DSC vs. GPO vs. SCCM vs. MDM

Microsoft Windows administrators now have a number of ways for managing their estates.

  • Group Policy (GPO)
    Allows very fine-grained control over every aspect of Windows. Primarily aimed at Windows desktops. Requires Active Directory (AD) and very careful configuration. Requires well trained specialist staff to get it right.
  • System Center Configuration Manager (SCCM)
    Allows central control over software delivery. Also requires AD. Configuration of delivery packages can be complex and very careful change control is required. Software delivery via SCCM can also be intrusive to users. Requires well trained specialist staff to get it right.
  • Desired State Configuration (DSC)
    Though extended by Microsoft this is actually part of a wider open standard “Open Management Infrastructure” and so applies to other platforms as well including Linux. Mainly aimed at server configurations. Falls into the DevOps camp as it defines server configurations in purely text format and so can be put under source control easily. DSC is typically dynamic and enforces the correct configuration (normally every 15 minutes) which greatly helps ensure secure configurations.
  • Mobile Device Management (MDM)
    Primarily aimed at mobile devices, this style of configuration is increasingly applicable to Windows Desktops with the advent of Windows 10. Microsoft InTune is leading the way with other MDM vendors following on. Not everything on the desktop can yet be controlled this way, even with W10 but many key settings and controls are already available. A much simpler method for enforcing desktop settings than the other methods, it allows fewer administrators and much less specialist knowledge.

The article from FoxDeploy covers the first three of those and lays out the purpose of each. Well worth a read.

What is missing is the 4th method which uses Mobile Device Management tooling. The leading contender for this is Microsoft InTune. However, InTune is really only focussed on Windows 10 (desktop and mobile), it has limited control in other Operating Systems.

Servers only ever exist in a given state. If they deviate or we make changes, we refactor and redeploy. DSC drives it all and the machine will be up and running on a new OS, with data migrated in a matter of minutes.

For all practical purposes, the first true large scale management tool we had for Windows systems in the modern era was Group Policy, or GPO as it is commonly truncated.

Comparatively, SCCM and MDT allow us to we import an image from a Windows install disk and then run dozens of individual steps which are customized based on the target machines platform, model, office location and other factors. The sky is the limit.

Curated from DSC vs. GPO vs. SCCM, the case for each. – FoxDeploy.com

Mosquitto MQTT Server on a Raspberry Pi

To access an MQTT broker direct from the browser, you need websockets support. On a Raspberry Pi, this used to require a custom build from source. That is no longer required. You can now install direct from the mosquitto.org repository and add a simple config change. This article explains the details.

MQTT is a messaging protocol for the “Internet of Things” (IoT). It allows devices to communicate easily with minimal overheads. The Raspberry Pi of course makes an excellent low cost platform for managing IoT. Not only is it cheap to buy, it is also cheap to keep running.

To use MQTT, you need a “broker” which is simply a service running in the background. Mosquitto is one of the more popular brokers, partly because it is pretty small and therefore ideal for running on a Pi.

If you want to use MQTT from the browser however, you also need the broker to support something called “websockets” since browsers cannot directly talk using the MQTT protocol. In the past, Mosquitto didn’t have websockets compiled in by default and compiling your own version on a Pi is painful to say the least.

Thankfully, this is no longer a problem since the authors of Mosquitto now provide a repository containing ARM versions which work fine on the Pi. See mosquitto.org for the details.

Once installed from the repository, you will need to add a suitable configuration since websockets are not part of the default configuration.

To turn it on, you should add a new file to /etc/mosquitto/conf.d/ containing something like:

# See: http://mm011106.github.io/reference/mosquitto_conf.html

# Standard Listener
listener 1883
protocol mqtt
allow_anonymous false
password_file /etc/mosquitto/passwords.txt

# Websockets Listener
listener 9001
http_dir
Set the protocol to accept for this listener. Can be mqtt (the default), or websockets.
protocol websockets

Note that you can create more than one listener of the same type. You might, for example, want to create another listener that is restricted to a subset of topics so that you can allow access to that over the Internet. Perhaps you would restrict it to listing only sensor data but not control messages for your home automation project for example.

Once you have enabled websockets access to Mosquitto, you can do some interesting things directly from web pages. Get hold of MQTT.js for the browser and you can both listen to and send messages from/to the broker. Combined with a framework such as REACT allows you to, with only a few lines of code, display all the messages that arrive at your broker.

 

A simple mail filer for Microsoft Outlook (VBA)

Like many people I receive an unmanageable amount of email each day. Many days I get through only around 1/3 of the email I receive.

However, the role I am in professionally requires me to retain a large proportion of correspondence. Some because it relates to ongoing projects, other because of security, audit or compliance reasons.

In addition, I work across many projects. It isn’t unusual for me to be involved in two dozen projects at any one time on top of my day-to-day management work.

So I have many folders – hundreds in fact – and filing email into the right folder has become a real drag. It can take an appreciable amount of time to hunt down the correct folder and Outlook does not provide any way to search/filter folder names in the UI.

Thankfully, I have access to VBA in Outlook. While the experience of using VBA macro’s to control Outlook is rarely pleasant, it does get the job done – mainly.

My requirements for the utility were as follows:

  • Must let me select multiple emails, if any have already been filed, show me the folder(s) so I can quickly file new email to the same folder as the rest of the conversation.
  • Must give me a list of all my folders with a simple way of filtering the list by typing a few letters.
  • Must also let me open a folder for viewing instead of filing or cancelling.

A couple of hours later, I was able to create a new utility. This has been published to Github and you can find it at:

https://github.com/TotallyInformation/outlook-filer

Home Automation Hub using Node-Red

The Internet of Things (IoT) comes alive with the help of Node-Red, a Flow-Based Programming (FBP) tool designed to help link together sensors, switches, logic and displays. With hardware magic from Arduino’s, Raspberry Pi’s, low cost sensors and wireless switches. We can easily build a bespoke home automation and monitoring hub.

Having got into some electronics with my son over the last couple of years, I’ve found a new enthusiasm for doing some home automation and monitoring. In the process joining a much overhyped band of people creating the so-called “Internet of Things” (IoT)

Between Arduino’s and Raspbery Pi’s, some simple low cost sensors and a fair bit of patience, it is amazing what can be achieved.

One of the big tasks though is trying to link everything together. Generally, this involves either using a big pre-build tool such as the popular Domoticz or programming your own monitoring and control hub from the bottom up. Personally, I find the former approach too restrictive with the packages rarely doing what I need so that I am always fighting with them. But I find the latter approach too time consuming to ever get very far.

Thankfully, some great folks at IBM have come to the rescue by creating a tool called “Node-Red“. This uses an approach called “Flow-Based Programming” (FBP). Indeed, FBP was invented at IBM in the 1970’s so it seems only logical that the IBM Emerging Technology team should carry on the good work.

Node-Red ScreenshotFlow-based programming uses diagrams to connect together small functions, in this case referred to as “nodes”. Rather like putting together a flowchart. Node-Red is aimed at people creating connections between IoT things such as sensors and switches so it is ideal for what I wanted. Even better is that it is based on my chosen programming and automation tool, Node.JS which runs everywhere, is lightweight, fast, flexible and powerful. Node.JS uses Javascript as its programming language and so I only need to learn 1 language to programme for both the server (the back-end) and the client (browser, the front-end or user interface).

Why not give Node-Red a try? It is getting more and more attention with lots of new node types being contributed by the community. There is a site for reviewing new nodes and examples at flows.nodered.org. There is a Slack site and a lively Google news group. There is also some good documentation at the docs site.

You may also find Node-Red useful for a lot more than just IoT as it makes it easy to work through computing tasks, reducing coding to a minimum.

Outlook 2013 URL Protocol Handler

Outlook has a custom URL protocol that allows interaction with different elements such as folders, mail and calendar items and contacts, Since Outlook 2007, this has been restricted for use only within Outlook itself but there are some tremendous opportunities for use from simple web systems. This post explains how to turn it on, even for Outlook 2013 (Office 365 version). It also gives pointers to other articles on how to use the protocol.

One of the nice features about older versions of Microsoft Outlook was that it had a set of URL Protocol Handlers (like outlook:inbox) defined that could be used system wide to trigger actions in Outlook such as opening a folder, creating or editing an item.

Unfortunately, along the way, these got gradually toned down so that they only worked from within Outlook itself.

This can still be useful. I’m not sure how many people realise that you can create “folders” in your Outlook mailbox. Choose Properties .../Home Page and set a URL – maybe your blog or Intranet. Now when you click on the folder, you will see the web page instead of a set of mail items or whatever.

When using this feature to do some more clever stuff such as creating To Do lists from incoming mail, you might choose to use a dynamic web system to handle the list. CouchDB or Node.JS are lightweight web systems that come to mind.

Then you might find yourself wishing that you could create links in your To Do system back to the original email in Outlook. Well you can! Sort of.

It turns out that, although the external use of the Outlook: protocol hasn’t been available since Outlook 2003, it can still be turned on, even in Outlook 2013. There is a useful article on the TeamScope web site that shows you how to turn on the outlook: protocol system-wide.

One minor wrinkle though if you use Office from an Office 365 subscription – the location for Microsoft Office applications is different! You will find them at: C:\Program Files\Microsoft Office 15\root\office15.

Here then is the registry code that you need to enable the protocol:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\outlook]
"URL Protocol"=""
@="URL:Outlook Folders"

[HKEY_CLASSES_ROOT\outlook\DefaultIcon]
@="\"C:\\Program Files\\Microsoft Office 15\\root\\office15\\OUTLOOK.EXE\""

[HKEY_CLASSES_ROOT\outlook\shell]
@="open"

[HKEY_CLASSES_ROOT\outlook\shell\open]
@=""

[HKEY_CLASSES_ROOT\outlook\shell\open\command]
@="\"C:\\Program Files\\Microsoft Office 15\\root\\office15\\OUTLOOK.EXE\" /select \"%1\""

Simply save this into a .reg file and open it to install the changes.

Now you can use the outlook: protocol anywhere on the system, great for dynamic web systems.

One minor word of warning though – there are dangers! Don’t open links unless you know what they are, where they go and what they do!

To find out how to use the Outlook protocol handler, try one of the following articles:

One final note. I’m now looking to create some tools that link between Outlook and CouchDB. CouchDB provides a very lightweight NOSQL database that uses JSON and JavaScript to great effect. I’m already using it to track statistics on incoming/outgoing emails, linking the web interface back to Outlook via the home page method mentioned at the start. I’m going to have a go at creating a task monitor too if I get the time. I am currently reading only around a quarter of the emails in my work inbox and I really need some tools to improve the situation. Food for some more blog posts hopefully.

Microsoft 64-bit Application Support (lack-of)

Microsoft’s 64-bit support is still sorely fragmented as we find out with a brand new laptop trying to access Microsoft SharePoint.

The joys of working with Microsoft products!

So I have a brand-new, shiny 17″ HP laptop. 64-bit throughout. 6GB of RAM and comes pre-installed with 64-bit Windows.

You would think, then, that you would want to use 64-bit applications right? Wrong!!

I automatically use the 64-bit version of Internet Explorer to access some Microsoft specific sites (Outlook Web Access and SharePoint 2007). I install and use the 64-bit version of Microsoft Office. Does this work well with SharePoint (from Microsoft)? No!

For starters, you cannot upload an Excel spreadsheet to a SharePoint list like you should be able to. You get an error:

This feature requires Microsoft Internet Explorer version 5.0 or later, and Windows 95 or later.

Next you try to switch a list into a “Datasheet” view – which looks a bit like a spreadsheet. Inevitably, you get another error:

The list is displayed in Standard view. It cannot be displayed in Datasheet view for one or more of the following reasons: A datasheet component compatible with Windows SharePoint Services is not installed, your browser does not support ActiveX controls, or support for ActiveX controls is disabled.

To fix these errors, you then have to download and install “2007 Office System Driver: Data Connectivity Components“.

And you have to use the 32-bit version of Internet Explorer 9 (IE9).

Low-cost Information Management, Communications and Collaberation Tools

Although much of the work I do is for very large organisations and extremely costly projects, being an adopted Yorkshire-man, I’ve always an eye open for a bargain! More seriously, there are many small to medium sized businesses and charities that cannot afford big IT budgets but that still are crying out for good information management, communications and collaboration tools. In this article, I’ve tried to highlight a few tools that I think are worth looking at.

I’ve not included anything in this article that requires a monthly or annual cost. All the tools here are available for free at least with limited features. The feature lists given are for the free versions with paid-for key features noted where appropriate. I also note if any of the web sites are blocked by typical enterprise firewalls.

There is a lot more than what I’ve shared here, I’ll try to update this article from time-to-time. Continue reading “Low-cost Information Management, Communications and Collaberation Tools”

Enterprise System Design and Accessibility

Most web designers are well aware of the need to design with accessibility in mind and that this is a legal requirement in many countries.

Not so many IT architects and designers who deal with internal, enterprise systems are aware, though, that these laws and requirements also apply to internal systems.

Recently I’ve yet again seen a number of dreadfully designed user interfaces (UI) for enterprise systems that most certainly don’t meet usability standards let alone accessibility standards! Continue reading “Enterprise System Design and Accessibility”

Apple iOS 5, What does it change for me?

There are some really nice looking changes on the way for Apple mobile users lucky enough to have a device that can be upgraded to iOS 5. I thought I’d throw together a quick look at how this will change things on a practical level for me as I use an iPhone and an iPad for work and personal use.

Update: 2011-10-13. I’ve added some more details.
Continue reading “Apple iOS 5, What does it change for me?”