Arduino Light Dimmer

I recently ordered an Arduino starter kit online and last week it arrived. I’ve made my first projects and this is one of them: an arduino light dimmer

Materials

You’ll need the following materials

• 1 x Arduino One
• 1 xRed LED – 5mm (or any other color will do)
• 1 x 220 Ohm resistor
• 1 x potentiometer
• 1 x breadboard
• cables

Circuit

The circuit is farely simple:

• Connect the plus side of the LED to digital 9 (this is usually the longer leg)
• Connect the resistor to the GND and to the – side of the LED
• Connect one of the outer two pins of the potentiometer to the 5V and  the other to the GND
• Connect the middle pin of the potentiometer tot A5

The Code

//set the pins
int ledPin = 9;
int potPin = A5;

void setup() {
// put your setup code here, to run once:
Serial.begin(9600);
}

void loop() {
//read potentiometer value
int input = analogRead(potPin);

//map the pot value to fadevalue: the input value can be between 0 and 1023
input = map(input,0,1023,0,255);

//fadevalue between 0 and 255
analogWrite(ledPin,input);

Serial.println(input);
//delay for more stability
delay(10);
}

That’s it

Publishing Third-Party Updates to WSUS

I normally try to deploy updates to computers through gpo deployment. However, Windows firsts installs software throug GPO before allowing the user to logon. This can take a while and updates are frequent (e.g. java). So I decided to give wsus with system center updates publisher or even local updates publisher a try. First thing to do is setup my certificat authority and deploying the signing certificate. I’m using this: http://blogs.technet.com/b/jasonlewis/archive/2011/07/12/system-center-updates-publisher-signing-certificate-requirements-amp-step-by-step-guide.aspx

w32tm in a domain

Having problems with my time service, looking here for the answer http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx

Unattended deployment of Live essentials 2011

I work at a school, so applications like Microsoft Live Movie Maker are highly usefull in an educational environment. So I thought to myself: lets deploy this stuff throughout our network.  Movie maker is a part of Live Essentials, but has some limiations though as I found out.

Firstly I deployed Live Essentials 2012 through GPO startup script. This is the script:

setlocal

REM ****************************************************************
REM Environment customization begins here. Modify variables below.
REM ****************************************************************

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\\server\share\WindowsLiveFolder

REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\server\share\WindowsLiveFolder\logfiles

REM ****************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM ****************************************************************

REM check if this is Windows 7
if exist “C:\Users\All Users\ntuser.dat” goto win7
if exist “C:\Documents and Settings\All Users\ntuser.dat” goto End

:win7
reg query HKEY_CLASSES_ROOT\Applications\MovieMaker.exe
if %errorlevel%==1 (goto DeployApp) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployApp
start /wait %DeployServer%\WLSetup-all.exe /q /NOToolbarCEIP /NOhomepage /Nolaunch /nosearch /AppSelect:MovieMaker
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

The script first checks if it is dealing with a Windows 7 installation. If not it ends since Live Movie Maker 2012 is not supported on XP (we don’t have any Vista so I’m ignoring this OS). Then the script checks if Movie Maker is allready installed. Otherwise it would try to install it at every boot, slowing down the machine. Finally it installs moviemaker and writes the results to a logfile. In this way you can monitor wich machines have sucessfully installed your app.

Then I created a new gpo and added a computer startup script to it under   Group Policy object/Computer Configuration/Windows Settings/Scripts (Startup/Shutdown).

But now the problems occured. It seemed a number of computers were to old to run direct x 10, wich is a requirement of Live Moviemaker 2012. Live Moviemaker 2011 however runs on machines with directx 9.x (for more info http://windows.microsoft.com/en-US/windows-live/movie-maker-system-requirements-ui)

So a downgrade was necessary, but Live Essentials doesn’t have a clean unattended uninstall function. So I searched the registry for the uninstall strings of all the components of Live Essentials. I came up with the following list

start /WAIT “Uninstalling Windows Live Communications Platform” MsiExec.exe /X{0454BB9A-2A7A-4214-BDFF-937F7A711A44} /qn
start /WAIT “Uninstalling Photo Gallery” MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243} /qn
start /WAIT “Uninstalling Windows Live UX Platform Language Pack” MsiExec.exe /X{4AA2A466-8031-403A-8236-5301B4E391FB} /qn
start /WAIT “Uninstalling Windows Live UX Platform” MsiExec.exe /X{4CCBD1F4-CEEC-452A-9CB8-46564B501315} /qn
start /WAIT “Uninstalling Windows Live PIMT Platform” MsiExec.exe /X{6A8DB215-7BCD-4377-B015-2E4541A3E7C6} /qn
start /WAIT “Uninstalling Photo Common” MsiExec.exe /X{743FD554-A73F-4FE8-BE7B-C283D16297F9} /qn
start /WAIT “Uninstalling Windows Live SOXE Definitions” MsiExec.exe /X{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214} /qn
start /WAIT “Uninstalling MSVCRT” MsiExec.exe /X{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} /qn
start /WAIT “Uninstalling MSVCRT110” MsiExec.exe /X{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} /qn
start /WAIT “Uninstalling Movie Maker” MsiExec.exe /X{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76} /qn
start /WAIT “Uninstalling Windows Live Essentials” MsiExec.exe /X{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4} /qn
start /WAIT “Uninstalling Windows Live Installer” MsiExec.exe /X{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC} /qn
start /WAIT “Uninstalling Windows Live Photo Common” MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72} /qn
start /WAIT “Uninstalling D3DX10” MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} /qn
start /WAIT “Uninstalling Movie Maker” MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535} /qn
start /WAIT “Uninstalling Microsoft SQL Server 2005 Compact Edition [ENU]” MsiExec.exe /X{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} /qn
start /WAIT “Uninstalling Photo Gallery” MsiExec.exe /X{F67CA22C-C11F-4573-8406-57F75BA06B51} /qn
start /WAIT “Uninstalling Windows Live SOXE” MsiExec.exe /X{FE7C0B3D-50B9-4951-BE78-A321CBF86552} /qn
start /WAIT “Microsoft Office Outlook Connector” MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE} /qn

The /X means “uninstall” and the /qn switch means quiet and no interface. This is necessary because we are running this as a computer startup script. Remember allso that I only choose to install Movie Maker and none of the other components. If you install everything you should search the key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall on 64-bit windows 7 and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall on 32-bit windows 7 for Live Essentials components. The uninstall string is located in the UninstallString property. Just remember to change /I to /X and add /QN to the end.

The work is not done however: when you try to install live essentials 2011 after this, the installer claims that there is a newer version installed. This is caused by some leftover files in the common program files. Running

rd /S /Q “c:\Program Files (x86)\Common Files\Windows Live”

on 64-bit and

rd /S /Q “c:\Program Files\Common Files\Windows Live”

on 32-bit will solve this.

The last step is to run the installer for Live Essentials 2011

WLSetup-all.exe /q /NOToolbarCEIP /NOhomepage /Nolaunch /nosearch /AppSelect:MovieMaker

All done! So this is the complete script

setlocal

REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\\server\share\WindowsLive2011

REM Set LogLocation to a central directory to collect log files.
set LogLocation=\\server\share\2011\logfiles

REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************

REM check if this is Windows 7
if exist “C:\Users\All Users\ntuser.dat” goto checkversion
if exist “C:\Documents and Settings\All Users\ntuser.dat” goto End

:checkversion

rem check if this 64-bit
reg query HKLM\SOFTWARE\Wow6432Node
if %errorlevel%==1 (goto 32bit) else (goto 64bit)

rem if version 2012 is found a downgrade is necessary
:64bit
set progfiles=”c:\Program Files (x86)\Common Files\Windows Live”
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite /f 16.4.3505.0912
if %errorlevel%==1 (goto win7) else (goto remove)

:32bit
set progfiles=”c:\Program Files\Common Files\Windows Live”
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite /f 16.4.3505.0912
if %errorlevel%==1 (goto win7) else (goto remove)

:remove
start /WAIT “Uninstalling Windows Live Communications Platform” MsiExec.exe /X{0454BB9A-2A7A-4214-BDFF-937F7A711A44} /qn
start /WAIT “Uninstalling Photo Gallery” MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243} /qn
start /WAIT “Uninstalling Windows Live UX Platform Language Pack” MsiExec.exe /X{4AA2A466-8031-403A-8236-5301B4E391FB} /qn
start /WAIT “Uninstalling Windows Live UX Platform” MsiExec.exe /X{4CCBD1F4-CEEC-452A-9CB8-46564B501315} /qn
start /WAIT “Uninstalling Windows Live PIMT Platform” MsiExec.exe /X{6A8DB215-7BCD-4377-B015-2E4541A3E7C6} /qn
start /WAIT “Uninstalling Photo Common” MsiExec.exe /X{743FD554-A73F-4FE8-BE7B-C283D16297F9} /qn
start /WAIT “Uninstalling Windows Live SOXE Definitions” MsiExec.exe /X{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214} /qn
start /WAIT “Uninstalling MSVCRT” MsiExec.exe /X{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} /qn
start /WAIT “Uninstalling MSVCRT110” MsiExec.exe /X{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} /qn
start /WAIT “Uninstalling Movie Maker” MsiExec.exe /X{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76} /qn
start /WAIT “Uninstalling Windows Live Essentials” MsiExec.exe /X{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4} /qn
start /WAIT “Uninstalling Windows Live Installer” MsiExec.exe /X{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC} /qn
start /WAIT “Uninstalling Windows Live Photo Common” MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72} /qn
start /WAIT “Uninstalling D3DX10” MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} /qn
start /WAIT “Uninstalling Movie Maker” MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535} /qn
start /WAIT “Uninstalling Microsoft SQL Server 2005 Compact Edition [ENU]” MsiExec.exe /X{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} /qn
start /WAIT “Uninstalling Photo Gallery” MsiExec.exe /X{F67CA22C-C11F-4573-8406-57F75BA06B51} /qn
start /WAIT “Uninstalling Windows Live SOXE” MsiExec.exe /X{FE7C0B3D-50B9-4951-BE78-A321CBF86552} /qn
start /WAIT “Microsoft Office Outlook Connector” MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE} /qn

rem del
rd /S /Q %progfiles%
:win7
reg query HKEY_CLASSES_ROOT\Applications\MovieMaker.exe
if %errorlevel%==1 (goto DeployApp) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployApp
start /wait %DeployServer%\WLSetup-all.exe /q /NOToolbarCEIP /NOhomepage /Nolaunch /nosearch /AppSelect:MovieMaker
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

References

• Live Essentials 2011 Offline installer ENG: http://wl.dlservice.microsoft.com/download/0/A/7/0A7432A6-1C89-4B54-8AA9-5F8DA72F8B61/nl/wlsetup-all.exe
• Live Essentials 2012 downloads (scroll to the bottom): http://windows.microsoft.com/en-US/windows-live/essentials-install-offline-faq
• usefull info: http://angrytechnician.wordpress.com/2010/10/01/deploying-windows-live-essentials-2011/
• How to create gpo-startup scripts http://technet.microsoft.com/en-us/library/ff602181.aspx
• assign gpo startup scripts: http://technet.microsoft.com/en-us/library/cc779329(v=ws.10).aspx

Windows 7 SP1 x64 problems

I had some problems rolling out sp1 on my x64 windows 7. First round of failures was due to a lack of space on the C-drive. A minimum of 8G is required, but some people saved their VM’s on the C-drive.
The second round was only one machine. I got an error like this:ERROR_NOT_FOUND 0×80070490.
I solved it using the steps described in this article
http://beerpla.net/2011/05/06/how-to-fix-error_not_found-0x80070490-during-windows-7-sp1-installation/

New project: cheap ass physical to virtual conversion (p2v)

I’m on the verge of a complete server-upgrade of our network. I want’t to go virtual (what else…), but to be on the safe side, I also want to convert my current physical servers to virtual ones. Offcourse I could use ssvm or something else that costs money, but I we have no money. So lets try it with the little tool from sysinternals Disk2VHD. I’ll keep you posted.

http://technet.microsoft.com/en-us/sysinternals/ee656415

Firefox, Flash Player etc deployment

For some time now I’m struggling to maintain the most irritating software combination on the planet: Firefox, Internet Explorer plus Flash player, Shockwave player, Reader, some sort of Quicktime and some sort of Real

First step: GPO deployment of FF: http://techierambles.blogspot.com/2010/10/deploy-firefox-using-msi-file-and-group.html helped a lot

Also http://www.adobe.com/software/flash/about/ to check the flash version and http://www.wardvissers.nl/2008/10/15/flash-player-msi-download/ to download the most recent flash and shockwave versions

Squid with active directory SSO: non domain computers

I’ve been testing the SSO contraption for a few days now, and suprise suprise: I’ve run in to a problem. If the computer the user is on is a member of the Active Directory domain, everything works smoothly. The problem lies with non-domain computers.

As expected Iexplore prompts for a username and password. However the domain the user is working under is also put in, wich incedently is allso expected behaviour.  So in my cache.log users are trying to log in with WORKGROUP\user.

Great I thought, no problem: I’ll just tell ntlm_auth to discard the domain the user gives us and subtitute it with our Active directory domain. This does’nt seem to be possible. The problem now is that I never instructed my users to use the DOMAIN\user form, let alone user@domain.com for login. I’m gessing that the majority of the users doesn’t even know how to type the backslash (we use azerty keyboards).

So the solution maybe to write a custom script that strips the domain the users’ browser gives and then calls ntlm_auth.

Show a denied URL

In my previous post I talked about internet usage based on AD Group membership. What I want to do is present the users with an webpage explaining some things  if they are denied internet usage. If I don’t implement something like that, you can bet that you’ll have a number of calls from users asking why their students can’t surf the net. So to avoid these calls, a brief, simple webpage explaining that there is nothing wrong, but their account is blocked, will be presented.

Setting failure url

Squid allows you to set a url if  a proxy restriction is not passed

deny_info http://192.168.0.10/internetDenied.html noInternet

• http://192.168.0.10/internetDenied.html: the url to redirect the user to
• noInternet: the name of the proxy ACL to wich this failure url applies to

Offcourse the only problem with this is that we have denied the user internet-usage. If he/she can’t surf, he/she can’t access the failure url.

Allow intranet usage

The next step is to allow the user, authenticated or not, to visit the failure url. Add a line to /etc/squid/squid.conf

acl to_internal dst 192.168.0.0/24

With this line we allow the users to visit all local subnet addresses. If you want to allow only the webserver with the failure url, you specify

acl to_internal dst 192.168.0.1/32

provided that this webserver has 192.168.0.1 as IP

Now we have to add a proxy restriction with this acl

http_access allow to_internal

Be sure to put this line at the top

Internet usage based on AD group membership

I was looking for a way to block internetusage for students in a class. As all students are member of active directory groups that correspond to classes they are member of, I decided I was going to deny users internet usage if they were a member of certain group, e.g. internetDenied.

Prerequisites

AD proxy-authentication: see this post

Setting an external ACL program

This is done by adding a directive to /etc/squid/squid.conf. Look for the tag external_acl_type and add this line

external_acl_type nt_group ttl=10 children=5 %LOGIN /usr/lib/squid/wbinfo_group.pl

• nt_group is just a name we give this external acl program so we can use it in our ACL
• ttl: how long in seconds the results are cached. Set this to a low number if there is a good change the group membership will change often or if a quick response is needed
• children: the number of times wbinfo_group.pl is spawned: set this according to your system resources and number of requests
• %LOGIN: a variable that holds the username
• /usr/lib/…: the acl program to use

Deny internet usage

First  add an ACL to /etc/squid/squid.conf

acl noInternet external nt_group internetDenied

• noInternet: the name I gave this rule
• nt_group: the name of the external acl previously defined
• internetDenied: the name of AD-group

Now I have to add a proxy restriction. In my previous post I added a rule to allow all authenticated users

acl AuthorizedUsers proxy_auth REQUIRED

http_access allow all AuthorizedUsers

Now basically what I want to do is allow everyone internet usage, EXCEPT to users who are member of the group internetDenied. So I added the following line

http_access deny noInternet

But be carefull here: the deny rule has to be inserted above the allow rule.

References

http://www.papercut.com/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory

http://www.flatmtn.com/article/setting-squid-ntlm-auth