Installing pfSense on a Compact Flash card

I purchased a Netgate ALIX.2d3 to use for a pfSense Firewall.  It runs pfSense off of a Compact Flash (CF) card.  The trick is getting pfSense installed onto the CF card.  Once I got the process figured out, it was really quite simple.  I used a Windows 7 computer to accomplish this.

To Load it up…

  1. Download pfSense from one of the mirrors here. You’ll need the nanobsd version (depending upon the size of your CF card, you can choose to download the most appropriate nanobsd img.gz file.  Store it in an folder easily accessed from a command line like c:\pfsense.  I also renamed my download to something simple like pfsense-2.0.img.gz.
  2. Download physdiskwrite, unzip it, and place the physdiskwrite.exe in your c:\pfsense directory.
  3. Gather a CF card reader and plug it into your computer.
  4. Format your CF card.  This is necessary for physdiskwrite.exe to work correctly.
    • Open up a command prompt as Administrator and type “diskpart”, then hit “Enter”
    • Type “list disk” and hit enter
    • Type “select disk x” (where x = the disk number of your CF card from the last step)
    • Type “clean” and hit enter
    • Type “exit” when diskpart has finished cleaning the disk. Type “exit” to quit diskpart.
  5. In your command prompt navigate to your c:\pfsense directory and type “physdiskwrite -u pfsense-2.0.img.gz” and hit enter (be sure to use the name of your pfSense image at the end of that statement).
  6. You’ll see a listing of drives.  Make note of which drive number is you CF card and then enter that number after the question “Which disk do you want to write?” and hit enter.  (For example: PhysicalDrive1 = disk 1 so enter 1 and hit enter)
  7. If your CF card is larger than 2 GB you will be prompted with a “Proceed?” question.  Type “y” and hit enter.  (By the way the “-u” switch in the command line in step 4 allows you to write to a CF card larger than 2 GB.)
  8. You will now see the bytes begin to copy over to the CF card.  Once completed, eject the card from the reader and plug it into your Alix board.  Connect a null serial cable to the board.  Plug in the power.  Pull up a Serial Client like Hyperterminal or Putty and connect to the  Alix.  You may proceed from there to configure pfSense as your firewall.

By no means am I an expert at this.  It’s my first attempt!  Please feel free to share any pointers you may have come across if you have done or are doing something similar!

Migrating Calendars and Contacts between Google Apps Instances

I’m in the middle of a Google Apps migration project, moving users from one instance of Google Apps to a completely different instance of Google Apps.  I haven’t found a great free method to migrate Calendars and Contacts so I documented the process to move them manually.  Here you go…

Migrating Calendars

Since there isn’t a tool to migrate calendars from one Google Apps instance to another, this is a manual process done user by user.  The good thing is that it’s pretty straight forward and your users should be able to do this themselves.  Here we go:

  1. View your Calendars within the OLD instance of Google Apps.
  2. Click on Settings in the upper right corner of your screen and select Calendar Settings.
  3. Click on Calendars and then click on Export Calendars. This will download a .zip file to your  computer.  (Pay attention to the location that this file downloads to.  Mine downloaded to my “Downloads” folder.  Yours MAY download to a different location.
  4. Find the file you just downloaded and open it.  This will reveal your exported calendars.  Pay attention to the loaction of these files.
  5. Open your Calendars in the NEW instance of Google Apps.
  6. Repeat step 2 to open your Calendar Settings.
  7. You will now need to re-create your calendars so that you can import to them.  Click on Create New Calendar. Repeat for each calendar that you exported.
  8. After creating your new calendars, it’s time to import the old calendars to the new ones.  Click on Import Calendars.  Click on Browse.  Navigate to the calendar files from Step 4 above.  Select one.  Select the Calendar you would like to import to. Click Enter.
  9. Repeat this process for each calendar you would like to import.
  10. Done!

Migrating Contacts

  1. The user should login to their OLD Google Apps Email and click on contacts in the left-hand column. 
  2. Click Export in the upper right corner of the Contacts screen.
  3. Compare your settings to the following Screen Shot.  I recommend only Exporting “My Contacts”.  Also be sure to select Google CSV format.  Click Export.  (“All Contacts” is EVERYONE you have ever emailed, whether you have entered them into your contacts or not.  The email addresses imported on this setting may not have a name associated with it.)
  4. Clicking Export will download a file to your computer called google.csv.  Make note of its location.
  5. Open the email of the NEW Google Apps instance and click Contacts as you did in step 1 above.
  6. Click on Import in the upper right corner of your screen (same area as Export from Step 2).
  7. Navigate to and select your google.csv file that you exported in Step 4.  After selecting the file, click Import.
  8. Done!

Google Apps Directory Sync and AD Passwords

I’ve been working on our Google Apps deployment today and thought I’d share some of what I’ve learned along the way.

Google Apps Directory Sync

The Google Apps Directory Sync tool allows you to sync all of your Users, Groups, Profiles, and Contacts in your LDAP with Google Apps.  The latest revision of this tool also says it will do sync passwords from Microsoft Active Directory.  That’s true  – kinda.  Stay tuned for that…

The Google Apps Directory Sync tool is pretty self explanatory in it’s setup.  It is helpful to know a little bit about LDAP and Active Directory but with a little sleuthing, I was able to figure everything out.  Following are 10 screenshots of my setup in the tool.  The Yellow Highlighted text at the left of each screen shot shows where I am in the configuration and if a screen is skipped, the fields there have been left blank.

Password Sync

Active Directory doesn’t actually keep the user passwords in the LDAP, therefore when trying to sync the passwords – they don’t sync.  You have to get the passwords into an attribute field within Active Directory for this to work.  I found this link that helped explain why the passwords would not sync.  Near the end of the thread, you’ll see a tool referenced.  The tool can be found here.

This tool is basically a dll file that catches the password before it is hidden away, puts it in SHA1 hash format, and then inserts it into the “division” attribute field in Active Directory.  After following the installation directions and then changing my password, I saw the SHA1 hash of my password populate into the “division” LDAP attribute field.  In order to get this field to populate, YOU MUST initiate a password change for the user.  I plan on doing that as I migrate my users over the next few weeks.


So now, how does Google Apps stay synchronized with Active Directory?  Setup a Scheduled Task on your server to launch at whatever frequency you feel is necessary.  If you need to update in a more timely manor, just manually launch that scheduled task. On the Run line in the Scheduled Task I have the following:

“c:\Program Files\Google Apps Directory Sync\sync-cmd.exe -a -c c:\Documents and Settings\Administrator\My Documents\GAppsDirSync.xml”

I created an old fashioned MS-DOS batch file to launch the Google Apps Directory Sync from the command line.  This batch file is then attached to a Scheduled Task.  In the Batch file my commands are as follows:

cd “c:\Program Files\Google Apps Directory Sync”

Start sync-cmd.exe -a -c c:\GAppsDirSync.xml

Hopefully this helps you get started on syncing your Microsoft Active Directory with Google Apps.  If you see items that need to be clarified, please let me know so that I can make this easier for everyone!

Sophos Anti-Virus and Windows 7

I’ve just begun testing Windows 7 on a few of our computers at Grace Family Church and as a part of the configuration process I install our anti-virus software, Sophos.  The Sophos client can be pushed to the machine from the Sophos Enterprise Console on our central anti-virus server.  The issue I have ran into is that the client would not install; it kept failing.

Sophos support was very helpful in referring me to KB29287 on their support site.

In a nutshell, on each Windows 7 client, you need to make sure that the following services are running in order for the remote install process to work:

  1. Computer Browser
  2. Remote Registry
  3. Server
  4. Task Scheduler
  5. Workstation
  6. Windows Installer

I hope that this saves you some time in the future when installing Sophos on a Windows 7 client.

Apple Home Folder Permissions

Today, I had the pleasure of migrating a user from a MacBook to a MacBookPro.  Apple includes this cool tool call  the “Migration Utility” which allows you to link the old and new computer together either by firewire or ethernet and then transfer all Applications, Documents, Settings, etc. from the old to the new.

After completing the transfer process, I was having issues updating a few applications and accessing files in the user’s Home Folder on the new computer.  After some research, I discovered that these issues are usually caused by permission issues.  I opened Disk Utility to Verify and Repair Permissions on the disk but to no avail. I was still having issues.

Then, I stumbled across this a post that suggested  removing the ACL’s (Access Control Lists) and restoring them.  Here is how I did that:

  1. Login as the user having issues and open the in the Utilities folder
  2. Type the following command and hit enter:    sudo chmod -RN ~
  3. You will be prompted for a password, enter it and hit enter
  4. Type the following command (pay attention to the correct symbols) and hit enter:   sudo chown -R `id -un`
  5. Reboot your computer from your Install disk (Leopard or Snow Leopard dvd) by making sure the dvd is in the drive and holding “C” down while booting the computer.
  6. Select your language and continue
  7. At the top of the screen, select “Utilities” and then “Reset Password”
  8. Select the username that you want to reset the ACL’s and then click the option to do so in the lower right corner.
  9. Reboot the computer upon completion.

Permission issues resolved!

Fellowship One, Shelby, Arena & Grace Family Church

It’s official.  We, Grace Family Church (GFC), are moving to Fellowship One (F1) for our Church Management System (ChMS).

How did we come to this decision?

When I came to GFC last April, one of my tasks was to evaluate the state of I.T. within Grace Family Church.  This process included interviewing, every single staff member of GFC and I asked the following questions:

  1. How do you use technology in your every day job here @ GFC?
  2. What software do you use?
  3. What “shadow systems” do you utilize (database/lists outside of our current ChMS)?
  4. What works great? Why?
  5. What’s broken? Why?
  6. Dream Big: What do you wish Technology could help/assist you with in your job functinon?
  7. How can I help you do your job effectively?

Over and over, the answer to question #5 was the name of our current ChMS provider.  But, why was it broken?

  1. Users weren’t trained properly from the beginning.
  2. The user interface is clumsy.
  3. The reporting engine isn’t easy to figure out.
  4. Too many clicks to do simple tasks.
  5. User’s couldn’t remember how to do simple everyday tasks because of the number of steps to complete these tasks.

This led to questions that HAD to be answered: Can we continue to use our current ChMS?  Can we properly train everyone?  Is there a misperception of the ChMS?  Do we need to drop what we are using and start over with a new ChMS provider?

So began the search for answers.  I read manuals; I played with our current ChMS and tried to learn it from the top down all while also evaluating other systems that were available to us.  I quickly came to the conclusion that if I was having trouble learning how to use the ChMS, how could I expect my users to learn it?  Our current system was not going to cut it and we needed to move.

What were our requirements for a new ChMS?  In no particular order, the top ones included:

  1. A web interface.
  2. Easy to understand user interface.
  3. An OUT OF THIS WORLD training program for our users.
  4. Easy to administer (since I have to take care of that).
  5. A reporting engine that the user can use to create reports.
  6. A workflow process for tracking assimilation or other processes.
  7. And, of course, able to keep our data safe.

I took my time researching options.  I payed particular attention to Joel Lingenfelter’s blog where he was chronicling his church’s journey on the search for a new ChMS.  His blog was truly a godsend for me.  He journaled every step in his search, making mine easier in the long run.  While I used his blog as a reference, I also talked to many, many other churches about what ChMS they were using, asking about their likes, dislikes, etc.

Eventually the choices were narrowed to two: Fellowship One, and Arena.  I dove into both.  I read their websites multiple times, had attended 2 demonstrations of each, and again, talked to MANY of their customers – not necessarily customers they referred me to, but customers I sought out on my own as well.  Of course, this process was also filled with prayer.  I had a real concern for the church and our finances.  I didn’t want to spend money on a product if it was not going to assist us in meeting our goals of Connecting our people to God, Others, Service, and Outreach.  If we were going to spend money, we needed to be good stewards as well.

Both ChMS’s are EXCELLENT and, quite frankly, going into our Board of Director’s meeting to make the presentation, the recommendation was going to be “either one” as the feeling was that the both would suit our needs.  BUT, as I was making the presentation, giving each a fair and equal shot, I came to the end where the recommendation was going to be “Choose One.”  At this point I really felt that God was telling me “Fellowship One”.  Huh?  That’s weird (even cool!).  Here I am in the middle of making a presentation and God is telling me to change my recommendation and choose Fellowship One.  I love the way God just intervenes when it’s time.

I know I’m not going into specifics as to why we selected Fellowship over Arena but in the end this is why God told us to go with Fellowship:

User Interface – I know this can sound corny, but God said that our users would get the most out of the Fellowship user interface.  Arena’s is FANTASTIC but our users will benefit most from the user interface that Fellowship One has to offer.  It is clear, clean, and concise and even self explanatory.

The Wall – Arena is a wholly owned subsidiary of our current ChMS provider, Shelby Systems.  God impressed upon me that there is a HUGE wall to climb with our users.  That wall was the link between Shelby and Arena.  Now, please don’t take what I am about say as a negative against Shelby.  I truly believe the reason Shelby is not working for us at GFC is because of it’s implementation.  Our leadership will say that Shelby was not implemented correctly and our users were not trained fully and properely from the “get go”.  Our leadership takes responsibility in this.  Where the wall comes in is here; our users have an extremely negative attitude towards Shelby and know that Arena and Shelby are the same company.  I know that the two products are completely different, but the end users don’t see it that way.  This wall is a HUGE hurdle for the GFC staff to overcome.  That being said, and I know God can overcome even the largest walls, this was one wall we needed to avoid.

I have to give props to the guys at Arena:  Mark White, Chris Rivers and Russell Byrd.  They did everything in their power to win our business and keep us within the Shelby Family.  They answered every question, stopped what they were doing in their days to assist me, and in the end they were gracious in defeat.

It’s clear that we are all in the business of winning souls for Christ, and in the same way people choose the church that best suits them, Grace Family also had to choose a ChMS that best suited us.  Mark, Chris, & Russell – Thank You!  Thank you for your time and your commitment to Grace Family Church throughout this process.  Just because we will not be partners in “Business” doesn’t mean we won’t continue to work together in expanding The Kingdom!

As for our future with Fellowship One, Grace Family Church is extremely excited!  We are ready to jump on board and look forward to doing ministry with you.  Thank you for all you have done for us Errol.  Thank you for going above and beyond during our selection process and hanging with us during our long decision process!

Finally, I look at the church as an Insurance Agency that specializes in Life Insurance, only this is the best life insurance that one can purchase.  We get to play a role in insuring AND ensuring The Eternal Life of the people throughout our communities.  The database is just a tool which allows us to better connect with our members and regular attenders.  It allows us to watch and enhance the Spiritual Growth of our people.  It also allows us to see who is not growing and even digressing in their walk, allowing us to pray, encourage, uplift, and pour into those that need a little extra attention.  The church is not the database, the database is the tool that allows us, the people to minister effectively to EVERYONE that is a part of GFC. The chruch IS the people.

A friend of mine frequently says, “We don’t have to, we get to”.  It is an honor to serve my Lord and Savior, Jesus Christ and it’s my privelege to serve with guys like Mark, Chris, Russell, and Errol who all want nothing more than to win souls for Him!

Press on Guys – Let’s do the Kingdom’s work!

Florida Church IT Roundtable

Following is an email I received from Jeff Suever and Jason Reynolds, hosts of the Florida Church IT Roundtable.  Simply, this is a gathering of Church I.T. employees and volunteers.  The purpose is to have open discussion about various topics which relate to our ministries.  You’ll gather a better understanding as you read below.

If you are in anyway involved with I.T. in your church and you work/volunteer for your church in Florida, then you NEED to attend this Roundtable.  Anyway – read on…

We would like to take a moment to excite and encourage you about the upcoming Fl.CITRT.

We have made a few minor changes in the schedule, so please see that on the wiki.  Breakfast is still at 8:00 am, but it will need to end by 8:30.  This is NOT “continental”.  Our food services guys are putting together eggs, bacon, the whole works.  Please be there on time for this.  I’d suggest a couple minutes early.  Some of our participants can EAT!

Opening devotion and keynote are now at 8:30 in the auditorium.

The rest of the day remains unchanged.

Lunch will also be a REAL MEAL.  Please be sure to thank our vendors.  It is because of their participation that we are able to offer full, hot meals instead of a “box lunch”.

We are specifically structuring things for interaction.  Think “social networking” only in analog form. You will have a chance to talk with your peers as well as the vendors and get eye-to-eye contact.


There are many breakout rooms available.  Much more than is listed on the wiki. As the need arises, we will open them up. All are adjacent to the auditorium.

With the exception of the opening, the Vendor Flavor, and the closing by FP&L, we hope all discussions will be in the breakout rooms.  If there is a topic that is important to you, please put it on the schedule.  Alternately, let us know by replying to this email and we will put it on the schedule for you.  Facilitating a discussion is easy.  We prefer no “speakers” or “leaders”.  Just us regular Joe’s.


We have several guys coming in on Sunday.  As we get a little closer, there will be more information on events posted on the wiki.  Feel free to bring your ideas to the site.  We are tech guys, not cruise directors.

The event is scheduled to be over at 5pm, however – do not think anyone will be giving us the “bum’s rush”.  The building itself will be open until much later to continue discussions.  Some of these guys can TALK!


Please keep an eye on the wiki for more information.  Also, you will be receiving a packet when you arrive with instructions on how to sign into the public wifi among other things.  I would highly recommend arriving 10-15 minutes early.  Bring a fully charged laptop and an appetite.

Originally, this event was conceived as a bunch of guys sitting around a table talking tech and ordering out for some chicken wings.  It has morphed into so much more.  By looking at the vendor list, this is truly a spectacular event.  Who would have thought we would have the largest ChMS provider, the largest event servicer, representatives from the second largest computer manufacturer, as well as Apple, Inc, and others?

The primary focus is Florida Disaster Recovery.  We deal with specific issues here. Issues such as:

  • Heat
  • Humidity
  • Power fluctuations
  • Humidity
  • Hurricanes
  • Humidity
  • New York drivers
  • Mosquitoes (yes, mosquitoes will kill a PC. Don’t ask me how I know)

However, topics such as cloud computing, Google apps, storage, network optimization, etc. are sure to be discussed.  This will be our chance to share what we have learned, what works, and what didn’t.  And if you don’t have at least one horror story of something that went wrong you can share-you aren’t trying hard enough!

Please pass this information along. Blog about it.  Tweet about it.  Forward the wiki site to your colleagues.  It really is for, and all about YOU, the participant.

Jason Reynolds jasonr at
Jeff Suever jsuever at

So… What are you waiting for?  Hit the site and sign up now.  I can’t wait and I’ll see you there!

%d bloggers like this: