THE OFFICIAL BLOG OF THE SBS "DIVA"

The Oferized view of Microsoft Support

Ofer Shimrat, whom I am excited and honored to be giving a presentation with at www.smbnation.com in October always has such wisdom... here's his view of the change in support that Microsoft just announced:

Aware of Microsoft’s SBS support announcement “changes” I read with interest Karl's post, Susan's incisive thoughts and Vlad's lavishly worded follow up.

I must say with all due respect that once again I disagree with Karl and whole-heartedly agree with Vlad and Susan - but for differing reasons.

My take - the proliferation of TOO MANY Action Packs, too many MPAN and other “resources” have hit CRITICAL MASS.

There is no more FREE LUNCH.

The amateur’s house of cards is tumbling and along with $ 5.00 per gallon gas (here in Southern California) its panic time.

To the amateur, ANY and ALL situations that require technical prowess to rectify are a potential SERVER DOWN – it’s like crying WOLF.

So Microsoft said NO more. They too have to run a business – and now WITHOUT Bill Gates.

The perception that this profession is SO easy that anyone can do it sprinkled with over-dose marketing that anyone can MANAGE it (as in services) thereby being profitable at it WITHOUT having the technical prowess and expertise is – like $ 5.00 gas - NOT SUSTAINABLE.

To put it a different way - too many SALESMAN and too few EXPERTS.

Allow me to reiterate an observation I made back in May 2007 titled The Symphony of SBS –

http://msmvps.com/blogs/bradley/archive/2007/05/19/the-symphony-of-sbs.aspx

“Too often in the field I encounter previous deployments of SBS from people who had NO business even attempting to install it let alone deploy it – bad hardware, enterprise MCSE’s mindset, NO wizards, poor business judgment, just in it for the money, geeky friend-of-a-friend, apprentice-in-training, or SMB charlatans that simply do not take the time to learn and MASTER their trade and do not rise up to their own lack of knowledge.

It’s the $ 399 servers – it’s the lets-not-install-all-the-features syndrome because they won’t use it yet so I-can-make-more-money-later – it’s the hardware/software/networking corners they cut at every juncture to maximize the almighty profit – it’s the ATTITUDE that they are in business JUST to make money and the client be damned – it’s the lack of imagination when confronting a tech support problem that almost ALWAYS has been confronted by someone before and SOLVED, and if not at minimum, addressed already in abundant detail in blogs all over the Internet.”

I view this Microsoft announcement as a good thing – a good thing for the SALESMAN that is part of a technically proficient organization that is attuned to their client best interests – a good thing for the EXPERT to redouble his/her efforts in following Best Practices and building robust scalable solutions for their clientele – all involving SBS that will continue to serve the SMB space well – as long as it PROPERLY implemented by COMPETENT consultants.

In short - GOOD NEWS for the professional and technically proficient consultancy.

Here's to the death of the amateur consultant

http://smallbizthoughts.blogspot.com/2008/07/last-leg-for-sbs.html

If this is the sign of the death of the amateur consultant, good.  You heard me.  Good.  Because customers deserve better than some guy or gal doing networking on the "side" and screwing it up. 

So Karl this isn't the last leg in my opinion now that I've had more chance to think about this.  Again the key here is how this is deployed and monitored...if done with an agreed upon SLA with a specific call back, then a tech can plan the event. 

And Karl?  You didn't link to this post... http://msmvps.com/blogs/bradley/archive/2008/07/02/calming-down-the-support-incident.aspx

Broadcasting from the 405

On the way down to LA to pick up my Sister's new convertible mini cooper and there's still a lot of SUVs and gas guzzlers driving on the 405 today.  I am hearing that more and more firms are doing alternative work hours and allowing remote technology.  Now obviously with Remote Web Workplace, a small business network is all set, but what other ways are you making firms "be green".  I need to set back up Remoe Web Workplace wake on LAN as right now all of my machines, including at the office and at home are on and burning energy. 

Gas may be more than $4 a gallon but the 405 is still a mess near the airport and a near parking lot.

For those interested.........Pepper White, convertible.  And while we're down here picking up Karen's ....I'll be placing an order for a hardtop Mini myself :-)

Want to check that the ports you think are open really are open?

Want to check that the ports you think are open really are open?

https://www.grc.com/x/ne.dll?rh1dkyd2

Go to grc.com shields up page and when you are there place the port numbers you want to check in the custom port probe.

Then click "User specified port probe"

Port 4125 "should" say closed as that only opens up when you authenticate on the Remote Web Portal via port 443.  Now before you guys go "what the heck is she doing with an open port 3389?!!", that's a rdp port to a vmware box running the RC of SBS 2008.  If it gets owned I'm flattening it anyway :-)

Knowing when stuff gets installed...

EventSentry - Real-Time Event Log Monitoring Consolidation Suite:
http://www.eventsentry.com/

Let me just say I am in love with this software.

If any software gets on the box it warns me, if anything gets added to autoruns, it warns me.  You can either set it up to log it to a SQL 2005 express database or just hit you on email.

But truly, want a way to monitor 'bad stuff' on a box?  Watch what gets installed is how.

Isn't that notification just WONDERFUL?!

A Windows Server 2003-based computer stops responding when you shut down the computer in a remote console session:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;930045

(edit added the image of the email since the formatting was messing up)

Calming down the support incident

So your thoughts about the call back support? - THE OFFICIAL BLOG OF THE SBS "DIVA":
http://msmvps.com/blogs/bradley/archive/2008/07/02/so-your-thoughts-about-the-call-back-support.aspx

(back for another 2 cents thought process)

Like many things in life, the few screw things up for the many.  I've heard many a time where the biz crit down calls are abused.  I've seen partners describe what they considered to be 'biz crit' and I was thinking to myself... hmmm.... I'm not sure I'd define that as biz crit, personally.  For example the other day when I called into CSS security, I didn't define the security case as business critical.  Yeah the blog web site was turned off, but this isn't a business.  No revenue was being lost.  Heck I was probably saving the folks at Ownwebnow.com money in bandwidth costs, so it certainly wasn't a server down situation/biz crit in my book.  Therefore when they asked me severity, I didn't label it "biz crit".

IF the call back scenerio is handled well, meaning that whatever call back window that is stated is adhered to, then all is well.  IF however it turns into where the agreed upon call back window turns into a Cable repairman call back vague window, that's not so good.  And I think that's the key.  The policies and processes need to be clearly stated as to what the expectation is.  As always, the devil is in the details, and the key is to monitor that the details are being adhered to.

Honestly my biggest issues historically with support is that I will have a non biz crit issue, but it will be just after 6 p.m. pacific.  No the server isn't on fire, but there's something I did, and because I'm West Coast, I really can't start working on the server until after 6 p.m. when everyone goes home.  Friday night is my night to blow up the server.  So if I do something stupid and partially blow it up but not enough to be biz crit, I'm stuck googling my way out of my situation.

Conversely (as Evan points out with snarky comments and all :-)  If I got myself into that mess, shouldn't I be able to get myself out of it?  Sometimes even when the server IS in flames and I'm freaking out, I'm not really needing a phone call to support, but rather a voice to calm me down and make me not panic.  More of what I need is a buddy system to calm me down, and allow me to think logically and calmly and get me out of my "OMYGAWDIJUSTBLEWUPTHESERVER" mode that I'm apt to be in at that time. 

Truly even with that call back wait time, the price tag we pay for support (that many of us don't use admittedly) is DIRT CHEAP compared to going to the marketplace of RFPs and bidding on support.

Maybe what the resources need to be put into is not Phone queues and call back numbers but "don't panic" documents and troubleshooting guidelines so that we can do those first "CALM DOWN" stuff first.  One HUGELY good thing they've fixed is the manner to get hotfixes these days.

THAT is so cool and works so well.

So maybe the real question we all should be asking ourselves is not what do you think about the change in the support plan...but what WAS the last time YOU called support and what would have made it a more streamlined process?

One of my finer moments of calling Support was the night I was uninstalling SQL server, forgot that it would mangle ISA, it took out the LAN/network and I also accidentally locked my office keys in the server room so when I lost network connectivity, I lost the ability to remote to the network and couldn't get into the network room to deal with the issue.  If I had been a little bit calmer, and not as freaked out, I probably would not have needed to.  As I vaguely remembered that there was some KB that talked about the issue, but it wasn't linked at the time in the document I was following (BTW rule number one in the Susan blow up your network on a Friday night is to ALWAYS have a secondary means to get to the Internet for googling purposes).

So maybe that's what's needed as part of the process of requesting a call back support session?  Some sort of emailed checklist sent to you that forces you to calm down and think?

The new RWW and the new Connect

Costas Tsaklas’ Blog » Blog Archive » Add custom links to RWW on SBS 2008:
http://costas.cpstechgroup.com/2008/07/02/add-custom-links-to-rww-on-sbs-2008/

Costas Tsaklas’ Blog » Blog Archive » Join a Vista computer to the SBS 2008 domain:
http://costas.cpstechgroup.com/2008/06/26/how-to-join-a-vista-computer-to-the-sbs-2008-domain/

Costas has a nice step by step screen shot of the "new" Remote Web Workplace and the "new" Connect.  Check them out!

So your thoughts about the call back support?

I'm not at all ready to say that the new Call back support talked about is now showcasing that Karl was right in his prediction....

Small Biz Thoughts by Karl Palachuk: The Death of SBS:
http://smallbizthoughts.blogspot.com/2007/05/death-of-sbs.html

SBSC & MSP Buzz » Blog Archive » SBS Support Goes to Call-Back Support:
http://sbsc.techcareteam.com/archives/252

But it brings to mind several questions.  First at the top of the list that everyone asks me is "What is the impact to Business Critical"?

Answer?  I don't think it's impacted?  But I'm not 100% certain and it's something that you guys and gals heading to Houston can ask about and get an official clarification on that policy.

The beancounter brain in me understands Microsoft's need to control support costs, but the business owner in me knows that that's the key difference between open source software and Microsoft. 

Support.

If a partner has a key critical business server down situation, calling back will not work and that partner will find alternative means of support.

Stupid is as Stupid does

I was stupidier than I thought.

I thought that the bad guys nailed me on 6/6/2008.  But in reviewing the information on the files that were dumped on the box on that day was a file called KB1920213.log, they nailed me earlier than I thought they did.  Which points out the stupid thing I did.  I was not monitoring the system truly as well as I should have.  The installer process on this box was not being monitored by me.  If I had been I would have noticed that back in May (the log file date of 4/14 appears to be incorrect based on other evidence) was when they really broke in via the php file in Merak email software. 

The mitigation I have in place now is two fold, first all ports are limited (with the exception of port 80, 443 and 25).  The port that they nailed me on, port 32000 is no longer open to all listserve administrators from any location.  This means the balancing act between security and functionality as I find a happy medium.  Secondly I now have EventSentry on the box so that if someone sneezes near it, I'm alerted.

But this points out the fact that a restore from a backup from a date you think the bad guys got in may not be the right date.  If I had merely gone from the intial evidence I saw, that date would have been 6/6/2008.  Now with this additional evidence, that date is (edit) 5/15/2008  5/14/2008.  Furthermore, one has to be a tad paranoid to look at the data I put back.  Given the manner in which the server is set up, I am reasonably confident that the data was not mangled with.  But it sure does give one pause, doesn't it?

When the bad guys script and leave behind log files so that their system is set up properly...it just puts a lot more paranoia in one, doesn't it?

Anatomy Of A Hack: How A Criminal Might Infiltrate Your Network:
http://technet.microsoft.com/en-us/magazine/cc160808.aspx

Read that and think about what holes there are in your security stance.  There definitely was holes in mine.

                Computer                Date_Time              Source    Text

                YODA      2008-06-06 05:40:16              FSInfo_C_NTFS.csv              Last Write: C:\WINDOWS\KB1920213.log

               Coded by: SlaYeR and COLdGiN
    And Many thanks to Bullet! our big ass teamleader!                     Version 1.0
[Xcacls.exe is redownloaded!]
Kit started date: Wed May 14 13:13:10 2008

+================+
+  Version 1.0   +
+================+
[Scanning for Anti-Virus applications...]
+================+
+  Systeminfo    +
+================+
OS: Windows 2003 [vesion 5.2.3790] Service Pack 2

Host Name:YODA
Windows Dir:(C:\WINDOWS)
System Dir:(C:\WINDOWS\system32)
Uptime: 0d 16h 23m 3s

Total CPU cores:2
System speed: 2813 Mhz

RAM Usage: 1545/2032 MB (76%)

+----------------------------------------------------------+
C:\ Name:()Total:35291.MB->34.GB Free:13566.MB->13.GB Type:NTFS Source:LOCAL

D:\ Name:(New Volume)Total:238464.MB->232.GB Free:139778.MB->136.GB Type:NTFS Source:LOCAL

E:\ Name:()Total:476929.MB->465.GB Free:432612.MB->422.GB Type:NTFS Source:LOCAL

F:\ Name:(WD Passport)Total:57215.MB->55.GB Free:35055.MB->34.GB Type:NTFS Source:LOCAL

+----------------------------------------------------------+
[2008-4-14 13:13:11] --> [Hello! ^^ I'm Ph0eniX and I'm installing your files..]
[2008-4-14 13:13:12] --> [Verrry Niice ^^ Windows File Protection has been disabled!]
[2008-4-14 13:13:12] --> [O Oh ^^ Real SysmonLog service deleted!]
[2008-4-14 13:13:12] --> [smlogsvc.exe Deleted!]
[2008-4-14 13:13:12] --> [smlogsvc.exe copyed to system32!]
[2008-4-14 13:13:12] --> [arper.exe copyed to system32!]
[2008-4-14 13:13:12] --> [aproman.exe copyed to system32!]
[2008-4-14 13:13:12] --> [sysmem.dll copyed to system32!]
[2008-4-14 13:13:12] --> [memdump.dll copyed to system32!]
[2008-4-14 13:13:12] --> [Fake smlogsvc.exe loaded!]
[2008-4-14 13:13:13] --> [smlogsvc.exe started!]
[2008-4-14 13:13:13] --> [Sysmon.exe copyed to system32!]
[2008-4-14 13:13:13] --> [serv-u body service created!]
[2008-4-14 13:13:14] --> [Yay ^^ Service corectly created for the serv-u]
[2008-4-14 13:13:15] --> [Happy Time ^^ Sysmon.exe started!]
[2008-4-14 13:13:17] --> [start.exe cleaned!]
[2008-4-14 13:13:17] --> [firewall.reg cleaned!]
[2008-4-14 13:13:17] --> [arper.exe cleaned!]
[2008-4-14 13:13:17] --> [xcacls.exe cleaned!]
[2008-4-14 13:13:19] --> [See you in hell ^^ i'm committing suicide bye bye!]

               Coded by: SlaYeR and COLdGiN
    And Many thanks to Bullet! our big ass teamleader!                     Version 1.0
[Xcacls.exe is redownloaded!]
Kit started date: Fri Jun 06 05:40:07 2008

+================+
+  Version 1.0   +
+================+
[Scanning for Anti-Virus applications...]
+================+
+  Systeminfo    +
+================+
OS: Windows 2003 [vesion 5.2.3790] Service Pack 2

Host Name:YODA
Windows Dir:(C:\WINDOWS)
System Dir:(C:\WINDOWS\system32)
Uptime: 23d 8h 49m 29s

Total CPU cores:2
System speed: 2813 Mhz

RAM Usage: 1485/2032 MB (73%)

+----------------------------------------------------------+
C:\ Name:()Total:35291.MB->34.GB Free:13100.MB->12.GB Type:NTFS Source:LOCAL

D:\ Name:(New Volume)Total:238464.MB->232.GB Free:128084.MB->125.GB Type:NTFS Source:LOCAL

E:\ Name:()Total:476929.MB->465.GB Free:190009.MB->185.GB Type:NTFS Source:LOCAL

F:\ Name:(WD Passport)Total:57215.MB->55.GB Free:256.MB->0.GB Type:NTFS Source:LOCAL

+----------------------------------------------------------+
[2008-5-6 5:40:8] --> [Hello! ^^ I'm Ph0eniX and I'm installing your files..]
[2008-5-6 5:40:9] --> [Verrry Niice ^^ Windows File Protection has been disabled!]
[2008-5-6 5:40:9] --> [O Oh ^^ Real SysmonLog service deleted!]
[2008-5-6 5:40:9] --> [Cannot delete smlogsvc.exe! still running?]
[2008-5-6 5:40:9] --> [smlogsvc.exe Failed to copy to system32!]
[2008-5-6 5:40:9] --> [arper.exe copyed to system32!]
[2008-5-6 5:40:9] --> [aproman.exe Failed to copy to system32!]
[2008-5-6 5:40:9] --> [sysmem.dll Failed to copy to system32!]
[2008-5-6 5:40:9] --> [memdump.dll Failed to copy to system32!]
[2008-5-6 5:40:9] --> [Fake smlogsvc.exe loaded!]
[2008-5-6 5:40:10] --> [smlogsvc.exe started!]
[2008-5-6 5:40:10] --> [Heey! old serv-u found! reinstalling the serv-u!]
[2008-5-6 5:40:10] --> [Failed to kill real Sysmon.exe!]
[2008-5-6 5:40:10] --> [Cannot delete Sysmon.exe! still running?]
[2008-5-6 5:40:10] --> [Sysmon.exe Failed to copy to system32!]
[2008-5-6 5:40:10] --> [serv-u body service created!]
[2008-5-6 5:40:10] --> [Yay ^^ Service corectly created for the serv-u]
[2008-5-6 5:40:11] --> [Happy Time ^^ Sysmon.exe started!]
[2008-5-6 5:40:14] --> [start.exe cleaned!]
[2008-5-6 5:40:14] --> [firewall.reg cleaned!]
[2008-5-6 5:40:14] --> [arper.exe cleaned!]
[2008-5-6 5:40:14] --> [xcacls.exe cleaned!]
[2008-5-6 5:40:16] --> [See you in hell ^^ i'm committing suicide bye bye!]

The Official SBS Blog : Announcement: Call-back support for Small Business Server Products:

The Official SBS Blog : Announcement: Call-back support for Small Business Server Products:
http://blogs.technet.com/sbs/archive/2008/07/02/announcement-call-back-support-for-small-business-server-products.aspx

Breaking the trust

http://peeved.org/blog/2008/07/01/

Good post.

"Is there any regression testing being done on patches deployed thru WSUS? Is there regression testing of the patch metadata being synchronized into Customers' WSUS databases? It sure doesn't look like it, on either front. "

"Yet again, I'm embarrassed to have my Microsoft "certification" and to be associated with them in any way. Way to foster trust in IT, Microsoft! "

Does your server really need a recycle bin?

Thanks to a certain person, I didn't even think of this...

http://www.theeldergeek.com/enable_disable_recycle_bin.htm

Did you know that you can set the recycle bins per drive location?  Now on a SBS server you'd want to enable/keep those recycle bins, but on a web server, do you really need a recycle bin?

Why do I ask this?  Because when Yoda was "owned" his recycle bins turned into Video repositories.

Why there?  Because they are hidden is why.

This is a view from the image of the owned system that I saved so that I can dig back into log files on the system.  Included in the batch file that set up the windows media player was a script that installed various things on the system.  While the original entry point was the Merak web portal, once they got a toehold, they made themselves comfy and starting re-permissioning the box.

     ::lock the folders (NOTE: working folder needs to be two deep from DENY folder)
    dir.exe "c:\recycler\S-1-5-21-3732111762-1530546613-1416731192-501\Dc33\backup" /G EVERYONE:F /Y
    dir.exe "c:\recycler\S-1-5-21-3732111762-1530546613-1416731192-501\Dc33" /G SYSTEM:F /Y
    dir.exe "c:\recycler\S-1-5-21-3732111762-1530546613-1416731192-501" /D EVERYONE /Y
    dir.exe "c:\RECYCLER" /G EVERYONE:F /Y

That "dir" command was actually Xcacls.exe which is actually hardening the system... just because they got in they don't want anyone else to get in..but bottom line guys and gals, when something bad gets in, I'm not convinced that you can repair it.  Be prepared to flatten and rebuild.

P.S. It's kinda embarrassing when you got owned and then you aren't even used for p_rn.

Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates

The Microsoft Security Response Center (MSRC) : Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates:
http://blogs.technet.com/msrc/archive/2008/06/30/microsoft-windows-server-update-services-wsus-blocked-from-deploying-security-updates.aspx

So here's the thing...

That came down on June 11 and apparently has caused some issues with WSUS servers offering up patches.  But I don't see issues with my server?  Do you see any issues with yours?  Is it only if you approved it the first time?  Is it only when you have Office 2003 clients?

Bottom line keep an eye out for this, but I'm not seeing this in my networks...

So what's TMG anyway?

Download details: Forefront™ codename "Stirling":
http://www.microsoft.com/downloads/details.aspx?FamilyID=65bd5f8a-d94c-457a-9f88-2046597130e1&DisplayLang=en

So if you want to see what TMG is all about..check out that beta (there's a Virtual one as well)

The Official SBS Blog : Software Assurance entitlement for SBS 2003 customers upgrading to SBS 2008:

The Official SBS Blog : Software Assurance entitlement for SBS 2003 customers upgrading to SBS 2008:
http://blogs.technet.com/sbs/archive/2008/06/30/software-assurance-entitlement-for-sbs-2003-customers-upgrading-to-sbs-2008.aspx

If you have any clients on Software Assurance... or you just sold them on Software assurance... or were thinking of selling them on Software Assurance.... you just might want to take a look at that blog post.

Junction Points and Access Denied

Man I hate it when I am looking for a document and can't find it, and I know I blogged about it.  It had to do with the changed folder locations in Vista and it made be go "oh, that's why users is where it is and why I get an access denied when I click on My documents".  But this will still give you an idea of what's going on.

This document on MSDN is a great grid of the changes in junction points that you might want to print out and take a look at your Vista workstation or Server 2008.

AC: Junction Points and Backup Applications:
http://msdn.microsoft.com/en-us/library/bb756982.aspx

One of the things I hear a lot from folks about Vista is that they can't find where things are or when they click on "my documents" they get an access denied even though they are an "Administrator".

Security: New ACLs Improve Security in Windows Vista:
http://technet.microsoft.com/en-us/magazine/cc138011(TechNet.10).aspx

The reason for that is there in that document.. the junction points are just placeholders and there's actually a deny in there.

Anytime you see a shortcut icon in the main root that's not a real directory at all but a means to 'trick' the sucky app vendors that still need time to move to Vista

Vista IE7 Cache & Cookies Folder, Temp Directory and History Location » My Digital Life:
http://www.mydigitallife.info/2007/05/26/vista-ie7-cache-cookies-folder-temp-directory-and-history-location/

Another great document that showcases what things have moved where.

If you edit the file properties to allow you to see hidden file locations, then you can see where "my docs" and all the other stuff really is at.

Once you do that, then you can see where cookies and other files end up.  First browse to Users, <profile name> and you can see the true Documents folder under there.  See that "My documents" with a shortcut?  Again, that's just a stub location. 

If you click on it, you'll get an access denied. 

And that is  EXACTLY what is expected because there's a deny there to ensure that it stays in place because the app vendors also expect it there.

And those three locations are based on the "risk" of where the data comes in from.  Roaming is where most of the main folders will end up.

But next time you get an "access denied" think of what is really going on under the hood in Vista.

Error 0x80070057 returned from call to Adding routers IP address

So Kevin hit an issue where he ran the CEICW on a brand new SBS 2003 computer and hit this:

http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/ed5a595e5c3fd88c/50b71975e02617db?lnk=st&q=Error+0x80070057+returned+from+call+to+Adding+routers+IP+address+to+the+intranet+zone().#50b71975e02617db

Error 0x80070057 returned from call to Adding routers IP address to
the intranet zone().

So how did he fix this?  Two things.

He imported the registry key from a working computer

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap

And then turned off Enhanced IE and bingo.. the CEICW wizard worked.

About that data portability

http://www.nytimes.com/2008/06/29/technology/29digi.html

So here's the reality.  Today we're running Community Server 2008 sp1 and the data is built and stored in SQL 2005.  As a result of this migration we've lost some attachments, images, and for the decorator in me, blog skins that work.  Not the greatest migration that I would have hoped for.  So I look around at other blogging platforms and the options I have to move the data, I realize that I'm not sure where to turn.  The content is in SQL 2005.  Wordpress and Typepad run in MySQL.  Quite frankly, unless things change, I'm not sure I have the braincells left to handle another database engine, especially one that I'd only use for the blogging platform.

So the article above that urges Microsoft to make a break with the past showcases to me how much the pundits don't understand that when it comes to data and business, one does not rip out and replace lightly.  It's the reason entire firms are not ripping out XP and migrating to Vista.  It's the reason firms are still on Office 2003.  One does not migrate lightly.  One HAS to ensure that once they get on migrated platform that the business is not adversely impact.

If this blog site was a true business and my "business" was impacted to the degree this migration impacted this platform I'd be concerned about the productivity and efficiency impact of my firm. 

Bottom line, migrations suck.  Upgrades are never without risk.  And for all that we'd love to rip out and start over, get real.  Real world doesn't work like that.  Once cannot rip out without major impact.

Slipstream XP sp3 and RWW Active X issues solved

A huge thank you for this follow up to an issue that impacted Remote Web Workplace.

The issue was that as you built a XP sp3 with IE7 slipstream install that you could not enable the Terminal Server Redistributable (Active X control) that RWW needs to function.  If you install XP sp3 it gets disabled as well, but with slip install you were sitting there stuck and couldn't figure out how to get it back enabled.

SBS 2003 RWW problem - TechNet Forums:
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3427893&SiteID=17

XP SP3 Upgrades & Slipstream Install Issues with SBS RWW « Ramblings on IT:
http://blogit.dslee.org/2008/06/28/xp-sp3-upgrades-slipstream-install-issues-with-sbs-rww/

Thanks Dave for this info.

After you build your slipstream and deploy it.. "reset" IE 7 otherwise you'll get stuck getting into RWW and you can't "enable" the TS control because it's greyed out.

That's on Vista but the concept is the same.. Click reset

One more upgrade folks to CS 2008 sp1

 Community Server 2008, Service Pack 1 Now Available! : Community Server:
http://communityserver.com/news/team-blog/community-server-2008-service-pack-1-now-available/

One more bump up that hopefully this blonde can handle now that we're over the hardest hurdle.  Just announced yesterday.  At least I have great timing!