For several years, I spent several hours each week as a parent volunteer helping to administer the computers at the Ipswich Middle/High School.

Many issues we faced have commonly known solutions in the Windows-admin world which are well documented elsewhere. A few solutions that we used though are harder to find even though they may be widely applicable, so I've documented them here:

• WorldWideWeb Filtering
  Filtering web accesses from a school is important, both to comply with the CIPA law and to limit kids wasting time and so annoying their teachers. For web filtering we use the combination of the Open Source Software DansGuardian and Squid. As high school students' legitimate web uses range very widely, a high false positive rate leading to overblocking is a real problem. Limiting overblocking, which can easily go so far as to not even allow a student to access their own homework which they've emailed to themselves and are trying to access via a webmail portal, seems to require constant maintenance rather than the usual "set and forget" attitude.
  
  
• Transferring server software from older PATA to newer SATA hardware
  Substantial effort may be accumulated in the software configuration of a (Linux) server. Yet the hardware it was running on is failing. So the task is to transfer that whole software image from older hardware to newer hardware. Usually this is straightforward. Sometimes one can simply put the old disk in the new carcasse. Other times the simplest strategy is to take an "image" of the old system and restore it on the new system, then let the Linux "new hardware detected" mechanism reconfigure the kernel as necessary. But if the old system had older parallel interface disks ("PATA") while the new system has newer serial interface disks ("SATA"), neither of the usual strategies will work straightaway. Here's one way to tweak the usual procedure so you can transfer an image from PATA to SATA.
  
  
• Setting up a "default user" on Windows XP
  On Windows 95/98/ME there was an option to have all users use a single configuration. (In fact, those OSs didn't support multiple users all that well, and too often it wasn't even possible to prevent what one user did from leaking into another user's world.) But on Windows 2000/XP there's no obvious option and it isn't at all apparent how to do it. Fortunately there is a Microsoft standard procedure for making all users similar (it's just not very well known).
  
  
• Shutting down most illicit network use by blocking outbound ports
  Standard practice if you have a "firewall" between your systems and the open Internet is to block inbound TCP/IP ports. But this assumes that all applications are "well behaved" with respect to TCP/IP ...and the nefarious ones aren't. File sharing programs for example aren't slowed at all by blocking inbound ports and are barely slowed even by blocking specific outbound ports. What's necessary is to treat outbound TCP/IP ports just like inbound TCP/IP ports, blocking all of them by default then opening only the few specific ones you really need. Although we considered this, we wound up not actually implementing this technical change. We found the combined psychological effect of administrative procedures and "traffic shaping" (next item) was sufficient.
  
  
• Using DHCP for automated administration with very high availability
  We wanted to make administering new devices on our network as easy as possible, correctly assigning an IP address to every new device as well as supplying all the network configuration parameters. And we wanted to provide very highly available DHCP service, with both failover and failback being completely automatic. Typical uses of DHCP don't exactly meet these needs (although they come close). We found that with some tweaks to the DHCP configuration, we could make it do exactly what we wanted in our environment.
  
  
• Internal caching Domain Name Service for fast web access
  We wanted to make world wide web access as quick as possible. That meant both leaving our ISP drop largely free for web traffic, and giving every web browser very fast responses to their queries. A particular waste can occur when several students visit the same website. Each one of them will request the same computer name translation and every request will go out over our ISP drop to servers on the Internet unless special actions are taken. We avoid this waste by providing our own internal caching DNS servers. The first time translation of a new name is requested, our servers don't know the answer and so have to forward the request to the Internet. But it remembers the answer. And when other computers request translation of the same name, our caching DNS servers respond very quickly themselves.
  
  
• Using "traffic shaping" to prevent any one user from monopolizing the Internet connection
  "Traffic shaping" is reordering outbound network packets according to some priority scheme, rather than just passing them on in exactly the same order they were received. Mostly traffic shaping is used either to give higher priority to time-sensitive communications (for example Voice over IP) or to ensure that downloads continue to run well even when something else is happening at the same time. But traffic shaping can also be used to guarantee a certain amount of bandwidth to every use (or even every computer), preventing one rogue user from monopolizing the Internet connection and hampering everyone else's legitimate network use.
  
  
• Forcing an application to always use particular command line arguments
  Many applications can be made do what you need them to do by specifying particular command line arguments (also known as command line switches or command line options). You can set this up for most users by adding the desired command line arguments to each of three "shortcuts": the one in Start->Programs, the desktop icon, and the taskbar icon. But it's trivial under Windows for a user to bypass all these shortcuts to launch an application without the command line arguments you desire. I've tentatively concluded there's no easy way to force a native Windows application to use particular command line arguments under vanilla Windows 2000/XP.
  
  
• Aligning and checking LCD monitors
  Many LCD monitors are "built in" to laptop machines and use a digital interface. Usually the rest either "just work", or work after the monitor's "auto" adjust is used. And LCD monitors using a digital connection always display correctly. But occasionally an external flat panel LCD Monitor using an analog connection needs to be adjusted manually. Here's a test pattern with instructions to do it.
  
  
• Networking Windows XP Home Edition
  Despite having almost exactly the same name, Windows XP Home Edition and Windows XP Professional Edition are very different to administer. For example the things you would do as an administrator to network Windows XP Professional Edition are almost exactly what you should not do in the process of networking Windows XP Home Edition. If you find it necessary to work with Windows XP Home Edition, here are some suggestions on how to network it.
  
  
• Converting email addresses to images
  The most common way an email address is picked up by spammers is off a website. In fact spammers have programs —typically called "spambots"— that do nothing else except "harvest" email addresses off websites. Completely removing email addresses from a website is often not reasonable, because the usefulness of the website depends critically on providing email addresses. A solution is to convert the necessary email addresses from text to images before placing them on the website. Images of email addresses are still readable by humans, but not easily harvested by spambots. Here's a program/tool that makes it easy to convert text (such as an email address) to an image.
  

Location: N42 40.86' W070 50.35'  (North America> USA> Massachusetts> Boston> North Shore> Ipswich) Time: UTC-5 (USA Eastern Time Zone)  (UTC-4 summertime --"daylight savings time") Email comments to Chuck Kollars

All content on this Personal Website (including text, photographs, audio files, and any other original works), unless otherwise noted, are available to anyone for re-use (reproduction, modification, derivation, distribution, etc.) for any non-commercial purpose under a Creative Commons License.