And did not know it. That is not good. I was messing around with setting permissions on a new user group in our web security software – since i am admin, and I somehow removed the people and privileges of the group.
In the software, Genetec, there are users and user groups and permissions within. I arrived at work today with priority 1 email and a visit from my colleague, whom the helpdesk was contacting about a resolution. Yesterday, I was in the software creating a new group and adding a new account to it. I did not want to give the account admin. privilege, but needed the account to see all the cameras in the 3 areas, buildings. I used the copy configuration tool, or I tried to, I copied from an existing user group its settings to the, a, new group that I created. Like this, create the new group, copy the privileges from that group to this new one. That is what I was doing with the copy configuration tool option. Only SOMEHOW, I reset the privilege and membership of the RSC Entrances group. The group had nothing but a name, no member accounts, no areas defined or privileges granted.
It took us about 15 minutes to *restore accounts and permissions to the user group, which corrected the problem being reported by all 3 of our employees who monitor the building entrance ways.
The software reported to them, when they authenticated, that they did not have permission to see anything. The reason was because their account had been removed from the user group. We added that back first.
There they are, the 3 people and their sub accounts, added back into as Children of the RSC Entrances group. that gave them some privileges back.
Next we added the group as an accepted user of…
And finally, we added permissions back for the members of the group, to operate the doors – allowing them to interact with the software and open the doors.
At the end of the day, good lessons learned for me?
- be more careful when creating new groups and trying to limit privileges
- Security model is group focused. Members (accounts) are added to groups and permissions are added to the group. The group has the permissions to see this an that, not the individual account.
We have a new client called rapid response, who are building an interface that will link directly into our security cameras at our 3 locations. We have had the security cameras in place about 2 years. Most of it has been updated or is new in the past 2 years. We have 3 centers, Main campus here in Newark, a tech center in Williamson, NY and a tech center in Flint, NY. Between the 3 centers there are about 75 cameras and 4 *doors. They consist of at least two servers, both of which I am lobbing for remoting credentials. I already have one, but discovered a second this past week when we had a problem that I diagnosed for our vendor, which ended up on the server in Williamson.
Our new vendor, Rapid response has been asking for IP addresses to the cameras on the system. Makes sense. I have provided that too them by printing off an *area view in the software that lists the names of the cameras in each location. Then using the Configuration software provided by Genetec, was able to gleen the IP address for each camera and write that on the diagram. Then I scanner the diagram and emailed it to myself and then to my contact at Rapid Response.
I want to help both the Rapid Reponse folks, in creating the new interface that will link to the cameras but I also want to access and understand the server environment better. The later so when a problem occurs in the future with the security cameras (usually a problem means a camera or a door entity in the system is down. By having remote permissions to the server, I can do two very valuable things if problems occur.
1 – restart services on the server
2 – restart the server itself.
I will naturally still let my vendor, Frontrunner know what I am planning to do, but it could help in two ways
1 – quicker resolution to a problem
2 – negate the need for the vendor to come to one of our sites.
I find myself most often troubleshooting, and communicating the findings, when a problem occurs. I would still do this, but be able to reset services and the server when something is down.
That is the image(s) I used to communicate camera names and IP addresses to Rapid Response folks.
The doors are entities on a network running on Genetec software. They have a special provision in the software – they are able to unlock the doors, 4 of them between 3 buildings. People monitor and let people into the building from. You could call this, building entrance way security software (Genetec). The doors along with about 25 cameras on the main campus are all part of the network via IP based architecture (I really should learn more about network architecture, like switches, ports, servers, ips domains in a Windows environment. Anyway, I digress.
One of the door monitors reported the problem on a Monday morning (when else, right?). The issue reported to our Helpdesk, who then have a inquiry / action diagram that i put together to help them know how to direct/filter the issue.
This is a priority 1 level issue, according to our Helpdesk staffers…even though the doors can still be monitored and opened via the old technology. But, I digress again.
I logged into the thick Genetec client program to look at the doors entities to see what the issue was. I was able to quickly find some useful information to share with the vendor, Frontrunner. The Access Manager was down. This is a service, I think, running on a server at another location. Not sure why the service for the doors at main campus are on a server at a remote location, but, I digress yet again.
I was able to coordinate with someone at the remote location as the technician from the vendor had not been to this location. They meet up there and reset a service probably is all. Derrick said to me that it was likely a Windows update that restarted the server, which caused on of the services to not come back on line. Stupid Windows. We discussed ensuring that Windows updates are not automatically pushed onto the server. We would prefer a more managed pull solution, where we could get the update and monitor it to ensure that all our necessary services on the server restart.
I am requesting remote access to this server too. I have access to a server here at the main location, but not to the one at remote location. I want access so I can restart services or the server itself, if necessary. If a problem occurs in the system (usually something, a camera or door, has gone offline) – these are good steps that I could perform in the interest of not having to have the vendor come on site to do something, like restart a service. I call this low hanging fruit. Let me try it, see if we can resolve it, then contact the vendor.
Finally, another co-worker vested on the network side of things said to me “Can we have the server at williamson moved into a better closet?”. When the server was initially set up, our network engineer was not there and so the server ended up in the wrong closet – wrong in terms of no climate control. It was moved and everything is up and running.
It is two things I am asking the vendor for
1 – remote access to both servers
2 – with permission to restart services and the server
I support an old MS access application. It has lots of old code in it, that I did not write. I understand this application because I understand DBs, SQL and VBA. Each to a decent level. I have been supporting this app. about 3 years. Its probably about now that I start seeing things in the application differently. For example, for the past couple years, my customer asks for things to change or update in areas of the application, and i change them. I deal with the single request to do something in a single place. The other day came another request to fix the application so the current year data shows up in the form.
this is a common request. “James, in place so and so, the wrong data is showing”. I go in and change a hard coded value in a SQL query. Each year, a new year is generated in the application and then its id has to be updated in numerous places. Each year I do this. Now I see this as a single task. When the next new year is created by my customer in the application, I should go through the app. and update the code, at once. I should not make my customer report to me that this form or that report are not showing the correct data. I should solve this globally, at least try. I could actually do a couple things to solve this
1 – I could do a global search for the variable name and update in each place.
2 – I could refactor the SQL so that after a certain date, it use the next available number (since this is how the values increment each year.
3 – I could create a function that changes the value in one place and call it from all over the application.
#3 is the best solution – put the code in a single place, update it, call it, but also the most work. 2 is decent, I could figure out how to simply use a variable in the SQL and define it in a more global space in the form, for example. #1 is still a big improvement and the least intrusive, for the old girl.
“James., can you ….”
Honestly, this is my lens “4 years left of supporting this application, at maximun”. It almost got the book last year. software has a limited lifetime, a season, a day when it is no longer viable. something else comes along and does it better or as part of a larger system. In this case, another BOCES who handles a similar function absorbed it.”
More to follow
I had someone send me this question yesterday.
I need John B…to be taken off of the list. And Greg M (his email) to be the replacement. John would log on to see who had contacted us for more info but his job duties have changed so that is no longer necessary. Greg’s duties have increased and he will need to be able to see those inquiries. Make sense?
I responded with this
Olga, from this web site. http://wflbocesadulted.org/
You want me to
- Remove john B as a webmaster,
- Add account for Greg M.
- Give webmaster permission to Greg M account
Is that correct?
She responded with this.
When people click on “Contact Us” they can leave their questions with a phone number or email. Then I get an email from email@example.com as well as when I log in I get a yellow bar that says “There is 1 item that requires your attention” on the main menu.
When John logs in, I don’t want John to have access to see the yellow bar, that should go to Greg now instead. But John still needs access as a webmaster. So:
- No, please don’t remove John as a webmaster
- Yes, Greg needs an account to log in
- No, Greg doesn’t want to deal with webmaster things just look at the contact-feedbacks.
Am I rambling? I’m sorry.
Thanks : )
Olga, I created an account.
accounts details …..
Assigned permissions to the account, not as webmaster, but as admin. with permission to just that area.
You could log in as him to check it out.
If we want to remove the permission for Boronkay, we would have to remove the webmaster permission and give him admin. with rights to everything except the feedback form.
I also added Greg’s account to the list of people who get the *push email when someone submits something. You, Greg and Marilyn S are checked to receive push emails. Not John B. Do you want me to remove MS from getting them too?
No, everything is perfect.
Marilyn takes care of anything nursing related so she can stay on there.
Thanks so much for your help! Have a great day!!!
moral of the story? solutions most often live in the existing capacity of a software. If you do not know what that is, seek it out. Also, always clarify what the customer is asking for, asking you to do. Over and over the clarification of what is being asked for and what you plan to do exposes a lack of understanding from the customer.
We have a web site, that is used on a fairly large scale organizationally. wflboces.org
Today, our information officer stopped me to discuss options for our legacy website. What complicates this a bit is customization that were done to this site years ago by the vendor. Those customization cost has been in the fact that we have not been able to go to a new template, like many of our other schoolworld sites.
The information officer is making a recommendation that we stay with the current vendor, schoolworld (blackboard) and migrate to a new template that offers more options, at least new options. The other options we may have is the migration of our content from the schoolworld site to a new vendor. That would be a little more risky, I think. I imagine other vendors would be happy to handle the transitional issues for the payout of hosting our content. I do not have the entire picture here. There may be reasons why we *need to stay with the current vendor, or there may be options for a new vendor that the information officer is simply afraid to explore.
What about a training phase? Would the new vendor offer that?
I will follow up with schoolworld and ask a couple questions. If we migrated, there would be a lot of people asking questions initially. Who would be the contact for that? I could be, but who would be my technical contact? Someone I could lean on.
There are about 30 people who have logged in during the past week and made updates to the web site.
How many modules are custom build for the template AND would be lost upon upgrade to the site.
Can the site use a new template? If so, what custom built modules would not be included?
How many of the custom modules are in use?
How many people use them?
How would we deal with them? Who would train?
modules in the site…
This is where some of the custom modules are. Facilities, Courses, Accounting, Professional Development, Setup Prof Dev.
I think the Courses and Accounting modules work together, while Professional Development and Setup Prof Dev. work together. I do not know to what extend these are used, but im pretty sure they are used on a regular basis and would be a point of contention for any upgrade path that does not include an alternative functionality for these items.
A couple views of traffic reports for the site, compliments of logaholics
Number of Site administrators – an idea of the site usage.
Well – that is what it seems anyway. One of my access customers, who runs a fairly simply billing DB contacted me this week with this message.
“Help, I have been out for 6 weeks and now my billing db is not working“.
I love the detail provided.
I looked at the DB and saw that on the main form of the application, the buttons were not working. Its like a switchboard form – or auto-start form – we know the ones….
When I looked under the hood, there was no VBA and no defined macros ?? I wondered what the heck was supposed to be firing on the click events for each button? The DB objects were there, tables, queries, reports, forms. But no macros anywhere to be found….and no VBA.
When I pushed a little deeper, my customer said “oh, well it only runs in access 2003.” And she has a never version, 2010, on her workstation, along with the older version still. don’t ask why, because IT installed it as part of the suite – and just did not bother removing it.
Quickly, I deduced that she probably opened the DB in access 2010 – it did some type of conversion of old VBA code – or tried to, and corrupted the DB. I kinda proved this by opening an older copy of the DB using 2003 and seeing it work. After sleeping on this, a very clear thought bubbled up today
my clear thought “This DB has been limping along in 2003 for many years and no-one has bothered to figure out what is necessary or required to update, so it works in the newest version of access. Rather, it has been easier to simply keep 2003 laying around.” How much work could it really be? Her DB is not that complex.
Fortunately for her, she keep the db in her private network space and so I was able to request a copy of it from about 6 weeks ago. I expect when I get the copy, I will be able to open it in 2003 without issue. And that will solve the mystery of what happened to it.
Which leaves me with 2 outcomes
1 – Fix the code in the DB so it works in newer access version
2 – remove access 2010 from her computer.
The first is the better option, treating the problem, not the symptom. BUT, this may prove to me more work that its worth. When I have time, I will look at it with an eye toward 1 and update this post.