Changes to the Roaming Computing System ======================================= http://thegoldenear.org/rcs/ For details of managing these software upgrades see http://thegoldenear.org/rcs/software-upgrades.html Key --- - letters in square brackets (i.e. [EC]) indicate sites that have implemented this change - updates are labelled by category. the categories are: application - the main applications used by people configuration - any aspect of system configuration, including tools(?) driver - device drivers OS update - operating system patches, updates, security fixes, etc Updates ------- Pegasus Mail 4.31 [EC,CW] We no longer track Microsoft security updates. 29 Aug 05 - OS update: IPCop firewall 1.4.7, 1.4.8. Download them all and install seperately, in order. ? Reboot after uploading 1.4.7. Changes: http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=22&mode=thread&order=0&thold=0&POSTNUKESID=6fed9a36bc8067ab30ecdd1e3fc3d9bc Download: 29 Aug 05 - application: Mozilla 1.7. what's new?: handler ... to fix the Windows shell: security vulnerbility" 07 Jun 05 - OS update: Debian 3.1 (release 1a) 'Sarge' Press release: http://www.debian.org/News/2005/20050606 Debian 3.0 ('Woody') will receive security updates for the next year. If you're remaining using Debian 3.0, change the reference to 'stable' in /etc/apt/sources.list to 'woody'. If you're upgrading from 3.0 to 3.1, first make sure you have a Debian repository source in your /etc/apt/sources.list file in addition to a security source; then do an 'apt-get update' and 'apt-get dist-upgrade' so as to pick up some additions to the Debian archive that weren't included in security updates that are required to make the transition to Sarge. The Debian 3.1 release notes recommend using aptitude when upgrading from 3.0 to 3.1, rather than apt-get. A major update to Samba is inlcuded, to get this to work with the Roaming Computing System a minor change to our configuration file is required which will be posted here soon. 07 Jun 05 - OS update: IPCop firewall 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6. Download them all and install seperately, in order. Reboot after uploading 1.4.4. Download: http://ipcop.sourceforge.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=3 07 Jun 05 - OS update: FloppyFW firewall 2.0.11 changes: http://www.zelow.no/floppyfw/download/Changelog-2.0 download: http://www.zelow.no/floppyfw/download.html 01 Dec 2004 - OS update: IPCop 1.4.1 (firewall) download: http://www.ipcop.org/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=3 01 Dec 2004 - application: FloppyFW 2.0.10 (firewall) changes: http://www.zelow.no/floppyfw/download/Changelog-2.0 download: http://www.zelow.no/floppyfw/download.html 11 Nov 2004 - configuration: if your list of repositories for downloading software from in your APT source file (/etc/apt/sources.list) includes 'www.mirror.ac.uk' you should replace this with another (we recommend 'http://ftp.uk.debian.org/debian/' for those in the UK). www.mirror.ac.uk has dropped its support for most of the software it was hosting. 11 Nov 2004 - OS update: Windows XP Service Pack 2 http://www.microsoft.com/WindowsXP/sp2/ Use with caution as its an enormous update and a (welcome) change of Windows policy regarding security - check with your computer manufacturer and with the supplier of each piece of software you use whether it is compatible with Windows XP Service Pack 2 11 Nov 2004 - OS update: Microsoft Security Bulletin MS04-038 (834707) Cumulative Security Update for Internet Explorer Affected software: Windows NT4, 2000, XP 11 Nov 2004 - OS update: Microsoft Security Bulletin MS04-037 (841356) Vulnerability in Windows Shell Could Allow Remote Code Execution Affected software: Windows 2000 SP3, 2000 SP4, XP, XP SP1 11 Nov 2004 - OS update: Microsoft Security Bulletin MS04-034 (873376) Vulnerability in Compressed (zipped) Folders Could Allow Code Execution Affected software: Windows XP, XP SP1 11 Nov 2004 - OS update: Microsoft Security Bulletin MS04-032 (840987) Security Update for Microsoft Windows (various) (Replaces MS03-045) Affected software: Windows 2000 SP3, 2000 SP4, XP, XP SP1 11 Nov 2004 - OS update: Microsoft Security Bulletin MS04-031 (841533) Vulnerability in NetDDE Could Allow Remote Code Execution Affected software: Windows 2000 SP3 and SP4, XP and XP SP1 11 Nov 2004 - OS update: Microsoft Security Bulletin MS04-028 (873374) Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution Affected software: Windows XP, XP SP1 11 Nov 2004 - OS update: Cumulative Security Update for Internet Explorer MS04-038 (834707) 02 Aug 2004 - OS issue: Samba "The internal routine used by the Samba Web Administration Tool (SWAT v3.0.2 and later) to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. It is recommended that all Samba v3.0.2 or later installations running SWAT either (a) upgrade to v3.0.5, or (b) disable the swat administration service as a temporary workaround." reference: http://us1.samba.org/samba/whatsnew/samba-3.0.5.html 20 Jul 2004 - OS update: Microsoft Security Bulletin MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) Reference: http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx Affected software: Windows NT4, 2000, XP, 2003 20 Jul 2004 - OS update: Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315) Affected software: Windows NT4SP6a with IE6SP1, 2000, XP, 2003, 98 (via Windows Update Web Site http://go.microsoft.com/fwlink/?LinkId=21130) Reference: http://www.microsoft.com/technet/security/bulletin/MS04-023.mspx 20 Jul 2004 - OS update: Microsoft Security Bulletin MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (841873) Affected software: NT4SP6a with IE6SP1, Windows 2000, XP Reference: http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx 20 Jul 2004 - OS update: Microsoft Security Bulletin MS04-020 Vulnerability in POSIX Could Allow Code Execution (841872) Affected software: Windows NT4, 2000 Reference: http://www.microsoft.com/technet/security/bulletin/MS04-020.mspx 20 Jul 2004 - OS update: Microsoft Security Bulletin MS04-019 Vulnerability in Utility Manager Could Allow Code Execution (842526) Affected software: Windows 2000 Reference: http://www.microsoft.com/technet/security/bulletin/MS04-019.mspx 20 Jul 2004 - configuration: TWEAK (for Windows) 0.8.42 Updates relating to the Roaming Computing System: (see TWEAK's change log for further details on these and other changes at http://thegoldenear.org/tweak/changes.txt) - FEATURE - 'Windows Configuration' - 'Configure general Windows system and interface on this machine' - major policy change to turn on Windows Automatic Updates. We were turning this off and preventing it from being turned back on again. Some of Microsoft's fixes are broken, breaking more than they fix. We were recommending checking their web page or subscribing to their mailing list for notification of updates, evaluating then manually applying those that are critical. But this takes significant time; Microsoft's patches are being released more frequently; malicious coders are taking advantage of Windows' security flaws much quicker than they once did; and with so many more people connected using the Internet and with high speed connections means malicious software is infecting quicker and more completely than it once did. Further understanding of Windows Automatic Updates (by Matt) has shown that it can be configured to fit within the strategy we advocate above; it doesn't have to automatically download and apply all patches, as we'd previously thought; and so we can take advantage of it's time saving features. TWEAK now turns off Automatic Updates. We recommend once you've evaluated certain updates you login as Administrator, turn on Automatic Updates (either manually or using TWEAK's new option A -> P -> J) which will offer a list of applicable updates from which you can choose those you trust. You can re-enable it when done (again either manually or using a new TWEAK option: A -> P -> JU). This keeps you in control of the updates and doesn't unexpectedly use bandwidth (though the Background Intelligent Transfer Service is used, which "transfers files in the background using idle network bandwidth"). When Automatic Updates is turned back on after being off, it fortunately defaults to 'Notify me before downloading any updates and notify me again before installing them on my computer'. TWEAK no longer disables the ability to turn Automatic Updates on/off and no longer recommends manually uninstalling it using Add/Remove Programs (it turns out you can't uninstall it anyway, de-selecting it from this list (after making it visible in the list using TWEAK) has no effect and its selection just returns). For those who've used TWEAK previously and want to re-enable Automatic Updates you can use a new individual option in TWEAK to allow it to be changed: A -> P -> I (Enable Automatic Updates to be turned on/off). Then run Windows Configuration's option 'D' ('Configure general Windows system and interface on this machine') to enable our new recommended setting. Reference: http://www.jmu.edu/computing/security/info/susinfo.shtml We've heard that a list of all software installed on the system running Automatic Updates is sent to Microsoft. We've only heard this from one source and can't now find a reference to even that. Microsoft say no information is sent to them that could identify individuals but this issue could be worth considering. - FEATURE: 'F-Prot Configuration' - 'Install F-Prot for Windows 3.15 trial/registered version'. Silently installs a 'typical' setup to %PROGRAMFILES%\f-prot. - FEATURE - 'Application Configuration' - 'Java Configuration' - added feature to 'Install Java 2 Standard Edition Runtime Environment 1.4.2_05'. Installs to %PROGRAMFILES%\Java; doesn't install Java updater; installs IE / Mozilla 1.1+ / Netscape 6+ plug-ins (if installed) - FIX - 'Per-machine manual settings, those we haven't automated yet' - 'turn off sound scheme' - this is a per-user setting not per-machine so its moved to 'Per-user manual settings, those we haven't automated yet' - 'File Type Associations' - 'PDF files Open in Acrobat Reader' - this still assumed the installation directory of %PROGRAMFILES%\acrobat-reader\ which we've since changed to %PROGRAMFILES%\acrobat\. Changed this and created an additional 'POARold' option which assumes that old directory ADD THIS TO DOCUMENT 20 Jul 2004 - configuration: synchronising time across workstations with the time on the file-server now works, so users *should* be able to logon to multiple workstations concurrently. [M] To implement: Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Change the system time -> double-click -> Add -> choose Authenticated Users -> Add -> OK -> OK details: its useful to have the time synchronised on all workstations for various reasons, an important one being that if they're not it causes problems when users login on differing workstations concurrently and when logging off find that one workstation will not allow the user to logoff, the logoff / restart / shutdown dialogues just not doing anything. Our configuration has had support for automatically synchyronising workstation times when users login (using 'net time server' in the smb.conf Samba configuration file and 'net time \\file-server /set /yes' in the netlogon.bat Windows logon script) but this hasn't worked because only Administrators and Power Users have the right to change the system time on Windows workstations. We haven't yet figured out the registry settings that relate to this setting so it hasn't been incorporated into TWEAK as an automated feature yet. 15 Jul 2004 - configuration: get-anti-virus-updates 0.2 / 0.1 [CW] (this script lives on the file server, runs as a cron job, downloading anti-virus updates from Frisk) what's new?: fixed 'ftp://' rather than 'ftp:/'; missing 'root' for who to run as (presumably) in advice download from: http://thegoldenear.org/toolbox/unices/get-anti-virus-updates.sh 15 Jul 2004 - application: Mozilla 1.7.1 what's new?: "no new features other than a preference change that disables the shell: protocol handler ... to fix the Windows shell: security vulnerbility" 15 Jul 2004 - application: Sun Java 2 runtime, standard edition (JRE) 1.4.2_05 what's new?: http://java.sun.com/j2se/1.4.2/ReleaseNotes.html#142_05 15 Jul 2004 - application: Pegasus Mail 4.21c [CW] [M] what's new?: http://home.kabelfoon.nl/~jaabogae/han/p421c_fixes.html 15 Jul 2004 - application: F-Prot 3.15 [CW] http://www.f-prot.com/news/gen_news/040630_release_win315.html 21 Jun 2004 - application: Pegasus Mail 4.21b whats news?: http://home.kabelfoon.nl/~jaabogae/han/p421b_fixes.html 21 Jun 2004 - application: Mozilla 1.7 what's new?: http://www.mozilla.org/releases/mozilla1.7/README.html#new 21 Jun 2004 - application: OpenOffice 1.1.2 [CW] [M] what's new?: http://download.openoffice.org/1.1.2/release_notes_1.1.2.html http://download.openoffice.org/1.1.1/release_notes_1.1.1.html http://download.openoffice.org/1.1.1/issues_resolved_1.1.1.html 21 Jun 2004 - configuration: TWEAK (for Windows) 0.8.41 Updates relating to the Roaming Computing System (see TWEAK's change log for further details on these and other changes at http://thegoldenear.org/tweak/changes.txt): - as of TWEAK 0.8.40 it no longer requires the addition of Microsoft's reg.exe for it to work - FEATURE: added 'Nero configuration' section, moving existing configuration into there and adding 'Configure %USERNAME%'s Nero Burning ROM disc writing default settings' - ENHANCEMENT: 'Mozilla configuration' - 'Configure Browser preferences...' - turned on new feature in Mozilla 1.7 for "A new option to prevent sites using Javascript to block the browser's context menu."; changed 'Check for updates' from 'off' to 'on' and 'monthly'; added 'Resize large images to fit in the browser window' - on - ENHANCEMENT - 'OpenOffice Configuration' - 'Install a 'standard', 'network' version of OpenOffice' - added the ability to install OpenOffice 1.1.1 and 1.1.2. Changed the menu options so that you can install any of versions 1.0.3.1, 1.1.0, 1.1.1 and 1.1.2 - FIX - 'File Type Associations' - 'Plain text files Open in NoteTab' - .txt files had in their 'Type' field in Windows Explorer 'SCP text file' when they should have read 'plain text file' - UPDATE: 'icon/shortcut management' - removed Pegasus Mail's Start Menu shortcut for 'Pegasus Mail Guide'. 20 May 2004 - OS issue: after installing MS04-012 on Windows workstations, when passwords expire and are changed or are otherwise changed users get the message "You do not have permission to change your password" but passwords are still changed. MS04-012 fixed a security vulnerability with passwords but broke Samba's compatibility. This has been fixed in Samba 2.2.9 but there is as yet no update available for Debian 3.0 ('Woody'). Reference: http://www.theinquirer.net/?article=15850 30 Apr 2004 - OS update: Microsoft Security Bulletin MS04-014 [EC] [CW] For Windows NT4, 2000, XP Reference: http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx 30 Apr 2004 - OS update: Microsoft Security Bulletin MS04-012 [EC] [CW] For Windows NT4, 2000, XP replaces MS03-039 on NT4, 2000, XP Reference: http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx 30 Apr 2004 - OS update: Microsoft Security Bulletin MS04-011 [EC] [CW] For Windows NT4, 2000, XP replaces MS04-007 on NT4, 2000, XP; replaces MS03-045 on NT4 and 2000; replaces MS03-041 on NT4 Reference: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx 23 Mar 2004 - OS update: Samba security issue - Privilege escalation For Debian 3.0 ('Woody') this has been fixed in Samba 2.2.3a-13 Use 'apt-get update' then 'apt-get dist-upgrade' to get the fix. Reference: http://www.debian.org/security/2004/dsa-463 23 Mar 2004 - OS update: Internet Explorer Cumulative Security Update MS04-004 (832894) [EC] [CW] There are seperate downloads for Internet Explorer 5.5SP2 and 6 Supercedes MS03-048 and all other such cumulative updates Reference: http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx 23 Mar 2004 - OS update: Microsoft Security Bulletin MS04-007 (828028) ASN.1 Vulnerability [EC] Reference: http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx 23 Mar 2004 - OS update: MS04-003 security update for MDAC 2.5, 2.6, 2.7, 2.8 [EC] [CW] Reference: http://www.microsoft.com/technet/security/bulletin/MS04-003.mspx 21 Mar 2004 - configuration: workstations running Windows XP Pro can now be used (but XP isn't recommended). By applying the 'signorseal' fix that was introduced in TWEAK 0.8.38, and that is incorporated into TWEAK's 'Roaming Computing System - per-machine settings' option, Windows XP Pro workstations can operate in the Roaming Computing System without any further changes to either workstations or servers. We really recommend you use Windows 2000 Pro rather than Windows XP Pro but atleast now you have the option to if you have no choice over your operating system 13 Mar 2004 - configuration: TWEAK 0.8.38 - fixes a bug in Mozilla's 'Configure Browser preferences' option that has been preventing some options from being set, including pop-up blocking, potentially only in versions 1.6 and later but we're not sure about this. You're advised to re-run option 'A' - 'Configure Browser preferences' on all workstations, or add the missing terminating ';' at the end of the 'pref("browser.tabs.opentabfor.urlbar", true)' line in all-custom.js (all.js if you've not yet updated to the new preference setting procedure) 13 Mar 2004 - configuration: Mozilla - workstation installation notes have been changed to say to change file type associations from within Mozilla as administrator rather than as each Restricted User as this is a system setting (tho Mozilla doesn't indicate this): disasociate JPG, GIF, PNG and MNG images from loading using Edit -> Preferences -> Advanced -> System 23 Feb 2004 - configuration: TWEAK 0.8.36 Most important changes affecting the RCS: - 'Pegasus Mail configuration' - menu option changes for those merged in from 'Pegasus Mail Mailbox Configuration' - 'R' - Restore a previously created template to a mailbox changed to 'K'. - 'Mozilla configuration' - upgraded the method of setting system-wide Mozilla preferences to a much cleaner method which allows multiple updates of system wide preferences without having to remove the previous by hand. This doesn't require any transition, but if you want you can remove the lines of configuration inserted at the bottom of all.js and editor.js by previous versions of TWEAK. see the TWEAK change log for further details - 'Mozilla configuration' - 'Backup, delete, create new profile for/called %USERNAME%...' - TWEAK 0.8.35 added a feature that automated some of the process of setting the user's cache location by inserting the %TEMP% directory into the user.js file. %TEMP% shouldn't have been used as thats NOT the directory we use for Mozilla's cache. This has been fixed. A result of the fix is that we have now been able to completely automate the editing of user.js so no more hand editing is required when setting up a user account. IF YOU HAVEN'T ALREADY DONE SO YOU SHOULD UPGRADE EACH WORKSTATION (OR THE MASTER WORKSTATION) WITH THE MOZILLA CONFIGURATION'S OPTION 'F'. 11 feb 2004 - configuration: TWEAK for Debian 0.0.2.1 released. [M][CW] This is now the recomended tool for Samba and other configuration on the file server. More features will be added to it in future. Available from: http://thegoldenear.org/toolbox/unices/tweak/ To get it onto your file server: download to current directory with 'wget http://thegoldenear.org/toolbox/unices/tweak/tweak.sh' make executable with 'chmod +x tweak.sh' run with './tweak.sh' 3 feb 2004 - application: Mercury Mail (mail transport system) 4.01a / 3.32 [EC] [M] Changes: http://www.pmail.com/whatsnew/m32401.htm Configuration changes: 'Mercury scratch files directory' 2 feb 2004 - driver: ATI Catalyst suite 4.1, Display Driver 6.14.10.6414 / Catalyst suite 3.8, Display Driver 6.14.10.6387 http://mirror.ati.com/support/drivers/win2k/radeonwdm-2k.html?type=2k&prodType=graphic&prod=products2kdriver&submit.x=12&submit.y=6&submit=GO%21 installation advice: download and install just the Display Driver; uninstall the old version first 31 Jan 2004 - application: FloppyFW (firewall) 2.0.8 / 2.0.7 30 Jan 2004 - OS update: Windows 2000 Service Pack 4 [EC] [CW] This has been out a while, we should have mentioned it here sooner. Reference: http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp A per-machine upgrade. takes 25 minutes with a 500MHz CPU and 64MB RAM. Adds per-user QuickLaunch and Start Menu shortcuts for Internet Explorer (use TWEAK's 'Windows Configuration' section 'N' to remove). Adds All Users 'Set Program Access and Defaults' icon (use TWEAK's 'Windows Configuration' section 'D' to remove). (* check to see whether those configurations wipe out any RCS-specific configuration) (* check how this affects which CDs Windows asks for when doing other changes vis-a-vis DLLcache/WFP) 28 Jan 2004 - application: Mozilla 1.6 [CW] 28 Jan 2004 - configuration: TWEAK 0.8.35 Changes affecting the RCS: - icons-to-exclude.txt renamed shortcuts.ini (TWEAK will automatically upgrade your icons-to-exclude.txt to shortcuts.ini if you haven't already done so, so you have nothing to change) - Applying shortcuts now has a dedicated option for copying shortcuts from A: rather than the one option which checked for the existance of the files on A:. - When use Windows Explorer's right-click menu to go to the command-line, the file and directory name-completion characters don't now default to Windows' default Ctrl+F and Ctrl+D but use the 'tab' key as with the command-line in other situations. - Removed icons for Microsoft Office's FrontPage and Outlook (which we don't install when we install Microsoft Office). - Added a missing icon to the OpenOffice 1.1.x Start Menu 'Open Document' shortcut. - 'File type associations' section's 'Audio files (some) Open in Zinf' actually meant 'play' and to play audio files by double-clicking on them, their file type association shouldn't be 'Open' but 'Play' so this changed to 'Audio files (some) Play in Zinf' (APZ) - Mozilla pre-configuration using USER.JS became more automated, using Mozilla's built-in support for copying user.js rather than using our %programfiles%\Mozilla\user-config-store directory. IMPORTANT NOTE: You are advised to re-run option 'F' ('Prepare so that cache location can be specified for new (US) profiles') on each workstation (or just a Master Workstation, if you use a Master Workstation for configuring user accounts) to pickup this change and enable the setting of the cache location to work when new Mozilla profiles are created with this and future versions of TWEAK. [M][CW] 15 Jan 2004 - OS update: MS03-049. Windows Security update [EC] [CW] Reference: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-049.asp 15 Jan 2004 - OS update: MS03-048. Internet Explorer Cumulative Patch. [EC] Supercedes MS03-040 Reference: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-048.asp 13 Dec 2003 - configuration: removed the need for a seperate 'master workstation' (atleast with the current suite of applications) by applying the now one-and-only pre-configuration setting we're making that forces us to need a master workstation, NoteTab's pre-configuration, to every workstation. If you apply this NoteTab configuration to each workstation then you can initiate user accounts on any workstation 13 Dec 2003 - configuration: changed NETLOGON.BAT logon script in conjunction with new Windows temp directories and to reflect CoolEdit's name change to Audition [M]] [CW] 12 Dec 2003 - configuration: TWEAK 0.8.32 changed per-machine and per-user Windows temp directory from E:\winnt to E:\windows. people using TWEAK to configure an RCS environment should add this new e:\windows directory to their login script in addition to the existing e:\winnt before using this or later versions so that each workstation has this directory expected by each user's Windows configuration 16 Nov 2003 - configuration: fixed a problem in TWEAK's Notetab configuration section that meant per-user preferences weren't being made. To fix this requires re-doing Notetab's options 'A' and 'B'. (fix incorporated into TWEAK 0.8.30) - configuration: change of standard Microsoft Office installation directory hadn't been documented in all places, its 'Microsoft Office' 06 Nov 2003 - configuration: the ATI Catalyst Display Driver installs some services that aren't required and which consume excessive RAM. If you're using these drivers, TWEAK 0.8.27 has a feature to disable them [M on Schumacher and Arundhatti] 14 Nov 2003 - configuration: updated F-Prot configuration so that the Updater works for Restricted users. The wrong registry permission was being set so it was unable to write that it had updated the anti-virus definitions so it complained to the user. (fix incorporated into TWEAK 0.8.29) [M] 28 Oct 2003 - driver: ATI Catalyst suite 3.8, Display Driver 6.14.10.6387 / Catalyst suite 3.2, Display Driver 6.14.01.6307 23 Oct 2003 - OS update: Microsoft DirectX 9.0b (re-distributable) (includes MS03-030 Unchecked Buffer in DirectX Could Enable System Compromise (819696)) 23 Oct 2003 - configuration: F-Prot Updater needed to be run after installing F-Prot to get the Updater to work. If you didn't run it then it wouldn't automatically load. We hadn't documented this but it was known about. The updater inserts a HKLM\...\Run line to get it running on startup. An option to automate this has now been added to TWEAK. Check to see that the Updater is running on each of your workstations (F-Sched.exe in Windows Task Manager's list of running proccesses) [M] 19 Oct 2003 - OS update: Microsoft Windows security patches MS03-041, MS03-042, MS03-043, MS03-044, MS03-045 [EC] [CW] 18 Oct 2003 - configuration: updates to Samba's smb.conf allow passwords to be changed from Windows; and increase security [M] [CW] 17 Oct 2003 - configuration: Samba's 'force create mode' should use 0770 rather than 3770. See the Samba config document for instructions on how to remedy this [M][CW] 15 Oct 2003 - application: Mozilla 1.5 14 Oct 2003 - OS update: Internet Explorer Cumulative Patch MS03-040 [CW] 07 Oct 2003 - application: F-Prot anti-virus 3.14b [CW] this should be transparent but needs checking for registry setting changes. Run TWEAK's icon removal section 'A' after installing - application: Java Runtime Environment 1.4.2_01. This addes the Java Updater, which consumes 1.2MB RAM and will attempt to download and install updated versions, which will mess with our configuration; an option has been added to TWEAK 0.8.25 to disable it. (reckoned to work with OpenOffice 1.1.x) 01 Oct 2003 - application: OpenOffice 1.1.0 [CW] what's new?: http://www.openoffice.org/dev_docs/features/1.1/features-text.html 11 Sept 2003 - application: Microsoft Windows security update MS03-039 (incorporates MS03-026) [EC] 07 Sept 2003 - OS update: FloppyFW (firewall) 2.0.7 / 2.0.2 does the change "back to stand alone dhcpc/d" affect our use of DHCP? otherwise, its a straightforward upgrade. follow the changes to the areas specified in the GNU/Linux Toolbox's configurations section. 17 Sept 2003 - configuration: change Adobe Acrobat Reader and Distiller installation directory to %PROGRAMFILES%\Acrobat; previously Acrobat Reader installation directory was %PROGRAMFILES%\acrobat-reader\ and Distiller was %PROGRAMFILES%\Acrobat(?). Save this change for when these programs need upgrading 27 Aug 2003 - configuration: discovered that F-Prot anti-virus, if configured using TWEAK, was mistakenly disabling the scheduler, meaning the virus definitions weren't being updated. To fix this, run TWEAK 0.8.17's (or upwards) F-Prot configuration again (see http://thegoldenear.org/rcs/f-prot-scheduler-bug-fix.txt for details of how to fix this) [CW] 20 Aug 2003 - OS update: Microsoft Windows security update MS03-026 [EC][CW] - configuration: added firewall rules to FloppyFW's firewall.ini to block more Windows ports 07 Aug 2003 - configuration: small changes to Samba's smb.conf to potentially increase performance: added 'SO_KEEPALIVE' to 'socket options'; changed SO_SNDBUF and SO_RCVBUF from 8192 to 14596; set 'locking = no' on [cdrom] [M][CW] 07 Aug 2003 - configuration: now able to set permissions on shared directories such that all subsequent files and directories created in them have a specific set of permissions. So, for example, if you create a file in the oprganisation-wide shared directory it can be edited by anyone else in the organisation; where-as before we had the problem where the file couldn't be edited by others without manually changing its permissions on the server. [M][CW] 04 Aug 2003 - configuration: copying and moving files using Windows Explorer (and its various incarnations) on the server elicited a cumbersome message asking you to confirm this is what you actually wanted to do. it now just does it without whinging. Also some changes to Internet Explorer to make it easier to use (for the rare occasions people should need to) without lessening its security. Use TWEAK, option 'A' -> 'R' to change these for each user. [M][CW] 04 Aug 2003 - configuration: now in control of Windows file and directory permissions (ACLs) which means we can now set permissions on the Windows mail server for email such that only the owner can read it. use TWEAK option 'G'. (we'd held back configuring this 'til we could do so using command-line tools) 04 Aug 2003 - configuration: now in control of file type associations. which means the bug is fixed where-by double-clicking in Windows Explorer on some file types, such as OpenOffice documents, produced a string of error messages but also that these can be set more usefully to load different programs when right-click and choose Edit and Open - these settings will be refined further at some point. Use TWEAK option 'B' -> 'S' to set these on each workstation. [M][CW] 29 Jul 2003 - configuration: web browser/Mozilla icons for Quick Launch and Start Menu (not desktop) used '-P %username%' command-line option rather than '-P%username%' which meant they prompted for a choice of profile if more than one existed (this probably didn't affect anyone as we don't support the use of more than one profile yet) [M] 28 Jul 2003 - configuration: workstations were being configured to have maximum virtual memory equal to Windows' recommended minimum value. this was a mis-conception of the strategy of setting the minimum to equal that of Windows' recommended maximum. besides, that original strategy is potentially itself not the performance improvement that was thought (see http://www.microsoft.com/WindowsXP/expertzone/columns/mcfedries/03june16.asp). workstations will now be configured as per Windows' default recommendations and all existing configurations updated. 24 Jul 2003 - configuration: Mozilla configuration needs to happen on each workstation, not on the just the master workstation used to initially configure the Mozilla user profile as previously thought. This results in most different configuration options chosen not working on any other workstation than the master workstation [M][CW] ?? Jun 2003 - OS update: Internet Explorer Cumulative Patch MS03-020 (818529) (MS03-015 (813489) was used in RCS 2.0) 29 Jun 2003 - configuration: no need to install the 'Microsoft Tahoma font upgrade with Euro symbol' as we were doing, as this is version 2.26 and Windows 2000 comes with version 2.80 26 Jun 2003 - configuration: 'mailto:' links in web browser now launch Pegasus Mail. Use TWEAK option 'B' -> 'P' -> '4' to enable this on each workstation. [M] 25 Jun 2003 - configuration: Mozilla pre-configuration now more thorough so that less manual settings need to be made for each user [M][CW but not master worksta5tion] - application: Pegasus Mail 4.12a [CW] 02 Jun 2003 - configuration: enabled Pegasus Mail system-wide distribution lists and address books [M][CW] 29 May 2003 - configuration: changed Start Menu folder for Microsoft Office from 'Microsoft Office (2000)' to 'Microsoft Office' 26 May 2003 - configuration: don't display administrative tools on Start Menu. Use TWEAK option 'A' -> 'N' to change this for each user. [M][CW] 11 Apr 2003 - configuration: added user and system 'templates' directory for OpenOffice (and other apps) to use [M] 2.0 2003 - upgrade option: install Windows 2000 on workstations - upgrade option: replace Netscape with Mozilla - upgrade option: replace Microsoft Office with OpenOffice 1.0 1999