Papercut can run on a Windows Server (2003, 2008 or 2008 R2) using windows print queues or a Novell Linux OES server with iPrint (CUPS & SAMBA), it is written in Java with some wrappers for the OS in use.

We originally ran it on a Server 2003 R2 (x86) but have recently updated to a Windows 2008 R2 (x64)print server. The main reason for the upgrade was to provide up to date drivers for Windows 7 32 & 64bit. We also run the Papercut MF version which costs A LOT more, but allows you to use it with external devices, such as photocopiers.

Papercut has some really useful features, Card recharge allows you to generate top up cards and print them out yourself. Then you just cut them up and given them to the office (or canteen) to sell to the students. Makes recharging much easier and no need for office staff to login to an admin console to top up accounts.

We recently had a student laptop roll-out (NSW DER), these laptops are not on our domain so needed an alternative way to print. Papercut has a feature called WebPrint which allows students to upload MS office or PDF files to a website and have them printed to the chosen printer. You need to run software for it on a windows pc (server or client) which automatically opens the document and prints it to the chosen printer. As our Print server is running Windows and is a virtual machine we just configured it to auto-login as a limited user we created and installed Office, and Acrobat.

We use the reports function for auditing staff accounts and charging printer usage back to faculties. Staff are automatically added to different charge accounts based on their AD group membership.

We have just started using Advanced Scripting to charge staff different prices than students on shared copiers and printers.
The following script is what we use, as it is based on how faculties are invoiced at the end of each term. It is based on the Papercut recipe “Discount for staff” with a few changes.

/*
* Change Pricing for staff
*
* Staff are charged based on cost to school.
*
*/
function printJobHook(inputs, actions) {

var DISCOUNT_GROUP   = "Staff-All";
var COST_COLOUR  = 0.07; // Click Rate of Colour
var COST_BW  = 0.02;  // Click Rate of B/W
var COST_A4  = 0.01;  // Price per page of A4
var COST_A3  = 0.03;  // Price per page of A3

/*
* This print hook will need access to all job details
* so return if full job analysis is not yet complete.
* The only job details that are available before analysis
* are metadata such as username, printer name, and date.
*
* See reference documentation for full explanation.
*/

if (!inputs.job.isAnalysisComplete) {
	// No job details yet so return.
	return;
}

if (inputs.user.isInGroup(DISCOUNT_GROUP)) {
	// Debug messages are written to [install-path]/server/logs/server.log
	actions.log.debug("Cost before discount: " + inputs.job.cost);

	// Initial 0
	var newCost = 0;

	// Includes Duplex
	if (inputs.job.paperSizeName == "A4") {
		newCost = inputs.job.totalSheets * COST_A4;
	}
	else {
		newCost = inputs.job.totalSheets * COST_A3 ;
	}

	newCost += inputs.job.totalGrayscalePages * COST_BW;
	newCost += inputs.job.totalColorPages * COST_COLOUR;

	 actions.job.setCost(newCost);

	actions.log.debug("Staff Pricing on " + inputs.job.printerName + " For " + inputs.job.totalSheets +
		" sheets had " + inputs.job.totalGrayscalePages + " B/W & " +
		inputs.job.totalColorPages + " Colour, Cost after discount: " + newCost);

	// Record that as discount was applied in the job comment.
	actions.job.addComment("Staff Pricing applied. Had " + inputs.job.totalGrayscalePages + " B/W & " +
	inputs.job.totalColorPages + " Colour");
	}
}

Other useful features:

• Students and staff see a summary of how many pages they are going to print, which helps reduce accidental printing of entire chapters of text instead of just a few pages.
• Logs and statistics show which printers are getting used, how much is getting printed, and who printed the document but didn’t collect it.
• Great support. I have contacted them over a number of issues and they have always gotten back quickly with good ideas, or have added features in later versions.

Downsides:

• Although the price for education version of Papercut NG is not too bad, to get the MF version which supports copiers it costs around twice as much. Also you then need cost recovery devices for the copiers ~AUD$1,800 each, and there are annual support and maintenance costs ~AUD$1,000/year.

If you want to get an idea of how much printing your staff and students or just want to keep a record of who is printing what (like you could do easily with iPrint)  try the free Papercut Print Logger.

First a comment, although Microsoft seems to have a much better DNS system than on Netware 6.5, their DHCP implementation leaves a lot to be desired.

On Novell I could create a scope, reservations and options and it is stored in eDirectory. I could then have multiple DHCP servers with different IP ranges to offer. I could use the java console (sometime slow) to add a reservation and it would sync to both servers.

On Windows Server 2003 and 2008 I need to separate create scopes, allocation ranges and reservations on each server. Their is no synchronisation or communication between these servers. This means to migrate my reservations from my current Netware DHCP servers to the target Windows servers the reservations need to be added to each server, as well as adding any future reservations to both servers.

Migration Process

First use the Novell DNS/DHCP console and export the DHCP scope / database you are migrating.

I have written the following Perl code to read in the DHCP3TAB file generated and output a netsh file that will add all your reservations to any number of Windows DHCP servers.

You will need to modify the DHCP servers list to your AD servers and change the scopeName to the correct IP settings.

After running your DHCP3TAB through the perl script, copy output to your server and run netsh exec outputFile.txt to add it to your servers.

#!C:\Perl\bin\perl.exe

# Designed to read in Rservations from a Novell DHCP Tab file and output a NetSH script file
# From http://technet.microsoft.com/en-us/library/cc787375.aspx
# On the destination server, the exec command is used to load and execute the converted reservations:
#  netsh exec AdReservations.txt
# After you use the exec command to load the file, you must reconcile all scopes.
# Use net stop dhcpserver to stop the DHCP Server service and net start dhcpserver to restart it. Once the service is restarted, DHCP database changes take effect.

use strict; use warnings;

my $dhcptabName = "DHCP3TAB.txt";
my $outFile = "AdReservations.txt";
my @dhcpServers = ('\\\\DHCPServer1.win.us.schools.nsw.edu.au',
    '\\\\DHCPServer2.win.us.schools.nsw.edu.au');
my $scopeName = "10.10.11.0";

open F, "< $dhcptabName" or die "Can't open $dhcptabName : $!";
open O, "> $outFile" or die "Can't open $outFile : $!";

# File parsing
my $ip;
my $host;
my $mac;
my $type;
my $comment="";

while (my $line = <F>){
  if ($line =~ /^\[IP Address Configuration /i) {
  # New entry, clear values
    $ip="", $host="", $mac="", $type="", $comment="";

    while ((my $entry = <F>) !~ /^$/){
    # Parse and fill in values
      if ($entry =~ /IP Address Number = ([\d.]+)/i){
        $ip=$1;
      }
      elsif ($entry =~ /Assignment Type = (\d+)/i){
        $type=$1;
      }
      elsif ($entry =~ /Host Name = ([\w\-_]+)/i){
        $host=$1;
      }
      elsif ($entry =~ /MAC Address = 1 (.+)/i){
        $mac=$1;
        $mac=~ s/\s+//g;
      }
      elsif ($entry =~ /Comment = (.+)/i){
        $comment=$1;
      }
    }

    # Following determines which type of entries to convert. Default is only reservation.
    # You can comment it out and uncomment the second line to include reservations and allocated IPs.
    # If  type != 8 (reservation) discard
    next unless ($type == 8); 

    # If  type != 8 (reservation) or  != 2 (Allocated) discard
    # next unless  ($type  == 8 or $type  == 2);

    next if ($mac eq "" or $ip eq "" or $host eq "");
    foreach my $server (@dhcpServers){
      print O "Dhcp Server $server Scope $scopeName Add reservedip $ip $mac \"$host\" \"$comment\" \"BOTH\"\n";
    }
  }
}

close F;
close O;

As part of this rename we needed to change their Novell eDirectory account and home directory. We also needed to ensure linked systems such as an LDAP authenticated Moodle site and an IDM linked Active Directory (AD) domain were properly updated.

To perform the user account and folder rename we used Mass User from HBWare. This is a great program we already used for creating and managing home directories and quotas. There was a small bug in the rename area, but it was quickly fixed when brought to Hans’ attention.
Note: Before beginning you need to have a list of the old usernames and the new usernames. A simple two column Excel or CSV file would be fine.

Novell

Create Mapping File: The mapping file is used by Mass User to know what to rename the existing username to.

Use NDS Report ( http://www.novell.com/coolsolutions/tools/13908.html ) to create a list of all the accounts. You only want the DN and CN fields. Save this as an Excel or CSV file.

NDS Report: Select Student OU

NDS Report: Choose only CN

Create a new MS Access file and import the account list
Import the text / excel file that lists the old and new account names.
You now need to create a query that maps the cn to the old account name, and then use this to generate a list of the full old dn and the new account name.

Access: Mapping Query

Access: Query Results

You can then export this as a text file.

Access: Export as text file

Access: Export Delimited

You will need to set the field separate as ‘=’ and set the test qualifier to none.

Access: = as Delimiter and no Text Qualifier

You should end up with each line having format:
OLDNAME.OU.C=NEWNAME
Once the mapping file is generated you can apply it either to individual OUs (e.g. year groups), or to the entire Users container. I would recommend applying to small containers initially to allow checking for errors. After verifying all renames were performed correctly you can then apply the rename to your entire users’ container.

Mass User: Rename

IDM 3.0 – Active Directory

Before doing the mass rename we did some simple tests of renaming eDirectory accounts to see how they replicated to Active Directory. We determined that the individual renames were successfully propagated through IDM to automatically change the pre-2000 and logon name fields to match the new eDirectory account.
When performing the mass rename of accounts, AD was checked after doing each OU to check propagation was successful. We experienced no problems with IDM and all accounts were successfully synchronised with Active Directory.

Moodle

For Moodle we wished for users to retain their own accounts including all their settings and course information. To do this the username stored in the Moodle Database (DB) would need to be changed to the new username.
Before making changes to Moodle I recommend putting the site in admin mode and temporarily disabling your LDAP authentication. I only put the site in Admin mode and then had problems during migration as some students had attempted to logon after I had renamed the eDirectory accounts, but before migrating Moodle accounts. This created new user accounts in Moodle that prevented the update queries running due to duplicate key name problems (ie the old account would not rename to new one if one has already been created with the new name)
First you need to import your list of old and new account names into the database. If you already have it in a separate DB on your Moodle server you can use that, otherwise it is best to just to create a new table in the Moodle DB.
I used this query to check the mapping fields. You will need to adjust the fields and collation types for your own setup.
I use the IDNumber field to store the full DN, if you use a different field you will need to adjust this.

Validation:

# Shows the current username, the new username and the new IDNumber field for validation check.
SELECT mdl.`username` , ern.`StudentId` , replace( `idnumber` , mdl.`username` , ern.`StudentId`
COLLATE latin1_swedish_ci )
FROM moodle.`mdl_user` mdl, sbhsdata.`oasisStudentIdMap` ern
WHERE mdl.`username`
COLLATE latin1_general_ci = ern.`OldStudentId`

Update:

# Replaces the IDNumber field with the new username.
UPDATE moodle.`mdl_user` mdl, sbhsdata.`oasisStudentIdMap` ern
SET `idnumber` = replace( `idnumber` , mdl.`username` , ern.`StudentId` COLLATE latin1_swedish_ci )
WHERE mdl.`username`
COLLATE latin1_general_ci = ern.`OldStudentId`

# Replaces the mdl_user field with the new username.
UPDATE `mdl_user` mdl, `rename` ren
SET mdl.`username` = ren.`newname`
WHERE mdl.`username`= ren.`oldname`
Note: As can be seen by the queries, during the migration I did two separate updates, one to update the IDNumber field and another to update the mdl_user field. When I had completed migration I realised I had only needed to update the mdl_user field as Moodle would automatically update the value in IDNumber at next log on.

Round Up

The migration to the new accounts went well with no problems from student passwords or accounts, although we had a few instances of students using the old username instead of the new one.

Since performing the change we have also implemented a Papercut system which would have required the additional step of renaming all of its accounts to ensure student balances were carried across.

To see if your mapped drive is considered as either Internet or Local Intranet: first make sure Status Bar is on (View -> Status Bar), then browse to a sub folder of drive and look in lower right hand corner. or

Testing Security Settings or Configure for Individual PC

1. Open the “Internet Options” control panel
2. Click Security Tab, Local Intranet, Sites
3. Untick Automatically detect intranet network then tick Include all local (intranet) sites not listed in other zones and Include all network paths (UNC). I find these are the minimum required. However I find these still occasionally don’t work so I add the server names and server IP range to intranet list.
4. Click Advanced and add the names and IPs of your servers. This should be in form MyServer, and IP ranges as 10.1.1.2-10.
5. Browse to network location and check if Explorer shows Local Intranet in lower right of screen.
   Check if files and applications now open without requiring verification.

Deploying Settings using Group Policies

If performing the above has fixed the problem you probably need to deploy these settings to all users, which can be done using Group Policies.

1. Open the Group Policy for machines affected (this may just be local GPEdit.msc on a terminal server or the Zenworks Workstation Policy in ConsoleOne).
2. Make sure the IE7 version of inetres.adm is loaded (~2.3MB). If not it can be download from MS IE7 ADM.
3. Go to Computer Configuration -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page and set the following:
   • Site to Zone Assignment List:
     Add your server names with a value of 1 to list.
     You can add your server IP range with name “10.x.y.1-30″ and value of 1.
     You may want to add the Windows Update entries with a value of 2.

     http://*.windowsupdate.microsoft.com
     
     http://windowsupdate.microsoft.com
     
     *.windowsupdate.com
     update.microsoft.com

   • Note: Adding items to the Zone Assignment List prevents desktop users adding trusted sites themselves.
   • Disable Turn on Automatic detection of intranet as this only works with Active Directory.
   • Enable Include all local (intranet) sites not listed in other zones and Include all network paths (UNC)
4. Exit Group Policy editor

Other resources:

• MS Admin Templates for Internet Explorer 7
• IE7 and Intranets | Vexentricity

A trick is to install a second copy of ConsoleOne without any plugins. (I just have link to Clean ConsoleOne.) Using this version you can then Open the App Object and go to the Other tab, and expand zenappPackageName, double click the filename to change.

I use this quite regularly when updating FrontMotion’s Firefox MSI’s. I just keep two object and alternate between them. One production and one testing.

To change the location of an MSI you need to change 2 locations in ConsoleOne (with Zen plugins):

• Identification Tab (initial page loaded): Administration Package Path
• Common Tab: Sources: Modify or Add a new source

Make sure all paths use UNC paths. I recommend using Path Copy for this.

You need to use the Security Template editor to create a template restricting rights to the C drive and deploy it with your group policies. The same procedure can be used to create a Security Template for use with Active Directory.

Instructions:

1. Open MMC from run
2. Add Remove Snap-in
3. Add Security Templates and Close
4. By default this only shows C:\Windows\security\templates. I prefer to store mine on the network so add a new network folder.
5. Right click (RC) Security Templates and add a New Template Search Path to network folder
6. You can then either copy an existing template using RC on template and Save As to network folder or start from scratch.
7. Expand chosen template then File System folder
8. RC either on File System object or in right hand pane and Add File
9. Click C: and OK and it should expand to %SystemDrive%
10. You can now adjust the permissions for the default groups.
11. When finished make sure to RC on the template and click Save. You can also set a description before saving.

I recommend going into Advanced and removing the two entires for Users allowing them to Create Folders and Create Files. This will prevent students and users creating files on C: drive.

You can create similar entires for other folders such as program files, etc. You can also allow students access to folder if required by certain programs or groups. Remember under Novell, because computers are not part of domain you can not use items you have added such as groups or individual users.

Adding to Group Policy in ConsoleOne

1. Open up the WS Policy Package, Windows XP tab and the Windows Group Policy item.
   If you are using Zen 7 continue, if using Zen 6.5 click Edit and jump to point 3 in AD below.
2. Click Import Policies
3. Click Import Security Settings File and browse to the security template you created and import.
4. Make sure Security Settings is ticked under Applied Settings Types
5. Click OK to save

Adding to Group Policy in Active Directory

1. Open Group Policy Management console
2. Browse to chosen GPO or create a new one, and go to Edit mode.
3. Expand Computer Config -> Windows Settings -> Security Settings
4. RC on Security Settings and choose Import Policy
5. Browse to the security template you created and Open. You may also wish to clear any existing settings in GPO.
6. Exit Edit mode

Multiple Security Templates can be created for different machines.
We allow staff to create files on C: (mainly to keep personal photos and music off network) so we have separate Security Template for Staff and Student PCs.

It is a great tool and one of the must haves for a network admin.

http://home.worldonline.dk/ninotech/index.htm

I use it constantly when writing scripts and need the full path, or with Zenwork applications needing the UNC path. Just a simple right click gets the complete UNC path.

Path Copy 4.0