Locality Switch

AVG Network Edition works great at my local community radio station. It comes with a central management console, isn’t very obtrusive, consumes little system resources, and comes for a great price. There’s only one thing I hate about it: the AVG Security Toolbar.

I fail to see how a toolbar with a Yahoo search bar can enhance your security. Seriously, it’s just annoying. And I want to disable it. Don’t you want to do the same?

There wasn’t an option within the network management console to disable such a feature site wide, and the AVG Knowledge Base didn’t provide any help. In fact, the best advice I got was to reinstall the software and choose not to install it. However, the Network Edition remote installation tool didn’t support this, and doing it manually on every PC wasn’t an option for me.

Thankfully, Group Policy came to the rescue! It all revolves around the CLSID, which, in short, is a unique identifier given to each Internet Explorer Addon.

The CLSID for the AVG Network Edition is:

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

What if you want to find a CLSID for a different add on which you want to kill? It’s simple! Kinda. Within Internet Explorer, navigate to Tools > Manage Addons. The CLSID is shown if you right click on the column headings on that popup window and tick the CLSID option. Make note of it.

Within the Group Policy Management Console, navigate to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management. You want to open up the Add On List. Here’s what Microsoft instructs in regards to this window:

You specify individual add-ons by using the CLSID in the Add-on List policy setting. The Value Name part of the policy setting must be the CLSID of the add-on, and the CLSID must include the braces that enclose the rest of the CLSID. The Value part of the policy setting must contain one of three possible values:

• 0 – The add-on is disabled, and users cannot manage the add-on from the user interface.
• 1 – The add-on is enabled, and users cannot manage the add-on from the user interface.
• 2 – The add-on is enabled, and users can manage the add-on from the user interface.

So, to disable the AVG Security Toolbar, you would set the Value Name as {CCC7A320-B3CA-4199-B1A6-9F516DD69829} (including the curly braces) and the Value as 0. Save all of that, and then wait for the changes to be applied to your machines (or force it with gpupdate).

What a relief this is. Now my users aren’t bothered with annoying toolbars or invaded search results, and we still have AVG running unaffected! Group Policy saved the day, once again.

You’ve just made some changes to your Group Policies, and are now waiting for it to update on the clients to see what the result is. Surly there must be a better way!

There is: It’s a command line tool called gpupdate, and it’s real simple.

Sit yourself down in front of a computer on the domain, and load up a command prompt. The quickest and dirtiest way to get it working is to type gpupdate /force - this will just force the system to grab all computer and user policies and apply them. If it needs the user to logoff and then log back on again, it will prompt you to do so, unless you add the /logoff switch to the end – this will force it to logoff.

All your waiting is over.

Just because you’re a community station doesn’t mean you will have an audience. I don’t believe marketing yourself as “community” will get you more than a handful of listeners, at the most.

If this is true, how does a general interest station market themself?

It’s a tough one, but tough problems encourage creativity. And creativity, I hope, is in our domain. After all, we are a creative medium, right?

Firstly, let’s check out what the CBAA has to say in their CBAA Handbook.

Marketing relies heavily on designing programs or policies which satisfy the needs and desires of its target market. It particularly involves research and promotion. Marketing is about discovering your clients and identifying their characteristics. More importantly, it is also about the type of radio station you are, what you want to achieve, how to go about it and how to measure your success.

Source: CBAA Handbook: Marketing

This is very wise advice. In fact, this must be my favorite chapter in the handbook, and is probably more relevant to us now more than when it was first written. At least from what I see of the general interest community stations that are around me (or what I don’t see!), I think we need help at marketing.

So, the CBAA reckons we need to “satisfy the needs and desires of its target market”. That’s all very well and good, but if you’re licensed as a general interest station for a local geographic area, your interests are probably defined as ‘whoever lives in the area’.

There is also the issue of what to market. What should we really be selling to the community? On air programs? Volunteering? Sponsorship? Donating? With so many choices, the default thing to market is everything, all at once! This is great, except people don’t like having a million things shoved down their throats. They need time to digest everything.

What should we do?

What I suggest is placing focus on a particular aspect of your station, and then push that for a couple of months. For example, you may want to have an increased amount of hits on your website (an easy way to measure an increase in awareness and interest). Go crazy trying to get your brand and URL out there. Spend two months trying to push this whole idea into your local community.

Be creative. Find all of the noticeboards in the area and get something interesting posted up on those; something catchy and memorable. Approach the local sports club and ask if you can get stuff in their newsletter. See if the local schools can do the same. What about a notice in the local newspapers?

But wait. Before you go ahead and push something like this, you need goals. This is critical. Without goals, your team won’t know what they’re aiming for. They won’t know if they’re succeeding, or doing badly. After a while of going crazy trying to push an idea, they will loose interest, because they have no metrics to measure up against.

What sort of goals should you set?

Firstly, they should be realistic, but just a bit out of reach of what you are currently are attaining. In the instance of increased website hits, there is no point saying you want 500 unique visitors this month, if you already have that amount of visitors on a regular basis.

It’s important to set goals which are measurable. If you can’t measure the response to a campaign, it’s almost pointless. Saying you want more listeners isn’t a good goal to set, because how do you measure listeners? Sure, you can do a survey, but those are expensive and take some time.

Be creative. Have goals. Have fun!

The weekend starts tomorrow; that means only one thing – an Outside Broadcast from Castle Towers shopping centre. I’m really excited – this is the first OB they’ve let me do since Australia Day, so I’m rip-roaring to go! To make it better, we’re using some new technology (well, new to us, at least!).

The whole broadcast will be encoded into an Ogg Vorbis stream by EdCast, and then sent over a borrowed 3G connection back to our studios where it will go to air. This is the first time I’ve done this, so I’m excited, to say the least. It’s a four hour broadcast, so this will be a great chance to test everything out.

How do I know it will work? I’ve been trying this for weeks, broadcasting to myself over the 3G modem back to a PC at the station. I’ve been able to broadcast for quite some time, before being interrupted (usually by the smell of dinner). This whole thing is actually pretty good, and I don’t expect any trouble.

The real questions are, “what could go wrong?” and “what can I do to prevent/fix it?”. Here’s a couple of scenarios:

• People at the studios can’t access the feed. This could happen, if they misplace my instructions or something bad happens to the computer in the studio. To cover for this, I’ve got remote access to one of the PCs, so I can do it all by myself, if need be
• The internet at the studios drops out. This does happen every so often, so I’ve ensured that people at the studio have access to the modem, so it can be power-cycled
• No 3G reception; This would be dreadful. However, I’ve tested the site extensively, and there is full signal strength – hopefully this won’t occur.
• Laptop at the site breaks; I’ll be taking my MacBook which can run Windows, just in case

If you’ve got some free time tomorrow morning and live in the Castle Hill area of NSW, please come down and say hello. It would be great to catch up with you. I’ll be there for a 10am broadcast, running until 2pm. Full details are on the 2CCR Website.

So, you have an Active Directory. It’s running alright, but you know it can be better. You don’t quite know what would make it better, but you know it can be better. But how?

Today, I’m going to show you how to configure your Active Directory network to run smoother, be more secure and more resistant to disasters which could occur.

Multiple Domain Controllers

Having multiple controllers will protect you against hardware failure in one machine, network congestion when everyone logs on in the morning, and also helps you run perform maintenance easier. For example, restarting your only domain controller to do software updates will prevent anyone doing anything on the network until it fully restarts; this isn’t good for productivity, and may cause people to loose faith in the network if it happens regularly.

The initial cost of purchasing multiple servers and multiple licenses may be high at first, but is a wise investment. Even having two controllers will significantly benefit any Active Directory network.

Strict Password Policies

Passwords are the key to your network. Even if a single user’s account is compromised, the effects can be detrimental to an organisation; the effects of this have been well reported, such as when the corporate account of a Twitter staff member was accessed, and confidential business documents leaked.

The best way to ensure password security is to apply a password security policy through Group Policy. This will ensure your user’s passwords contain a mixture of upper and lower case characters, as well as numerals. It’s also a good idea to ensure passwords are changed regularly; the Active Directory default is 100 days, but I suggest changing it to 60 days.

For extra sensitive accounts, it would be a good idea to have this set at an even lower interval. For example, Administrator accounts should be set to 30 days.

Folder Redirection, not just roaming profiles

Logon and logoff times can be dramatically improved if you avoid storing data in roaming profiles. In case you didn’t already know, roaming profiles are copied off the server and onto the local machine at logon time, and then copied back to the server at logoff. After a while profiles can grow to massive sizes, especially if you have all of your documents stored in there.

Do your network a favor, and use folder redirection to store all of the documents directly on the server, rather than in the profiles. If necessary, allow offline folders to synchronise these redirected folders (especially on laptops!); offline folder synchronisation is  much more smarter than plain old roaming profiles.

Distributed File System (DFS)

Having your network shares stored on only one server is a bad idea. What if that server fails? What happens to your files? Not good!

You need to take advantage of Microsoft’s Distributed File System, which allows you to have the same network share stored on multiple servers and synchronised automatically. If one server goes down, then the other servers in the DFS cluster will take over. This system compliments the idea of Multiple Domain Controllers beautifully.

Domain Controllers never run other services

Domain controllers should be really secure machines. They are the backbone of the network; you don’t want anything compromising the security. I recommend that other services are not installed on domain controllers. Keep the web services, terminal services, update services, databases and antivirus management systems away from the domain controller servers!

I acknowledge that it can be hard to do this if you’re on a tight budget. The cheapest and safest configuration I can think of consists of three servers:

1. Domain controller / file server (DFS)
2. Backup Domain controller / file server (DFS)
3. The Everything else server (Web, database, updates, terminal services, etc.)

If you’re struggling to get hardware for these servers, try Ebay or a e-waste recycling centre. If you’re not for profit, Donortec can help you with the software licensing.

Remote sites? Read Only Domain Controllers

Remember what I just said about Domain Controller security? Well, if you have any servers at a remote site which you don’t have direct control over the physical security, I recommend you have your remote server  setup as a Read Only Domain Controller.

This means that any changes to the directory can only be made back to a non-read only domain controller (i.e. at your head office). The benefit to this is that if someone gets physical access to the server, they can’t make directory changes which could be detrimental to the entire network. If you don’t have a fast link to the main servers, it will also improve access speed for the remote site.

Enforced Client Health

It’s important to ensure your client computers meet certain security requirements. For example, should ensure your clients have anti-malware software installed. The easiest way to ensure security software installed is to have some checks performed in the machine startup scripts. Check to see if certain software is installed, and if it isn’t, then perform the install automatically.

As far as configuration of the software goes, you would want to ensure everything is in a manages environment. Using software such as Symantec Endpoint Protection or AVG Network Edition can help you establish this by providing a central management system for this software.

You could take this one step further and implement Network Access Protection. For smaller networks it may not be justified, but in larger networks of larger complexity and having larger security requirements, I highly recommend this.

Strict NTFS ACLs

You want your access control at the NTFS level, not the share level. Setting all of your permissions at the share level is just asking for trouble; it won’t help you if someone gets physical access to the drive. Have all of your users in appropriate groups, and assign access to folders and shares based on what group they are in.

Don’t give too many people too much access. In fact, don’t give anyone access to anything they don’t need. Some organisations have an Everyone drive, where everything is stored; in the majority of cases, this isn’t a brilliant idea. When was the last time someone in the promotions department needed access to the payroll? Or someone on reception needed access to confidential corporate forecasts? Not often, I’m sure.

The best policy to adopt is that each department gets access to their own department’s folder, until a case arises where they need access to another department’s files.

Also, while it may be tempting to take advantage of the Everyone security group to allow every user access to certain files, it is best not to. Instead, have a security group which encompasses all of your users.  Remember, the Everyone group includes IIS users and guest accounts – you probably don’t want these accounts to have access to your files.

In Conclusion…

I’ve presented some easy (and some not so easy) ways to secure, optimise and utilise best practices in an Active Directory environment. Hopefully you can implement some of these tips, as well as find other ways to improve your network. Feel free to post any further suggestions in the comments.

It’s the motto of audio and lighting engineers around the world – “Gaff fixes everything”. You won’t (and shouldn’t) see a production which hasn’t been given the gaff treatment at some point. In some productions (my school productions come to mind!), rolls and rolls of the stuff will have been sacrificed to keep everything together.

For those who have not yet been enlightened to the invention of gaff, here’s a definition:

High-quality cloth-backed adhesive tape. Stronger, stickier, more reliable, and generally about 1000x more versatile than duct tape. Also as much as $25/roll. Fixes just about anything…

That’s right. It’s high quality, and way better than duct tape!

Duct tape is what you use if you want to stick down your cables for a little while, but never get the stuff back off the cables. Gaff is what you use if you want your cables secured, but then restored to their original state when you rip off the tape. Never use duct tape on cables!

Never confuse Gaff with Duct Tape while in my presence, or in the presence of another Gaff-lover. It is like giving yourself a death wish.

Gaff is expensive, but well worth the investment. If I were to make a list of things to never leave home without, gaff would be on the top of the list, right up there with a GPO tester, pocket knife, and side cutters. In fact, there have been times when all of these things have even found their way to school with me! It’s useful stuff – even in the most unlikely circumstances; hey, I’ve even fixed a ping pong table at school with some gaff.

Family, take note: if you are ever stuck as to what to give me for a birthday present, a good roll of Gaff will do. (Not the cheap stuff, a good quality roll)

At 2CCR, we need to find someone to fill the position of Station Manager. I suggested that the best way to start was by developing a formal position description, so we know what the ideal candidate should be able to do, what their duties are, etc.

With nothing better to do after dinner one day, I decided I would give it a go. Here’s what I came up with:

Key Role:

• Must ensure the smooth day to day operation of the station

Responsibilities:

• Be the main contact person for all presenters, and emergency situations
• Maintaining regular contact with presenters, and attend to any issues arising
• Ensuring program vacancies are filled with a suitable casual presenter
• Able to troubleshoot basic technical issues, and delegate all other technical issues appropriately
• Have understanding of the policies and procedures of the station as well as codes of practice and legal requirements, and be able to enforce them as appropriate
• Providing regular written reports to the board, and attending board meetings as necessary
• Assessing newly trained presenters to ensure competency before going to air
• Welcoming new volunteers and making them feel comfortable

Requirements:

• Excellent written and verbal communication skills
• Competency with the usage of computers to fulfill the job’s requirements
• An understanding of radio broadcasting and how it functions
• Great people skills
• Enthusiasm, commitment and passion for community broadcasting

Availability:

• Should be able to attend the station for a minimum of five hours, during weekdays, each week
• Should be available at other times to visit specific presenters as the need arises
• Should be available for attendance at out of hours meetings
• Must be comfortable being on call all of the time to resolve or delegate responsibility of emergency situations

That’s what I wrote. What is it based on? Nothing, except my own personal opinions. Remember, this is just what I feel our station needs – your station manager could have a whole other set of duties not outlined here. Also, this hasn’t been adopted by our board, so it certainly isn’t final; it’s just my contribution.

Feel free to use it. Adapt it. Change it. Rejig it. It’s open for you to freely use. Enjoy!

With the CBF now accepting applications for the Audio over IP Outside Broadcast grant, I thought I would put together a hypothetical outside broadcast rig. Is it possible to put together a complete rig within the limits of this budget? We’ll soon find out.

This isn’t just the computer and 3G modem – this is my attempt to fit all the essentials into a rig (computer, modem, mixer, as well as PA gear). Let’s see if I can juggle it. All prices are for information only, and will probably change before the end of the week.

Laptop: Compaq Presario CQ60-210TU (Dick Smith Electronics – $748.00)

3G Modem: Huawei E1762 (Exetel – $145.00)

Mixer: Yamaha MG102C ($269.00 RRP)

Amp: Behringer EP2000 ($529.00)

Speakers: 2x Behringer B212XL ($275.00 each)

Microphone: Sennheiser E816 ($129.00)

Total: $2370.00 This leaves $130 to spend on some accessories (e.g. mic cables, stands, etc.)

So, this is pretty much the cheapest rig I could piece together. Remember, you may have some bits and pieces lying around, such as a computer and some better mics. Also, I have assumed that we will be using free software on the PC.

I don’t really like the Mixer, speakers, or microphone in the above rig. We can do much better than that cheap stuff!

What happens if we up the budget a bit? Let’s say, $4000. Here’s what I would do:

Laptop: Compaq Presario CQ60-210TU (Dick Smith Electronics – $748.00)

3G Modem: Huawei E1762 (Exetel – $145.00)

Mixer: Yamaha MG124CX ($566.00)

Speakers: 2x Yamaha R112 ($449.00 each)

Amp: Yamaha P2500S ($699.00)

Wireless Mic: Shure PG2/PG58 ($599.00)

Total: $3755.00 Leaving $245.00 for accessories

That’s much nicer. Now we have a proper mixer with faders, rather than cheap pots, as well as a wireless mic and some nicer speakers and amp.

What if we decide we want a full two way audio link, so you can have chats with the people in the studio? We’ll need something like the offering from AudioTX, coming in at a bit below $5000 (based on some rough calculations, only).

Finally, remember that I haven’t included any ongoing costs, such as the 3G connection charges. That will cost extra, but I don’t think you can claim these ongoing charges from the grant.

Can we get a full OB rig for less than $2500? Yes we can! Is the equipment ideal? Not quite, but it will work and will allow you to establish a regular presence in the community. What I suggest is that stations get the core equipment from this grant, and then buy the rest from additional station funds (or perhaps do some fund raising or a sponsorship drive to raise the cash).

(For the record, many of the prices on this page came from Turramurra Music’s website. I have no hesitations in recommending them as a great place to buy PA gear from.)

Crashing no less than six times in the space of fifteen minutes while trying to write yesterday’s blog post about Kwok. That’s right: Firefox crashed six times! Thank goodness for WordPress’ Auto Save.

Very embarrassing. Well, for Mozilla, at least. It’s just plain annoying for me.

This isn’t the first time I have had Firefox crash repeatedly on my Mac. Last time it happened, I was using Tiger. This time, I am using Snow Leopard.

Was I doing anything unusual when the crash occurred? No. I was basically just writing in WordPress, and occasionally uploading an image (with both the standard uploader and the Flash uploader). There have been reports of Firefox crashing when using WordPress, but that was resolved as an issue with Google Gears; I don’t use Gears, so this doesn’t help me.

I have used this experience as a chance to learn about how Mozilla deals with crash reports.

If you navigate your Firefox browser to about:crashes, you will get a list of GUIDs which reference to your crashes. Click on one of them, and you will be taken to the Mozilla crash reporting website, where you can see the gruesome details about the crash. Core dumps, running threads, modules, kernel details – it’s all there.

Bundle this with Bugzilla, and Mozilla really does have a great platform for dealing with crashes and bugs. It’s a really comprehensive system they have setup to deal with the sheer volume of issues they would have. Great job! Now, can you please fix my Firefox?

If you’ve got more than a couple of computers and a few bits of software, then you need some sort of asset management system. Something which will allow you to keep track of every bit of hardware and software in an organised and easy to use manner.

We’re not talking about a simple spreadsheet, although that may be useful for very small-scale solutions. You need Kwok; Kwok Information Server.

Kwok allows you to keep track of all of you assets, the hardware and the software. Don’t store all of your information in one person’s brain – keep if all stored in a collaborative system.  Here’s what Kwok can do for you:

• Hardware management: register every bit of hardware in the system, and then assign it to users or a specific location. Keep track of who is using what
• Software management: register all of your software licenses, and then link these to specific computers. It’s easy to see how many licensees you have for each piece of software
• Issue tracking: log all issues experienced with your equipment, and then use it to track updates and assign a resolution. No more “oh, I forgot about that problem!”
• Knowledge base: log important pieces of information regarding your systems or policies. Have some computers which require some special attention? Add an article about it before you get hit by a bus

This is a very powerful feature set. Combine it with LDAP Integration (so you can link it to your Active Directory), email updates, vendor contact details, and a whole set of other features, and you have one very powerful system!

What would make this whole system even better for you is investing in asset labels – stickers identifying the owner of the hardware and containing a unique identifier. Whack one on each bit of hardware, and log that number against the asset in Kwok. It’s a simple way to keep track of the correspondence between physical assets and records in Kwok.

Kwok is a web based system which is open source. It requires Apache Tomcat and PostgreSQL to run, but the package includes the whole system. Just plonk it in a folder on your server, and step through the provided instructions.

There’s a few things I find troublesome with Kwok. Firstly, there is a lack of delete button in several sections, such as ‘issues’. Secondly, the interface can be a bit slow to move around if you’re new to it – for example, it took me a while to find the pagination section on the hardware screen.

Overall, this is a great concept for a system, and a reasonable implementation. If you don’t have any sort of asset management, then this could be just what you need to get organised. Don’t wait until you have a specific reason to document everything – do it now!

(By the way, if you are looking for some asset labels to stick on everything, try Avonlea Labels. Our ones look fantastic, and are quite strong)