| Paul Edlund's profilePaul EdlundPhotosBlogLists |  Tools  Help |
|
Paul EdlundWhat I learned along the way June 19 Third Party Vendors and Exchange 2007I’m really interested by what I’m learning about how companies protect their cash cows. Instead of competing on merit, some sales people and consultants seem to fall back on fear as a means of showing a value proposition. IMHO, this is not only a bad business tactic, it’s downright frustrating for your customers. Case in point, I’ve been working with a customer on an Exchange 2007 deployment. We’ve had many discussions around Exchange’s Local Continuous Replication (LCR), Cluster Continuous Replication (CCR) and Standby Continuous Replication (SCR). Before Exchange 2007, LCR, CCR and SCR was not available. Instead, 2-node (Active/Passive) or N+1, which is now called Single Copy Cluster (SCC), has traditionally relied on a shared storage solution such as SAN. I’m not going to cover LCR in this blog entry but you can read about it here. So now, vendors are trying to tell my customer that they are making a “grave mistake” by utilizing CCR and SCR in an enterprise scenario. When you peek under the covers at this argument, it reads like a script that someone in the marketing department created to protect their investments. Before I get into this rat’s nest, I don’t mean to imply that Microsoft doesn't use market intelligence when competing. However, as sales people and consultants you have to backup your value proposition with hard evidence. Let me tell you this, in the scenario above with my customer, the vendors were not able to provide such evidence. If I find out that they have provided evidence, I promise that I will modify this blog post to represent their findings so long as they are valid. First let’s cover the basics: Instead of trying to recreate a complete primer on the differences between LCR, CCR and SCR, I’ll just provide you with a link here. Basically, the value of CCR is that it allows you to have two local servers clustered together without having common storage. The functionality is similar to SCC but without the shared disk. As a matter of fact the two servers could even be different vendors with different types of disk in them. The caveat is that the drive letters should match on both boxes. In theory the secondary server could even be virtualized but that represents a support issue that would need to be elaborated on in a separate post. Here’s an image of a CCR cluster taken from TechNet.
SCR, which was introduced introduced with Exchange 2007 SP1, is similar to what is called “stretch clustering or geo-clustering”. This is NOT exactly a cluster because the word “cluster” implies that nodes are acting together as a virtual server. While it isn't exactly a cluster, it provides failover that spans the wide area network and allows you to failover between two datacenters. With SCR, Exchange is also not reliant upon a shared disk solution. Nor is SCR reliant upon 3rd party storage solutions to do disk to disk replication. This is where storage vendors have made significant money in the past. Namely to overcome the shortcomings of Exchange 2003 and earlier. Here’s an image of an SCR cluster taken from TechNet.
So here we are in the present and we find some of these vendors spreading FUD (Fear, Uncertainty and Doubt) telling customers things like the following:
You should take serious notice that Microsoft doesn’t use Single Copy Clusters for their production environment anymore. Microsoft has 80,000 employees and including contractors it’s closer to 121,000 mailboxes in Exchange 2007. Here’s a link to the Microsoft IT deployment of Exchange internally. So we’re not talking about CCR and SCR as a SMB solution. This is FUD talking! So now that you have read all this, you should understand that the fear some people are spreading is unfounded. Of course there is always some “worst case disaster” that will result in something bad happening. I mean, let’s be real.. stuff happens and usually it’s due to a human error. So it is possible that what these sales reps say “could” happen but it’s certainly not very likely once you understand the facts. Let me make this clear - There is value in SAN. I’m a big believer that the only way to get the right amount disk IO per second (IOPS) in large Exchange installations is by using SAN. Otherwise you need more servers to house the internal storage like a HP DL580 G5 which comes with 16 SAS drives like this one. What I’m not saying is that you HAVE to use SAN replication schemes in order to achieve High Availability and Disaster Recovery. THIS IS A FALICY in Exchange 2007. That SAN is almost always more expensive short-term and long-term than using LCR, CCR and SCR. So now let’s come back to cash cows. Microsoft has their own cash cows… namely Office, SharePoint and the client OS. Microsoft has to continually beat down FUD around those products as well. Microsoft sales people and consultants should also be mindful of not spreading their own FUD. Consultants should always stick to the facts. However, those facts change. So before you spread FUD (3rd party vendors or anyone else :) do your research and read a few TechNet articles! Windows Live Mesh will change your lifeNot that I had many religious readers over the years... however, since I took on my new job, I haven't blogged much. Mostly because I've been heads down learning some new tricks of the trade. Plus I feel like if I don’t have anything original to say, that I should just keep my trap shut. Well I'm opening the trap again I guess. :) Let me start by asking you a question... How do you share pictures with friends and family? (Maybe flickr or Shutterfly?) How do you share other files with them? (email?) If you maintain a family tree with a piece of software like Family Tree Maker, how do you share that file with other people? (you probably don’t) If you tag photos with things like people, places and date taken, how do others get those updates? (you probably don’t so they are always out of sync) If you run web servers for a living, how do you share configuration across many web servers? If you have customers, how do you send them big files? (Why would you use email? They will hate you for it! :) I cant bet that 9 times out of 10, you are probably saying "email". For the question about web server configuration, my guess is that you use something very basic like XCOPY or ROBOCopy on the Windows platform or something like RSync on everything else. None of these methods are simple and they are all fairly labor intensive. If you haven't signed up for a Windows Live Mesh account (www.mesh.com), you need to get one ASAP! It will change the way you work on multiple computers. Namely, all of the problems above are solved quickly and easily with Mesh. Imagine taking a picture with your cell phone and instantly having that picture show up in your PC's Pictures folder. Imagine tagging a picture with a name or a place and your family getting an update to the picture in their own Pictures folder! This is what Mesh does. It will support Mac's and cell phones. It will put a copy in the cloud if you let it so you can access it anywhere. It will let you take remote control of any PC you own... even behind a firewall or NAT. For those of you more familiar with other Microsoft technologies like FolderShare or SkyDrive, Live Mesh will look like it overlaps those technologies… and it does. However, Live Mesh isn't as constrained as those other two solutions. First, Live Mesh has a 5GB limit when you copy stuff up to the cloud but it isn't a hard limit. You can exceed the 5GB but it’s more of a “first-in-first-out” kind of transaction (currently). Unlike FolderShare, Mesh does not limit the file sizes or number of items you can replicate. There are some theoretical limits but getting up to 100,000 items is not likely for most people. In the enterprise, the options are endless. Pushing out application databases and configuration files securely will be enabled by Mesh. Sending your customers or co-workers large media files or presentations will be a thing of the past with Mesh. Mesh even has a rich API so you can use Mesh as a way to communicate with your users and customers. I cant say it enough... you need to see Live Mesh! (www.mesh.com) July 06 Catch up with me 7/24 at HostingCon 2007 in ChicagoFinally... I get a chance to speak in my own home town!!! If you are into web hosting, come to HostingCon 2007 at Chicago's navy Pier the week of 7/23 - 7/25. I'll be presenting Tuesday 7/24 on SoftGrid and Terminal Services in Windows Server 2008. Hopefully I'll get to cover some of the cool IIS 7.0 features as well. Here's a link to my presentation:
I hope to see you there! June 05 TechEd 2007 Learnings - Part 1I wanted to share some important things I learned so far at TechEd 2007. Read below: Microsoft Threat Analysis and Modeling Tool v2.1.2 Devs and Engineers… please read this! Today I learned about a security tool by Microsoft that I never knew existed even though they say it has been out for more than a year. It’s called the Microsoft Threat Analysis and Modeling Tool. This tool is used in the design phase of a solution deployment. Before a line of code is written or a server is deployed, you walk through this comprehensive tool to input all of your solution components, where data resides, who has access to it and how it’s exposed. The tool extracts this data and outputs a variety of reports including stop light values that highlight risk, threat remediation and actions that would be taken in the event of a breach. It also outputs an amazing report that is similar to a RACI (responsible, accountable, consulted and informed) diagram but these are based on CRUD (Create, Read, Update and Delete). These outputs would be used as both documentation and a pre-deployment signoff solution. Seriously… this is an amazing tool. It’s not like any of the Best Practice Analyzers. It’s much better. You can watch a webcast on it and get it here: http://blogs.msdn.com/threatmodeling/ Steve Riley’s TechEd 2007 Security Presentation In a presentation this week from Microsoft Steve Riley, he talked again about opening up the Enterprise to the Internet and removing private Corporate Networks. He’s deadly serious about this and Steve is Microsoft’s worldwide security evangelist. He has the pedigree to discuss such things. He states openly that he will gladly listen to your objections and then tell you why you’re wrong. :) His primary point is that organizations need to secure access to data and not just infrastructure. For example, using Rights Management on documents rather than just ACL’s; or using IPSec and SSL to secure communications between trusted devices rather than simply trying to protect devices at the edge of a network. I’m paraphrasing his credo is “that not a single device can be truly trusted so you must treat all communication as malicious until proven otherwise”. This means securing every device, limiting protocols to those that are known and therefore having a “firewall-like” (note that I didn’t say “firewall”) experience everywhere. Steve talked quite a bit about the Intelligent Application Gateway (IAG) which allows you to publish internal apps via SSL. This poses the problem that I raised in Steve’s presentation as well as my Longhorn presentation a week ago. (http://www.wildvoice.com/PlanetTech/Main/Video-overview-of-Windows-Server-2008) Namely that this is fine for the company who is trying to give remote users a secure way to access corporate applications. However, this is a terrible curse for companies who have compliance issues (such as trading companies) who want to limit access to certain apps (such as MSN IM) because they don’t want traders using unmonitored IM as a means to give away insider information. Using a technology such as SSTP, Terminal Services Gateway, Terminal Services RemoteApp (all Server 2008 features) or IAG would allow users to create an IM instance at home and then connect to it over port 443 to run something like BitTorrent at their desktop in the office. Since the TS products allow you to remap disks to the local machine, you’ve essentially broken the firewall. Steve Riley was stumped by this question and so far so are the security folks at Microsoft. So Steve says he may write a whitepaper on this in lieu of my question. (once they have an official answer) Chronology and costs of data breaches 2005 - 2007 The last thing I’m gonna talk about is also from Steve Riley’s presentation. Steve discussed the various known breaches from 2005 – 2007. He noted the following:
· Steve made two great points. Put yourself into the mind of a thief and walk down a city block. If you see a security sticker on the front door, you would more than likely look for a different house to attack. So first, why not go and get a sticker and forgo the actual cost of the alarm. (half joke) Second, if you raise your security stance, does this inherently make your competition more vulnerable? This first one is the list of the known breaches from 2005 – 2007. The second is the average cost of a breach according to a Forrester Research survey. http://www.informationweek.com/news/showArticle.jhtml?articleID=199000222 April 12 Moving Towards Structured Data with MOSS 2007Microsoft Office SharePoint Server 2007 is great at organizing your data. What many people come to realize when I'm working with them on MOSS is that moving away from unstructured data has a huge positive impact on what you can do with the data. MOSS takes the prevalent data most organizations already have (docs, spreadsheets, presentations, etc) and makes it more organized by allowing it to be searched and categorized with metadata such as owner, topic and keywords. Most people prefer to work inside Word, Excel and PowerPoint because they are known products and they are efficient in them already. During my discussions, the light bulbs usually come on when I show off what structured data gives you on top of MOSS Search. First, a primer on structured vs. unstructured data… Most people use Word, PDF and Excel as a substitute for a database because the cost of development is too high or too complex. MOSS brings the ability to leverage structured data down to the masses and subsequently lowers the cost of development drastically. Unstructured data can be defined in many ways but the way I'll describe it is simple… "documents". By documents I mean all the various forms of files that exist in the world today such as PDF's, JPG's, PowerPoint files, etc. While these documents may contain structured data (such as tables in Excel), they are still files. Excel is an interesting example because in MOSS we can actually turn it into truly structured data with Excel Services but we'll come to that in a second. Structured data is essentially data that resides in a database. However, just because data is in a database doesn't mean that it's structured in a proper way. For example, a "free text" column in a database can have essentially anything in it unless you have rules that define the field. For example, you might have a field for home phone number in your database, but if you don't force the entries to be formatted according to your requirements, people could enter 301-555-1212 or (301) 555-1212 or 3015551212 or 0011,1,301-555-1212 (for our international folks). Carrying this idea of a phone number forward into an actual example of structured data inside MOSS is quite simple. Suppose you want to create an Audience in MOSS that only shows a Shared Documents webpart to someone if their home phone number area code is "301". If you formatted your field validation rules properly in MOSS you could do this with a few clicks on the mouse. Without proper formatting, it's not so easy. So back to those light bulbs I referred to earlier. Tools inside MOSS allow you to create structured data in a few ways. Three of the easiest ways inside MOSS are Excel Services, Lists and Forms Libraries. One of the more difficult methods in MOSS is to use Business Data Connectors (BDC's). Those of you who develop those things will say "it ain't that hard to create a BDC" but for the non developers out there like me… trust me… the three I list can be done without any dev knowledge at all. If you're unfamiliar with BDC's (no... not Backup Domain Controllers in NT4) they allow MOSS to expose your custom applications inside the portal where data from your application can be indexed/searched, viewed or even manipulated. But I digress. Once you have created a custom list, exposed an Excel document to a Key Performance Indicator (KPI) or created an InfoPath form, you will be amazed at the data you can get out of your organization. Using KPI's has a massive impact to most organizations on the very day they first get used. Besides KPI's, here's a list of other useful things you can do with structured data:
I want to reiterate my primary point once more for good measure. People have leveraged documents as a substitute for databases because it was too tough or expensive prior to MOSS. I encourage you to enable the Forms Server and Excel Services components in MOSS and give them a spin. One caveat is that Excel Services and Forms Server are only included in the Enterprise Edition of MOSS. However, these two things DO NOT stop you from creating structured data in MOSS. Excel Services basically creates a service out of a spreadsheet where the data can be consumed via web service or KPI. February 22 Using MOSS and WSS with non-IE browsers (radeditor by telerik)If you're deploying Windows Sharepoint Services v3.0 or Microsoft Office Sharepoint Server (MOSS) 2007, you may have noticed that people who arent using Internet Explorer (IE) tend to complain when trying to post content. They are forced to look at a simple HTML editing tool that lacks the advanced features of the native ActiveX control that IE tends to love. r.a.d.editor for Microsoft Office SharePoint Server 2007 is a cross browser based alternative to the default rich-text editor in MOSS and WSS v3. The product is developed in an agreement between telerik and Microsoft and is provided free of charge to registered clients of SharePoint 2007. You install the software using an stsadm -o addsolution command string. From there, it is a simple matter of adding the editor as a feature to the site collection from the site settings page. Following that, any non IE browser (the Telerik website has a chart with supported browsers with feature breakdowns) will get radeditor while IE retains the activex plug-in for any field that has the ActiveX plug-in enabled. The process was well documented by telerik, and we've been successful in both testing and production deployments of the tool. Making Changes to MOSS and WSS Accounts and PasswordsPerform these changes in the order listed below to modify the service accounts for Windows SharePoint Services (WSS) v3.0 or Microsoft Office SharePoint Server (MOSS) 2007. The first section is for WSS and the second is MOSS. They are mostly the same with some minor changes in each.
WSS Environments:
Central Admin AppPool
Other Website AppPools
WSS Search
MOSS Environments: Central Admin AppPool
Other Web Front End AppPools
Microsoft Office SharePoint Server Search
Office 2007 SSP & Excel
Office Server Crawl/Index Account
Central admin app pool ID - Database Access Account:
Other Application Pool IDs:
SSP Service credentials
MOSS Search Service credentials:
WSS Search Service credentials:
MOSS SSO:
Profile Import account:
February 21 Using Office 2000/2003 with Office 2007 XML File FormatsLately I've been presenting for Microsoft and talking about collaboration to various public sector organizations. I've been discussing such topics as Microsoft Office SharePoint Server (MOSS), Windows SharePoint Services (WSS) 3.0, Exchange 2007 and Office 2007. In preparation for these presentations it was interesting to dispel some of my own misconceptions. One of these misconceptions was "Why would I want to migrate to the new Office file formats if I don't know if other people with older versions of Office will be able to read them?" It turns out that Microsoft had figured out that problem for me. There is a free add-on to Office 2000/XP/2003 that allows you to edit and view Office 2007 file formats. In Office 2003 and XP, it is a seamless process. You simply open the file. In Office 2000, you have to convert the file using Windows Explorer before it can be read and edited. You can get the conversion tool here: One of the more useful tools I learned about is called the Office Migration Planning Manager. These tools allow you to find Office files (doc, ppt, xls and mdb) in your environment that can be migrated and those that will not be able to be upgraded without remediation. This tool called offscan.exe finds the files and writes logs to a cab file. These cab files are then imported into an Access database where they can be reported upon using Excel 2003 or 2007. All the reporting templates are provided and the processes are very well documented. The next cool tool in the solution is called ofc.exe which can convert your existing files to the new formats. There are tons of benefits to the new XML based formats including:
This tool doesn't replace your existing files, rather it creates a "converted" directory which could then be scripted against to delete or move the old formats before replacing them with the new formats. The last claim about reduced file sizes is no joke. When I ran the tool, my documents were at least half as big and in some cases even smaller. Usually the ones that didn't reduce had images in them and binary files are already compressed. Check it out for yourself. Here's some screen shots I took before and after running ofc.exe.
You can get OMPM at this URL:
Using Office 2000/2003 with Office 2007 XML File FormatsLately I've been presenting for Microsoft and talking about collaboration to various public sector organizations. I've been discussing such topics as Microsoft Office SharePoint Server (MOSS), Windows SharePoint Services (WSS) 3.0, Exchange 2007 and Office 2007. In preparation for these presentations it was interesting to dispel some of my own misconceptions. One of these misconceptions was "Why would I want to migrate to the new Office file formats if I don't know if other people with older versions of Office will be able to read them?" It turns out that Microsoft had figured out that problem for me. There is a free add-on to Office 2000/XP/2003 that allows you to edit and view Office 2007 file formats. In Office 2003 and XP, it is a seamless process. You simply open the file. In Office 2000, you have to convert the file using Windows Explorer before it can be read and edited. You can get the conversion tool here: One of the more useful tools I learned about is called the Office Migration Planning Manager. These tools allow you to find Office files (doc, ppt, xls and mdb) in your environment that can be migrated and those that will not be able to be upgraded without remediation. This tool called offscan.exe finds the files and writes logs to a cab file. These cab files are then imported into an Access database where they can be reported upon using Excel 2003 or 2007. All the reporting templates are provided and the processes are very well documented. The next cool tool in the solution is called ofc.exe which can convert your existing files to the new formats. There are tons of benefits to the new XML based formats including:
This tool doesn't replace your existing files, rather it creates a "converted" directory which could then be scripted against to delete or move the old formats before replacing them with the new formats. The last claim about reduced file sizes is no joke. When I ran the tool, my documents were at least half as big and in some cases even smaller. Usually the ones that didn't reduce had images in them and binary files are already compressed. You can get OMPM at this URL:
January 16 The US Feds Require You to Keep EVERYTHINGPlease read the TechTarget article below regarding the federal mandate that says all companies are responsible to being able to provide access to emails sent within the last year. I'm assuming at least a year because the mandate specifies no actual date. The most important sentence is the following: "The rule puts the onus on IT departments to ensure they have adequate data-retention policies and that an archiving system that can retrieve documents in their original format, including metadata. To satisfy evidence requirements the systems may need to demonstrate that specific documents were not changed after they were archived." In Microsoft Exchange terms, this means using Journaling at the Exchange database level. Here's an article which discusses the process for Journaling in Exchange 2003. It's very easy but you need a process in place to archive the journaling mailbox. http://www.msexchange.org/tutorials/Implementing-Exchange-2003-Message-Journaling.html Here's an article that discusses the actual process of how Journaling works in Exchange 2003. It's the same overall process in Exchange 2007. http://technet.microsoft.com/en-us/library/2ebbad24-a063-42c2-ae1c-a511b9f8ef0e.aspx Here's the TechTarget article: http://searchstoragechannel.techtarget.com/originalContent/0,289142,sid98_gci1233776,00.html
December 14 Fun with Cryptoflex Smart Cards and VistaI've been preaching about Smart Cards for Domain Admins for a while. It's the best way to ensure that your accounts aren't being compromised, used by multiple people, or worse yet… used as service accounts!!! (eek) So in preparation for some training I'm about to do, I learned that a few Cryptographic Service Providers (CSP's) that used to work in XP, no longer work on Windows Vista. The one that is sticking it to me at the moment is the Schlumberger CSP which is used by the Axalto/Gemplus (now called Gemalto) Cryptoflex Smart Cards. So this has me wondering… what are all those large companies and federal orgs out there that are using this CSP gonna do when they want to upgrade to Vista? Gemalto doesn't have anything on their website and this is troubling. It's not like Vista has been a mystery to these people. They make cards specifically for Windows 2000 and XP. I have a call into their sales people and an email to a generic address. They also don't even have a support phone number on their website. Amazing! Usually I'm not in the business of flaming companies online but this is fairly frustrating and I haven't been able to find anything on the subject. So that's why I'm informing the world. (or at least anyone who is looking for this info) I'll post updates when I get some. **** NEW UPDATE 1/9/07 **** So I reached a Gemalto rep (who has been very helpful) and she said that Gemalto does have a smart card that works in Vista called the ".Net Card" however, this card is more than double the cost of the Cryptoflex card. Retail cost is $40/card. I was told that this is the card that all 40,000 Microsoft employees are now using. I've worked at Microsoft on various projects and had a smartcard with them as well. It seems insane that they would have to spend even $20/card... for 40k users. The price will obviously come down as Vista catches on. As a side note, it looks like the Schlumberger CSP will not be supported in Vista. :( November 24 If this is true… this guy just became richSometimes I'm caught off guard by how inventive people can be. This guy went "old school" and found a way to turn us back into a paper society. In the article below, a student named Sainul Abideen invented a way to store data as shapes and colors while claiming to be able to store 450 GB of data on a sheet of paper. (the size of the paper wasn't specified) If his claim is true, he just killed HD and Blu-Ray DVD's and re-propelled things like paper scanners. In addition, if he can come through on his claims, he's probably just become VERY rich. http://www.dailytech.com/article.aspx?newsid=5052
November 15 What you need to know about Vista Volume License Key ActivationToday I've been baby-sitting virtual servers installing in preparation for an Exchange 5.5 to Exchange 2003 migration. During that time I got an email from Microsoft discussing the new Volume License Key (VLK) Activation process. This is a huge change for companies who haven't yet started deploying Vista in the enterprise. Rather than rehash all the contents of the webpage, here's the link: http://www.microsoft.com/technet/windowsvista/plan/volact1.mspx The thing to note here is that you can no longer just distribute your VLK's around to your employees and let them activate Vista on their own. Microsoft now requires you to either deploy a server role internally that tracks VLK usage or connect to their servers and activate. You then can connect to their servers and see how many licenses you have used. If you deploy the internal-based solution, that server reports to Microsoft as a proxy. HOWEVER!... users must reconnect to this internal server at least once every 180 days to keep the activation alive. Once again, read the link above to get all the information.
November 09 I Stopped Using Microsoft Word (like you care)A few weeks ago I decided to try out Microsoft OneNote 2007. I used OneNote 2003 in the past and I thought it was cool but not cool like 2007. I’ve stopped using Microsoft Word all together and love the integration with Outlook. Plus I have the benefit of having access to all my projects and sub projects with one or two clicks of the mouse. OneNote allows me to save as Word Docs, PDF, XPS (who uses that?) and also allows me to send email right from within OneNote. But the killer is that my emails are now much more dynamic. I can add graphics, arrows, callouts and other content very easily. OneNote even has a screen capture tool built into the app that runs as a very slim System Tray process so I don’t have to load up SnagIt. Below is an example of an email generated with OneNote: The organization of OneNote is much more elegant than using folders since things can be categorized and sub categorized in much more detail. When I get emails from people that are relative to a project I’m working on, I can click on a button and message gets sent right to OneNote, I can then associate it with a Project and I’m done. Finally the one other thing I really like about using OneNote for projects is that I can search through OneNote and it will instantly show me the places where that term lives. Word is for wimps! November 05 Stop knowing your service account and domain admin passwordsI visit a lot of customers and at almost every one, way too many people know the passwords to service accounts and the domain admin account. The problem is that sometimes the service accounts run under an administrative context such as the domain admins or local administrators group on a server. This is a great backdoor for people once they leave (willfully or otherwise). One of the practices I employ is to use the following website to generate a very long and complex password: http://www.winguides.com/security/password.php I copy it from the website and paste it right in front of my customer’s eyes to the password configuration field. Then I show them that I’ve cleared my clipboard by copying another piece of text. This is a good policy to follow since it allows you to reset the service account passwords without really caring what they are. It takes some burden off of administrators since they aren’t liable for remembering them. Managers should get in the habit of changing service passwords on a consistent basis. Since you’re at it, make your domain admins change their passwords periodically as well. Finally use a random and un-memorized password for the administrator account. Then write it down and lock it up in a fireproof safe both onsite and offsite. Never use the domain and local administrator accounts and rename them to something innocuous like JSmith. Then audit it’s use using a tool like MOM. Make sure you get notified if anyone successfully logs in as your administrator accounts. I don’t think I should have to type this but I will just in case you’re still reading. Stop using your domain administrator account for anything other than a disaster recovery. No one needs to use this account and doing so removes the ability to audit who is making what changes to your environment. This assumes you are auditing changes… anyone?... anyone?... Buehler? October 25 Seeing the world through Google’s (text only) eyesI found this tool that has been around for a while but I think it's amazing in its simplicity. It allows you to see the world through MSN and Google's eyes. The tool is called Lynx and it is a text only browser. The benefit of using Lynx is that you see a web page in pure text as shown below:
The benefit is that you can find poor coding and better use things like Header Tags and Title Tags to improve your search results with various engines. I encourage you to check it out. The Windows port of this tool can be downloaded at the link below: October 24 Planet Technologies Named Public Sector Partner of the Year!Usually I keep this blog for purely technical articles. However, this is a very cool award that Planet Technologies just won from Microsoft. Being the "Public Sector Partner of the Year" means that we were voted the best partner overall in terms of Federal, Education and State/Local Government segments." We're very proud of this distinction and feel that it sets us apart from the run of the mill consultancies that pander whatever they can to whomever they can. Planet focuses on Microsoft technologies, and has since its inception. http://www.go-planet.com/news.Microsoft_Public_Sector_Partner_of_Year.asp October 19 Important Registry Changes in the 64 bit versions of WindowsFor those of you who didn’t know, Microsoft makes some changes in the registry of the 64 bit versions of XP and Server 2003 in order to support legacy 32 bit apps. You should read the following Microsoft support article to understand these changes. October 03 Burning Memory but getting ready for Exchange 2007If you're involved in Microsoft Exchange or have been buying servers lately, you're probabbly starting to buy boxes that can run Exchange 2003 now but can also leverage the advantages of Exchange 2007 when it's released in December of this year. Exchange 2003 can only use a maximum of 4 GB of RAM. However since Exchange 2007 is a 64 bit application, it can leverage up to 1 terabyte of RAM. While most servers cant even support this much RAM, many people are loading up on 16 GB models. This poses an interesting problem. Namely, while Exchange doesnt address more than 4 GB of RAM, but it doesnt really stop trying. Microsoft recommends using the /burnmemory switch in the boot.ini to throttle the OS back so it thinks it has less memory than it really does. Here's an example of a boot.ini for and Exchange server with 16 GB of ram.
[boot loader] After a reboot, this box would display 4 GB of ram and the Exchange Best Practice Analyzer will stop complaining. |
||||
Send a private message
Subscribe to RSS feed
Tell a friend
Add to My MSN
Add to your network
Sign up for alerts.gif)
.gif)
|
|
