Thursday - Early Childhood Visits

On Thursday, I had to run to the office to kick-start the mail server. After I took care of a few other issues in-house, I headed down to Fouke and to Texarkana for some troubleshooting. In Fouke, one of the student machines got infected with the "Windows Repair" drive-by fake spyware program. I sincerely *HATE* these stupid fake spyware programs. They pretend to scan your machine and report all kinds of problems, when in fact the program itself is causing the problem! In this case, Windows Repair "scans" the computer, but what it is really doing is resetting all the attributes to HIDDEN and READ-ONLY for every single file it can get its hands on. Naturally, this produces all kinds of "drive errors" because the system cannot write to read-only files! It is brilliant in its simplicity. It is also a bugger to get rid of! I tried to run Malwarebytes, but that was futile. Even in Safe Mode it was worthless because of the attributes, plus the program was outdated. So, time for the "hard way:" I deleted the following files from Safe Mode: Documents and Settings\All users\Application Data\(random gibberish filename).exe Documents and Settings\infected-username\Application Data\(random gibberish filename).exe Unregistered and Removed this: Documents and Settings\All Users\Application Data\(random gibberish filename).dll Then removed these:

Documents and Settings\UserName\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk

Documents and Settings\User Name\Start Menu\Programs\Windows Repair\Windows Repair.lnk

Documents and Settings\UserName\Start Menu\Programs\Windows Repair

Documents and Settings\UserName\Desktop\Windows Repair.lnk

Documents and Settings\All Users\Application Data\[RANDOM CHARACTERS].dll

Documents and Settings\All Users\Application Data\[RANDOM CHARACTERS].exe

Documents and Settings\All Users\Application Data\[RANDOM CHARACTERS]

I right-clicked on each folder in C:\ then chose Properties. in there, UNCHECK the "Read Only" box and UNCHECK the "hidden" box. I realize this is overkill and may actually serve to subject Windows to other issues at some point, but I needed the system up and running.

Once the attributes were changed, I rebooted and logged in as an Administrator. I updated Malwarebytes. I also disabled System Restore and deleted all the Temporary Internet Files (manually through a command prompt).

I scanned the machine and found three infections, which Malwarebytes cleaned up.

I rebooted and everything appeared normal.

After that, I headed to the Supt's office, but he was out of town.

I went to Texarkana to work on their computers.

I had to install new A/V software on two machines. I set up a user password on one machine. That went smoothly, except on my way back to the office, the teacher called to tell me her computer was now runnig VERY slowly. I will be back there to check that out.

Troubleshooting Plato and Ironport

Was at a school on Wednesday that had trouble with Plato. Students could not pull up the assessments from the program, but teachers and IT could. The local tech ruled out permissions and was able to narrow the problem down to the Ironport firewall. That's when I walked in. The tech created a new Identity and Access Policy and used an IP address not currently associated with anything in the system. I sat at a workstation and logged in as an admin user and as a student alternately, as we tried to figure things out. With the IP settings wide open, I could go anywhere in Plato I wanted. We started locking things down. I would wait for the tech to make a change, then kill IE and try to get it. The first set of changes allowed me through. We made more changes. Log off/Log on, got through. We did this for a couple hours as we enable each of the settings already in the Student Access Policy. In every case, I was able to get through as a student. Something wasn't right here. At 11 o'clock, Cisco called and we got into a WebEx with them for troubleshooting. On a different machine, Cisco captured packets during a session where the system would not allow a student to take assessments. Then, I suggested we capture packets from a session using the admin account since that WOULD work. Cisco agreed. They said they would look at the data and get back to the tech. After lunch, we thought we had a solution: Windows 7 and IE9. The machine I was using to test had those. The machines in the lab have XP and IE7. We upgraded to IE8 and that did not fix it. We took a couple netbooks with Win7/IE9 and they didn't work either! UGH! Back to the drawing board. Then, as we were talking, the conversation came up about session cookies and the filter. I knew that was part of the key. you see, if the filter was using keys, then my key would still have been active on the test computer (where it worked). Sure enough, we logged in as a DIFFERENT student, and that account couldn't take assessments. Okay, now we were getting somewhere. After some more troubleshooting, we knew we would have to run the tests again. We also surmised that the cookies were being held for about 20 minutes. Surely we would not have to wait 20 minutes between tests, right? Right. Each USER got a cookie! So, the plan was to make a change, log in as a student. Test. If it did not work, make another change and log in as a DIFFERENT student then test. Repeat until it started working. (or vice versa. I think we started with the most open and worked our way to most restrictive in the plan). By the time we came up with the plan, it was 4:15pm and I had to head to the house. The tech and his assistant would work on it the next day (Thursday). I receive a text on Thursday mid-morning, letting me know that they had figured out the issue! The culprit? Bandwidth restrictions! Since the bandwidth was locked down for students, the program (java/flash based) couldn't run! Problem solved! Wahoo!

Monday and Tuesday

Lately, the days are filled with general troubleshooting as usual.  But, in addition, I am working hard on keeping our existing servers going while prepping for the move to other services.  We officially changed email addresses on Monday!  I am very excited about that.  I am also working on getting our mail, contacts and calendars moved to Google Apps. 

That process is *much* slower than I anticipated.  We have to wait for Google to recognize us as an educational organization. Go figure.  Ah well, the good news is that I can run a pilot program to gradually make the move for most of the features.  Some "big ones" though will be missing - namely global distribution groups - until we are upgraded.

Meanwhile, I sat in on a Common Core State Standards conversation regarding a technology project several of the co-ops are putting together in order to help teachers build lessons for the new CCSS assessments.

I realize this is not as thorough as it really ought to be.  I am sparing you, the reader, the banalities of reading through hundreds of emails, looking at dozens of web pages (for Google Apps assistance and troubleshooting), upgrading internet explorer on the presentation station in the conference room, and other individual tasks that add up to more then 8 hours of work on each of the past two days.

I will say that the alarm helped to remind me that I needed to post!

UGH! I have to get better at this!

Seriously, I have got to remember to post my daily work activity.  The problem is that I have been so busy lately that I don't have time before the day runs out, and then after I get home, I forget to post.  I think I will set an even in my calendar to remind me to post every day.

In the meantime, I have been battling server issues.  Our servers are 5-6 years old and they are showing signs of wear and tear.  So much so, we are making some major changes at the co-op!

For starters, Southwest Arkansas Education Cooperative is now swaec.org!  For email, for web.  Instead of the long address we used to have, folks can now use swaec.org to reach our folks!

We will also be switching to Google Apps for Education!  This will give us 24/7 uptime with total accessibility.  Another features allows our users to monitor their own spam.  I will enjoy passing that off onto the users.  Right now, I have to go through the trapped mail and release it based on what I think is good mail.  It takes a lot of time, but mostly, I am not the content police.  I pass along what the users ultimately agree is junk, but I let them make that decision after I made the decision.  That's just too many fingers in the pie, in my opinion.

We are also getting one server that will replace our dying ones.  This will move us in the the world of virtualization.  I am pretty old-school when it comes to certain things related to technology - servers WAS one of those things.  I believed that I needed a physical server to handle separate tasks.  Well, mostly.  I think a server should be able to handle multiple tasks, depending on those functions.  For example, one server can easily handle DHCP and DNS.  Another one for Email. Another for user file storage.  Maybe in the "real world."  In education, there isn't money for that unless you get a grant (which we did 6 years ago or so).  But even if you have multiple physical servers, the key is to make sure the servers are being used effectively and efficiently.  Our servers were not, really.  Of course, hindsight is, as they say, 20/20 vision.

With virtualization, I can set up individual servers to handle separate tasks, with the storage and access spread across multiple drives and network connections.  It also makes backing up the servers a WHOLE lot easier!

On a different note, one of the schools' distance learning system was acting up so Trish and I headed down for a look. The document camera would not show on the screen.  Turned out to be a combination of problems.  The codec did not detect the unit and the touch panel did not even have the unit as an option on the screen! Okay, so the first thing I do is bypass the touch panel and hook the doc-cam directly to the codec.  That worked, but it is clunky to switch devices with the remote control (versus using the touch panel).  Once I knew things worked, it was time to make them work CORRECTLY.   I reconnected the doc-cam to the touch panel (that is an over-simplification, I know).  I went into the panel settings and activated the panel (along with the main camera, the dvd player, and the pc connection - all of which had been deactivated for some reason).  After that, things still did not work correctly.  Back to the first thing I ever learned in troubleshooting: when it doesn't work, reboot it and work out from there.  After the reboot, everything worked again. Sweet!

On yet another note, the SWAEC technology training team met the other night to talk about (and start working on) modules for summer workshops.  Most of the summer professional development will focus on Common Core State Standards along with iTunesU, ArkansasIDEAS, and Arkansas Digital Sandbox.  It is going to be a wild and opportunistic summer!

SWAEC hosted the April state Technology Coordinator meeting for the first time since moving into the new building.  I invited my area techs along for the meeting so they could get a feel for how things go at the state-level - a peek at what I do, in other words.  I think overall it went well.  In retrospect, I probably would have made some procedural suggestions for the invited guests, but the atmosphere we have as a group is generally pretty open-ended.  Ideas are thrown around throughout an given conversation which leads to a little bit of chaos and whole lot of inspiration.

Now, I'm off to set up a recurring event in my calendar to remind me to write in this journal every work day.