Roaming Computing System (Windows Edition) 3.5 - Release Notes

Contents

• Updates
• Known Issues
• Software Applications
• Deployment
• Server
• Miscellaneous
• Upgrading from Version 3.4 to 3.5
• Workstations
• Windows User Profiles
• Server
• Firewall

Updates

• None yet

Known Issues

Software Applications

• Internet Explorer - Is it OK that Internet Explorer says "Your security setting level puts your computer at risk"?
• Picasa - prompts ordinary users to update it
• Sun JRE - At least when logged in as winadmin, prompts for update to a later version - JavaFX EULA - Accept → Yahoo! Toolbar for Firefox/Mozilla. it shouldn't be prompting; it shouldn't be offering Yahoo! toolbar; WPKG then re-installs the previous version

Deployment

Windows

• Microsoft Update and Windows Genuine Advantage - WGA 1.9.0040.0 / 1.9.40.0 - it seems to have changed so we now have to take WGA rather than first being allowed to install updates thru Microsoft Update

Install Using WPKG

• UltraVNC isn't pulling in its configuration file so requires manually setting password and disabling tray icon
• Some WPKG config relies on the server being called 'server':
• UltraVNC installer prefs and application config

Upgrade Using WPKG

• Picasa prompts about an updated version being available right after installation - "Picasa update is ready - Picasa is ready to install an update. Restart Picasa and install this update now?".
• Java - "the applications listed are currently running and must be closed to allow the install to proceed - jqs.exe". - see http://wpkg.org/Java#Update
• UltraVNC - doesn't pull in the settings file on upgrade so we can't deploy changed settings (is this the same issue as UltraVNC not pulling in its configuration file on installation?)
• Zotero user config file to use H:\zotero is lost when Zotero is upgraded because configuration is in a file in the Zotero extension directory - fixed in RCS 3.6

Removal Using WPKG

• Ogg Codecs - isn't quiet, requiring you to answer prompts, so isn't compatible with automated removal
• Kompozer - file not found - %PROGRAMFILES%\kompozer\unins000.exe
• ? Ghostscript - can't find uninstgs.exe
• ? F-Prot - removal - error 1619 (could Add/Remove Programs' 'F-Prot Antivirus Updater Fix' pose problems?)

Server

• With UPS software installed, get "cannot execute /etc/init.d/powerfail" - there's no such thing as /etc/init.d/powerfail - see man upsd

Miscellaneous

• Scribus installs over a previous version, leaving mention of the previous version in Windows' Add/Remove Programs. If you use Add/Remove Programs to uninstall, it points to the latest version of Scribus now not the previous.

Upgrading From Version 3.4 to 3.5

If you're upgrading from an even earlier version you should follow the upgrade advice for each version.

Workstations

Use this when upgrading existing workstations rather than setting them up from scratch.

WPKG should do the following:

• Upgrade Adblock Plus
• Upgrade Firefox
• Upgrade Flash Player
• Install Foxit Reader
• Downgrade MyODBC
• Install OpenOffice
• Install QT Lite
• Install Real Alternative Lite
• Upgrade Thunderbird
• Install Zotero
• Install Zotero OpenOffice plugin
• Install Zotero PDF indexing
• Configure Flash Player
• Configure Zotero
• Remove system-wide shortcuts
• Remove Adobe Reader

You should do the following:

• Get TWEAK 0.9.4.2 from http://thegoldenear.org/tweak/ and copy to each workstation in case it is required for system configuration.
• Check that WPKG Client succesfully installed all the new software:
• Login as winadmin → Check WPKG's log in D:\windows\WPKG-<workstation name>.log for the word 'ERROR' and 'non-succesful'(?) and check each installer that was supposed to run
• Login as a regular user → check TWEAK user logs
• PDF file type associations don't exist because of the move from Adobe Reader to Foxit Reader so login to each workstation as winadmin, run Foxit Reader, when it prompts to make itself the default PDF reader choose Yes
• If not already done, install the update to Internet Explorer 8. Use either Microsoft Update or Windows Automatic Updates. This will have been installed on new workstations setup recently; this should have been recommended in the RCS 3.4 Release Notes.
• If not already done, install the update to Windows Media Player 11. Use either Microsoft Update or Windows Automatic Updates(?). This will have been installed on new workstations setup recently; this should have been recommended in a previous RCS Release Notes.

Windows User Profiles

Use this when upgrading existing Windows user profiles rather than setting them up from scratch.

• These will all be run in unless you first run mark-all-user-config-as-done.bat, commenting out any you _do_ want run in in that batch file. Those that you must make sure to allow to run are indicated as they are areas that have changed since the previous version:
• windows-user-config-temp-files-location.bat
• windows-user-config-windows-interface.bat
• windows-user-config-internet-explorer-interface.bat
• windows-user-config-lock-down-local-intranet-zone-security.bat
• windows-user-config-home-directory-location.bat
• refresh-user-shortcuts.bat (essential for upgrade from previous version)
• irfanview-user-config.bat
• openoffice3-configure-profile-1-odf.bat or openoffice3-configure-profile-1-msoffice.bat
• openoffice3-configure-profile-2.bat
• openoffice3-configure-profile-3.bat
• zotero-user-config.bat (essential for upgrade from previous version)
• zotero-copy-pdf-indexing-binaries-to-user.bat (essential for upgrade from previous version)
• jre-6-user-config.bat
• kompozer-user-config-default-html-editor.bat
• eraser-user-config.bat
• foxit-reader-user-config.bat (essential for upgrade from previous version)

Server

Use this when upgrading an existing server rather than setting one up from scratch.

WPKG

• Make sure you're using packages.xml 1.5.2 with its Adobe Reader 'remove' line fixed before upgrading
• Copy the updated WPKG directory to the server. Use either scp, WinSCP or FileZilla. If you copy it via Windows / Samba as winadmin then permissions should be OK. If you copy it as root then you'll need to set permissions:
  chgrp samba-domain-admins /usr/windows-admin -R
chmod u+rwx,g+rwsx,o+rx /usr/windows-admin/wpkg -R
  These are the files that have changed between version 3.4 and 3.5:
• packages.xml 1.6
• profiles.xml 1.1
• Adblock Plus
• Firefox
• Flash Player
• Foxit Reader (new)
• myodbc
• OpenOffice
• QT Lite (new)
• Real Alternative Lite (new)
• Thunderbird
• Zotero (new)
• Zotero OpenOffice plugin (new)
• Zotero PDF indexing (new)
• Delete the old and copy over the new tweak-unattended 0.9.5 directory (\\server\windows-admin\tweak-unattended/ (Windows), /usr/windows-admin/tweak-unattended/ (Unix)). Use either scp, WinSCP or FileZilla. If you copy it via Windows / Samba as winadmin then permissions should be OK.

  If you copy it as root then you'll need to set permissions:
  chgrp samba-domain-admins /usr/windows-admin/tweak-unattended -R
chmod u+rwx,g+rwsx,o+rx /usr/windows-admin/tweak-unattended -R

• Add the logon script addendum, netlogon.txt, to the end of the updated logon script 1.2.0 (see below), NETLOGON.BAT at \\server\netlogon\NETLOGON.BAT (Windows), /home/samba/netlogon/NETLOGON.BAT (Linux).

Other

• From Debian 4.0 'Etch' Server guide 1.3.0
• Moved to 'Etch and a Half' / Debian 4.0 Etch release 4 kernel 2.6.24
• Changed disk labeling so server can be rebooted with backup disk attached
• Added packages 'htop' and 'lshw' to General Configuration - Useful Tools section
• Note new 'Recommended Size' of disk partitions
• Note 'Upgrading from the Previous Debian Stable Version' section added to the Mail Server section
• From Samba guide 0.9.7
• smb.conf 0.8.0 - added [database] share with OpLocks off for data integrity when sharing database files between multiple users
• netlogon.bat 1.2.0 - added commented out T: for \\SERVER\database [1.2.0 not yet documented over 1.1.0] - copy over the new logon script NETLOGON.BAT to \\server\netlogon\NETLOGON.BAT (Windows), /home/samba/netlogon/NETLOGON.BAT (Linux). It is OK that the old RCS 3.4-specific commands are lost from the logon script.
• Added 'templates' and 'images' directories to the main shared directory
• Added permissions setting for /home/samba/profiles-backup
• chgrp samba-domain-admins /home/samba/profiles-backup
• chmod 770 /home/samba/profiles-backup
• Tightened permissions on Windows administration area 'images' directory (chmod g+w,o-rx /usr/windows-admin/images)
• From Samba guide 0.9.6
• smb.conf 0.7.2 - Added a printing section with printcap name = /dev/null and load printers = no to explicitly disable printing. Without this /var/log/samba/syslog and /var/log/samba/log.smbd are full of messages of printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read!. If you do actually use a print server then you don't want this, instead you want the print server configuration in the Printing section.
• smb.conf 0.7.1 - removed 'preserve case = yes' and 'short preserve case = yes' as both default to yes. This is a cosmetic change as leaving them in or taking them out makes no difference.
• When creating sub-groups / restricted groups, changing the group ownership and permissions of the restricted directory was omitted (chgrp <organisation>-staff /home/<organisation>/restricted and chmod 0750 /home/<organisation>/restricted). Without the group ownership, users were prompted for an alternate username and password with which to connect to R: upon login.
• The example of how to set ownership when copying files en-masse to the shared directory neglected to change the group ownership to <organisation>-staff
• From Auto Backup A Server To A Hotswap USB Disk 1.5.0
• The current version 1.11a of the Ext2IFS driver (recommended here for reading the backup disk under Windows) only mounts volumes with an inode size of 128 bytes. Recent versions of Linux's mkfs.ext3 will format the disk with an inode size of 256 bytes and when attached to Windows it will say it can't read the disk and ask if it is to be formatted.

  This guide now specifies an inode size of 128 bytes when formatting the disk.

  The fix for existing disks is to format them again using mkfs.ext3 -I 128 /dev/<disk partition reference i.e. sdb1> (which will delete everything on the disk) and name them again using e2label /dev/<disk partition reference i.e. sdb1> backup.

  You can find the inode size of an existing partition using tune2fs -l /dev/<disk partition reference i.e. sdb1>, amongst the information will be something like Inode size: 256.

• From Auto Backup A Server To A Hotswap USB Disk 1.4.1 - changed time of backup again to run at 02:00 so doesn't clash with mail server setting to delete mail marked for deletion at 01:00
• From Auto Backup A Server To A Hotswap USB Disk 1.4.0
• Instead of /etc/fstab using, for example, '/dev/sdb1', instead use 'LABEL=backup'. This fixes the issue on some systems where, if the USB-attached disk is attached on startup, instead of being, say, /dev/sdb1, it becomes /dev/sda1. This needs to be done in conjunction with labeling other fixed disks and referencing them in both fstab and GRUB's menu.lst kernel root setting.
• Changed the backup script to run at 01:00 rather than 04:00 to reduce the chance it'll still be running at 09:00 (likely if USB is version 1.1 rather than 2.0) when people may be wanting to use the system again.
• Remove Goldfish email autoreponder:
• remove goldfish line from /etc/crontab
• mysql -u root -p
• mysql> use mailserver;
• mysql> drop table autoresponder;
• mysql> revoke all priviliges, grant option from goldfish;
• mysql> drop user goldfish;
• deluser --remove-all-files goldfish

Firewall

• From pfSense 0.9.1 - add a DHCP option of '10.0.0.1' to 'DNS Server address' in the OpenVPN server setup so VPN clients can access computers on the LAN by name
• From pfSense firewall guide 0.8.17 - changed WAN interface from static IP to DHCP, with DHCP server on modem/router instead set to give out same specific address.
  This is so that for example if the modem breaks and people on site replace it with a new one then it's likely to just work without any configuration change before an IT support person is able to be there; the same applies if the organisation moves to a location where they no longer have their own modem/router but instead are on a building's local area network.
  This also allows us to get DNS addresses from the modem/router rather than entering them manually.
  Where the VPN is reliant upon a port forwarding in the modem/router (where the firewall doesn't have its own routable IP address) then the VPN won't work until the modem/router's DHCP server is updated.
  Changes you can make to an existing setup to make this happen:
• Interfaces → WAN → General configuration → Type: DHCP
• System → General Setup → DNS servers →
• remove DNS server IP addresses
• make sure 'Allow DNS server list to be overridden by DHCP/PPP on WAN' is checked
• In the modem/router turn on DHCP server and add an address reservation for the pfSense box

Document ¤ Version: 1.0.2-23 | Licence: GNU General Public License | Copyright: © 2008-2010 Pete Boyd
Site ¤ - URL: http://thegoldenear.org/ | Email: inkwire at thegoldenear dot org
Built using HTML 4.01 Strict and CSS. For best results, use a browser that supports open Standards.