bad idea to run GUI applications as the root user.
Problems getting a 4-partition, 3OS machine set up.
Because Bootcamp will only create 2 partitions it isn't simple to build a triple-booter in the approved manner.
Formatting the drive as 4 partitions (using GUID map) leaves Windows unbootable, but adding an MBR meant that Mac OS didn't show up in the Startup disk pref pane. As a result, I was not able to make Bootpicker work the way I had hoped: the machine would either only boot in to Windows (or Linux, depending on GRUB) or I'd get a blue screen when I tried to boot in to Windows (using the keyboard to choose OS on boot). Adjusting GRUB or boot.ini works, but is not elegant.
The solution (found here: http://www.twocanoes.com/forums ) is to set the LAST partition on the disk to be Windows. Apparently the Intel Macs won't recognize the bootability of Windows unless it's last on the list. Also, when cloning the new Windows install to another machine, the new machine needs to be partitioned in the same way:
partition 1: Storage
partition 2: Mac OS
partition 3: Linux
partition 4: Windows
or boot.ini will need to be adjusted to point to the right partition.
So, what I'm doing right now:
1: boot from external Leopard
2: Format drive as above (4 partitions with Windows last)
3: Use NetRestore to build Mac OS partition from Leopard_clean.dmg on external drive
4: Boot to Windows install disk and install Windows (make sure to format partition as NTFS)
5: Boot in to Windows and install Windows drivers from Leopard disk.
6: Boot in to Leopard and install/configure Bootpicker
6b: If it is a dual-booter (no Linux), run this command in OS X to disable the Linux choice in Bootpicker:
sudo defaults write /Library/Preferences/com.apple.education.bootpicker linuxPartition -bool FALSE
UPDATE: 4 partitions won't work. MBR only supports 4 primary partitions and GPT does not support extended partitions. Combining these two limitations means that a dual partition system disk can have a maximum of 4 primary partitions. In addition, Apple reserves the first primary partition for the "EFI System Partition". That leaves us with only three partitions to play with, one for each OS.
(from http://wiki.onmac.net/index.php/Triple_Boot_via_BootCamp )
So, I'm going with 2 partitions (in the case of the labs, no Linux). 30GB for Windows, at the end of the disk and the rest for Mac OS.
Useful disk commands:
sudo diskutil mergePartitions "Journaled HFS+" "Mac OS" disk0s2 disk0s3
which will merge partitions 2 & 3 using journaled hfs+ and name the resulting partition Mac OS.
sudo diskutil resizeVolume disk0s2 60G "Linux" "Linux" 17G "MS-DOS FAT32" "Windows" 15G
which will resize disk0s2 (the main partition volume) to 60GB and create a 17GB volume called Linux with linux formatting and a 15GB FAT32 volume called Windows.