Monday, July 2, 2012

Wishlist/Enhancements to 9.1SP8 cross-listing/merge enrollments

I'm coming up with a list of enhancements we'd like to see for the current 9.1SP8 cross-listing/merge enrollments feature.  We're coming from the Bb Section Merge Tool (SMT), so some of it comes from features we've used there.

  • Allow instructors to create the merge 
  • Allow one-to-many feeds (e.g., one source site could be the child of multiple target sites) 
  • Document some migration path between the SMT and the new course merge 
  • Instructors > My Courses module should indent the child sites (and allow for expansion/collapse) or allow child sites to be hidden completely from view 

  • Tools that communicate with students (Announcements, Messages, Send Email) should be able to use Child Course membership to select audience 
  • Adaptive Release should be able to use Child Course membership 
  • Groups should be able to use Child Course membership when creating groups 
  • Grade Center / SmartViews - allow criteria Child Course ID condition "is blank" or "does not contain" (which is useful if you are merging enrollments into section 01 for instance, and want a smartview of section 01) 

Before I submit, I wanted to see if anyone else had things on their wish list...

Friday, June 8, 2012

Restricting User Access

Every so often, we get an official request to restrict a user from some portion of Blackboard.

Some questions we need to ask:

  • how urgent is this request?
  • what is the scope of the restriction?
  • is the restriction permanent (e.g., someone leaves the University) or possible needs to be reversed in the future?
  • what course roles does this user have in the affected Course/Org(s)?
  • does the user still need (or have the right) to get into other Course/Org(s)?
  • do we need to retain course records for that user (e.g., submissions, discussions, grades)?
  • does the user have special roles in Blackboard that give them extra functionality?
  • and - in our case - will the user retain a valid University login id (e.g., has not been revoked/disabled)?
Some methods for restricting access:

1. Making them unavailable in Course/ Org(s) via Course > Control Panel > Users & Groups > Users > Change Users Availability in Course

2.  Remove them from Course/Org(s) via Course > Control Panel > Users & Groups > Users > Remove Users from Course

3. Making them unavailable via Admin GUI > Users > Select User > Make Unavailable

4. Using snapshot to change their USER ID  in Blackboard so it mismatches their University ID (e.g., userid -> userid_disabled)

5. Deleting their USER ID via Admin GUI > Users

There are Pros and Cons to each, and so one or more methods may be used.  We should look at those in more detail...

Thursday, May 10, 2012

NETBIOS over TCP and certain Building Block load times

We were investigating why certain 3rd party Building Blocks took a long time to load screens (10+ seconds). This occurred with EvaluationKit and B2s.  This was consistent in our development and production environments.

When we analyzed the packet traffic, we saw that Windows Server was making several (pointless) NBSTAT name queries for certain Hosts related to those Building Blocks.

Wireshark - when doing GET /webapps/bbgs-internships_integration-bb_bb60/app/ssoUserTool

We tested
1 - adding Windows etc hosts entries for the Hosts
2 - disabling the default NETBIOS over TCP

Both had the same positive results: much faster load times for those particular Building Blocks.

Has anyone else encountered this issue with Building Blocks and Bb (Windows Server)?


  • We did get confirmation of other Bb Schools encountering the same performance issue with the Building Blocks
  • We have tested disabling the NETBIOS over TCP on our development/test systems, and are moving forward with deploying the change to  in production with this change.

Tuesday, March 13, 2012

Blackboard Best Practices with Tests

Some links to other Bb Institutions who've written about best practices when working with tests.

If you have others, please share!

Wednesday, February 15, 2012

SuperUser Building Blocks

Note: Review was done in March 2011.

Sakai had the super-user ability where admins could become another person. Typically they use this to investigate student issues (to see what they see).

There are at least two community-developed building blocks that would give similar functionality in Blackboard:

Impersonate (v1.0.12)
  • More restrictive permissions. Impersonate can only be done by Systems Administrators, not just anyone with access to the system administration page.
  • Permissions are now appropriate to the needs of the block.
  • Taglibs consistently use bbNG.
  • Simple logging of impersonation to Tomcat stdout.

My Findings:
  • shows up in Admin tab >  Tools and Utilities
  • restricted to System Administrators, so can't be easily given out 
LoginAs (v2.0.0 - to work with 9.1SP4 or later):

This building block allows the administrator to create a valid session as a different user. For the purpose of validating portal customizations or troubleshooting administrators often use multiple accounts to access the system. This method allows the preserve the original password. Access can be granted by Institutional Role, System Role, or Course Membership. It is a parallel to the Unix su command. It effectively allows to impersonate another user. Logging in as system administrators can disallowed in settings.

My Findings:

  • Shows up in under the Admin tab > Tools and Utilities
  • Can be restricted to an Institutional Role (e.g., I created a Institutional Role called DOMAIN_LOGINAS) also says you can use system roles: System Administrator, System Support, Account Administrator
Note: did not seem to pick up domain admin roles, e.g., if I assigned the Institutional Role DOMAIN_LOGINAS to a domain admin, the building block did not pick it up.

  • Can additionally be restricted by Course ID (e.g., membership in a particular course)
In addition to using Roles you can use course membership. Enroll users in a specific course as students and provide Course ID here. Also works for Orgs (if you have Community).

If users do not have access to the Admin tab, but should have access to LoginAs simply provide access to this url in a course or organization: The LoginAs direct URL

Note: In conversation with Syzmon (developer), he recommended using the course membership over the role.  His intention is to simplify the access to courses only in the future (this way basic license clients are covered).  The option will continue to prohibit login as an administrator type account.

  • Disallow LoginAs to a System Adminitrator level user (NOTE: DEFAULT IS NO, WHICH MEANS YOU CAN BECOME ADMINISTRATOR)
You can use the Yes string to prevent users from possible privilege escalation activity.
Recommend setting it to Yes. Then if you try to become Administrator, you get "Request denied. Authentication requested for System Administrator: administrator"

  • Simple logging to Tomcat logs. It makes it difficult to then easily find out who logged in as whom.

bb-access.log would show entries like:

123.456.789.10 - _2_1 [05/Aug/2011:10:30:50 -0400] "GET 
 HTTP/1.1" 200 19571