Wednesday, January 30, 2008

More than 50,000 views

Wow, what can I say? The YouTube videos that I have created how now surpassed a total of 50,000 views since I uploaded the first video. For those that have watched the videos, I thank you, for those who have provided feedback and comments, I also thank you but I would especially like to thank all those people who have chosen to actually subscribe to my channel (which you can find at http://www.youtube.com/saturnalliance). The next target that I would like to achieve with the videos is 100 subscribers. The current count is about 85 and rising.

Once again to anyone who has taken the time to view the videos I thank you very much. Roll on 100,000 views!

Tuesday, January 29, 2008

/PAE on ML110

Well I tried the /PAE switch in the boot.ini of a HP ML110 with exactly 4GB of RAM and it didn't recover any additional RAM that I eluded to a previous post.

Now juts gotta wait for a ML or DL series HP to come in the door to test with the /PAE switch.

One virtualization too many

Being so chuffed at converting all my physical machines to virtual machines I decided that maybe it was time to look at Virtual Server 2005 R2 as an option.

The good thing about Virtual Server 2005 is that it can use Virtual PC images directly which saves any messy conversions. The bad things are one - it has to go onto a Windows Server box (Virtual PC can go on Windows XP or Server) and it also needs IIS for its management console. It certainly does provide some additional flexibility but to my way of thinking makes things more complicated that I really wanted but hey I'll give it a go.

So I copied the existing virtual PC hard disk across from the original XP host machine, configured a new virtual PC in Virtual Server 2005 and bang the image was up and running. Wow, that was easy I thought. Maybe Virtual Server is the way to go? Everything seemed to be going along swimmingly until I began to notice a number of unexpected reboots of the newly created virtual PC. Then I started to get errors about disk corruptions and messages saying the virtual PC hard disk was locked and therefore the virtual PC wouldn't start.

Hmmm...what is the problem here? Thinking, thinking. Ah ha, noticed that most of the issues seemed to happen at the top of the hour. This was also was the time that our Shadowprotect was running creating image backups of our host machine hard disk. So it appears that Virtual Server 2005 machines don't like imaging software like Shadowprotect. My guess would be that this is because the virtual PC hosted by Virtual Server 2005 has no idea that an image is being taken and doesn't invoke Volume Shadow Copy. Thus the virtual server hard disk (apart from being HUGE) doesn't get 'frozen' by VSS and thus issues arise. Just my guess mind you.

So in the end I shut down the Virtual Server 2005 image, copied the virtual PC hard disk back to the original XP machine, fired up Virtual PC on the original XP Machine and then launched the original virtual PC (with the updated virtual hard disk - no other changes made). Guess what? It just powered up without any issues! Clearly another benefit of using Microsoft virtual technology (ie virtual hard disk inter-changeability).

So in my experience it appears that if you have Shadowprotect (or any other imaging disk software for that matter I suspect) and you are running virtual machines (again my guess is you'll see this whether you use Virtual PC, Virtual Server or VMWare) then you are going to have problems, that may lead to all sorts of virtual PC reboots and possible disk corruption. As I said I am not exactly sure of the specific cause but I am in the process of speaking to Storagecraft (the makers of Shadowprotect) about the issues.

You have been warned.

Monday, January 28, 2008

I found another 512MB in my HP server

Every time I install a HP with SBS I always install 4GB of RAM. Why? Well, simply put this is the limit of SBS 2003 (since it run Windows Server 2003 Standard edition) and memory is so cheap these days. In some systems (SBS Standard) sure it is probably an overkill but you never know, so 4GB it is. Problem is with HP servers you never get access to the whole 4GB of RAM. Usually about 512MB goes missing.

Missing where you ask? Well, I understood that it has to do with the motherboard and memory reserved for PCX controllers (and what not) that is never really used anyway so it just get wasted. I always accepted that as fact since I generally didn't have much time to muck about on clients systems. However, after recently virtualizing all my server onto a single HP server with exactly 4GB of RAM I decided that I wanted to know where that lost memory actually went to, since the more RAM I have on my server the more RAM I can give my virtual machines.

So after doing some poking around I found the following link that talks about the missing memory. Now, it appears to access the memory above 4GB of RAM in Windows systems that support it (ie Windows Server Enterprise and Datacenter) you need to add the /PAE switch to the boot.ini. What does the /PAE switch do? Well, here's a link from Microsoft that explains the function of the /PAE option.

So, because my HP server is running Windows 2003 Enterprise and has exactly 4GB of RAM I decided I had nothing to lose by giving it a go. Guess what? After the reboot I now had exactly 4GB of RAM! That's at least 512MB more than what I had prior to adding the /PAE switch.

Hmmm...upon reading the HP link a little closer and doing some more poking about it appears that the /PAE option maybe valid on HP systems with exactly 4GB of RAM even if they are running Windows 2003 Server Standard (ie SBS 2003). Now, not having a 4GB SBS 2003 HP server to test this on I need to find a (non-production) system that I can test this on to see if it does in fact give back the 512MB consumed on SBS 2003 systems with 4GB of RAM installed.

So, if you have a HP server running SBS 2003 with exactly 4GB of RAM it may be worthwhile adding the /PAE switch to the boot.ini to see if you recover the "lost" 512MB of RAM. It shouldn't work on SBS 2003 but it may do because it has something to do with HP machines specifically. Like I said, I haven't actually tried this on a HP system running SBS but it certainly worked on a HP server running Windows Enterprise Server.

If someone out there wants to test the /PAE switch and let me know if it does recover the RAM I'd be grateful but in the meantime I'll just have to bide my time until we get a new SBS order so I can test it for myself.

Sunday, January 27, 2008

Help Microsoft Office videos

Video number 38 is up

So it's a New Year right? So it is about time for new video right? Right! So we have just posted our latest 'How to' video onto YouTube. This video shows you how to create a rule to block web sites using ISA2004 (which is part of SBS 2003 R2 Premium).

The video covers the creation of the rule as well as the impact of the rules and its (options) on a networked workstation. The video was created with the latest Camtasia Studio Version 5 so hopefully there will mean improved outputs. I am still fiddling with all the options and optimisation settings to produces the best results. Camtasia Studio Version 5 also allows the overlay of captions which looks like it will be handy as I flick between server and workstation. I still haven't quite worked out how to manually get the zoom in option going but the software seems to do this pretty well on its own but I'd still like to know how to do it myself.

Ah well, more playing with the software and maybe actually reading the help pages will not doubt assist in this matter. So I hope that you enjoy the latest instalment and as always feel free to send you comments and abuse to director@ciaops.com where I may or may not respond depending on how much you say you like it! ;-)

Book review

Getting Things Done - The Art of Stress-Free Productivity by David Allen

I thought that this book would just be another 'self-help' style tomb that showed you how stupid you were because you didn't understand the basic rules of the universe, but to my surprise I was wrong.

The book actually involves creating a workable 'to do' process that can be use in all areas of your life. The solution is simple but requires a mapping of the workflow of things that need doing as they come. The process then moves from accumulation of these items to actually dealing with them.

Now, although not a revolutionary process there was plenty of ideas and encouragement that I took away from the book. You can't necessarily implement everything the book deals with but for me, there are some real nuggets of gold that I can being to implement immediately. There are also plenty of things that I'm going to have to go away and have a think about as I need to implement them in the manner which I currently operate.

I wouldn't recommend this book as light entertainment or something to read before you go to bed, it requires too much involvement for that. However, if you are serious about improving your productivity and examining the way that you actually do things then this book is worth a read.

Wednesday, January 23, 2008

Post virtualization thoughts

I think that I have achieved my goal of reducing the number of machines on which my network runs. There is plenty of good about this: 

  • less power consumption therefore a greener planet.
  • less hardware to maintain.
  • an ability to tune the RAM for each virtual to exactly what I want. Thus, if the web server is using 203MB then I can set up a virtual machine with say 233MB of RAM and use the remaining ( you'd normally have to put 256MB physically into a machine so I can scrimp 23MB for another virtual machine) somewhere else.
  • I get better utilization out of my hardware (ie things like the processor are now running at 50-60% instead of 5-6%).
  • I can 'freeze' each virtual PC rather than having to completely shut down the machine If I need to do maintenance.
  • I can copy/backup a virtual machine by simply copying files. Sure they are big files but now if I want to migrate to faster hardware I do a simply copy and then fire up the virtual PC on the bigger, better, faster machine - upgrade done.
  • I can quickly isolate a virtual PC from the network by removing the mapping of the virtual network card from the physical network card. This is great for maintenance tasks that may affect the network.

There are obviously some bad things as well:

  • Disk performance is slower since all machines share a single physical disk which gets thrashed more.
  • If I get a corrupt virtual PC image then I lose the whole virtual PC.
  • I have a single piece of hardware that can still fail and if it does ALL my virtual machines are out of action.
  • Virtual technology doesn't give as good performance as physical machines.
  • Converting physical machines to virtual machines does take some fiddling.
  • Working with virtual PC files requires much greater transfer times since the files are GB's in size. A simply cut and paste can take 10 minutes.

Some other comments I'd make on the process I took:

  • Sure I could have used Windows Virtual Server but Virtual PC is quicker and doesn't require IIS. Also the virtual PC images are more easily moved. Not being an expert in Virtual Server I'm sure eventually that the virtual PC images will end up in Virtual server, my thinking is that if machines are already virtual PC's then they are going to be easier to move to virtual server should I choose.
  • VMware conversion is something that needs more research, I have done it very successfully with workstation images using Shadowprotect but servers appear to be a different kettle of fish.
  • Virtual PC's don't like non-Windows environments. Shadowprotect boots in virtual PC but man is the network transfer slow.
  • If you are migrating a production environment spend the time and do it properly, don't try and do it off the top of your head. You'll make mistakes and the conversion process will take twice as long. Sit down and define the steps you can take and what the roll back is.

In conclusion, I have no doubt that virtualization is the way of the future, it has too many advantages to ignore. Virtualization can work in an SMB environment but there are still some considerations to take into account (eg speed). Now that everything is converted I'll keep posting what I find as I'm sure I'm bound to uncover some more interesting lessons.

Monday, January 21, 2008

The transformation is almost complete - Part 3

This is the final part in the saga of my intention to migrate all my network equipment (servers and workstations) into virtual machines on a single piece of hardware.
In our last episode you may remember that I had ended up doing a swing migration of my SBS 2003 server onto a new machines. After a few hiccups I had it all working. Now the final task was to migrate the stand alone ISA 2004 server I use as a firewall device.
ISA 2004
Ok, so this machine does nothing except host ISA 2004 as a firewall and web proxy. It only has a small disk and very few apps installed. My concern was because it has two network cards that there might be issues (and I was right).
So, the first attempt was again to do a Storagecraft image of the original machine and then simply do a restore to a new clean Microsoft Virtual PC (no more attempts to migrate to Vmware, two strikes were enough to convince me that I needed to do more research to understand the process). After imaging the server I restore into a Virtual PC and Windows booted but I started having all kinds of issues with ISA 2004. My guess is that this stemmed from changing both network cards in the machine simultaneously. Now I could have sat down and tried to resolve things but since this was a firewall machine  and I'd never be completely sure whether I had fixed everything, I decided that it would be better (and quicker) to rebuild a new machine from scratch. Besides, there wasn't much software to install and once I had ISA 2004 running I "should" be able to simply import the rules from the old ISA box straight into the new box (in theory).
After installing Windows Server and then ISA 2004 I exported the firewall rules from the old server and attempted to import them into the new server. On attempting this I was greeted with the following :

Hmmm, not good, catastrophic failure eh? Thinking, thinking, thinking. Bing! Ah ha, the new ISA 2004 server doesn't have ISA 2004 Service Pack 3 installed. Installed that and now the import works! Yeah.
Problem was that ISA still wasn't working correctly. When I looked at the rules I saw that they still referred to the old listener, so I changed that, still no go. I cleaned up the rules, removing what I didn't need. Still no go. I checked the configuration and network cards. Still wouldn't work. When all else fails try a reboot. Guess what? It worked after that. So even if you make changes to ISA 2004 you may still need to reboot for them to take effect.
Ahhhhh, finally done. All the machines are now virtualized and I can dispose of all the old hardware. It had taken a long while and there were plenty more bumps in the road that I expected but I had managed to do what I had set out to achieve.
In my next post I'll summarize what I found along the way with some more thinking about the whole virtualization concept as I think it has particular relevance in the SMB market. For the record I've gone from 6 different pieces of hardware into a single piece. If that doesn't cut my electricity bill I don't know what will!

Sunday, January 20, 2008

The transformation is almost complete - Part 2

This is the second part of my story of attempting to migrate all my machines (servers and workstations) into virtual machines actually housed on one physical piece of hardware (you know to stop global warming and save the whales man).

If you can remember our last episode I had managed to finally migrate my web server into Microsoft Virtual PC using Shadowprotect, that wasn't exactly the way that I'd planned to do it but at least it was done and I had removed one piece of hardware from my network. Next on the agenda was my SBS server.

SBS Server

So having failed with my initial attempt to convert to a virtual machines using Storagecraft and VMware I decided to try again, since this time I didn't have dynamic disks on my SBS server. So I imaged the SBS server and attempted to convert it in Vmware. Unfortunately, once again the conversion failed with some obscure error. Damm, not again. Ok, abandon the VMware option, roll on Virtual PC. So I started to do a Storagecraft hardware independent restore of my SBS image to a clean Virtual PC. Problem was it was excruciatingly slow, too slow for me. So scratch that idea since I had a lot of data on my SBS box.

At this point I was beginning to question the whole migration process, it was worse than having teeth pulled. Time to take a deep breath and have a think about this for a while. After some peppermint tea and a nice lie down I deiced that perhaps the best method was to migrate my SBS 2003 installation to SBS 2003 R2. Sorry not migrate but S.W.I.N.G. using Jeff Middleton's method. That would keep the active directory but I'd get a nice new cleanly upgraded server. Yeah baby, let's do it.

So Jeff's method is basically to introduce a temporary domain controller into your existing domain and replicate the existing active directory to that machine. You then detach it from the production network and build a new network around this copied active directory. There are a few critical steps with Jeff's migration, firstly like turning off the Windows 2003 firewall (forgot about that the first time since it re-enables itself on a reboot - bugger) and secondly to ensure that during the migration you make the domain control a global catalogue server (forgot that the second time - again, bugger). Both of these oversights meant that I had to go back and do the swing migration again (why am I so stupid? I should have really concentrated on what I was doing rather than just doing it off the cuff, which you always pay the price for!).

Finally, I had a good copy of my active directory and I installed SBS 2003 R2 onto the virtual machine. Typically you know the swing migration has had a problem during replication if the Exchange Server component of SBS won't install. At last, a clean SBS box. I copied over the data that I wanted and the Exchange mail stores (which took a little while) but the great thing is that with the swing migration the Exchange databases simply load. After a little more fiddling (adding customized ISA 2004 rules, installing anti-virus and tweaking Exchange to keep the spammers out) I was done - phew.

Once again, one of the biggest advantage of virtual machines is the ability to switch the network cards in and out of the real network. In this way I could work on my migrated SBS server with it clashing the existing production server. When I was ready I simply shut down the production SBS server and brought the virtual SBS server up in its place (with the virtual network cards actually connect to the real network). Another big advantage of virtual machines is the ability to adjust the amount of memory that each server uses. So after a while I actually adjusted the RAM used by both migrated servers down to give me the ability to host more virtual PC's on this one piece of hardware.

Other benefits of 'swinging' on to a new SBS server? Bye, bye CRM 1.2. Yeah!! Why? Because it wouldn't uninstall. The ability to create a bigger boot partition (to handle those upcoming Windows Server 2003 service packs - really had to scramble to get SP2 on my machine). The opportunity to remove all the other crap that I had accumulated on my server over the years from testing this and that. Now I have a simple but extremely functional SBS server.

Two servers down, maybe this will work after all! Tune in to the next episode to get the the low down on my migration of a stand alone ISA 2004 box.

Friday, January 18, 2008

The transformation is almost complete - Part 1

Over the Christmas / New Year period I planned to undertake the biggest change to my network structure so far. I decided that I wanted to reduce the total amount of hardware in my shop by using virtualization technology. This basically meant migrating 5 physical machines (4 servers and 1 workstation) onto a single piece of hardware. As they say we have the technology to build it but here is my story of the experience.

Prior

Ok, so the first thing I needed was decent machine to host all these virtual machines on and one with plenty of RAM. So I started with a name brand server, RAID 5 with 4GB of RAM. I install Windows Server 2003 Enterprise Server to allow access to RAM above 4GB (which I don't have initially but I do want to be able to scale up to more virtual machines should I want to). After installing Windows, applying updates and installing the suppliers monitoring software I was ready to do my first my migration.

Now, the plan was to make this as simple as possible and from what I could tell the easiest way was to use Storagecraft Shadowprotect to take an image of the whole server and then simply convert this image into a VMware machine, which it does support. So, in theory, image, convert, run, nothing could be simpler eh? Here's what actually happened next.

Stage 1 - Web Server

After imaging the server using Shadowprotect I attempted to convert the image into VMware. Half way through the process I received an error about a disk driver  (scsiport.sys) but I chose to continue thinking that I could deal with this afterwards. Problem was a little further down the conversion process the whole thing crapped out. Bugger, what's the issue? A little bit of investigation pointed to the fact that I had (stupidly) converted the basic disks to dynamic disks on the original server. Why the hell did I do that all those years ago? Now sure, I could "unconvert" them but I already had an image so I thought I'd try option two. You know onwards and upwards (to infinity and beyond is the catch cry isn't it?).

Option two was to do a hardware independent restore using Storagecraft. So I booted the Storagecraft CD in a clean VMware machine and had issues. Damm. Not being a real Vmware expert I decided it was time for option three - Microsoft Virtual PC 2007, as my failures were beginning to REALLY PISS ME OFF. Storagecraft booted fine in Virtual PC and I did a TCP/IP mapping to my saved server image and commenced the restore. Lesson 1 - Storagecraft restores to Virtual PC are slow! But they do work.

So with the image restored to a new Virtual PC I rebooted the Virtual PC expecting everything to work just fine - WRONG. For starters, for some reason, all the drives were outta whack (ie C: was D: and D: was C: and so on). so the system booted but I couldn't even run Computer Manager in Administrative tools to restore the correct drives letters (the server had a C: which held Windows and D: that held everything else). Damm. After some more fiddling around with the boot record I got C: drive in the right place, after which I could run Computer Manager and get D: correctly assigned.

Finally, the web server was back in operation with no major errors in the logs. (Ahhh, That's better). So I now shut down the actual web server and bring the new virtual web server on line and it works! One of the really good things about virtual technology is that you can redirect the network cards to actual or virtual network cards. Thus, I could work on the web server with the same IP address as the original one but with the virtual network card not actually connected to the real network. When I was ready, all I did was shutdown the real server and change the virtual PC's network card to connect to the actual physical network card so it can now be seen on the network.

As I basked in glow of the first "successful" migration I mulled over the challenge of the next migration, my SBS server. Surely, that won't take as long as now I know what to look for and this server DOESN"T have dynamic disks!

As they say boys and girls, be sure to stay tuned to the next episode to see what actually happened.

Thursday, January 17, 2008

Sharepoint as a replacement for Facebook?

I have uploaded the following into a document on the main Supportweb document library, but since people like to read blogs I'll also put in here for your perusal.

<Start Document>

Even wondered why Facebook is so popular? I certainly have and one of the major reasons for its popularity is the fact that it allows people (who aren’t geeks) to create their own page on the Internet. They can fill it with everything about themselves and then invite others to link to it. Perhaps the reason that geeks don’t understand its draw is that geeks have been creating web pages for years. What they perhaps forget is that it takes a while for the technology to filter down to the average user, who by and large constitutes the largest group of technology users. So something that seems so 1980’s to geeks is really only just coming of age to the average user.

Now the popularity of Facebook has proven a challenge to many business owners because many Facebook addicts are far more interested in updating their web page rather than actually doing what they are paid to do during business hours. The typical reaction by management is simply to block all access to Facebook to force users back to what they should be doing during business hours, normal boring work. However, in these times of low unemployment, when companies are struggling to find good quality applicants such a policy may need to be carefully considered because potential employee may choose NOT to work at a business unless they have access to Facebook. In the current environment they certainly have the power to make this choice.

Maybe what is needed is a fresh look at the issue from a slightly different perspective. What if it was possible to encourage an employee to develop a web site to which they feel a personal attachment and yet have that web site related to the business? I propose that just such a situation is possible with Sharepoint. How? Well, Sharepoint is flexible enough to allow people to create, modify, and update their own area within Sharepoint. This could be something as simple as a single page or something as complex as a whole sub site. Best of all you can add rich content like colours, fonts and pictures yet you don’t need any special software, it can all be accomplished via a web browser. Don’t forget that Windows Sharepoint Services is also a FREE download for all Windows 2003 and better servers, so no upfront software costs there either.

If each employee was allocated their own page in Sharepoint and then encouraged to place information about themselves there what benefit would that have for a business? Well, they could be encouraged to detail information about their emergency contacts, what their personal vision is, what sort of activities they attend outside business and so on. It would provide them their own person area, which they control, and yet make it available for others in the business to examine and become more familiar with that person. I think this would perhaps foster a more positive business culture for starters since it makes it easier to learn about your colleagues but I think that it would also have an additional benefit. It would familiarize the employee with Sharepoint as a tool and remove much of the fear that is so associated to technology these days. Generally the rule is, the more I use something the more familiar I become with it and the more likely I am to use it. Think of when you learnt to drive. Never thought that you’d master guiding a lumbering metallic beast around the black tarmac did you? Look at you today! Zipping in and out of traffic without even stopping to think about how you are doing it. The difference is practice and lots of it.

Once people have the ability to maintain their own pages on the corporate Sharepoint site I’m sure you’re going to find employees who are really excited by what they can do and want to do more. Well, you can put those people to work helping others with their pages (if they aren’t already) but now you can put them to work creating something of direct use to the business using Sharepoint. Best of all, they are pretty much trained up on the product and can start being productive immediately.

So now you have a motivated and experienced Sharepoint designer on your team. Give them a project to create a subsite to focus on a specific part of the business and you’ll be amazed at what they are able to do. Maybe something that focuses on helping the marketing team. Sharepoint allows the creation of separate calendar, contacts, lists and so on that can be used to focus on that specific requirement. Best of all Sharepoint is flexible enough to be able to create exactly what you or your team requires. Better yet you now have an in house developer who is chuffed at the opportunity to showcase their talents.

The end result is that the business gets something that helps them run their operations better or more efficiently. Other employees get a tool that is customized to their exact needs and developed by someone who knows the business not some random outside consultant. Finally, you get a much more motivated employee because they have developed new skills and been given an opportunity to apply these new skills all within the same business. How could this be anything but a win – win situation for all those involved?

So perhaps rather than trying to take draconian steps of blocking and banning new web developments like Facebook a little time spend considering how they can be harnessed within your business may in fact help you make the younger members of your staff into the most productive members of your business.

<End document>

Here's a thought

I've been pondering the ramifications of Facebook of late and have come up with something novel I believe.

Let's say that everyone in the future has a Facebook style site/portal on the Internet. This site contains all their personal and business details. For arguments sake I'm going to skip over the security and privacy ramifications because I'm only considering a "perfect" world here. (Mine is isn't yours?). So much like Facebook each user determines who else has access to their information and to what level they have access. So let's say your family has access to you home and mobile numbers, while your friends only have access to your mobile number.

Now let's say that in your personal profile you subscribe to a number of online software applications (in the future I don't think we'll be accessing anything locally, it will all come from the net). So let's say you have access to online versions of Microsoft Office all the time but maybe you need access to Adobe Photoshop in a weeks time for 5 days so you simply pay a fee for the required access time. Once the application access time is up the application no longer appears on your space. The great thing about online applications is they are always up to date and always work, since you don't need to maintain them. Your personal profile also has all your personal contacts, emails, bookmarks and what not.

Ok, now lets say that you go to work. When you log into the terminal at the office you still access your own profile but now it knows you are at work and allows you access to the business applications of the company where you work. Also, it restricts you from going to certain web sites and running "non-business" personal related applications. This policy depends on the settings that your employer has decided on and they are applied to each employee as they logon. Some companies may not have any restrictions but by simply logging in at the office the network knows who you are what you can access. You can still get access to your personal stuff at all times, just as you do now.

If you change jobs then the business you were at just tells the network you no longer work there and when you log into to your profile page at the new business all the old applications have been removed and all the new business applications and policies are applied.

When you login from home after work you get access to all your personal stuff as usual but unless you are approved for after hours business work then the business applications are no longer available in your profile. When you return to work tomorrow they are back again, so you can't use the office copy of Photoshop to edit your images (unless the business approves you to do that).

There are lots of advantages for businesses and user here. Businesses get a central location to manage all their employees and applications. All the software is up to date and adding new staff members is a breeze. If they want access to other software applications the business simply subscribes and allocates them  out to employees. For an individual, all your stuff is stored in one place, backed up and you can access it whenever you need. You are able to choose what you want to share and with whom and like the business if you need access to a specialized piece of software you simply subscribe for as long as you need access.

I think most of what I'm talking about here could be easily accomplished already. It all sounds good in theory doesn't it?

Tuesday, January 15, 2008

Latest news on new version of SBS

Here's some more information about what is coming down the pipeline with SBS Cougar. Seems like the Premium edition will allow the installation of 2 server to split applications like SQL and terminal services.

On that score David Mackie raises some interesting questions and issues with the Premium installation in his blog, especially given the new virtualization technology that will be available in Windows Server 2008.

I'm sure that we'll hear more about all this as the product near launch (June 2008 time frame) and I'm sure things will change and I wouldn't be surprised if some MAJOR things change! Time will tell.

Outlook Business Contact Manager and detached network user

Strange to find someone wanting to remove a server from their network these days but in our times of downsizing it does happen. Everything was going swimmingly, I had removed all the workstations except for the last one which had Outlook Business Contact Manager installed. I didn't expect any issues but received a nasty surprise when the user tried to fire up Outlook Business Contact Manager as a stand alone user.

When Outlook loaded it said that the login to the Business Contact Manager database was incorrect and that I had to attach to an existing database or create a new database. Hmmm...ok so I'll try and attached to the existing database - no go, so I elect to create a new database. Problem is that the client uses Business Contact Manager extensively so they needed the old database back. With a new Business Contact Database Outlook loads but there is no Contact Manager data.

Thinking, thinking, thinking....why would the login details be wrong? <Bing> Ah ha, because the previous login was on the network (ie domain\user) and the login now is just user (ie localmachine\user). This would still be the case even if the user names and passwords were identical - different privileges between a domain and a workgroup. So now I knew why the login was failing, trick was how do I fix it?

The first thing was to check that the original Business Contact Manager database files were still on the system. By default the database is installed in c:\documents and settings\<user>\local settings\application data\microsoft\business contact manager. The database is probably called msbusinesscontactmanager.ldf and msbusinesscontactmanager.mdf. In this directory I clearly had 2 sets of databases an old (prior to removal from network) and a new (after removal from network).

Next step was to go into services.msc and locate the local SQL service called MSSQL$MICROSOFTSMLBIZ and right mouse click on it and select stop. With that done I returned to the directory and renamed the existing business contact manager out and the old database to what the name of the existing database had been. so existing -> save then old -> existing. I then returned to the services.msc screen and started the MSSQL$MICROSOFTSMLBIZ service, then I restarted Outlook.

When Outlook started I saw a dialogue box saying that the Business Contact Manager was initialising after which Outlook loaded. When the client checked all the information he had stored using Business Contact Manager was back. Phew.

It would have been nice if Business Contact Manager would have warned me that I might have an issue logging into the database if I detached from the network but you can't cover every eventuality can you? At least it wasn't too hard to fix but I certainly had to do some testing beforehand since I couldn't find much on the web. Sometimes it is quicker to run up a Virtual machine and try it for yourself.

When a blue screen of death can be helpful

Got a call from a client who was having regular BSOD (the dreaded Windows Blue Screen of Death), basically meaning they had no option but to reboot their system. Did a quick Windows Update and virus scan remotely but the problem persisted, so an onsite visit was the next option.
The next step was to do some analysis of the actual memory.dmp file that is created when Windows crashes. So I copy this file onto my laptop and run The Windows debugger that you can download from Microsoft to analyse these files. The results did produce something interesting :

Now the lines that I've highlighted are errors with files kallenylab4-4db6.sys, kirkjtkkd174f-3545.sys and ortyeras37cd.sys. The final line of the debugger says that the crash was probably cause by kallenylab4-4db6.sys.
Now I don't know about you but when I see files likes these I sorta know that it is a virus/trojan/malware. So I went searching for the files but couldn't find them using a normal file search (and yes I had display the hidden and system files options turned on). I know the files are there so I did a bit of googling and found some information that indeed confirmed the files were trojans and had to be removed in safe mode. Even better, this trojan had implemented some cloaking or root kit technology so the files weren't displayed under normal Windows, but the good old crash dump told me they were there.
Seems like this trojan comes from an "greeting card" email that asks the user to download a file happynewyear2008.exe from a web site. Once the user has downloaded the file the trojan installs. Now I go back to the user and query them about downloading this file from a web site and they confirm they did that because it looked like something fun. Ah, ok, that little bit of fun has just cost you a few hours of my time.
When will users realise that they SHOULDN'T download something they don't know about? You have the most sophisticated security software in the world installed but if the user overrides this then it is all to no avail. The people who write these trojans know that and that's why this sorta stuff is always going to be a problem. It is a human problem, not a technology problem.
However, the moral of the story is that sometimes a Windows Blue Screen of Death can be of benefit, especially when it indicates you have a trojan on your system!

Tuesday, January 8, 2008

Russian Roulette

Seems that everywhere I go these days I hear users saying that they are going to convert to a Mac because Windows is such a pain. Even scarier is that they believe that with a Mac they won't need anti-virus or patching! Ah, hello, who told you that? Ah those Apple ads is their reply.

Firstly, those Apples ads are exactly that, advertisements to get you to buy the product. They are paid for by the people supplying the stuff not some independent third party. Of course they are going to tell you want you want to hear. They want you to buy the product. So even before we start credibility from these ads = 0! (but they are funny - see the latest ones here. Especially check out the one called Podium in light of my previous post on Vista)

Next, all hardware and software is developed by human beings. Yes, they are generally smart than the average human being but they are still humans. They can't foresee every ramification and variation that their product will be exposed to. So no matter what is that is developed by humans, it is subject to flaws and these flaws need to be addressed with updates and patches (Mac included).

Next, the bigger the market share the bigger the target. If you only have 10% of the market why, as a bad guy, would I bother writing something to attack you? I get much greater chances of return if I attack the other 90% of the market. However, as that market share increases then I begin to reevaluate my strategy. This is even truer if you propose that the more uninitiated users are moving towards something like the Mac. As a bad guy if more uninitiated users are there then my potential return is even greater so I am going to devote more time to attacking that segment.

I could go on and on. I also acknowledge that in many ways Macs are better for users BUT don't believe for a second that they are not vulnerable and shouldn't be protected in a way a PC is protected. If you don't believe that then you are playing Russian roulette, because it is only a matter of time before you get hit.

For a good article on the overall issues of Mac security click here.

Monday, January 7, 2008

One little check box

So having recently installed Windows Server Service Pack 2 on a client's SBS 2003 R2 box over the Christmas/New Year break (yes, I know but they were too busy to allow it any other time) it was only upon their return did I strike the following strange problem.

A shared HP printer on the server was showing offline. Strange, all the other HP printers off the server were fine. When I attempted to print a page to the offline printer the job just sat in the queue. I killed all the print jobs and restarted the Print Spooler service and then a test print worked. However, when I asked a user to try and print again the printer was offline again. Did a quick Google and couldn't find anything so rather than muck about I thought that I'd call HP since surely they had seen this before.

After being accidentally hung up on by the first technician I told the next technician in great detail what I had done and that I suspected the issue to be something related to Windows Server Service Pack 2. He suspected a corrupt driver. Ok, that is possible I suppose. So I deleted and recreated the shared printer on the server (resetting all the page sizes to A4! Why oh why doesn't this happen immediately??). Guess what? same problem. Next he got me to create a new printer on a workstation to see if I had the same problem. Ah yes, same problem. Next he wanted to delete the printer, restart the server and start hacking the registry.

At this point I had to put my foot down and say that there were users on the system and I believed the real issue was linked to Service Pack 2. He told me to wait on hold while he checked something. Fine, while you're doing that I'll Google some more. Guess what? I found the issue! Guess what? It is related to Windows Service Pack 2. Here's the solution :

Apparently Windows Server 2003 SP2 has some changes in the way SNMP is handling printer queues. It now does multiple SNMP threads for the printer queues instead of 1 round robin.

To resolve this, check if your printer's SNMP is working properly.

To workaround, in the Printers and Faxes folder,

File > Server Properties
Goto Ports Tab > Click the offline Port > Configure Port
Uncheck "SNMP Status Enable"
OK
This will turn off SNMP querying and set the printer to always Online.

Anyway, after making the changes and checking that the printers work from the clients workstation my HP friend comes back from hold and I tell him that I've solved it. Oh, he says, yes Windows Server Service Pack 2 can cause those issues. Arrrggh... If you knew that why didn't you tell me up front?

Support is never easy is it?

Sunday, January 6, 2008

Re-enabling older file types in Office 2003 after SP3

Here's a post that should help you if you need to implement older Office file types after installing Office 2003 Sp3 :

http://blogs.msdn.com/david_leblanc/archive/2008/01/04/office-sp3-and-file-formats.aspx

In the post you'll find some handy .reg files that will re-enable the older file formats without having to go in and hack the registry (always a good move).

Here are the closing comments from the post (from Microsoft of course):

In closing, I want to emphasize that we're not removing support – we're making the default safer. If you're among the users who do need to be opening these formats, we will continue to support you. We also recognize that we have not made any of this as usable as we'd like, and we apologize that this hasn't been as well documented or as easy as you need it to be. We're also going to take a hard look at how we can do better in the future.

Now I know that Microsoft is screwed no matter what it does but don't you think Microsoft, that a warning dialog box during the install of the Service Pack might have been a good idea? Hmmm? If there was one then I could understand your 'making it more secure' claim BUT keeping this thing hidden or as you euphemistically put it "hasn't been as well documented or as easy as you need to be", then I gotta say that my BS detector is flashing big time, since it appears more likely you are trying to force people into the new versions of Office. Now while that in itself is not a bad thing and necessary to ensure we are all safer, one would again tend to think that the way this has been conducted is more along the lines of benefiting stockholders rather than users. Maybe?

You're watching

We're happy to announce a couple of milestones for our YouTube videos. Firstly, our total views has now exceed 40,000! Wow, that means that 40,000 people have looked at what we have placed online. Secondly, our most popular video, about getting started with Microsoft Virtual PC, has now been viewed over 6,000 times. Remarkable.

If you have watched our videos then we thank you for taking the time to view our content. As always we encourage people to send us feedback (good and bad) on our offerings. Regular viewers will be happy to know that we have recently purchased Camtasia Studio Version 5 and all our new videos will be using this fantastic product. At the moment we are just working through the product tutorials so we understand how to get the most from the product. With all the new features of Camtasia we hope to make what we present much slicker and more professional.

A recent comment on one of the videos raised an interesting point. We were asked why we solicit for donations in our recent videos. The answer is that these videos are not generally done as part of our normal business, they are done we get a few spare moments. Unfortunately, these days we have to put priority on work that provides us with revenue that pays the bills. If we were to get some revenue from these videos (no matter how small) then we could spend more time developing more videos, improving the number and content of what we provide. So if you like what you see and want to see more then we would appreciate a donation via http://donation.saturnalliance.com.au and help us. It doesn't have to be much, even a few bucks does help.

We also have be toying with the idea of sponsorship on our videos, again to raise some capital to improve our offerings. If you know a business that may be interested in sponsoring one of our productions please contact me (Robert Crane - director@ciaops.com).

The bottom line is that the videos we do will continue to be produced and placed online for free but they will continue to be done as they have been, in an ad hoc manner, when we have time. However, to everyone who has taken the time to view our videos, provide comments, ratings and feedback we thank you very much and hope that you'll keep watching.

Another great FREE utility

Well no so much a utility as a setting I suppose. What is it? It is OpenDNS. What does it do? It allows you to point your DNS to much bigger, faster, better featured, highly reliable, etc service for retrieving the domains you type into your web browser. Why is it better? Well apart from being all the things I just mentioned it allows you to monitor all your DNS requests, for all your networks from a web console (cool). Also, it can be configured to prevent requests to phising and "adult content" web sites. This means that if a user inadvertently clicked on an email that contained a link to a phising site (to obtain their banking details for example without them knowing) then the request would be automatically dropped and the user would get a nice warning page.

By using OpenDNS on your network you'll ensure that not only will your users get a faster response to their request for web sites but they'll also be better protected. Even better you can access all you DNS statistics from a web console and lots more features. To cap it all off OpenDNS is TOTALLY FREE! So there is no reason not to use it.

Take a look at OpenDNS and I think you'll find that it has plenty of really cool benefits for a price that is hard to match.

Thursday, January 3, 2008

Don't believe Windows Vista ain't selling?

Heard recently that last year PC (excluding Macs) manufacturers shipped 260 million PC's. Microsoft also announced that in the same time frame it sold 88 million copies of Windows Vista.

Say what??? 260 million PC's and only 88 million shipments of Vista. But wait it get's worse for Microsoft. It is my understanding that the 88 million shipments of Vista include upgrades (ie not destined for new hardware anyway).

Now Vista does have some excellent features that do make it a worthwhile purchase BUT for the average consumer it means they are going to HAVE TO buy new MORE POWERFUL hardware to run Vista on. Strangely, most consumers ask WHY? To them apart from the flashy Aero interface (which is a resource hog anyway) what benefit makes it worthwhile now? NOTHING! They'll just wait until they upgrade their PC in 3-4 years and get it then. If we go into recession then this may blow out to 4-5 years.

In my books another mistake from Microsoft not looking at what customers ACTUALLY WANT rather than telling them WHAT THEY SHOULD HAVE. The market has spoken Microsoft and I certainly hope you are listening. But ....

Look what I found out after I...

Have been apply Office 2003 SP3 in swaths across customers while they are all away being merry and I can access every workstation unrestricted. That was until I found this blog post!  Turns out that by installing Office 2003 SP3, the ability to open and save older legacy file formats will be blocked. Hmmm...why? The reason for this decision is strictly for security reasons.  Some older file formats including some from Microsoft are insecure and do not satisfy new attack vectors that hackers can use to execute malicious code.  The decision to block the formats is strictly to protect your machine from being compromised. Hmmm...the old security excuse eh? I wonder how many of my customers this is going to piss orff? Hopefully, not too many!

If you need instructions to re-enable certain file formats, please read this article KB 938810.  It involves registry modifications so, as usual, backup your registry before altering. GREAT! Another fantastic Microsoft solution - HACK THE REGISTRY! Is there ever a solution that doesn't involve this for pity's sake??

Hmm...sounds to me like Microsoft wants everyone to upgrade to Office 2007,

<sarcasm>

Because it is better? Because the ribbon interface makes using it so much better? Or because Microsoft needs the cash? I wonder!

</sarcasm>

When will company's like Microsoft start looking at this sort of stuff from what is best for the customer? Not while they have stockholders I'll bet!

Wednesday, January 2, 2008

Blogs in plain english

Here's a great little video that explains blogs in plain english. It should help people who don't quite grasp the power of this new medium to better understand what all the fuss is about.
 

Tuesday, January 1, 2008

2 worthwhile utilities

Ok, let's start off the New Year with 2 interesting and helpful utilities.

Firstly IEPassview - This utility will allow you to display all the passwords stored by Internet Explorer. Yes, that's right boys and girls, all those passwords for login to protected sites and things like ADLS routers.

IE PassView utility can recover 3 types of passwords:

  • AutoComplete Passwords: When you enter a Web page that contains a form with user/password fields and a login button, Internet Explorer may ask you if you want to save the password, after pressing the login button. If you choose to save the password, the password is saved as AutoComplete password.
    Be aware that some Web sites (like Yahoo login page) deliberately disable the AutoComplete feature, in order to avoid password stealing by other users.
  • HTTP Authentication Passwords: Some Web sites allow the user to enter only after typing user and password in a separated dialog-box. If you choose to save the password in this login dialog-box, the password is saved as HTTP authentication password.
  • FTP Passwords: Simply the passwords of FTP addresses (ftp://...)

Next WindirStat - will calculate and display disk usage.

WinDirStat reads the whole directory tree once and then presents it in three useful views:

  • The directory list, which resembles the tree view of the Windows Explorer but is sorted by file/subtree size,
  • The treemap, which shows the whole contents of the directory tree straight away,
  • The extension list, which serves as a legend and shows statistics about the file types.

This is a great tool for determining what is chewing up all your disk space and then actually going in and cleaning it up.

Best of all both utilities are free for download. How's that for a New Year's present?