Pete Cook

Years ago when I was deep into VBScript and HTAs, I wrote a tool called PWDMan. It was an HTA that processed a list of computers and returned password age information for the local administrator account. It was also capable of setting a new account password. Apparently this is still a common task because I’ll periodically get emails from people asking where they can get a hold of PWDMan. You can’t. And the reason is that we now have PowerShell and that is what you should be using, and if necessary, learning. So let me share a few examples of how to achieve the same functionality from my old PWDMan tool using PowerShell.

In the HTA, I used ADSI to connect to the remote computer and get the local administrator account. The object you get back has a PasswordAge property that is the number of seconds since the password was changed. So here’s a code sample.

$computers="chi-win8-01","chi-win81","chi-core01","chi-fp02","chi-hvr2"
$account="administrator"
#get password age
$computers | foreach {
 [int]$Age = ([adsi]"WinNT://$_/$account,user").passwordage.value/86400
 $LastChange=(Get-Date).AddHours(-$age)
 New-Object -TypeName PSObject -Property @{
  Computername = $_
  Account = $Account
  Age = $Age
  LastChange = $LastChange
 }
}

In this example I’m defining a list of names. But you could easily read the contents of a text file with Get-Content or query Active Directory. Because you might have renamed the administrator account, or perhaps you need to check a different local acccount, I’ve created a variable for the account name. PowerShell then takes each computername and builds an ADSI connection to the administrator account, getting the passwordage value and dividing it by the number of seconds in a day. So $Age becomes the account password age in days. Because PowerShell is all about the objects, I create a custom object with some relevant information. Here’s the result.

You may be wondering why I used ForEach-Object instead of the ForEach enumerator. That’s because the latter doesn’t write anything to the pipeline and I might want to save results to a text file or export to a CSV.

$computers="chi-win8-01","chi-win81","chi-core01","chi-fp02","chi-hvr2"
$account="administrator"
#get password age
$computers | foreach {
 [int]$Age = ([adsi]"WinNT://$_/$account,user").passwordage.value/86400
 $LastChange=(Get-Date).AddHours(-$age)
 New-Object -TypeName PSObject -Property @{
  Computername = $_
  Account = $Account
  Age = $Age
  LastChange = $LastChange
 }
} | Export-CSV -path c:\work\local-admin-report.csv -notypeinformation

Be aware that I’m simply demonstrating some PowerShell examples. Ideally, you would want to build a tool to get the password information that you could combine with other PowerShell tools. In fact, what I’ve given you is close to being a function already but I’ll let you see if you can work it out. You want to be able to run a command like this:

get-content computers.txt | get-localpasswordAge | export-csv -path c:\work\age.csv

The middle command is the tool you will build.

Now, what about changing the password? That too, can be accomplished with a one line command.

([adsi]"WinNT://COMPUTER01/administrator,user").setpassword("P@ssw0rd")

If you wanted to change the password for all of the machines that you reported on, it wouldn’t take much work to modify “get” code. So you see, using ADSI in PowerShell is just as easy, if not more so, than using it in VBScript.

There are a few caveats:

• Don’t forget that the WinNT moniker is case sensitive.
• There is no easy way to use alternate credentials.
• There is no WhatIf support, unless you write a script that provides it.

My code samples here are intended as educational. You should take the time to build and test a more robust solution based on your needs. So the next time you think you need VBScript, stop and advance to PowerShell Place.

Summary: Use Windows PowerShell in Windows 8.1 to get Windows Defender status information.

 I recently upgraded to Windows 8.1, and I want to know how to use Windows PowerShell to determine the status.

 Use the Get-MpComputerStatus function. It reports the status of Windows Defender services,
          signature versions, last update, last scan, and more.

Get-MpComputerStatus

We're back with our series on how to utilize Windows Server Update Services (WSUS) for deploying updates beyond what Microsoft offers. In this last part in the series, we are going to investigate the WSUS size of the environment to get the updates approved and targeted as a platform for deploying the SCCM client.

If you need to catch up: In part one, I introduced Windows Server Update Services and showed you how to prepare the code signing certificate. In part two, I discussed how to have clients trust updates that are not explicitly published by Microsoft, and I introduced System Center Update Publisher (SCUP).

Expanding Windows Server Update Services (WSUS)

As you might expect the next obvious step in our quest maybe to launch the WSUS console, and search for your new update. Unfortunately, I am sorry to burst your bubble: It is not going to be there. This is actually quite troubling at first, as you start to doubt the success of the publishing activities that we completed in the last post.

Before you begin to scream and pull your hair out, you don't really believe that I would guide you down this path, just to leave you stranded and abandoned, do you? Of course not, and neither has the community. Sure, Microsoft would rather that you use System Center Configuration Manager (SCCM) for your update deployment, and with great reason, but all good things take planning and foundations need to be created. Luckily, some folks have come to the rescue with a free tool called Wsus Package Publisher, which is exactly what the doctor ordered. To proceed in our objective, I recommend that you proceed to visit the CodePlex site and download the tool.

Local Update Publishing

This tool is delivered without an installer as a ZIP file. Simply download the file, unblock it, and extract the content to a suitable folder. Then locate the executable WSUS Package Publisher and launch it. If you happen to be running on the WSUS server, the tool will automatically detect this and add the server to the console. Otherwise you will be presented with a dialog to add a connection to your WSUS server.

• In the Menu bar, ensure that your server is selected from the drop down, and then click Connect\Reload.
• The Navigation tree should then render, and you will be able to see the Updates branch, with your defined Vendor (DigiNerve) and Product (SCCM Client).
  
• Select your Product (SCCM Client) Node, the main pane will update to list your publish update
• Select your Update (System Center Configuration Manager 2012 SP1 Client x64) to see the information pane populate with the relevant details.

Approve Update for Deployment

To approve your update for deployment we can now perform essentially the same task we would in the WSUS console for regulate updates.

• Click Approve to display the Update Approval dialog.
• In the Group section of the dialog, set the Approval drop-down as appropriate for your update (e.g. Approve for Installation on the Field Locations group). Once you are satisfied with your selections, click OK.
• The console will update and show the status of the update now as Approved.

Validate the Update

Now, with the update finally approved, all that remains is that we verify that the update is indeed getting published and our clients should proceed with the installation.

Within the WSUS Package Publisher console:

• On your Product Node, select your now approved update.
• In the Information pane, select the Status tab.
• In the drop-down for the Computer Group, select the group for which you approved the update.
• The grid should now update with a status list of computers pending application of the new update.

• Connect to a computer in the select computer group. Launch the control panel and navigate to Windows Update.
• Click Check for Updates to have the computer scan for any new pending update.
• The client should detect the new update, which you can verify is the related update by clicking the link update is available. In the Select Updates to Install dialog you should see the approved update selected and ready for installation
• Click Install Updates to complete the procedure.

Troubleshooting and Beyond

In the event the update fails to install and you are presented with an error, the most common message to expect will be Code 800B0004. This message is a clear signal that your code signing certificate is not in the Trusted Publishers store of the computer. You should resolve this by checking your GPO that you created at the beginning while organizing your client trust. Once you have resolved this, you can check that the GPO is applied with RSOP.MSC, and also that the certificate is correctly in the Local Computers certificate store for Trusted Publishers.

As a software deployment tool, WSUS is not a bad starting point. The SCUP tool is pretty simple to use when we approach packaging our own updates, and with the use of the WSUS Package Publisher community tool, it provides an experience which is not a far stretch of what we are already comfortable with while using the WSUS console. As you begin to investigate the SCUP tool for other tasks, you will quickly come to appreciate its usefulness with deploying updates for our hardware, e.g. HP/DELL/etc., and addressing problem applications like Oracle Java and Adobe.

And the best part of all this is that the experience gained using SCUP with third-party applications will also be directly transferable to SCCM.

In System Center 2012 Configuration Manager SP1 CU3, operating system deployment of Windows 8.1 is supported by using the WinPE (Windows Pre-Execution Environment) and USMT (User State Migration Tool) from ADK (Assessment and Deployment Kit) 8.1. However...(read more)

The Client Management team is pleased to announce the availability of the Microsoft Deployment Toolkit (MDT) 2013. The installer, release notes and updated documentation are available now on the Microsoft Download Center . MDT 2013 requires the use...(read more)

Summary: Use Windows PowerShell to find the members of critical groups.

 How can I use Windows PowerShell to track who is a member of my Domain Admins group?

 Use Get-ADGroupMember, and add as many groups as you want to the list by using the
          SamAccountName for the groups:

"Schema Admins", "Domain Admins", "Enterprise Admins" |

foreach {

 $grpname = $_

 Get-ADGroupMember -Identity $_ |

 select @{N='Group'; E={$grpname}}, Name

} 

Windows 8.1 brought a few changes to the handy Win+X menu, including a new Shut Down option and the addition of PowerShell shortcuts. If you're more of a command prompt user, though, you can bring the Command Prompt option back with just a few clicks.

Read more...

VMworld 2013 Europe was in Barcelona this year, and VMware had a host of updates and announcements to make at the show. I've had high hopes about what might be announced around VMware Horizon Suite this week, and I've written about VMware's Horizon efforts previously in my post asking if VMware Horizon Workspace was maturing fast enough. So let's cover some of what VMware announced this week.

VMware Updates and Announcements

Horizon View 5.3

The brand new version of VMware Horizon View was just announced and is offering some nice improvements. VMware is working on improving user experience and offering features to allow customers to overcome roadblocks and accommodate new use cases. Here are some of the new features in Horizon View 5.3:

• Virtual Dedicated Graphics Acceleration (vDGA): This is now fully supported in View 5.3. vDGA allows administrators to dedicate a single discrete GPU to a virtual desktop. This will allow View users to perform high-end workstation graphics functions that have required physical PCs in the past.
• Windows 8.1 Support: View 5.3 now supports both Windows 8 and 8.1. Note that Windows 8.1 does not yet support View local mode and Persona Management.
• HTML5 Blast improvements: With View 5.3, VMware has also improved their Blast technology used for displaying a View desktop in an HTML5 web browser. The new version of Blast now supports sound, copy/past clipboard, and has improved graphics performance. This is good, but I still only see the use of Blast for those rare situations when you don't have a View client available.
• Real-time audio/video for Linux clients: This allows for the local pass-thru of USB devices for these services. It offers performance increase to uses of applications such as Skype, Webex, and Google hangouts. This is also good, but the fact is, right now I have almost never seen anyone other than a few people using a Linux device to access a View desktop.
• View Client updates: The Windows client has been rewritten from the ground-up, offering a unified architecture that the other View clients already offer. The iOS 7 client app was updated to have a new iOS 7 look. I will have to look at this since I'm not a huge fan of the look of iOS 7. To me, it looks too much like a teenage girls phone.
• Server 2008 support: View now supports using Windows 2008R2 server as a desktop OS. This means that customers can now use a server OS as their desktop platform. This can help customers because Microsoft does offer SPLA licensing for server 2008 (and they do not for desktop operating systems).
• Horizon Mirage support: It's about time! This support will allow customers to manage certain types of View desktops with Mirage. Think of this as full clone persistent desktops but with Mirage for management. This should be a big win for customers looking to utilize these types of functions, and it'll make managing users profiles and applications easier for these use cases.
• View direct connections: The gives the availability to all customers to use the View client direct connection plugin, and it allows a user to directly connect to a View desktop without the need to connect through a View connection server. There are a few use cases that might make good use of this feature.

Horizon Workspace

The Horizon Mobile piece of Workspace is getting a few more devices added to the supported device list, including the Sony Xperia Z1 and Z Ultra smartphones.

Horizon Mirage 4.3

I won't kid anyone here – the big news is that Mirage now supports the ability to manage View desktops. This is something that customers have been asking for since they discovered how cool Mirage can be. I am excited to talk with customers about how Mirage might make some of their user requirements easier to manage. There are also some management updates that include improvements to the Mirage web management portal.

ThinApp 5.0

With the announcement of ThinApp 5.0 the ability to capture and package 64-bit applications is now possible. This has not been a huge issue to this point but was something that ThinApp lacked that Microsoft App-V provided. Also announced is the integration with third-part persona management tools, which needs to be explained in more detail, but I'm guessing this will allow these tools to provider more flexibility when it comes to assigning apps to users.

VMware Acquires Desktone

The really big news here is that VMware has announced that it is acquiring Desktone, the Desktop as a Service (DaaS) partner that provides View services to customers. This gives VMware a method of delivering DaaS to customers and there's already talk about how this will be offered as a service on top of vCloud Hybrid Service. Currently DaaS does not come up in that many customer talks, but with the ability for View to support Windows Server, it helps address licensing concerns.

The big thing that might help Enterprise customers in this news is the ability for Desktone to manage multiple locations or View instances. This would help customers that are trying to create one EUC environment but need to distribute resources in different locations.

VMware Horizon Suite Bundling Options

Besides the announcements that I have already covered on each of the individual products there are some changes to the Horizon Suite offering itself. The announcement offers details about additional products and features that are included when purchasing the Horizon Suite offering rather than just parts.

The good news is that VMware will now be including vC OPs for View with the Horizon Suite going forward. I think this is a huge win for customers deploying VMware for their EUC environments. Personally, I was never a fan of deploying View without any type of monitoring tools, and vC OPs for View offers customers some of the best monitoring available for View today.

Another piece of good news is that VSAN will also be included to Horizon Suite customers. It's still in beta, so do not use in product installs. But going forward, as VSAN becomes a GA product this will offer customers an additional option for building storage for their VDI environments.

Overall, I'm glad to see these EUC product announcements, but I'm still disappointed at the lack of news around the Horizon Workspace product. Here's to hoping for some new Workspace news separately from VMware in Q4.

There is a new and free eBook on Windows Azure from Mitch Tulloch and the Windows Azure team designed specifically for the IT Professional.  If you haven’t had a chance to try Windows Azure or your just looking to learn more then this book is a good place to start.

The book goes into detail on most Windows Azure services along with screenshots to demonstrate the capabilities of the platform.  If you have a bit more experience there are some under the hood insights and expert tips from insiders who develop, test and use the Windows Azure Platform.

 

You can download the PDF here and there is also companion content available here.

Source: Free eBook Introducing Windows Azure for IT Pro’s! - Jeff Alexander's Weblog - Site Home - T

Without proper client cleanup and repair, your SCCM database will be cluttered and less useful. This article covers obsolete client removal and eventual client reinstallation.

One of the unfortunate aspects of being an SCCM administrator is client maintenance. When deploying applications, monitoring installations, and performing inventories, having up to date client records is very important.

Inactive clients in SCCM

When a client is no longer communicating with SCCM, you have a couple of options. But first, let’s learn why our clients become inactive and how to find them.

Why are my SCCM clients inactive?

The easiest way to explain this is to understand how a client remains active. A client remains active if it is discoverable and if it communicates with your SCCM servers. Communication can include:

• Heartbeats
• System Discovery
• Network Discovery

So a client can be marked as inactive if it fails to update SCCM due to issues such as loss of connection, restrictive firewall settings, and client corruption. We are going to tackle this last problem in a bit.

… read more of Managing inactive clients in SCCM 2012

Copyright © 2006-2013, 4sysops, Digital fingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0

Related

• Virtual Machine Manager 2012 R2 – Part 1: Network Virtualization (0)
• How to deploy a scripted application installation with SCCM 2012 (0)
• How to deploy an MSI package with SCCM 2012 (0)
• SCCM 2007 – General client troubleshooting tips (0)
• SCCM 2007 – Unable to re-run advertisement on clients (0)

I know of at least 10 reasons why the PowerShell ISE is a much better command prompt than the PowerShell console.

One of the things that really puzzles me about PowerShell is its shell. Obviously, the “Power” in PowerShell is not in any way related to its official user interface. I believe this shell hasn’t changed since Windows 95, and it was already an awkward command-line interface (CLI) at that time. I think I could fill a book with all its shortcomings. If you also work in the Linux world, you know what I am talking about.

However, Windows comes with a command-line interface for PowerShell that fits much better with this powerful language. Many admins think that the Windows PowerShell Integrated Scripting Environment (ISE) is only for writing scripts. Perhaps the reason is that “ISE” sounds a little like “IDE” (Integrated Development Environment). Thus, whenever they need a PowerShell console, they launch this old-fashioned “Windows 95 DOS prompt.”

PowerShell ISE as CLI

… read more of 10 reasons for using PowerShell ISE instead of the PowerShell console

Copyright © 2006-2013, 4sysops, Digital fingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0

Related

• Get-location – More PowerShell location tips (0)
• PowerShell: Location, Location, Location (0)
• Set PowerShell Execution Policy with Group Policy (0)
• PowerShell Execution Policy (2)
• PowerShell operators (0)

Today Microsoft released a new KB targeting problems with the Install Software Updates hanging when you use the Install Software Updates step in a Task Sequence. This issue has been around since Configuration Manager 2007 and is still an issue in Configuration Manager 2012 with some updates.

“Software Updates That Require Multiple Reboots may Cause Task Sequence Failure within Configuration Manager“ http://support.microsoft.com/kb/2894518/

The KB article is applicable both to Configuration Manager 2007 and 2012. Keep an eye on the KB above as it will be updated with more updates as they are reported, that will save a lot of troubleshooting time!

From the knowledge base article:

Symptoms:

“If a Configuration Manager Task Sequence that leverages the Install Software Updates step installs a software update that triggers multiple reboots, the task sequence can fail to complete successfully.”

Cause:

The first reboot initiated by the software update is properly controlled by the Task Sequence. However the second reboot request is initiated by a Windows component (typically Component-Based Servicing) and therefore not controlled by the Task Sequence.

Resolution:

“To resolve this issue, it is recommended that any updates that require dual reboots be applied using the normal Software Updates feature of Configuration Manager instead of Task Sequences. The following software updates have been reported as requiring multiple reboots. This KB will be updated as more updates are reported.”

KB2545698: Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2

KB2529073: Binary files in some USB drivers are not updated after you install Windows 7 SP1 or Windows Server 2008 R2 SP1

Checking Security Group Nesting Strategy, searching Circular Nesting or only graphically reporting Nested Security Groups, Draw-ADNestedSecurityGroups Cmdlet helps on those tasks exploring group "memberOf" back-link or "member" attributes and generating a Graphviz file. Created by: Axel Limousin - ITSI Published date: 10/3/2013

This month marks the 10th annual National CyberSecurity Awareness campaign! The campaign endeavors to spread awareness about online threats and provide helpful tips on what consumers can do to protect themselves.

As official supporters of National CyberSecurity Awareness Month, we’re sharing their recommendations for better online security across all of your devices.

Online security doesn’t apply to just your work computer anymore, or even just your personal computer or laptop. It also applies to all of the smartphones, tablets, and other portable devices we’re using on a daily basis to shop online, do our banking, download services, telework, connect with friends and family, and more. That means that the threats are more diversified than ever, and cyber criminals are constantly trying to take advantage of insecure wireless networks, third party applications, and even texting to try to acquire personal information.

According to the U.S. Computer Emergency Readiness Team (US-CERT), many of the safety practices that are used to guard home and work computers apply to your portable devices as well. They include:

• Restricting access to your wireless network, by only allowing authorized users access to your network.
• Changing any pre-configured default passwords to ones that would be difficult for an outsider to guess.
• Keeping your anti-virus software updated.
• Using caution when downloading or clicking on any unknown links.

So if you haven’t already, run the LastPass Security Challenge, from the LastPass browser icon, under the “Tools” menu. Once you’ve identified all of your weak and duplicate passwords, set aside time to visit each site and go through the password update process.

Also check if you have any insecure passwords lingering on your computer. If you’re not sure if your browser password managers have been disabled, or if you still have data stored there, run the LastPass installer again and choose the option to import insecure data items (though you can skip the step about setting up an account, since you already have one).

What else are you doing this month to support National CyberSecurity Awareness Month and help your family or community?

Old Tim answers an old email

Patrick Hoerter writes in:
I have a large firewall configuration file that I am working with. It comes from that vendor that likes to prepend each product they sell with the same "well defended" name. Each configuration item inside it is multiple lines starting with "edit" and ending with "next". I'm trying to extract only the configuration items that are in some way tied to a specific port, in this case "port10".

Sample Data:

edit "port10"
        set vdom "root"
        set ip 192.168.1.54 255.255.255.248
        set allowaccess ping
        set type physical
        set sample-rate 400
        set description "Other Firewall"
        set alias "fw-outside"
        set sflow-sampler enable
   next
edit "192.168.0.0"
        set subnet 192.168.0.0 255.255.0.0
    next
    edit "10.0.0.0"
        set subnet 10.0.0.0 255.0.0.0
    next
    edit "172.16.0.0"
        set subnet 172.16.0.0 255.240.0.0
    next
  edit "vpn-CandC-1"
        set associated-interface "port10"
        set subnet 10.254.153.0 255.255.255.0
    next
    edit "vpn-CandC-2"
        set associated-interface "port10"
        set subnet 10.254.154.0 255.255.255.0
    next
    edit "vpn-CandC-3"
        set associated-interface "port10"
        set subnet 10.254.155.0 255.255.255.0
    next
   edit 92
        set srcintf "port10"
        set dstintf "port1"
            set srcaddr "vpn-CandC-1" "vpn-CandC-2" "vpn-CandC-3"            
            set dstaddr "all"            
        set action accept
        set schedule "always"
            set service "ANY"            
        set logtraffic enable
    next
 

Sample Results:

edit "port10"
        set vdom "root"
        set ip 192.168.1.54 255.255.255.248
        set allowaccess ping
        set type physical
        set sample-rate 400
        set description "Other Firewall"
        set alias "fw-outside"
        set sflow-sampler enable
   next
  edit "vpn-CandC-1"
        set associated-interface "port10"
        set subnet 10.254.153.0 255.255.255.0
    next
    edit "vpn-CandC-2"
        set associated-interface "port10"
        set subnet 10.254.154.0 255.255.255.0
    next
    edit "vpn-CandC-3"
        set associated-interface "port10"
        set subnet 10.254.155.0 255.255.255.0
    next
   edit 92
        set srcintf "port10"
        set dstintf "port1"
            set srcaddr "vpn-CandC-1" "vpn-CandC-2" "vpn-CandC-3"            
            set dstaddr "all"            
        set action accept
        set schedule "always"
            set service "ANY"            
        set logtraffic enable
    next

Patrick gave us the full text and the expected output. In short, he wants the text between "edit" and "next" if it contains the text "port10". To begin this task we need to first need get each of the edit/next chunks.

PS C:\> ((cat fw.txt) -join "`n") | select-string "(?s)edit.*?next" -AllMatches | 
 select -ExpandProperty matches

This command will read the entire file fw.txt and combine it into one string. Normally, each line is treated as a separate object, but we are going to join them into a big string using the newline (`n) to join each line. Now that the text is one big string we can use Select-String with a regular expression to find all the matches. The regular expression will find text across line breaks and allows for very flexible searches so we can find our edit/next chunks. Here is a break down of the pieces of the regular expression:

• (?s) - Use single line mode where the dot (.) will match any character, including a newline character. This allows us to match text across multiple lines.
• edit - the literal text "edit"
• .*? - find any text, but be lazy, not greedy. This means it should match the smallest chunks that will match the criteria.
• next - literal text next

Now that we have the chunks we use a Where-Object filter (alias ?) to find matching objects to pass down the pipeline.

PS C:\> ((cat .\fw.txt) -join "`n") | select-string "(?s)edit.*?next" -AllMatches | 
 select -ExpandProperty matches | ? { $_.Captures | Select-String "port10" }

Inside the Where-Object filter we can check the Value property to see if it contains the text "port10". The Value property is piped into Select-String to look for the text "port10", and if it contains "port10" it continues down the pipeline, if not, it is dropped.

At this point, we have the objects we want, so all we need to do is display the results by expanding the Value and displaying it again. The expansion means that it just displays the text and no data or metadata associated with the parent object. Here is what the final command looks like.

PS C:\> ((cat .\fw.txt) -join "`n") | select-string "(?s)edit.*?next" -AllMatches | 
 select -ExpandProperty matches | ? { $_.Value | Select-String "port10" } | 
 select -ExpandProperty Value

Not so bad, but I have a feeling it is going to be worse for my friend Hal.

Old Hal uses some old tricks

Oh sure, I know what Tim's thinking here. "It's multi-line matching, and the Unix shell is lousy at that. Hal's in trouble now. Mwhahaha. The Command-Line Kung Fu title will finally be mine! Mine! Do you hear me?!? MINE!"

Uh-huh. Well how about this, old friend:

awk -v RS=next -v ORS=next '/port10/' fw.txt

While we're doing multi-line matching here, the blocks of text have nice regular delimiters. That means I can change the awk "record separator" ("RS") from newline to the string "next" and gobble up entire chunks at a time.

After that, it's smooth sailing. I just use awk's pattern-matching operator to match the "port10" strings. Since I don't have an action defined, "{print}" is assumed and we output the matching blocks of text.

The only tricky part is that I have to remember to change the "output record separator" ("ORS") to be "next". Otherwise, awk will use its default ORS value, which is newline. That would give me output like:

$ awk -v RS=next '/port10/' fw.txt
edit "port10"
        set vdom "root"
        set ip 192.168.1.54 255.255.255.248
        set allowaccess ping
        set type physical
        set sample-rate 400
        set description "Other Firewall"
        set alias "fw-outside"
        set sflow-sampler enable
   

  edit "vpn-CandC-1"
        set associated-interface "port10"
        set subnet 10.254.153.0 255.255.255.0
    

    edit "vpn-CandC-2"
        set associated-interface "port10"
...

The "next" terminators get left out and we get extra lines in the output. But when ORS is set properly, we get exactly what we were after:

$ awk -v RS=next -v ORS=next '/port10/' fw.txt
edit "port10"
        set vdom "root"
        set ip 192.168.1.54 255.255.255.248
        set allowaccess ping
        set type physical
        set sample-rate 400
        set description "Other Firewall"
        set alias "fw-outside"
        set sflow-sampler enable
   next
  edit "vpn-CandC-1"
        set associated-interface "port10"
        set subnet 10.254.153.0 255.255.255.0
    next
    edit "vpn-CandC-2"
        set associated-interface "port10"
...

So that wasn't bad at all. Sorry about that Tim. Maybe next time, old buddy.

• Determine required file system permissions for an application
• New MVP on 4sysops
• Free ebook: Introducing Windows Azure for IT Professionals Added to the 4sysops lists of free admin ebooks
• Free ebook: Microsoft System Center: Configuration Manager Field Experience Added to the 4sysops lists of free admin ebooks
• AppLocker Design Guide
• Microsoft boss Steve Ballmer dances at tearful send-off
• Windows 8.1 now available to pre-order for $119 ahead of October 18th debut
• Microsoft Azure receives authorization to provide cloud services to US Federal Government
• Microsoft: Surface 2, Pro 2 ‘Close To Selling Out’

Copyright © 2006-2013, 4sysops, Digital fingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0

The post Podcasts added to the BBC iPlayer Radio apps appeared first on The Digital Lifestyle.com.

Welcome back, in this post we will continue where we left off on our last post on System Center 2012 Sp1 - Orchestrator and disk maintenance, completing our remaining runbooks and adding in some PowerShell to assist in the process.

With the Archive runbook already created, in this second post, we will guide our way through the remaining three runbooks needed to complete the project.

System Center 2012 SP1 - Orchestrator: Purge Files Runbook

The second runbook I create will be called 2.3 Purge Files. This runbook will accept the details of the purge job, including the source and age of the files for purging.

On the canvas I will place and hook up the following:

• Add an Initialize Data activity to accept in the parameters for the job.
• Next, I use a Run .NET Script activity to do the actual archival, which I rename to Purge Files.
• And finally I will add two Return Data activities, first for a successful execution, which I rename to Success. Second, for a failed execution that I also rename, this time to Failure.

Starting with the Initialize Data Activity I configure the following properties:

• Details page (Add three parameters as follows)
  • Name: SourcePath, Type: String
  • Name: SourceMask, Type: String
  • Name: Age, Type: Integer

Next, on my Purge Files activity I define the following setting:

• Details page
  • Language Type: Powershell
    
  • Script:
    

  $groomingFolder = {SourcePath from “Initialize Data”}{SourceMask from “Initialize Data”}
  $groomingAge = {Age from “Initialize Data”}
  
  function Remove-Files {
  <#
  .SYNOPSIS
     This function will Remove files from your file system based on some simple paramaters
  .DESCRIPTION
  
  .PARAMETER 
  
  .EXAMPLE 
     Delete-Files \\UNC\Path -Recursive -RemoveFolders -DaysOld 30 -Testing 
  #> 
     [cmdletbinding()]
     param(
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeLine= $true)] 
        [string]$Path,              
  	  [Parameter(Mandatory = $False)] 
        [switch]$Recursive,
  	  [Parameter(Mandatory = $False)] 
        [switch]$RemoveFolders,
  	  [Parameter(Mandatory = $False)] 
        [switch]$Testing,
  	  [Parameter(Mandatory = $False)] 
        [int]$DaysOld = 0              
  	)
      begin {
          $Now = Date
          $LastWrite = $Now.AddDays(-$DaysOld); 
          Write-Verbose ("Starting Script...")
          Write-Verbose ("We will remove Files older than $DaysOld from the file System - Last Updated After $LastWrite ")
          if ($Recursive) { Write-Verbose ("We will Recurse trough the file System") }
          if ($RemoveFolders) { Write-Verbose ("We will Remove Folders as well as Files") }
          if ($Testing) { Write-Verbose ("Running in TEST MODE") }
          Write-Verbose ("Process starting at $Path")
      }
      process {
          if($Testing) {
             get-childitem $Path -Recurse:$Recursive | ? {$_.LastWriteTime -le "$LastWrite"} | ? {$_.PSIsContainer -eq $RemoveFolders} | select name, length 
          } else {
              get-childitem $Path -Recurse:$Recursive | ? {$_.LastWriteTime -le "$LastWrite"} | ? {$_.PSIsContainer -eq $RemoveFolders} | Remove-Item
          }
      }
  }
  
  $error.clear()
  
  Remove-Files -Path $groomingFolder -Recursive -DaysOld $groomingAge
  
  $error

  • Published Data page
    • Name = Error, Type = String, Variable Name = Error

  Finally, Select the Pipeline/Link from the Purge Files activity to the Failure activity, and set its properties

  • Include Page
    • Click on the entry Success and from the Results dialog select the option Warning and Failed and clear the option Success then click OK
  • Options Page
    • Set the Colour to Red

Job Enumeration Runbook

The next runbook I create will be called 2.1 Enumerate Maintenance Plan. This runbook will connect to our SQL table, and gather the list of tasks for orchestrator to process.

To implement this I am going to defined the following

• First, a Run .NET Script activity will be used to store the configuration details of where our table is stored so that we can pass this detail to the pipeline. I do this because I am not a fan of the Global Variables settings in Orchestrator, especially when importing and exporting runbooks.
• Second, we will connect to the SQL Server with a Query Database activity, and return the results to the pipeline.
• I will then add two Invoke Runbook activities to the canvas. The first we will rename to Archive runbook. The other we will rename to Purge runbook. Finally, I will add a Junction activity to have all the flows get to this point before finally completing the runbook with a Return Data activity.

Once I have all the activities on the canvas, connect the links as described in the plan.

Starting with the Run .NET Activity, rename the activity to Maintenance Variables, and then
configure its properties similar to the following:

• Details page
  • Language Type = PowerShell
    
  • Script :

  $SQLServer = "PDC-DB-SQL01"
  $SQLDatabase = "ITServices"
  $SQLTable = "ITStorageMaintenancePlan"

• Published Data page
  • Name = SQL Server, Type = String, Variable Name = SQLServer
  • Name = SQL Database, Type = String, Variable Name = SQLDatabase
  • Name = SQL Table, Type = String, Variable Name = SQLTable

  Next, on the Query Database activity

• Connection page
  • Database Type = SQL Server
  • Authentication = Windows Authentication
  • Server = {SQL Server from "Maintenance Variables"}
  • Initial Catalog = {SQL Databse from "Maintenance Variables"}
• Details Page
  • Query

  SELECT [SourcePath], [SourceMask], [Action], [Age], [TargetPath] FROM [ITStorageMaintenancePlan]

Select the Pipeline/Link from the Query Database activity to the Archive Files activity, and set its properties

• Click on the entry Query Database and from the Published Data dialog, select the option Full line as a string with fields separated by a ";". Then click OK.
• Click on the entry equals and from the Conditions dialog select the option Contains then click OK.
• Click on the entry Value and in the Data dialog enter ;Archive; then click OK.

• Set the name to Archive Job.

In a similar fashion, we will now configure the other link for Purge Jobs, begin by selecting the Pipeline/Link from the Query Database activity to the Purge Files activity, and set its properties.

• Click on the entry Query Database and from the Published Data dialog, select the option Full line as a string with fields separated by a ";". Then click OK.
• Click on the entry equals and from the Conditions dialog select the option Contains then click OK.
• Click on the entry Value and in the Data dialog enter ;Purge; then click OK.

• Set the name to Purge Job.

Select our Archive runbook activity, and set its properties

• Runbook = Use the '…' button to browse and select the Archive Runbook.
• Enable the check box on the setting Wait for completion.
• Set the parameters as follows:
  • SourceMask = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',2)]
  • SourcePath = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',1)]
  • TargetPath = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',5)]
  • Age = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',4)]

Similarly, we can now also set the properties of the Purge runbook

• Runbook = Use the '…' button, to browse and select the Purge Runbook.
• Enable the check box on the setting Wait for completion.
• Set the parameters as follows
  • SourceMask = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',2)]
  • SourcePath = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',1)]
  • Age = [Field({Full line as a string with fields separated by a ';' from "Query Database" },';',4)]

Trigger Runbook

The final runbook we are going to create is the trigger flow runbook. This will use a monitor style activity to trigger the main Job Enumeration runbook based on a time/date event, essentially a scheduled start. I am calling this runbook Monitor – 2. Trigger Disk Maintenance.

We will drag two activities to the canvas: a Monitor Date/Time activity followed by the Invoke Runbook Activity, which we will rename to Start Job Enumeration.

With these on the canvas we can create a simple link to connect these together.

On the Properties of the Monitor Date/Time activity

• Interval = Set this to a suitable period, for example AT 01:15 AM, to trigger nightly.

Select our Start Enumerate Maintenance Plan activity and set its properties.

• Runbook = Use the '…' button to browse and select the runbook 2.1 Enumerate Maintenance Plan.
• Enable the check box on the setting Wait for completion.

Conclusion

Cool right? Over the last two posts we have created a very simple implementation with no logging or error handling, but have learned how to use different activities to run our jobs. In this post we also leveraged Powershell as part of one of the runbooks simply to illustrate the ease of mixing these technologies.

Go ahead and build this out in your test environment, and ill look forward to your comments. In the next post we will try another solution, until then – happy automations!

With an increasing number of PowerShell scripts on your hard drive, it can become hard to find the script you are looking for. Here's a helper function called Find-Script. Simply submit a keyword, and PowerShell will locate any script within your user profile that has your keyword anywhere inside it.

The result displays in a grid view window, and you can then optionally click and select the file(s) you want to open in the ISE editor.

function Find-Script
{
    param
    (
        [Parameter(Mandatory=$true)]
        $Keyword,

        $Maximum = 20,
        $StartPath = $env:USERPROFILE
    )

    Get-ChildItem -Path $StartPath -Filter *.ps1 -Recurse -ErrorAction SilentlyContinue |
      Select-String -SimpleMatch -Pattern $Keyword -List |
      Select-Object -Property FileName, Path, Line -First $Maximum |
      Out-GridView -Title 'Select Script File' -PassThru |
      ForEach-Object { ise $_.Path }
} 

By default, Find-Script returns only the first 20 scripts that meet your request. With the parameters -Maximum and -StartPath, you can change both the maximum count and the search location.

ReTweet this Tip!

[themonkeybars] recently uploaded a time-lapse video of his DIY synthesizer build. First off the video itself is a pretty neat hack. An iPhone time-lapse app was used to capture one frame every 5 seconds. By the time the build was complete, approximately 46,000 frames had been snapped. This boiled down to over 43 minutes of youtube footage. [themonkeybars] didn’t work full time on the project, so the video covers about a year’s worth of work which we think makes it even cooler. The synth is also featured in much of the video’s soundtrack.

The synthesizer itself would be classified as an analog modular synth, a type we’ve seen before. Modular synthesizers are one of the earlier forms of electronic music. The synthesizer is composed of discrete modules such as oscillators, modulators, and filters. The modules may be housed in the same box, but they are not internally connected. All connections are made via front panel patch cables. This is where the term “Patch” came from.

As you can probably imagine, all these cables, switches, and dials make for quite a bit of metal work in the building of the synthesizer front panel, and even more wiring. [themonkeybars] takes us through every step of that journey, from the bare metal front panel to the finished instrument. Much of the internals are based upon Music From Outer Space kits, with the Sound Lab ULTIMATE kit forming the heart of the project.

We really enjoyed his novel tilt mount for the printed circuit boards. The tilt mount allows both sides of the PCB and nearly all of the front panel to be accessed for modifications or repairs. Some of the other interesting features include a lucite window on the bottom of the case, and red LED strip on the inside. The red LEDs create a dull glow that can be seen through the patch connectors, yet doesn’t overpower the panel mounted indicators.  All in all this is a beautiful build!

[Thanks JohnS_AZ]

Filed under: musical hacks

Windows Server 2012 (WS2012) introduced Cluster-Aware Updating (CAU) to allow each member of a cluster be paused, drained of highly available (HA) roles, patched, and rebooted in an orchestrated manner. Without CAU, you will probably be patching your clusters manually (which rarely happens), and in the case of Hyper-V clusters, CAU will leverage Live Migration to ensure that services have zero downtime.

We will be implementing a number of steps:

1. Prerequisites: Getting the environment and servers ready
2. Prestaging a computer account: This will be for a HA role that is used by the cluster to orchestrate the CAU patching process.
3. Configuring CAU
4. Testing and monitoring CAU patching

CAU Prerequisites

There are a number of prerequisites for installing and maintaining CAU on your clusters. Each cluster node should be configured with:

• Enabled WMI: This is the default on WS2012. You can run Set-WSManQuickConfig to enable WMI if it is disabled.
• Enable Windows PowerShell 3.0 and Windows Powershell remoting: This is also the default on WS2012. PowerShell is a Server Manager role, and you can use Enable-PSRemoting to enable remoting.
• .Net 4.5: This is also installed by default (Server Manager) on WS2012.
• Remote Shutdown firewall rule: You must enable the Remote Shutdown inbound rule in Windows Firewall. The PowerShell option is Set-NetFirewallRule -Group "@firewallapi.dll,-36751" -Profile Domain -Enabled true.

You will need a location for your nodes from which to download the updates. Unfortunately System Center Configuration Manager does not support CAU yet. The recommended managed solution will be to use WSUS. If you are downloading updates through a proxy (such as directly from Microsoft) then you will need to configure WinHTTP proxy settings on each cluster node. This would be done as follows, with a proxy called TheProxy.Demo.Internal that operates on TCP 80:

netsh winhttp set proxy TheProxy.Demo.Internal:80 "<local>"

Prestaging a Computer Account

CAU will require a computer account that will be used by the cluster to create a HA role that enables the cluster to self-manage the orchestrated patching, even if the nodes of the cluster are being rebooted. The setup wizard does allow you to let the cluster create a computer account in Active Directory, but this will get some anonymous name. Take the time to create a prestaged computer account with a name that will mean something to you and your colleagues in a year’s time.

• Place all cluster nodes and the cluster client access point (CAP) computer account into an OU, preferably named after the cluster.  For example, the cluster CAP is called Demo-FSC2. An OU called Demo-FSC2 is created. The members of the cluster (Demo-FS1 and Demo-FS2) and the CAP (Demo-FSC2) are moved into the new OU.
• Create a computer account in the new OU and give it a meaningful name. This will be the prestaged computer account. For example, it could be called Demo-FSC2-CAU, indicating that the account is used by CAU on the Demo-FSC2 cluster.
• Disable (not delete) the new computer account.
• Enabled the Advanced view in Active Directory Users And Computers. Edit the security (via the Advanced button) of the cluster’s OU. Grant the cluster CAP (in our case, Demo-FSC2) List All Properties and Create Computer Account permissions to This Object And All Descendent Objects.

The prestaged computer account and cluster accounts.

Granting the cluster permissions to the cluster’s OU.

Configure CAU

Now you will open up Failover Cluster Manager (FCM) and configure CAU for your cluster:

• Browse to the cluster in FCM and launch Cluster-Aware Updating from the Configure pane.
• Click the Configure Cluster Self-Updating Options link in the Cluster-Aware Updating wizard.
• In the Add-Clustered Role step of the wizard, check the box for Add The CAU Clustered Role box and also check the I Have A Prestaged Computer Object box.
• Type in the name of the prestaged computer account, for example Demo-FSC2-CAU.
• Configure when you want CAU to run in the Self-Updating Schedule step. You can choose a daily, weekly, or monthly day/time. In the case of Hyper-V, many will choose to run CAU during a midweek workday; this is because there is no perceivable downtime for virtual machine services and engineers/administrators will be on hand to monitor operations instead of being woken at 5 a.m. on a Sunday morning if a drained host had a problem.
• The Advanced Options wizard step allows you to customize how CAU runs. This includes how many failed hosts will be tolerated, retry attempts (three by default), a patching timeout (very dangerous, because you don’t want half-patched servers), and various kinds of scripts that can be run.
• Additional Options allows you to include recommended updates, which is… well, recommended.

Using the prestaged computer account.

If all goes well the wizard will complete with a Success status. Check the prerequisites, the name of the prestaged computer account, and the permissions on the cluster’s OU.

Testing and Monitoring CAU

With CAU configured, your cluster will automatically:

1. Drain each node, using live migration in the case of Hyper-V
2. Patch it
3. Reboot it if required (it usually is)
4. Repeat the process with each node in turn

You can initiate a patch run manually from FCM on a cluster node once you have completed the above configuration. Launch the Cluster-Aware Updating Wizard and then run Apply Updates To This Cluster. The status of the update job will be visible under Log Of Updates In Progress. You can also run Generate Report On Past Updating Runs from a specific time window, with the added option of exporting the report in HTML format.

Warning: WS2012 Hyper-V VMs with Low Priority

By default WS2012 Hyper-V uses Quick Migration on virtual machines with a low cluster priority. You can change this default behaviour so that low priority VMs are moved using live migration, just like medium- and high-priority VMs. WS2012 R2 Hyper-V uses live migration by default for VMs of all priorities.

Manfred Meier over at VMwareDirectory has launched a new utility. The vGuestExplorer is a Windows Explorer style tool which can copy files and folders to and from Virtual Machines, even without Network connectivity.

It connects through PowerCLI and VIX API to the ESXi Host or vCenter Server and lists all Virtual Machines with running VMware Tools. The files are retrieved and managed by VMware Tools on the Guest Virtual Machine. It will save you time, creating and connecting ISO files or disks to Virtual Machines to transfer files.

If you're not sure what the differences among an espresso doppio, a cappuccino, and an americano are, this hilarious video from Mental Floss will sort it all out for you. By the end, you'll understand 27 popular types of coffee you'll see on menus anywhere, and hopefully discovered something you'd like to drink.

Read more...

A new Configuration Manager 2012 book is available, written by fellow MVP Raphael Perez.

Be sure to check it out! You find it here: http://www.rflsystems.co.uk/products/product-category/understanding-system-center-configuration-manager-2012-sp1/

Finaly the successor of Microsoft Network Monitor tool is released: Microsoft Message Analyzer.

Message Analyzer enables you to capture, display, and analyze protocol messaging traffic; and to trace and assess system events and other messages from Windows components.    

Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic and other system messages. Message Analyzer also enables you to import, aggregate, and analyze data from log and trace files. It is the successor to Microsoft Network Monitor 3.4 and a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can choose to capture data live or load archived message collections from multiple data sources simultaneously.

Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree grid view and other selectable graphical views that employ grids, charts, and timeline visualizer components which provide high-level data summaries and other statistics. It also enables you to configure your own custom data viewers. In addition, Message Analyzer is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well. 
  Message Analyzer at Microsoft Download Center

I recently had a tweet that’s caused a bit of comment, and I wanted to expand on the point.

Everyone does realize that it's not about teaching people to CODE as much as it is about teaching people to THINK … right?

— Hilary Mason (@hmason) September 17, 2013

I’m a huge fan of the movement to teach people, especially kids, to code.

When you learn to code, you’re learning to think precisely and analytically about a quirky world. It doesn’t really matter which particular technology you learn, as long as you are learning to solve the underlying logical problems. If a student becomes a professional engineer, their programming ability will rise above the details of the language, anyway. And if they don’t, they will have learned to reason logically, a skill that’s invaluable no matter what they end up doing.

That you can apparently complete a three month Ruby bootcamp and get a job today is an artifact of a bizarre employment market, and likely unsustainable. But by dedicating three months to learning to think in a logical framework, you’ll also gain an ability that will open opportunities for you for the rest of your life.

Carrie Anne Philbin, an absolutely inspirational CS teacher of the sort I wish had been around when I was a kid, has been doing a lot of work with the Pi in her lessons over the last year or so. She’s creator of the Geek Gurl Diaries YouTube web series, a Computer Science and ICT teacher, recipient of TalkTalk’s London 2013 Digital Heroes award, and somebody that all of us at Raspberry Pi think very, very highly of. Most recently, Carrie Anne has spent much of the summer working with Dr Sam Aaron at the University of Cambridge on a Key Stage 3 scheme of work for schools, tailored for England’s new programme of study, based around a little something of Sam’s called Sonic Pi.

Sonic Pi is a programming environment that allows you to make sounds. Which is a very dull way of saying that it’s a way to build your own synthesiser from scratch. Sonic Pi, and the associated teaching and learning materials, are open and free.

Dr Sam Aaron is a researcher at the University of Cambridge Computer Lab. He’s also a musician, and he’s one of the most interesting people I know, with a breadth of knowledge and enthusiasms that makes for some very late nights of conversation when he visits Pi Towers. Sam’s been working on Sonic Pi since 2012, and we are delighted to see his work being used so successfully in schools. Sam’s (rather brilliant) realisation is that you can engineer a situation whereby kids accidentally learn fundamental concepts of computing, programming and programmatic thinking, by being asked to do something creative: in this case, making music with a tool they’ve built themselves. The set of lessons will take kids from a starting point of no familiarity at all with computing. Sonic Pi, with the lesson plans and materials provided by Carrie Anne, gives teachers with little or no programming background plenty of support; those lesson plans offer a guided route through using Sonic Pi in the classroom.

Carrie Anne says:

I get asked by teachers all the time: how can Raspberry Pi be used in the classroom? And how can it help us meet the aims of the new Computing programme of study? These were questions I had, until I met Sam and started to develop lessons using his music Pi synthesizer software. For me, gender neutrality, creativity, imagination and tinker time are the basis for learning computer science in my classroom. When Sam suggested teaching computing concepts with music, I knew he was onto a winner, and that it would tick all the boxes.

After a month or so of planning and preparing in Jan 2013, we started to teach our Sonic Pi lessons to my Year 8 classes, and I was astounded. Firstly, by just how engaged they were by this little computer. Getting students away from the ‘internet boxes’ in the room got them thinking about what a computer really is, wherein lies the power of the Pi. Secondly, by the positive reactions of both genders, and of students with learning difficulties, who in the past had been quite negative about the subject. In fact my most memorable occasion was when a member of the senior leadership team came into the room. He spotted my learning objectives on the board and then asked a normally uninterested 13-year-old girl what she was doing. In a few sentences she explained logic, sequencing, iteration and conditionals in a way that made it all sound so matter-of-fact.

With a little structured creativity and freedom, students in both classes progressed massively with a text-based programming language. Their achievement was not only being able to program and make decisions about their code for themselves, but also in the memorable musical masterpieces they made. I’m very excited to roll this scheme of work out across the whole of Year 8 this academic year to see what more fun we can have in class.

We’ve been so impressed by what we’ve seen so far from Sam and Carrie Anne; we look forward to seeing what comes next. Kids we’ve spoken to have been really excited and enthused by Sonic Pi, and have been hard to drag away from the class Raspberry Pis at the end of sessions. This is a program of lessons that gives kids the freedom of action to take their own Sonic Pi project in any direction they want to, moving away from the sort of lesson where everybody works on the same piece of software, and giving students the agency to develop their work in an individual way, while almost accidentally becoming familiar with an important set of fundamentals. Carrie Anne and Sam are running trials of the project in a number of different schools with very different demographics, and so far, the results look great.

If you’d like to use Sonic Pi and the scheme of work Sam and Carrie Anne have created in your own classroom, you can download everything for free at the Sonic Pi website. You’ll find other teachers in the forums here at Raspberry Pi, especially in the education section. Non-teachers are also encouraged to check out the software and the scheme of work for themselves. Please join in, both there and in the comments here – we, and Sam and Carrie Anne, would love to know what you think.