Any day you learn something new is a good day

Building A Win8.1 based Chromebook - A How To

, posted: 1-May-2014 11:32

Background: We've got quite a few Netbooks of varying horsepower here, and for the slower ones I've been converting them to a fast booting locked down EduBuntu build - works fine.

Except for one model of HP Netbook where the WiFi driver wants authentication every time it roams between AP's - not cool in a student environment.  Win7 on them is far too slooooow to use...

So, I decided to have a quick look at Win8.1 and see how it copes.  8.1 has a new feature - assigned application to user that pretty much takes care of fiddling, and after a bit of thought I figured out how to staticise Chrome and turn the Win8.1 build Netbook into a Chromebook.  Here's the process for those who might want to try this themselves.

This process is how to build a Windows 8.1 based Chromebook.

Install Win8.1 onto the machine.  (Use the demo/eval Win8.1 ISO)
Language: English (US)
Time & Currency: English (NZ)

Custom Install, wipe the drive (delete any partitions the installer finds) and let Win8.1 use the whole thing.

Give it a name, pick the ethernet network, choose Customize for settings;
‘No’ for networks in public places
Windows Update - Automatic
Auto Drivers - off
Autoupdate Apps - off
SmartScreen - on
Do Not Track - on
Windows Error Reporting - off
Compatibility Lists - on
Location data - off
Customer Experience - off
Help Experience - off
Use Bing - off
IE Page Prediction - off
Use my name - off
Use my advertising ID - off
Request Location - off
Active Protection - off

Create a local admin account (Toshiba or BHS Admin) and give it the usual password.
(Scroll the page down, create new account, scroll down again, sign in without a microsoft account)

Fully Windows Update + additions to pick up any required drivers. (PC settings, Update & Recovery, go into ‘Choose how updates get installed & turn on Microsoft Update)

Download & Install the ‘Chrome Browser for Education’ from here;

(This is a Chrome install for all users).

Create the student account;
Press the windows key, type ‘users’ and select ‘Add, delete, and manage other user accounts’
Add account called ‘BHS Students’, select child account. No password required.

Log out as Toshiba, then log in as BHS Students. (To log out, press the Windows key, click account name and log out under that)
Fire up Chrome, set it as the default browser, go into Chrome settings;
‘On startup’ - ‘Open a specific page’ set to
Expand out advanced settings
Passwords & forms - disable both
HTTPS/SSL - tick ‘Check for server certificate revocation’

Close Chrome and re-open to double-check it goes to Moodle

Log out of BHS Students and back in as Toshiba

Grab Chrome Defaults & make them static

Make c:\users\static folder
Copy c:\users\BHS Students\appdata\local\google\chrome\user data\default to c:\users\static\default
Make c:\users\static\Netlogon folder

Set up the share (from an Administrative command prompt)

net share Netlogon=c:\users\static\netlogon

Use notepad to create in c:\users\static\netlogon a file called reset_chrome.cmd

Put the following line in it;

robocopy /mir c:\users\static\default “c:\users\bhs students\appdata\local\google\chrome\user data\default”

Bring up explorer (Windows-E) and right-click ‘This PC’ and select manage
Expand out Local Users and Groups, Users, double-click BHS Students
Tick ‘User cannot change password’, then go to the profile tab and enter reset_chrome.cmd into the login script field.

Log out as Toshiba and back in as BHS Students. If you’re vigilant you might see the script running briefly.  To test it, bookmark something, then log out and back in and see if the bookmark exists.  As long as it’s gone the script is doing it’s job.

User the power options to set lid-close-power off and power-button-power off.  Also hook the device up to WiFi as well. Disable sleep. Set up time sync.

Set up the kiosk mode

Log back in as Toshiba, run the users management app as you did at first to create the student account
Click on the ‘Set up an account for assigned access’.
Pick ‘BHS Students’ as the user, and then ‘Google Chrome’ as the application. (Chrome will only show up if you’re been in as the user and set it as the default browser.)

Get out of account management and reboot the device. Windows 8.1 will remember the last user you logged in as so it’ll prompt you to sign back in as Toshiba - go in as BHS Students and viola you should have a Chromebook like interface.

Once you’re happy, image the machine with your imager-of-choice (Clonezilla in our case) and deploy to subsequent machines as normal.  Just need to change the machine name & activate Windows by entering your own key.  

Note: on older devices where you might have a sub 1024x768 resolution (hint: netbooks) Win8.x apps may not launch as they need a minimum of 1024x768 resolution. To work around this; search for Display1_DownScalingSupported in the registry and set it to 1.  In the same place you find that you’ll also find a DynamicScaling entry - set that to 1 as well. Look for all instances of these two and change accordingly.

Reboot, go back in as Toshiba and set the resolution to 1024x768 and Chrome will now launch as the BHS Students account.

OKI B411n & how to reset the NIC

, posted: 9-Sep-2013 15:51

We've just had a real problem attempting to change the IP address on an OKI B411dn printer - spent half a day on the damn thing.

For those of you unfamiliar with this model it doesn't have a nice menu, and when (somehow, we still don't know how) someone changes the IP address & sets TCP/IP to disabled it's very, very hard to resolve.  All the configuration utilities depend on TCP/IP being active.  Once disabled it packs up its toys and goes home.

On any other model of printer you'd just reset the NIC to factory and be on your way in 5 min.  The B411 not having anything other than an Online button is not so easy.  Googling didn't find anything, and calling Oki support in NZ wasn't any good either as they'd not struck this either.

Without further ado, here's how we eventually found out how to reset the NIC;

1) Turn printer off
2) Open the lid
3) Hold down the 'Online' button
4) Turn printer on while still holding the button
5) Eventually the printer will tell you that the lid is open. keep holding the button for another 5 sec
6) Let go of button & close lid.
7) If everything goes well you should see the display say that it's resetting the NIC

If it doesn't, rinse and repeat and hold step 5 a bit longer.


Imaging Edubuntu

, posted: 21-Aug-2013 15:50

Mental Notes: when imaging Edubuntu with pre-configured wireless configurations (ie ones done on install so that they become system configurations, not user created ones)

Ubuntu stores the MAC address of the original machine's wireless adapter in /etc/NetworkManager/system-connections/{wireless lan name}

Removing the line

will allow it to bind to any wireless adapter found on a future machine.

Also, when installing your reference machine, do not encrypt the first user's home directory as this will enable an encrypted swap volume which will play hell with your imaged clients later.

Lastly, the utility ofris (called gofris) will allow you to lock down a particular user account so that when the machine reboots all changes go away.

I've created a script that I download via wget to a reference machine when I build it that itself wgets down some files and updates Edubuntu, installed Chromium & a few other things we want, removes features we don't want, creates our student (limited access) user, sets up the auto-logon for the student.

The only things I have to do by hand for the machine is lock the student down, disable notification of errors & fix the logged-out wallpaper.

Then I can clone the reference machine with clonezilla and roll it to any machines we want - with one caveat - the reference machines HD has to be smaller than any of the target machines if you want this done easy & quick.

We're hopefully going to get rid of Win7 netbooks and make them all Edubuntu ones. :) Yee ha.

Have people never heard of ad blockers?

, posted: 16-Aug-2013 15:08

While perusing at lunch today I come across this article complaining about ads in Facebook.

It isn't really rocket science to install AdBlock Plus into {insert browser of choice, but probably not Internet Explorer} and once done, those ads are a thing of the past.  Continued whining about ads in the media annoys the hell out of me when the solution is half a dozen clicks away.

Just remember to put in an exclusion for as @freitasm can use the revenue. :)

Reason #703 of why I love VMware

, posted: 27-Jul-2013 15:36

A tale of two dead servers - or as I prefer to call it 'holy cr*p why won't these b*stards boot?'

Yesterday we had a scheduled power outage for our whole site that was planned to last longer than our data center UPS could stay up for. Being the paranoid engineers that we are we carefully went through all our physical & virtual boxes dotted around the campus and shut them all down.

Several of our ESXi hosts had uptime over 500 days and this was their first power off in a very long time. Needless to say I was a tad nervous about bringing them back online - even though our disaster recovery offsite backups are all good, having to recover from them would ruin my weekend.

Well, after a 50min power cut we're ready for powering everything back on.  Everything bar two ESXi hosts (of the six on site) booted fine - one host booting ESXi 4.1 off a USB stick failed on vga.z, and the other, our newest IBM x3650, wouldn't go past a blinking cursor on the screen. We eventually worked out that the fault for both of them was that the USB sticks they were booting off had decided that they'd had their last boot. It was the previous one.

Thankfully VMware is prepared for this kind of problem, especially if you're booting ESX off a USB stick - the hypervisor & the VM's themselves are mutually exclusive. (We can't afford a SAN so have local storage on each host).

For the older ESX4.1 server all I had to do was find another USB stick we had lying around already prepared and boot off it. The x3650 was ESX5 so I had to find my ESX5 cd in my drawer and install it to a USB stick, then boot off it.

Then it's just a case of recreating the appropriate virtual switches, find the datastores (ESX5 found them for us, 4.1 had to be told to go looking), find & add the VM's to the inventories and start them.  We did have a quick look at the .vmx files to confirm that we'd named the vSwitches correctly, but other than that it was find, add & start all the VM's across those two hosts.

The last thing to do was remove and re-add the hosts to vCenter, which was one of the VM's on the x3650, but that went painlessly as well.

Weekend saved.  We spent more time confirming that it was the USB sticks at fault then we did recovering from them.

Next week's jobs - purchase some 'certified for VMware' usb sticks to boot from that will last the distance, and placate Veeam backup & recovery which failed to back up last night due to the fact that while everything's the same name, they're not the same VM's anymore and it won't find them.

Novopay - my thoughts as to why this has been a debacle

, posted: 23-Jan-2013 11:15

Disclaimer: I now work for a high school, but am not involved with payroll.  My thoughts are my own and are based on 20 years of experience as a systems Engineer for various IT companies.

From what I’ve been able to glean from the different payroll people I interact with, the way payroll staff interact with Novopay is to grab a PDF off their site, fill it in (either in Adobe Reader or suchlike) or print it out & fill it in, then scan it and send it back to Novopay for processing.

This is where the human processing errors are introduced - I believe that Novopay is getting their data entry processed in countries where the daily wage is low and English is not their first language. Peanuts = monkeys kind of thing.

Xero has been able to develop a fully functional world leading Web based accounting system - you would think that in this day and age a first world designed Payroll program could be easily web based so that the only time the data is entered into it is by the people whom it originates from.

From then on it would be totally programmatic business process rules that manipulate the data without human’s to screw it up.

Just my $.02 worth.

Playing with Python

, posted: 24-Oct-2012 22:07

For the last few years I've had a hankering to learn another programming language, and since I've had a little bit of time over the last couple of weeks free I've been playing with Python.

First impression - wow, what a productive tool.

During my life I've learned Basic (on the Vic20 & C64 continuing into GW Basic and the like on Dos/Windows, then Pascal, then C, then Visual Basic.  I ended up settling on KIX (a Microsoft written scripting language) that did pretty much everything I needed to write little tools that did stuff quick & dirty.

Well, now that I've dived into Python I'm sorry KIX, but your days are over as my general purpose go-to-language.

The kind of tools I usually need to write these days are ones that either a) take some config from an .INI file and do stuff at a regular time, or b) parse output file(s) from something else and do stuff with them so that other things can be done. KIX was OK at both of these - native .INI support, Windows registry support & AD aware made it a great general purpose language to know (yes, I know PowerShell can do all this and more, but PowerShell's not the easiest thing to find good & easy to follow documentation for learning on).

Python however has all the goodness of KIX + a huge library of well documented & easy to use functions that are far more productive than anything I've used previously.  The string handling functions alone are amazing.  And since has a great tutorial to follow through for learning I got running immediately.

So far it's been a week and a half since I first started in Python and I've got two file processing tools & one fully fledged GUI app up and running in production.

One tool takes a *huge* .csv that's spat out of one of our systems that contains information that I need to separate out into a big bunch of individual files - but the .csv isn't continuous.  It's got lot of different sections separated by line feeds.

Parsing this file in KIX took about 100 lines of code to do what I needed, and took me a week to get the logic just right. Doing it in Python takes 11 lines and took me about 30min.  And I didn't even use the same logic I used for KIX - I decided to do it differently.

I recommend Python to anyone who's wondering what to learn next - PHP/Ruby will be next on my list of cross platform languages I think.

Permalink to Playing with Python | Add a comment (1 comment) | Main Index

iPhone apps I've recently found and love.

, posted: 6-Aug-2011 23:45

How did I survive before finding these?

Viber  (text & cell calling via data. Think Skype but easier to use)
HeyTell (treat the iPhone like an RT)
Songify (make yourself sing like a complete loser, but it's a real giggle)
MythRemote & RRgh (turns iPhone into MythTV remote controls over wifi)
yxplayer2 lite (stream recordings from MythTV backend to the iPhone)

Life in the fast lane, not!

, posted: 6-Aug-2011 23:25

It's been a pretty strange year this year.  The ground's been shaking a bit here in Canterbury, and I made the decision to leave the reseller game and jump the fence.

I spent 18 years as a systems engineer for a couple of resellers, nine at Axon and nine at ShapeIT.

Now I've joined Burnside High School as the 5th member of their IT Department.  And I couldn't be happier!

What? I hear you say.  Won't you get bored?

Never.  BHS is the 3rd or 4th largest high school in NZ and has a network that's bigger and more complex than all my old customers added together.  Around 1000 student machines & 200 odd staff machines on the network in one site. (And that's just BHS.  Avonside Girls is here too....)

All the chunky goodness of my past customers without the travel! :)

I'll blog now and then on the projects that we're undertaking - I don't have time now to go into any detail, but here's a few that we've done in the last couple of months;

* Extend the wifi network so that all students can bring their home computers to school and 'do stuff' with them on the internet. All logged, proxied & authenticated without the students having to do anything but add a new wifi config to their computer.
* Set up driverless printing so that students can upload their document to a webpage, pick their appropriate printer and have whatever it is come out regardless of whatever device they're printing from yet still record & bill their printing.
* Replaced all 70 odd switches around the school with brand new ones doing gig to the desktop + link aggregation to the core.  We can sustain 500mbps from one side of the campus to the other with the new gear in place.

Coming up;

* Win7 hardware agnostic rollout with automated application installation.
* Replacement of the student computer management & monitoring software to a different vendor's products
* Offsite backup & replication
* VoIP phone system implementation

Busy busy busy.  Makes the weeks go very fast I must say.

The silver lining in Disaster Recovery

, posted: 8-Mar-2011 22:19

As mentioned in my previous post, I've been flat out recovering a customer's datacentre after the Feb 22 earthquake.

Aside from the interruption to their business, the carnage that was & still is the Christchurch CBD and very stressed staff, there is a little IT silver lining for them.

We've been able to recover all their older servers (some physical, some virtual) to a new freaky-fast HP DL380 with lots and lots of SAS 15K drives in it. And this has been a golden opportunity to upgrade lots of their bits of software (latest AV client, latest anti-spam product, latest version of Citrix, etc etc) that have been on the cards for a while but they didn't have the time for downtime.

At the end of this they're going to have way faster servers, gigabit to the desktop & tons of free space on their servers.

As the horse has well and truly bolted we're going to close the gate this time with disk imaging backup software and take that to tape from a SAN instead of backing the servers themselves up to tape directly.  Much faster to recover in the event of another disaster, and a lot less painful for the engineer trying to do it.

One cool thing I've found - VMWare ESX 4.1 update 1 can physically assign a PCIe SCSI card directly to a Windows Server 2000 VM  - didn't know that could be done until I needed to access their new tape drive and found that I couldn't pass the tape drive directly through.

VMWare's probably been able to do this for a while, I just didn't know about it until now.  I also didn't know that ESX 4 couldn't address a LUN bigger than 2TB - spent an hour or so wondering why my 2.045 TB array was showing up as 0 bytes in size by ESX when all the components were on the HCL.  Just needed to resize the volume to just under 2TB and away it went.  Lesson learnt.


nzsouthernman's profile

New Zealand

This blog is mainly going to be for writing down things when I work them out so when I have to try and do it again I don't have to think too hard.  And also to comment on stuff.  Hopefully not too much rant /rant involved.

My latest finished and successful home project;

FreeNAS NAS/SAN Appliance
Celeron 2.8ghz CPU, 1GB RAM, 4x 1TB SATA drives in RAID-5 array, booting from 1GB USB flash drive

Toys in the attic;
Nokia E71-3 (Telecom XT)
iPhone 3GS (Vodafone)
MythTV separated backend with 2 DVB-S encoders & 1.2TB disk space & two frontends

Follow me on twitter;