Boot the machine by turning on the monitor and the computer. The MCCSC Domain identification will appear.

At the Login Information screen, the cursor is represented by a flashing ½ . If the ½ is not visible, or if it is not in the Username form, point at the appropriate form (box) and single click (select) with the left mouse button.

A successful login will display a desktop designed to represent the group of which the user is a member. The four most used, primary groups are

The two student-centered groups do not have rights to change the desktop so supervisors have a way to identify the access rights of any logged-in workstation.

Both Faculty-Staff and Coordinator groups have the access rights to redesign and change the appearance of the desktop, but will not be able to delete the following initially installed icons needed for the Domain accounts --

1. Double Click to Logoff
2. Locker
3. Custom Room Applications

Double Click to Logoff bypasses the longer, manual Start menu logoff / shutdown choices. Selecting activates, momentarily, a black DOS window. If you have documents open that have not been saved, you will be prompted to Save [Yes] or [No] or [Cancel] the logoff. If no unsaved documents are open, the workstation will be restored to the MCCSC Domain login screen, ready for the next user.
To Shut Down: As in the past, shutting down the machine requires using the Start menu / Shutdown.

Locker opens a window displaying the contents of the user's secure storage space on the building server. The user may add/delete directories (folders) or files.

Custom Room Applications opens a window that contains "short cut" icons for any programs specific to the individual workstation and contains a folder icon labeled Custom Building Applications that contains/will contain short cut icons for programs installed specific to the individual building. These windows may be used to display large short cut icons for MCCSC applications to make it easier for younger users to find programs.

Icons for familiar Office 97 applications are in the toolbar on the right of the screen. The contents of this toolbar may be "customized" by the user (other than student) to include icons for any programs regularly used. All installed programs are also available through the Windows NT Start / Programs from the Start button in the bottom left corner of the screen.

Back to the TOP

The first five of these objectives have been assigned to a planning / implementation team representing both the Office of Information Services and the Office of Curriculum / Assessment / Instruction. Objectives 6 and 7 will be addressed by the planning / implementation team in the Fall of 1999.

The explosion of computer technology in the classroom, in the administrative offices, in libraries and media centers has been a continual roller coaster ride for teachers, students, administrators and staff trying to make the best possible use of resources and integrate the use of technology into classroom instruction. The instructional need for technology was predicted by the MCCSC as long ago as 1980, "visioned" in the early 1990's and has been planned in an ongoing process since 1994. The MCCSC Ongoing Technology Plan attempts to first define the desired function or outcome and then identify the resources to accomplish the function. That function has rapidly evolved from "product" to "information process" and has dramatically changed the structure of technology in the MCCSC.

There have been the decisions about platform (Commodore, Apple, IBM, Macintosh, Microsoft), decisions about operating systems (DOS, Windows 3.11, Windows 95, Windows NT 4.0, Windows 98), decisions about local area networks (TRS-80 Network, Corvus, Novell Netware, Apple Talk / Share, Windows NT 4.0 Server); decisions about software and instructional management systems (I-Class, MECC, Auto Skills (Academy of Reading), ALS, Southwest Publishing, Broderbund, typing tutorials, gradebooks), decisions about standard applications (Word Perfect, Word, Ami Pro, Lotus 1-2-3, Excel, Works, Claris), decisions about library checkout and cataloging systems (Follett, Athena, Surpass), and decisions about Internet, WWW publishing, and E-Mail (Netscape, Internet Explorer, Pine, Outlook, IMAP and POP3, Front Page, Publisher). Costs and available resources, technical support, and professional judgement have affected each of these decisions.

In 1997-1999, the MCCSC completed a process defining a scope and sequence of technology and information proficiencies and skills for K-12 students. The by-products of this curriculum are

1. The increased expectation placed on staff and leadership to be familiar, if not "expert," with these skills;
2. The increased awareness of the necessity of ongoing staff development, training and hands-on experiences with hardware and software;
3. The knowledge that while there are certain skills, programs and applications which span all schools, all grade levels and all subject areas, some resources are particular to specific instructional and/or administrative functions; and finally,
4. The awareness that with technology, the key is constant change.

One of the overriding educational issues affecting MCCSC classrooms and media centers is probably the Internet. The MCCSC has been a state and national leader in developing an Acceptable Use Policy that places responsibility for student access on three parties: the school, the student, and the student's family. MCCSC has struggled with a variety of "usernames" and "Internet/No-Internet" schemes in an effort to satisfy the intent of the AUP. Those practices are not secure. The Internet and Teacher account passwords have been common from machine to machine and from school to school. Tracing activity to a specific user is a complicated and cumbersome adventure. The opportunity for inappropriate use and violation of the AUP has been rampant. What had been designed as a "temporary, transitional fix" became the "practice." While not perfect, the Project BOB design returns accountability to both the school and to each user.

A second security issue addressed by Project BOB is the confidentiality of files saved on the workstation. Windows NT is designed to provide unique, secure storage space for each user. However, the "temporary, transitional fix" of generic user logins -- Student, Internet, Teacher, etc. -- left saved files and documents visible to anyone logging in under that account. Unless a staff member had a single machine for personal and/or professional use, there had been no way (other than saving to a floppy) to have files available on more than one computer. By creating a unique account for each user in a building (staff and student alike) and by creating separate, secure storage space for each user on the building server, Project BOB will reduce the chance of unauthorized access to personal files and reduce the opportunity for one user to change or delete the files of another user.

Early MCCSC NT configurations attempted to "lock down" the Student user to prevent unauthorized access to Internet clients and to prevent random or intentional changes to the desktop and operating system. While this has been relatively successful where the Internet / Teacher account passwords have been secured, an unintentional by-product has been the difficulty, or even inability, of a staff member to add programs and accompanying icons to the Student desktop. A CD program purchased for student use sometimes required either a technician or the building coordinator to install and configure the program. Project BOB provides a utility or a method for the room- or center-supervisor to place new software on the workstations and place the appropriate icons in a common folder.

Finally, as we have learned over the lost two years, some software packages have created instructional and technical problems on NT Workstation. Project BOB may alleviate some of those problems by installing the software on the workstation rather than on the server. In any case, should a software application disrupt the operation of the workstation, Project BOB will allow IS technicians to re-image or rebuild the workstation within minutes and restore the machine to its initial configuration. A positive by-product will be the ability to adjust the image as new software is added, old software is replaced, or current software is upgraded. What has in the past sometimes been a month-long process could, with Project BOB, be accomplished overnight.

Back to the TOP

1. Project BOB will affect the operations of all computers running NT Workstation 4.0, except as noted below.
2. Project BOB will NOT affect any Windows 3.11 workstations. When initially applied, BOB did not affect workstations at Batchelor Middle School (a similar project built on the Novell Netware server software was in place at Batchelor). However, during the summer of 2002, Batchelor was re-imaged to the MCCSC standard.
   The only non-standard operations are at Aurora Alternative School and at Adult Education sites where no building server is available or contemplated. Project BOB images may be installed at Hoosier Hills Career Center, where a server is being added to move from the BHSN network), and at the Service Center and Administration Center where there is direct access to Karst.
3. Project BOB will NOT currently affect any Macintosh stand-alone or networked workstation. However, "transitional" workstations running Windows 95 (either because of instructional software requirements or because of hardware limitations of the machine) may have BOB elements incorporated. These two operating systems are grouped because they create similar conditions in the Project BOB environment.
1. Windows NT is designed as a multi-user operating system. The individual desktop and computer can be used by more than one user account without affecting or impacting the other users of the computer.
2. Macintosh and Windows 95/98 are "single user" operating systems. Without employing "third party" security software (Fortress, At Ease, Fool Proof, etc.) there is no way to isolate the permissions and access rights of one user from another. Even with these "security" protections, access is by account name (much the same as the "generic" accounts on NT) leaving files exposed and reducing the effect of the AUP provisions.
3. While the Windows 95/98 workstation itself can not be configured to differentiate between users allowed to use Internet clients and those not permitted to do so, the other elements of Project BOB can be applied. Where possible, logins and passwords to secure storage space, permissions to install and adjust software, and the ability to re-image and rebuild the original configuration will be incorporated.
4. Some Macintosh systems will eventually be configured to access the same storage, software, and re-imaging benefits of Project BOB (Project MacBOB? Project Angus?), but the details of this configuration will not be in place in the fall of 1999.

Back to the TOP

How will I be affected?

No user accounts other than those of the IS Department and a generic, "local," student group account will reside on the local workstation. The IS Department account is for machine maintenance, such as re-imaging or re-building the configuration. The generic local account is to provide a non-Internet fallback in the event of network failures. It has neither Internet access (because of AUP restrictions) nor access to networked building resources (because that would be superfluous if the network had failed).

To use the "bui_local" account, follow the logon instructions as above. Do NOT select the MCCSC Domain, but rather choose the local machine-name from the domain list.

All other accounts -- including a second generic, "network," student group account -- will reside on the building server in the MCCSC Domain. The purpose of the generic network account is to provide student group level access to all server-based building software, including special applications such as those for the library, and to provide a temporary account for new enrollments. As with the "network offline" account, this account does NOT have Internet access.

To use the "bui_net" account for non-registered access to the building network and library-media, follow the logon instructions as above. Select the MCCSC Domain.

Paradigm Shift: While no accounts "reside" on the local workstation, each login actually creates a "temporary" account that does "exist" on the local workstation. This "temporary" account carries all the rights and permissions appropriate to the group membership. For example, the "domain" accounts in the Coordinator and Faculty/Staff groups have appropriate rights and permissions to install software and create and delete files on the local workstation. [See 3.b.3. and 3.b.4. above.] Why not actually create an account on the local machine? By having the coordinator, faculty and staff accounts reside on the server (as do the student accounts), the need to duplicate and reconstruct those accounts is eliminated. We have one account (with access to all machines) instead of 10, 20, 30, 250, 500 copies of that account (with access ONLY to the machine on which it resides). The discussion as to what rights and permissions are appropriate and necessary remains open..

Hard Drive:

The hard drive on the individual workstation will not be available for general-purpose storage. All files or documents will be directed to the server-based, MCCSC Domain, storage space (the Locker) attached to the user's account. Files may also be manually directed to the floppy (or other external) drive. In order to apply the principles of project Objective 5 -- "Each NT Workstation will be 'imaged' or duplicated on media that will allow the workstation to be rebuilt as originally configured" in 3. above, it is imperative that users understand that "re-imaging" or rebuilding the machine will delete any and all files, documents or applications installed under the principles of project Objective 4 -- "Each NT Workstation will be configured to allow the staff to add, delete, or modify other programs or applications common to a specific set of workstations."

1. Staff users with MCCSC e-mail accounts will be limited to two applications on NT Workstations:
1. Telnet to remote clients (such as the monon.mccsc.edu / Pine application), and
2. Microsoft Outlook 98 using IMAP and a Graphical User Interface (GUI) to connect the local workstation and the secure storage space with the MCCSC e-mail server on Monon -- monon.mccsc.edu.

This is a change from current practice that allowed any IMAP client [such as Netscape Mail or Outlook Express] to be used on local workstations. IMAP is an important feature for the active synchronization between Monon mail and the local workstation and for the convenience of both the GUI interface and the File Transfer Protocol (FTP) components which provide immediate viewing of attachments. However, only Outlook 98 can be configured to reflect the Monon user account information and store that information in the user's secure Locker on the MCCSC Domain. This is an important security component.

Other tested IMAP e-mail clients allow/require the user to enter all connectivity information each time the client is activated and attempt to save to a directory on the local workstation. This permitted any Internet / Teacher account user to send mail through an anonymous or "spoofed" account name. By configuring Outlook 98 to draw that information from the user's login, only that user will be identified on all e-mail sent from that account.

Additionally, Netscape Mail and Outlook Express are components of the respective browsers (Netscape Navigator/Communicator and Internet Explorer. These browsers are appropriately available under the rights and permissions of the Internet (student) group. However, there is, currently, no central support for Internet (student) group e-mail activity. There appears to be no technical way to make the mail components of these browsers available to members of the Faculty-Staff group but not to members of the Internet (student) group. Therefore, Netscape Mail and Outlook Express will not be installed as part of the Project BOB image and installation at the local level will be discouraged (as will the installation of other Internet-capable applications) in order to maintain the integrity of the access security levels. Instructional requirements for e-mail will be handled on a case-by-case basis and be driven by both the AUP and curriculum considerations.

2. Traveling Staff will have IMAP access (Outlook 98) only in the building they or their supervisor have designated as their "home school." In other locations, Traveling Staff will have access to the central system Pine e-mail client as in the past.

   Access will be through MCCSC Domain login as described above. This is available from the desktop through Start / Programs / Internet Applications / QVT Telnet / Monon (or other provider).

   Traveling Staff will have access to their MCCSC Domain storage area (Locker), but should not attempt to use the IMAP (Outlook 98) e-mail from those locations. The WAN (Wide Area Network) connections between buildings are not capable of transferring the Outlook 98 information and files from the "home school" server to the MCCSC server, and back out to the second building.
   
   Traveling Staff with an assignment or office in the Service Center or the Administration Center may have any of the IMAP clients -- Outlook 98, Netscape Mail and/or Outlook Express -- installed on the hard drive of their personal workstation at that location.

Project BOB provides unique user logon to secure storage space, access to standard and appropriate software and applications based on group membership, the ability of staff to add and configure resources to meet instructional needs, and the ability to support and maintain the system with current staff and resources. Project BOB gives the MCCSC the time and the ability to move ahead with integrating technology into instruction and curriculum.

Back to the TOP