THE OFFICIAL BLOG OF THE SBS "DIVA"

Manning the door for the trick or treaters tonight wearing glow stick earrings (of the screw post variety that are starting to hurt my ears btw)  and Glow in the dark necklace and bracelet and entertaining myself between waves of trick or treaters with .... well... what else... blogging.  And as the kids run across the yard in their Princesses and their Pirates and their Ghoulies and their.... I'm not sure what some of the costumes are actually... I hear them say "It's Herbie!"  You see my sister has her 1960 'Herbie the Love Bug" volkswagon parked out in front and the kids recognize the automobile from the somewhat recent LIndsay Lohan movie.  As a graphical icon it sticks out... the number 53 on the side and the hood. 

Someone the other day asked me for a reason to upgrade to Vista that didn't involve security.. and one is the 'graphical' refresh of it.... the fact that my nephew Nathan asks about a 'newer' OS when he sees me... there are those in the cutting edge era that want a new thing.. something fresh.   And then there are the types that can identify with an icon that has stood the test of time.... a 1960's Volkswagon.  But remember .... while it certainly still turns heads and people yell out "Herbie!" it doesn't have air bags, it doesn't have air conditioning, it was built for when the road risks were different.... so what's the best thing about Vista?  Because it was written with a different Internet in mind... one in which we know that the bad guys are out there...

(what you didn't think I would get a geek angle out of a Halloween blog post?)

Eric Ligman has a question about Office Live:

http://www.mssmallbiz.com/Lists/Office%20Live/overview.aspx

"How do you view and use Office Live with SBS for your customers? (i.e. "I think
it's great and here's why," or "I think it is confusing and here's why," or any
other feedback or input you have on Office Live as a Partner and why).
http://www.officelive.com for those unfamiliar with it."

Again, please submit your feedback and responses through the survey so we have
all of the replies in one area. Here is the direct link to the survey if you
can't use the links above:

http://www.mssmallbiz.com/Lists/Office%20Live/overview.aspx

You know what I want? More glue between the two.  I set up an Office Live domain for http://www.smbtnfresno.com and it was a bit tedious to enter in all the email addresses and passwords and what not... now if I wanted 'glue' between my internal SBS 2003 AD domain and a Office Live domain ...that would be ...well tedious.  I'd like some sort of 'suckage' of AD data from one to the other if that would be in any way shape possible.

For those of you who know me.. know that I have annual passes to Disneyland even though I live about 4 hours to the north of the place.  So recently we went to Disneyland during the Halloween season and well....

Our pumpkin carving just kinda had a life of it's own this year...

Just take a look and see what I mean..

Happy Halloween everyone!

http://blogs.technet.com/sysinternals/archive/2006/10/30/sysinternals-site-migration.aspx

Want to keep an eye on the Sysinternals stuff?  Watch that blog.... they even have a logo now.......

I'm not proud.  And I'll be the first to admit I didn't have the right 'tude' for dealing with a support incident the other night.

I didn't have the right 'tude' the other night.  I called into my ISP support line and didn't have the right "tude" for the first line tech support...and too many us forget that it's the first line that gather the info needed for the second tier.  And sometimes we think that we should immediately get esclated up the ladder when sometimes there's some basics that need to be established.  And then there are times that WE don't see the fact that at an appropriate time an escalation needs to be made... but the key element is AT THE APPROPRIATE TIME.   In my case when the support engineer asked me for the model of the DSL modem, I questioned why they needed the information...but you see they needed to establish baseline information before I was sent to the second tier. 

I was thinking again about this post and about this wiki entry and I'm not convinced that the issue is all in that source code isn't available or that the support engineer doesn't have access to the source code and all that.  I think "oh but if we/they had access to the source code" is a cop out.  I truly do.  Show me a break/fix engineer and he doesn't write code.  That isn't what they need to determine what's going on under the hood.  If a SBS engineer was shipped to a deserted island and given the choice between source code and the entire library of the Sysinternals.com stuff.. I'll bet you a million bucks he or she would take the sysinternals stuff.  Look at me... I can't read code worth a darn.  The last time I coded ANYTHING up was a Cobol and Basic class in college... but now that Peter showed how to do a BSOD analysis?  Man I can't wait until a machine blue screens on me (okay I'm weird..but it's fun).

Reading code is just that... code.  Wanna see some?  Go over to metasploit or milw0rm ...okay that's code right?  Exploit code.  Okay ...and?  So there's source code for ya right?  Mean anything other than  bunch of stuff to someone who isn't trained to understand what it's doing?  I'm just not convinced that the right place for what seems to me to be a coding issue was a phone call to a department used by folks like me.  Break/fix stuff and all that.  Not to mention IMAP is just a corner case and I don't see it much in SBSland.  I think perhaps somewhere along the line the right "tude" should have been reached and instead of going up the PSS/Break fix... perhaps trying a more coding Exchange newsgroup would have been wiser?  Escalation to a different division?  And maybe asking for a consult with the Support Supervisor?  I don't know...but I do know that .... at least in my opinion... having access to the source code wouldn't give you any better understanding here.

Code doesn't equate to understanding and implementation out here where it counts... ya know?

So next time ... including myself.. when you call into support...can you promise me that you have the right "tude".. google first....put in your "exact" error message in the search box.  You may be surprised that someone else had your same problem and someone else has helped them find the answer.  Try out http://www.eventid.net for event errors (buy a subscription to that site in fact) 

But remember: 

There are no dumb questions.  If you think it's a dumb question, it's just dumb because you can't find the answer.  Always ask, as someone else probably has the same question that you have.

For the quickest resolution to your posted issues, please remember the following:

1. Include the following details about the Computer exhibiting the Problem:

    Version installed:

    Service Packs Applied:

    Affected application version and Service Pack:

    Other applications on the box:

    Antivirus Software / Version:

    Processor:

    Memory:

    Hotfixes Installed

2. Details about **other** Computers, for example a client machine, if applicable

    Operating System and Service Pack:

    Applications:

    Antivirus Software / Version:

3. Details about the Network, if applicable:

    Internet Connection Type:

    Number of NICs in the server:

    Firewall/Proxy:

    Network Topology particulars:

4. Details about the issue:

    Full, complete error message wording or screenshot:

    When did the issue first occur?

    What changes were made around that time?

    Steps to reproduce if any:

    Any Additional Information you think would be helpful

* * The fastest resolution is a targeted diagnosis of possible causes. * *  

So be patient... and have the right 'tude' ....okay?

...so I'm watching the Legend of Sleepy Hollow..which reminds me in some bizarre way that the sale on RWW-Guard expires at the stroke of midnight on Halloween....

RWW-Guard will go from $100/unit (when buying the RWW Admin pack)
to the $250 MSRP on November 15th. The first two weeks of November 
will continue at the introductory price of $200/unit.

More info at: 
http://www.scorpionsoft.com/blog/archives/2006/10/trick_and_treat.html

(and even without the cryptocard ...it's a really cool way to place a smidge more security on the Administrator account... as that account can't be locked out...but this way you can ...even without a "card" solution, place an additional password on that account.  Even if you don't use it for more security, the additional logging it does of RWW alone means it's worth it in my book.

By the way... http://en.wikipedia.org/wiki/The_Legend_of_Sleepy_Hollow.... for more on the tale... and http://en.wikipedia.org/wiki/Sleepy_Hollow_%28movie%29 for more on the movie.

When someone can't get to the right level of support... you get this post and this wiki entry

https://lateralis.imr-net.com/wiki/jms/Microsoft/ExchangeSucks2006

I think debugging and trying to figure out what a piece of software is doing is one of the hardest thing when you are trying to figure out why something is crashing.  I'm not sure it would do any good to have the 1st level support have source code access, and even when you do look at code you have to understand what it's doing.  So I don't think code access without code understanding solves anything.  But I wonder if there's a better ISV support process out there?

Interesting read nonetheless...

Dear Exchange team:

In your KB http://support.microsoft.com/default.aspx?scid=kb;en-us;924334 you state the following:

Restart requirement

You do not have to restart the computer after you apply this hotfix.

Uhhh.....wanna make a bet?

3: Source:E:\Exchange\bin\SET174.tmp (6.5.7651.43)
110.953: Destination:E:\Exchange\bin\davex.dll (6.5.7638.1)
116.078: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
116.078: IsRebootRequiredForFileQueue: At least one file operation was delayed; reboot is required.
                              If none are listed below, check above for delayed deletes.
116.078: IsRebootRequiredForFileQueue: e:\exchange\bin\exoledb.dll was delayed; reboot is required.
116.078: IsRebootRequiredForFileQueue: e:\exchange\bin\davex.dll was delayed; reboot is required.
116.078: DoInstallation: A reboot is required to complete the installation of one or more files.
116.078: In Function SetVolatileFlag, line 11576, RegOpenKeyEx failed with error 0x2
116.078: In Function SetVolatileFlag, line 11593, RegOpenKeyEx failed with error 0x2
116.110: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
116.172: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0

I get really annoyed with the Exchange team regarding their view rebooting.... if we have this on automatic update... we will read on the KB that we don't need a restart when we do... at least both the SBS-WSUS and the real WSUS does properly state that it may require a reboot

As you can see here...both state "can require restart"

So bottom line.... read the innards of WSUS ... as that appears to be a better definitive source of reboot/noreboot information.

With a shout out to Mike in the blog comments... he said "I was troubleshooting an installation of QB07 on a 2003 Terminal Server. I had all the security modifications that I have used for the previous versions and it still wouldn't work. What I discovered is that normal users don't have but need rights to: Documents and Settings\All Users\Application Data\Common Files\Intuit\Quickbooks\qbregistration.dat I added rights to that file and the program ran properly. Bad news about having to be logged in at the server for the Database Manager. When I called support before installing on our server they never mentioned that to me. I was initially happy they had come up with a solution that didn't require running full Quickbooks on my server. For the 2006 version I had installed QB running the Database piece on a different computer with a drive mapped to the server and it work fine for us. I may have to uninstall the 07 version and try that trick again."

I originally could not get Quickbooks 2007 to run without admin rights on a stand alone machine... one I gave "Users" Full control to Documents and Settings\All Users\Application Data\Common Files\Intuit\Quickbooks\qbregistration.dat just like Mike said... it worked like a champ.

The official way to do it from the Intuit folks is to flip it so that the QB runs as a "service"

http://www.threatcode.com/quickbooks_2007.htm

Look at the screen shots here and do that extra step of changing the permissions of the "dat" file.

http://www.npr.org/templates/story/story.php?storyId=6393658

Starting next year daylight savings time change will move... and for those with Windows 2000 machines, that time change to standard/daylight won't be automatic.  Why?  Because Window 2000 won't get a patch that Windows XP machines will get that will automatically move that daylight savings to March from being April.

http://www.microsoft.com/windows/timezone/dst2007.mspx

You can actually test the patch needed for 2007 now by downloading it here:

http://support.microsoft.com/kb/924840/

A test version of a time zone update for 2007 is now available for computers that are running Microsoft Windows Server 2003 and Microsoft Windows XP. In the spring of 2007, the start dates and the end dates for DST in the United States will change to comply with the Energy Policy Act of 2005. The dates will change as follows:

The Windows updates are currently planned to be available for production deployment for all customer starting in mid-November 2006 through Microsoft Download Center. The update will be available via Windows Update, Automatic Update, and WSUS starting on December 12, 2006. Updates will be posted to this site as the final deployment date approaches.

Now then.. make sure you watch OEM machines, the daylight savings box and Outlook meeting times.  I have been nailed several times with machines that end up not flipping to standard time and instead stay on daylight until I 'recheck' the box.  If I don't double check this, I'll end up with someone's Outlook booking appointments off by an hour.

...so I was doing some testing on this workstation at home and couldn't figure out why it wasn't LUA freaking out like I expected it to.... well I think I found the answer...

http://www.threatcode.com/hp_oem.htm

That's an image of the permissions on the root of my HP Pavilion C drive here at home ....

Everyone - Full Control  now keep in mind this system already has a Data Execution Protection Exclusion for the Help and Support Center... and it has worse security on the C: drive than Windows 2000's default permissions:

Members of the Everyone and Users groups (normal users) do not have broad read/write permission as in Windows NT 4.0. These users have read-only permission to most parts of the system and read/write permission only in their own profile folders. Users cannot install applications that require modification to system directories nor can they perform administrative tasks.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/deploy/dgbe_sec_rzdw.mspx?mfr=true

On this .. nearly new, HP Pavilion computer... I might as well be running Windows 98.  Because on this system the Everyone group DOES have broad read/write permissions all over the place.

How can Microsoft support the home/end user when the permissions that they've worked SO HARD to ensure are tightened up are not implemented in the systems that are used by home users... the ones that turn into bots and what not.  What hope do we ever have in having security when manufacturers change defaults and NEVER TELL END USERS.

And go into any small business and we tend to not flatten these builds but use them "as is".

Can you tell I'm a bit shocked by HP's changing of the default permissions?  To me this is unacceptable...that this is not disclosed... and the permissions are weakened so much on a home PC.

(To Karen....yes, it's a home PC as I stated ... all the more reason to not change the ACLs to Everyone Full Control...but there have been reports from other Security MVPs that OEM 'consumer grade' builds of boxes have adjusted permissions and ACLs.... given that there are times that you walk in and the owner hands you the machine from Best Buy...but even with business class machines, I'm finding too much crud on the box for my liking.  Quicken, McAfee... there's too many other programs and crud on there that you don't have a standard image)

Just a heads up that non admin for Quickbooks 2007 is do-able and I'll be doing screen shots regarding it and blogging it.  Alison from Intuit put me in touch with a person in the know that knew.

So bottom line.. Quickbooks is LUA-able.

I find it slightly funny that the second search result for "Microsoft" from the MS. Dewey search engine is how to disable the pilot version of WGA....

See what I mean?

TO: ALL CFS USERS
FROM: CFS CUSTOMER SERVICE
DATE: OCTOBER 27, 2006
RE: MANDATORY UPDATE

IMPORTANT: ALL CFS USERS MUST INSTALL THIS UPDATE BEFORE INSTALLING THE NEW INTERNET EXPLORER 7

We have posted an update for most CFS programs. It allows CFS software to communicate with Internet Explorer 7 (IE7), which is in the process of being released by Microsoft. Soon, Windows will automatically download and install IE7.

If you do not install this update, you may get an error message when loading our programs, and you will be prohibited from automatically installing future updates.

If you have any of the following programs, you must install this update.

There is a third way to download updates if you have a high-speed Internet connection.

Download Option 3: UPDATE AUTOMATICALLY ON STARTUP
If you have a permanent, high-speed Internet connection--such as DSL, ISDN or cable--most CFS programs can be configured

WGA is now becoming WGA and OGA and VGA ...that's Windows Genuine Advantage, Office Genuine and Vista Genuine... The server newsletter has more details http://www.wservernews.com/1HGQOK/061030-MS-Office-Validation The gang is wondering when MGA and UGA will kick in... "Mouse genuine advantage" and "User Genuine Advantage".  You know ... unless you are a REAL end user... you won't get activated ;-)

I understand the need for a company to ensure that people are not ripping off their intellectual property, but I still don't get how or why Microsoft is (in my opinion) handling this badly.... "quietly disclosing" shouldn't be something that you are doing with your partners.  They need to know where to go for help when there are issues.  And down here in my space, I don't have a PAM... and just got a call the other day (I was out of the office) from my SBSC "T-PAM".

So folks.... get ready for OGA....

The SBS Doc blog asks about that "getting started" chart that was in the SBS 2003 documentation... except there's one problem.. you see it's not in every media bundle that's sold.  When I got my SA media of SBS 2003 I went looking for that chart as I had heard about it..but it was no where to be found.  I think I finally saw one in the SBS 2003 eval kit.  Also I'm not sure that the chart was offered up with the Dell or HP OEM media kit.... so I guess I'd first ask... who's the target market? 

OEM media? Retail?  Or the volume license versions?  And maybe instead of a printed chart ... what if it's an online checklist so things can be updated?

Okay so for the past couple of weeks we've had this little bugs that we've been chasing around the kitchen.... and tonight we found the infestation.  And it showcases how just like in technology if we'd keep up to date, not keep old stuff around and proactively monitor things, we'd not have bugs.

You see we got bugs in these really old Christmas gifts of food... well food for our dog... dog biscuits that could be baked.... and we'd left them in the back of the cupboard ... unattended, not monitored for so long...that when we finally figured out the source of the bugs we threw not only them away.... but all the other boxes of stuff that the bugs had gotten into.

If we'd been better housekeepers (or bakers.. one of the two) we wouldn't have had this issue.  If we'd found the infection when it first started, we'd not be throwing out half our baking supplies... some of them that we do use... I mean who knew bugs liked cornstarch.. I have to buy cornstarch now.

The geek angle to this story?

Keep up to date, monitor the age of your machines, keep an eye on things... so that you don't have to end up throwing out the computer equivalent of the pantry stuff we threw out tonight.