Saturday 31 March 2007

Information Security: Outlook 2002, 2003 Read as Plain Text

I have a hard time with HTML in e-mail. It presents such a huge opening in network security.

With client's permission, starting with Outlook 2002/XP we have set a mandatory "Read as Plain Text" on all e-mail coming into the organization.

We came up with this, because eliminating the Preview Pane for some key users just wasn't going to happen.

They could accept that they could click on the Grey Security Warning Bar in the e-mail to enable HTML content.

With a little training, our users are aware of what to watch out for when it comes to the content of e-mail.

A bank URL that has a www.mydomain.sk/www.royalbank.ca/logon.do or whatever is BAD. The bad URL actually shows up beside the original link in brackets. They have picked up on that.

This has paid off in many ways over the years. The single most way?

We have networks that are virus free. Downtime due to a bad infection, or because someone allowed a Trojan to take root in their system is something to be avoided at all costs.

The reason I am bringing up is because of an article I read at Information Security Sell Out: 0day! Microsoft ANI Code Execution.

The link to the following articles on the vulnerability:

Brutal! One doesn't even need to click and that's all folks! Owned.

To configure Outlook 2002 to utilize plain text for e-mail reading: Microsoft KB 307594: Description of a new feature that users can use to read non-digitally-signed e-mail or nonencrypted e-mail as plain text in Office XP SP-1.

Service pack Office 2002/XP. Then:

  1. Click Start, and then click Run.
  2. In the Open box, type regedit.
  3. Locate the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\Mail
  4. On the Edit menu, point to New, and then click DWord Value.
  5. With the new Dword value selected, type ReadAsPlain.
  6. Double-click the new value to open it. In the Value Data box, type 1, and then click OK.
  7. Click OK, and then quit Registry Editor.
You may need to log off and log back on to have Outlook pick up the new settings.

Outlook 2003 can be setup to read as plain text via Group Policy.

  1. Create and link a new GPO at the domain level, and name it something like: Default Domain Office 2003 Policy.
  2. Go to the Office 2003 Resource Kit site and download the Office 2003 GP ADM files.(EXE File)
  3. Extract the downloaded file to a location you can remember.
  4. Edit your new GPO
  5. Right click on Administrative Templates.
  6. Left Click on Add/Remove Templates.
  7. Click the Add button.
  8. Navigate to your ADM files.
  9. Highlight them all and click the Open button.
  10. The new templates will show up in your GPO.
  11. Go to User-->ADministrative Templates-->MS Office Outlook 2003-->Tools Options-->Preferences-->E-mail Options.
  12. Therein lies the "Read email as plain text". Enable it.
Here is a screen shot of one of our GPOs for Office 2003:


Here is a screen shot of where to find the "Read email as plain text" in the Office 2003 GP:



You can enable other policy settings for security reasons, but get the client's approvals for those changes first, including this one.

A good bit of preparation to explain the reasons behind implementing any kind of restrictive policies must be done beforehand.

And, remember, speak English ... not technicalese! ;)

Oh, and btw, make sure to test your GPO settings in a virtual environment before heading off into a production environment to set it up.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

System Builder Tip: Creating a Bootable USB Drive

UPDATE 2011-05-27: Create A Bootable USB Flash Drive Larger Than 4 GB. This is the up to date method that we use now.

Normally we would hunt for the HP Windows-based Format Utility for HP Drive Key or DiskOnKey USB Device (HP has killed the link - Bay Wolf has a copy of the utility available for download). After downloading, creating a floppy boot disk, one could format a USB flash drive to boot from.

That is the method we have been using to date.

The following method, as authored by Marwan Shaher is another method that was pointed to by a support page on Intel's site. It utilizes FDisk and Format.com to create the bootable drive by essentially using the USB Flash disk as the only drive attached to the system, thus mimicing a fixed disk. Excellent method.

Marwan Shaher's original Web page: Bootable USB Drive.

Here is his method:

  • A computer with a BIOS that allows for booting from a USB port.
I used a Dell Optiplex GX260 that has a Phoenix ROM BIOS Plus version 1.10 revision A05.

  • A Bootable floppy disk or CD.
I used a Windows 98 bootable CD. For those who have Dell systems, you can also use the bootable Dell Optiplex Resource CD that is used to reinstall your system with Windows 98.


  • Utilities with the ability to create a master boot record, create partitions, set active partitions, and format and transfer boot files to the active partition
I used the DOS FDISK and FORMAT that are on the Windows 98 CD.

  • Of course, the USB drive that you want to make bootable
I used a 256MB SanDisk Cruzer Mini USB Flash Drive.

Directions

  1. Make the USB drive the first in the drive sequence.
    • Why?? fdisk does not allow for a partition to be set as ACTIVE (bootable) unless it is the first drive. It is most likely that your hard drive(s) is set as the first drive. This needs to be changed.
    • How?? Setting your USB drive to be the first in the drive sequence can be done by following ONE of the methods below. No matter which method you follow, the computer MUST be booted with the USB drive plugged in into the computer. Take a note of how the options that you are about to change were set before, as they will need to be changed back later.
    • Method # 1. BIOS drive sequence option.
      Depending on your BIOS, there may be an option to change the drive sequence. On mine, there was an option labeled "Hard-Disk Drive Sequence". If your BIOS has this or a similar option, make sure you change the sequence so that the USB Drive is listed first.
    • Method # 2. Disabling other hard drives.
      Again, this is done from the BIOS. Different BIOS's may have different options to disable the hard drive. On mine, the system had just one hard drive. I changed the option labeled "Primary Drive 0" to "OFF".
    • Method # 3. Unplugging the hard drives.
      If your BIOS doesn't have an option to change the drive sequence or to turn off the hard drive, you can turn off your computer and unplug your hard drive(s). Make sure you know what you are doing here. Opening your computer case may result in voiding your computer warranty if you have one.
  2. Boot the computer from the boot floppy/CD into the command prompt with the USB Drive plugged in.
  3. Run fdisk
  4. Use fdisk's "Set Active Partition" (option 2) to set the primary partition on the USB Drive to ACTIVE.
    This step assumes that a primary partition already exists on the USB Drive. If this is not the case, use fdisk to create one. As noted in step # 1, fdisk will not allow for setting the the partition to ACTIVE unless the drive the partition is on is the FIRST in the drive sequence.
  5. Exit fdisk.
  6. Reboot the computer from boot floppy/CD into the command prompt with the USB Drive plugged in.
  7. At the command prompt enter the following command: dir c:
    This step is just to verify that the C: drive is actually the primary partition on the USB Drive. Regardless of the result that the command generates whether it be a listing of files or an error message, what is important here is to make sure that the size of the primary partition on the USB Drive is roughly equal to the sum of the empty space and the used space.
  8. Format and copy the boot files to the primary partition.
    At the command prompt, from the directory where FORMAT.COM is located, enter:format /s c:
  9. Run fdisk /mbr
    "fdisk /mbr" writes the master boot record, in this case to the USB drive, without altering the partition table information.
  10. Restart the computer and choose booting from the USB Drive. If all goes well, you should see a C:> command prompt.
  11. Change the computer settings back to what they were before step # 1.

Well done sir!

UPDATE 2011-05-27: Create A Bootable USB Flash Drive Larger Than 4 GB. This is the up to date method that we use now.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Friday 30 March 2007

Information Security: TJX cost of breach

27B Stroke 6 has a post, Data Breach Will Cost TJX $1.7B, Security Firm Estimates, on the possible costs to the company for a breach of their networks.

The breach compromised approximately 45,600,000 client records containing information like credit card numbers, personally identifiable information, and more.

Apparently the Black Hat was in there for a long time before someone picked up on it.

For those firms that handle personal data, if you don't already have an in-house "hackathon" to test your security, get one happening.

Hire a White Hat to try and compromise from the outside, inside, and where ever else one can discover weaknesses in your network security.

How many breaches, both corporate and government, is it going to take before our data is going to be safe? How many before we the consumer have some sort of agency with power, preferably independent, that can work on our behalf?

For those affected by the breach, get together and start a Class Action Suit! Companies have to learn, be it the hard way, that we mean business about protecting our sensitive data!

Protect yourself, subscribe to the Credit Agency's credit file monitoring services. "Loose" your credit cards once every couple of years ... the CC companies hate to have to change your cards on a regular basis. But, it changes your numbers and makes it that much harder for them to be compromised.

Beware of who you are giving your credit card information to, and never loose sight of them if it can be helped. Resteraunts are notorious for this.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Thursday 29 March 2007

TroubleShooting: How to reset Internet Protocol (TCP/IP) in Windows XP & Vista

Occasionally there are seemingly unexplained reasons for no network communication on a system.

Sometimes the removal of a software firewall or some sort of OS update can be seen as responsible.

Either way, we may need to reset the TCP stack. XP follows, Vista is further below.

The following Microsoft KB 299357: How to reset Internet Protocol (TCP/IP) in Windows XP explains the ins and outs of the methodology.

Simply:

netsh int ip reset c:\resetlog.txt

The resetlog.txt will be made in the root of the drive where it can be scanned for any errors.

Generally, you are back in business!

Okay, in the case of the system I am working on now ... NOT. :D

Next step:

In the CMD window where I release the IP and try and renew it I am getting the following error: You receive an "An operation was attempted on something that is not a socket".

The following Microsoft KB 817517: You receive an "An operation was attempted on something that is not a socket" error message when you try to connect to a network contains further steps to take on, in this case, Windows XP:

Export and delete the corrupted registry subkeys

  1. Insert a floppy disk in the floppy disk drive of the computer whose registry entries you are exporting.
  2. Click Start, click Run, type regedit, and then click OK.
  3. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock
  4. Do one of the following steps, depending on the operating system:
    • For Windows XP, on the File menu, click Export.
    • For Windows 2000, on the Registry menu, click Export.
  5. In the Save in box, click 3½ Floppy (A:), type a name for the file in the File name box, and then click Save.
  6. Right-click Winsock, and then click Delete. When you are prompted to confirm the deletion, click Yes.
  7. Repeat steps 3 through 6 for the following subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2
    Note Each .reg file that you save must have a different name.
  8. Right-click Winsock2, click Delete, and then click Yes.
  9. Quit Registry Editor.
Then on to the following for an XP based system:

Reinstall TCP/IP on a Windows XP-based computer

In Windows XP, the TCP/IP stack is a core component of the operating system. Therefore, you cannot remove TCP/IP in Windows XP.

  1. Install TCP/IP on top of itself. To do this, follow these steps:
    1. a. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then click Properties.
    2. Click Install.
    3. Click Protocol, and then click Add.
    4. Click Have Disk.
    5. In the Copy manufacturer's files from box, type System_Drive_Letter:\windows\inf, and then click OK.
    6. In the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.
  2. Restart your computer.

After the reboot, the system should come up and have network connectivity.

In our case, the problem has turned out to be the Panda Platinum Internet Security 2006.

As soon as I uninstalled the product, the system had network connectivity. Going to try and reinstall it to see if it breaks things again.

UPDATE 07-05-07: For Windows Vista: A lot of searches are ending up here looking for the ability to reset the TCP stack in Windows Vista.

The first place to start is to run the native Vista repair feature:

  1. Click Start
  2. Type "Network" in Start Search
  3. Click on Network and Sharing Center in the results
  4. Click on Diagnose and repair (bottom of left list)

  5. Run through the prompts to repair the connection.
If that doesn't fix the situation, then a manual reset of both Winsock and the TCP/IP stack would be in order.

  1. Winsock
    1. Click on Start
    2. Type CMD in Start Search
    3. Right click on the result and run as Administrator
    4. netsh winsock reset [Enter]
    5. exit [Enter]
    6. Restart the system

  2. TCP/IP protocol
    1. Bring up the command prompt authenticated as Administrator (steps 1-3 just above)
    2. netsh int ip reset [Enter]
    3. exit [Enter]
    4. Restart the system
On SBS Premium based networks, make sure that the proxy settings are correct in the browser and that IE is seen hitting ISA via the ISA live logging feature.

Make sure that the correct drivers are installed on the system, that the connectivity lights on the NIC and at the switch are lit and active.

Check your patch cables, especially for laptops.

If you need further Vista related troubleshooting tips: Gateway Support: Windows Vista - Troubleshooting Network Connections.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Business Principles: Cheap is as Cheap Does

Just recently, I had a conversation with a couple of people we have done business with in the past.

We were speaking about the value that people perceive in our services, they being in an unrelated industry, and I was advocating that we should charge for our services according to their value.

If we do not perceive that our services have value, we won't necessarily charge enough for them. This in turn will skew the prospective client's view of our company's ability to service their needs. Too cheap, and the key clients we would love to work with won't even bother with us.

What are some of the criteria for assessing the value of our services?
  • Professional attitude of the attending company (MPECS) representatives (significant factor).
  • Quality of the job done in a timely manner (Another very significant factor).
  • Job done right the first time.
  • Preparedness: Being prepared to absorb the client's perspectives and needs relative to their own industry.
  • Internal MPECS training, and re-training efforts to stay on top of our industry.
  • Knowledge and experience in our industry.
  • Research and Development.
  • Accepting responsibility for any mistakes or errors done, apologizing for them, and making restitution for them.
It is up to us to make sure that our clients come to perceive the value in our services on their own. Our hard work and professional manner should speak for itself.

There is an important caveat when it comes to setting value for one's services:

Doing something as cheaply as possible for my own business, while expecting my clients to perceive my services at a much higher value does not work. Or, trying to sell cheap products as premium products and expecting the client to pay a premium price does not work.

Cheap is as Cheap does.

Clients, whether we realize it or not, will see that in us if the above is our attitude.

Trying to get away with running the cheapest hardware, not paying for the software we use, not taking the time to invest in our knowledge by studying and learning, trying to get high value out of a service that is not nearly worth it will eventually come through to the client and we will loose them as a client.

We would garner a reputation based on that too ... And that can be the biggest killer of a business: A bad rap.

In the long run, in my opinion, "cheap" costs more.

From systems that won't function as they are supposed to, RMA procedures for obscure system and component manufacturers that are extremely difficult to figure out or even trying to get in touch with someone who can help, lost data due to component failures, to the downtime caused by the systems and components for the client. There is a lot more to this side of "cheap".

I realize that not all of us see things this way.

But, in my experience, it costs me less in the long run to pay someone a premium for their services when I know the value of the services that I will receive. They won't be coming back a second, third, or subsequent time to fix things they broke in the first place and thus I won't be loosing money by not being productive. If they know their stuff, they will get the job done right in half the time it would take anyone else.

Or, if they come off as not having the capacity to provide good value for their services, you can bet that we will not be calling them again.

Why should I expect anything different, as far as attitudes towards service value, from my clients or prospective clients?

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Monday 26 March 2007

SBS 2K3 Premium - Windows 2000 Professional and Outlook 2003 not communicating with Exchange

What a weekend! I helped a friend of mine who has his own I.T. company install an SBS 2003 Premium server this weekend. I have introduced him to SBS and am helping him get to know the OS and its features.

It was quite the weekend.

One of the problems we ran into was with Outlook communicating with the Exchange server on SBS 2003 Premium R2 on the existing Windows 2000 Professional workstations.

All of the W2K Pro boxes displayed the following error:


From Microsoft Office Outlook: "The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action."

Now, nslookup worked fine, IE browsed the web with no issues, and as you can see the ISA Client is happily connected to the SBS ISA server.

Our search brought up the Microsoft KB 897716: RPC data may be blocked, and Outlook may not start in Windows Server 2003 with SP1. There was nothing relevant here.

The following Microsoft KB 325950: How to troubleshoot connectivity issues that are caused by RPC client protocol registry entries was a lot more relevant.

We were on a W2K Pro SP4 workstation, and the XP Pro SP2 workstations were all connecting with no issues.

The process was very simple: Rebuild the TCP/IP stack. Considering these workstations have not had a rebuild since their installation oh so many years ago, it was very relevant.

Step 3 of the KB article contained what we need:

  1. Log on as the local administrator (Keep in mind your SBS users already are local admins)
  2. Click Start, and then click Control Panel.
  3. Double-click Network Connections.
  4. Right-click the Local Area connection, and then click Properties.
  5. Install another protocol to maintain a placeholder for the connection. For example, install NWLink. (We used NetBEUI)
  6. Click to clear the Internet Protocol (TCP/IP) check box, and then click OK.
  7. Click Yes.
  8. Repeat steps 3 through 5 for each network connection that is listed.
  9. Restart your computer.
  10. Click Start, and then click Control Panel.
  11. Double-click Network Connections.
  12. Right-click the network connection, and then click Properties.
  13. Click to clear the Internet Protocol (TCP/IP) check box, and then click OK.
  14. Click Yes.
  15. Reinstall TCP/IP in each network connection.
  16. In each network connection, remove the protocol that was installed to maintain the placeholder (such as NWLink (or NetBEUI)). Do not remove other protocols if they were already installed.
  17. Restart your computer.
The italics added to the above instructions are the method we used. Make sure to follow the exact install NetBEUI - remove TCP/IP - reboot - install TCP/IP - remove NetBEUI - reboot order as described in the article so as to not break anything else.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Saturday 24 March 2007

System Builder Tip: Windows Aero Performance Rating - Intel D945GTP

I have been fighting for quite a while now trying to get Vista to install on an Intel D945GTP motherboard with Pentium D installed. The ordeal is blogged about extensively on an earlier post about the Vista Stop Error that we kept getting on this particular board.

No combination of component changes and BIOS settings worked up until today. A new BIOS released by Intel in the last day or so fixed the compatibility issues!

So, we were finally greeted with this Windows System Assessment right after install:



I reran the Windows System Assessment Tool to verify the initial findings:


We ended up with a final score of 2.1 for Aero and 3.0 for 3D Graphics. Not a great score, but it will work.

We have now confirmed first hand the the Intel onboard 945 chipset based graphics can indeed run Windows Aero with no real issues.

What a relief!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Friday 23 March 2007

SBS and Internet DNS - Verify the Registrar's DNS Info!

We have setup a number of Internet hosting environments on SBS over the years. Everything from Web, e-mail, and more.

One of the pickles that we run into for our Internet RWW access is where to host the DNS?

For many of us, we would apply to the ISP our client uses for Internet connectivity to add an (A) Record along the lines of: rww.mydomain.com and associate it with the static IP on the Internet facing side.

Some may use a DNS rerouting service of some sort.

Whenever we run into DNS issues for RWW, e-mail or other services, an excellent Web based utility to help troubleshoot any kind of DNS issue can be found at: Men&Mice.com.

One situation we have run into, and the only one so far I might add, with one of our new clients at the time, was a fellow who used to work with them who registered the domain, setup the SOA, MX, and DNS facing the Internet on his servers, but then setup the client with an ISP who ALSO setup a SOA, MX, and DNS pointing to their own servers.

We setup the SBS server based on the ISP information. It never dawned on us to check with Internic.ca or Internic.org for a split DNS setup like this.

When we started running into e-mail reception problems, after a bunch of troubleshooting with both the ISP and us on the SBS box, the above setup was finally discovered.

We contacted the fellow who setup his servers to point the MX records to the ISP's servers, and this fixed the e-mail issue.

So, lesson learned. We now verify every DNS setup for any client we are going to install a new SBS or Exchange server for. We just never know the mind of those who had their hands in the pot before us!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Thursday 22 March 2007

System Builder Tip: Vista Aero Performance Rating - Intel GMA3000 on DQ965GF and ATI FireMV 2200 PCI-E

I finally gave up trying to install Vista on the Intel D945GTP with Pentium D and 1 GB of RAM for now. When I have more time, I will try and figure out the factor that enables us to install on that board.

For now we have the following base system:

With the default Vista Ultimate installed drivers we ended up with the following when we first ran the Windows System Assessment Tool:


The assessment failed. We could not get anywhere with it out of the box.

Off to Intel's site for the DQ965GF motherboard's updated drivers.

After the download and install, we reran the Windows System Assessment Tool and we received what is, to me, a rather impressive result for an onboard video chip:


The onboard GMA 3000 series graphics ran a 3.9 score for Vista Aero and a 3.7 score for 3D Graphics.

Considering the ATI X1300 PCI-E, a fully independent video card, ran a 2.8/3.0 on Vista, the score is pretty good.

We then went ahead and installed an ATI FireMV 2200 PCI-E low profile video card. The components are stuffed into an Antec Minuet II chassis for ease of carrying around to clients to demonstrate Vista and Office 2007.

With the stock drivers picked up by Vista we ended up with the following:


A fairly poor Graphics score of 2.1 and a 3D Graphics score of 3.1. Not really too good.

The card was purchased to work with the D945GTP board if we could ever get it going with Vista and realized that the onboard Aero performance was nil, as in it wouldn't run.

In a pinch, such as the need for low profile, the FireMV 2200 will work, but a higher end low profile card would be needed for anything beyond the pedestrian Office and IE type usage.

Here is a Quick List of Intel's Desktop Motherboards.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Wednesday 21 March 2007

Windows Server 2003 - The attempt to retrieve account information for specified task failed

I had a member server running Windows Server 2003 R2 Standard that was promoted into an SBS domain that suddenly refused to run Shadow Copy.

A little research brought me to an MS Knowledgebase article that helped.

The following Microsoft KB 822904 had the fix in it: "The attempt to retrieve account information for the specified task failed" error message when you use Task Scheduler to schedule volume shadow copy to run in Windows Server 2003

From the article:

SYMPTOMS
You use Task Scheduler to schedule a shadow copy backup of a volume to run on a Microsoft Windows Server 2003-based computer. You enable the Volume Shadow Copy service and then run the Dcpromo.exe utility. However, the task does not run successfully, and you do not receive an error message.

Additionally, if you right-click the scheduled task and then click Properties, you receive the following error message:
The attempt to retrieve account information for the specified task failed; therefore, the task did not run. Either an error occurred, or no account information existed for the task.

The specific error is:
0x8007000d: The data is invalid.

If you then click OK in the error box to display the properties, the Run as line is blank and unavailable. The correct parameters appear in the Run line, but the Run line is also unavailable.

CAUSE
This problem occurs because you used a local computer account that is no longer available to create the task.

WORKAROUND
To work around this problem, run the Dcpromo.exe utility before you enable the Volume Shadow Copy service, and then use Task Scheduler to schedule volume shadow copy.

You can also work around this problem by re-creating the d42* files. To do this, follow these steps:1. Log on as user who has administrative credentials.
2. Delete all scheduled tasks. To do this, follow these steps:a. Click Start, Run, type control schedtasks, and then press ENTER.
b. Confirm the list of jobs that are registered in the Scheduled Tasks window.
c. Delete all registered tasks.
d. Close the Scheduled Tasks window.

3. Click Start, click Run, type cmd, and then click OK.
4. At the command prompt, type the following to move to the specified folder:
cd %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18
5. Delete all files that start with d42* by typing the follow command:
del d42*
6. At the command prompt, type exit.
7. Reschedule the volume shadow copy tasks. The files that start with d42* are re-created after the volume shadow copy tasks are rescheduled.
8. Make sure that the scheduled tasks function correctly on the domain controller

In our case, a DCPROMO was not possible. We needed to use the second suggestion to delete the d42* files to fix the problem.

You may need to attrib the directory first to find the files as they may be hidden and/or system files. You will then need to remove the hidden and system attributes with the attrib command.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Tuesday 20 March 2007

Every IT Manager's Nightmare: Oops! Techie wipes out $38 billion fund

The article Oops! Techie wipes out $38 billion fund speaks so clearly to us who support small business clients!

Have we tested our client's backup setups? Have we actually done either a selective or full restore against those backups?

Do we talk to our clients about the importance of Disaster Recovery Planning? Do we have the knowledge of DRP that is needed to guide our clients into a solid DRP that can facilitate their business surviving a human or nature generated disaster?

From the article: What a way to find out that the backups are no good! The data is gone, the backup drive is toast, and the tapes are blank! They were very fortunate that there was a paper trail that they could go back to. But, what a huge waste of time and dollars for them.

In our case, for our small business clients, the loss of data could be the end of their business. That is the key difference between we who deal with the small to medium business segment and large corporations. We hold our client's business in our hands.

Small Business I.T. is just that critical in today's business world.

Some food for thought over coffee! ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

System Builder Tips: Windows Vista - The so called Activation Workaround?

All one has to do is search for Vista Activation Workaround.

There are tons of people out there claiming to have a process to work around the Windows Vista Activation process to extend the "trial" period of the OS 120 days to indefinitely.

Alex over at the Windows Genuine Advantage blog basically debunks the workarounds based on the rearm and skiprearm commands.

He then explains the reasoning behind the supposed loophole in activation as a tool for us System Builders to make sure our clients receive a machine that has the full 30 day pre-activation period for the OS.

He even provides a command: slmgr -dlv to verify the activation count down timer has not changed after running the above workarounds!

Okay, so has anyone really tested the so called workarounds? That is, use the above command to verify the count down timers, or to actually run a machine utilizing the rearm & skiprearm commands?

Time will tell.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Monday 19 March 2007

Office 2007 Breaks Outlook Express Spell Check

Heh ... Go to use OE for posting to some newsgroups, and my spell check is going nuts over my English spelling!

Go into OE's setup and low and behold:


I'm now French!!! My wife may be, but I am on the low end of the learning curve for the language at the moment. :)

Anyway, off to Microsoft's KB 932974: You no longer have spell checking capabilities in some languages in Outlook Express 6.0 after you install the 2007 Microsoft Office system

Um, it is permanently broken. :(

Off to the communities site? Nah. Google'd it and came up with: TechNet Forum's OE Spell Check discussion.

That in turn lead me to this specific program: Spell Checker for OE.

Install and voila:



I now have a working spell checker!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Need to familiarize yourself with SBS? Try This --->

Do you have a spare machine around with enough memory and processor speed to install a base OS and Virtual Server on top? If you do, the following assumes a little bit of experience with Virtual Server 2K5 R2 as that is what we run our virtual environments on.

You could run your SBS install stages; install some XP desktops, Vista desktops, and another server or servers if you like within the virtual environment.

You could run the entire project virtually, start to finish, without impacting your production environment. If need be, all operating systems can be Eval versions so as to not impact licensing issues.

Running things virtually requires nothing special in the way of hardware or software.

To get to RWW on the virtual SBS domain via your internal network do the following:

Virtual SBS: Create an internal network accessible only by the workstations and SBS NIC 1. Add a second NIC to the virtual SBS box that is attached to the machine's physical NIC so it can pull an IP from your internal DHCP server.

On your internal DHCP server, create a reservation for the MAC address of the virtual SBS NIC 2.

On your internal DNS server, add an (A) record to the IP address reserved for the virtual SBS server above: virtualsbs.mydomain.local (your domain setup) = IP 192.168.xxx.xxx (your IP subnet)

Run the SBS setup on your virtual server, complete stage 1, post stage 1 install and configure the base installation as you normally would and then continue on with stage 2 for the complete SBS install.

Internet Wizard URL: same as your internal DNS (A) record: virtualsbs.mydomain.local

You will be able to send e-mail from the virtual domain, only SMTP e-mail coming in will not happen if you already have an SBS server, or Exchange server on your internal network. POP3 Connector solution could be implemented here if you want full e-mail functionality on the virtual domain. RWW will be accessible via your Web browser internally: http://virtualsbs.mydomain.local/remote.

Install the workstation OSs. This can be done at the same time as the SBS stage 2 install.

Once you have the SBS install, Premium Tech (if needed), and the ToDo list finished, you can go ahead and create some virtual users and computers and then run through the Add Computer wizard for the XP and/or Vista workstations. This gives you the opportunity to install the SBS/Vista RipCurl! ;)

The above will give you a complete install, start to finish. Mess up? No worries, start again. You will be able to run Eval versions for about 6 months give or take from the install date. This is more than enough time to play with the virtual SBS environment to get comfortable with the look and feel of installing SBS.

You can get SBS 2K3 Premium SP1 Eval on eBay without a problem, and SBS 2K3 Premium R2 Eval by purchasing the R2 Eval pack which is little more than shipping and handling from Microsoft. XP Pro can be had via eBay, as can Office, and others. Vista trial can be had via any Vista RTM media obtained via TechNet, MSDN, or a DVD that came with a system.

This setup also gives you the opportunity to explore Group Policy settings without creating havoc on a production SBS environment. Create and destroy OU's and policies. Learn how to get very granular with the application of your policy settings. No risk of GP tattoos on your virtual desktops ... you can pause the virtual desktops to be hit with the GP before hand and copy the VHD. Save it for later when you want to reverse things. The same is true for the virtual SBS VHD.

Need to figure out how to install software to certain machines via GP? Then this is the place to do it! Office 2003, 2007, Windows Defender for XP, and more can be distributed via GP (Eval and OLP versions for Office).

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Friday 16 March 2007

Windows XP x64 SP2 now available

Okay, I am a little behind on my WSUS monitoring.

With a couple of critical client situations taking up most of our week, now is the first time to go through our servers and approve updates that need to happen.

This gem caught my eye under the highlighted updates:


We don't really work with XP Pro x64 that much due to the lack of need in our client base.

I was surprised to see that XP x64 gets an SP2 along with Server 2003 x64 versions.

Go to the XP Pro site and then link on to the XP x64 SP site and we get the following:



One thing that pleasantly surprises me in the links: We can now download the Service Pack CD via an ISO download. No more ordering and waiting for that CD to come, waiting for the TechNet update disks, or Microsoft Action Pack.

That in my opinion is an excellent move on Microsoft's part.

Click on to the actual download:



And, low and behold, the XP x64 version is the same as the Server 2003 x64 versions.

I am not a software architect by any means, but I do find it curious that the SP covers both server and desktop x64 editions.

Also, check out that download size: 475 MB!

This leads me to believe, given the size of the recent SQL 2005 service pack, that the Vista and eventual Longhorn service packs will approach 1 GB in download size. WOW!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

SBS Migration - Check Admin Password Status when Swinging into a non-SBS domain.

Jeff Middleton over at SBSMigration.com has put a lot of work into simplifying the management of an SBS domain.

His methods can facilitate an excellent DRP (Disaster Recovery Planning) structure for single server SBS based networks, as well as SBS networks that have an additional AD domain controller or controllers on the network.

When utilizing the Swing method to introduce an SBS server into an existing non-SBS domain, make sure to check the expiry password policy on the existing domain admin account.

In its stock form, the non-SBS domain admin account will have a revolving password in place. SBS needs that password to remain static, that is unchanging.

Because of this requirement, one should evaluate the strength of the existing domain admin password before the Swing. If the password is weak, one should change it to something strong, like a passphrase: ThejoyofIT! and make sure that changed setting has replicated to any other domain controllers in the domain.

GPUpdate /force

The above will facilitate the replication of the changes.

Once the changes are verified, set the domain admin account to never expire:



GPUpdate /force ...

Begin your Swing!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Thursday 15 March 2007

System Builder Tip: Some vendor links that are really handy...

Here are some of the more frequent hardware and software vendor's links that we visit daily:

Microsoft:
From Intel:

The server configurator is a real help for creating custom configurations for servers. The Processor Finder will find pretty much any processor Intel makes with the exception of engineering samples. The Download Finder will do just that, BIOS, drivers, and everything and anything else that can be downloaded for Intel products.

Here are some other sites we visit frequently:

There are a few others, but these ones are the most frequented. We also have a good chunk of RSS feeds that we monitor daily. They will be added to the Blogs links as I have the time!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Office 2007 Open Business Licensing, Open Business + Software Assurance, and Open Value Licensing SKUs

Okay, my head hurts! Trying to clear out the muddle when it comes to getting SKUs for Microsoft Licensing is getting to be quite painful.

Microsoft used to provide Partners with an online tool called the License Configurator that we could use to provide us with the correct SKUs once we answered some key questions.

Now, we must call into licensing, or muddle through some spreadsheets to get the appropriate SKUs. I am sorry, but the poor people who work at answering the phones sometimes are not sure how to answer our questions too! It just isn't their fault that licensing is this way.

Microsoft, please bring back the License Configurator for us! At least we had a fairly solid foundation from which to work on licensing quotes!

Anyway, to help all y'all get through the muddle, here are some key Microsoft Office 2007 licensing MS part numbers for new licensing clients - Add-Ons to existing Open Value License Agreements are another muddle to work through yet as there is a different SKU list for them: ;)
  • Microsoft Office 2007 Editions Open License
    • Standard: 021-07856
    • Small Business Edition: W87-01806
    • Professional Plus: 79P-00123
    • Enterprise: 76J-00323

  • Microsoft Office 2007 Editions Open License + 2 Years Software Assurance
    • Standard: 021-05429
    • Small Business Edition: 588-02697
    • Professional Plus: 269-05577
    • Enterprise: 76J-00619
For Open Value Licensing, one must be clear on how the purchase of Open Value licenses works. If one purchases a bunch of Open Value licenses at the beginning of their agreement, the First Year SKU will be used for the Second and Third year payments for the contract duration.

Once into the Second Year of the Open Value agreement, one must use a SKU that contains both the first and second year payments for NEW licenses added on to the existing agreement.

So for example, let's say the price of Office Standard is $300.00 for a license purchased at the beginning of the agreement or anytime in the First Year (1). So, if adding a new license in Year Two (2) of the agreement, the client would pay $600 for that license. Purchase a new license in Year Three (3) of the agreement, and the client will pay $900.00 for that license.

Therein lies one of the caveats of Open Value Licensing: Microsoft will receive full payment on the license whether purchased in year one, two or three!


  • Microsoft Office 2007 Editions Open Value including Software Assurance for 3 Years (First Year & Subsequent Years for Licenses Purchased Year 1,2)
    • Standard: 021-07257
    • Small Business Edition: W87-00356
    • Professional Plus: 269-09046
    • Enterprise: 76J-00206
  • Microsoft Office 2007 Editions Open Value including Software Assurance for 3 Years (License Purchased in Year 2)
    • Standard: 021-07260
    • Small Business Edition: W87-00359
    • Professional Plus: 269-09049
    • Enterprise: 76J-00209
  • Microsoft Office 2007 Editions Open Value including Software Assurance for 3 Years (Purchased in Year 3)
    • Standard: 021-07261
    • Small Business Edition: W87-00360
    • Professional Plus: 269-09050
    • Enterprise: 76J-00210
Again, my mind is still hurting after this licensing call. So, please make sure to verify with your supplier that you have the correct licensing numbers before making an order!

If your supplier has a bulk SKU search or bulk add to favourite, here are the above Open Business Licensing numbers so you can copy and paste directly into the search/add:

021-07856
W87-01806
79P-00123
76J-00323

021-05429
588-02697
269-05577
76J-00619

Here are the above Open Value licensing SKUs for each year for you to copy and paste:

021-07257
W87-00356
269-09046
76J-00206

021-07260
W87-00359
269-09049
76J-00209

021-07261
W87-00360
269-09050
76J-00210

Once you copy and paste the above SKUs for Open Value and see the pricing scheme, things will also become a lot clearer!

Microsoft Public Canadian Price Lists with SKUs is an Excel spreadsheet with all of the relevant SKUs. Keep in mind that the Open License Value sheet is the OLD SKU list for existing Open Value clients. Canadian partners are pointed to this link for some strange reason as well.

Microsoft Partner U.S. Price Lists with SKUs on the Microsoft Partner for U.S. partners site. Above applies for this one too as far as the different SKUs for Open Value, and Open License Value SKUs.

As suggested to me by Eric at the Microsoft Licensing contact number that I spoke to this afternoon, it is a good idea to link to the download location as the spreadsheets are changing all the time! BTW, Eric was extremely helpful in clarifying all of the muddle. Good job man!

Happy licensing headaches! ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists.

Wednesday 14 March 2007

SBS, RWW, Fax is Knocking Out RWW Sessions

I have had a consistent and repeatable issue that has come up lately: if logged in to RWW on a server with the USR 56K USB modem as a fax modem and it receives or sends a fax, it knocks me off the RWW session.

I am not entirely sure of the reason yet. We have a number of these particular modems out there, and this is the first server, a new R2 installation, that is doing it.

I will need to look into it further!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Tuesday 13 March 2007

SBS, ISA & Senstive Data Transmission Security?

Obviously we never made it to the TechNet event! :D

This morning, we fielded a call from one of our clients indicating that their payroll service software was unable to transmit a Record of Employment to the payroll service server.

It was a priority situation, as the ROE needed to be transmitted by today.

It took a few steps to clarify just where the transmission was breaking down.

The ISA client was installed and connected properly, so no issue there.

The IE settings were correct, and IE was browsing the Web fine via the SBS ISA proxy settings.

With the client computer connected via one RWW Remote Assistance session, and the SBS server via another RWW TS session (two monitors), I was able to watch the ISA activity log in real-time.

What I saw astounded me!

This particular payroll application was trying to FTP the information out to their own servers! Perhaps I am wrong here, but FTP? We are talking about transmitting usernames, passwords, and highly sensitive data via an open to the public protocol.

There is a reason why the outgoing FTP protocol is disabled on the default SBS install of ISA 2004!

Call me paranoid, but in this day and age of the need for transmission security, the least the payroll application creators could do is build on SFTP, or HTTPS/POST authenticated via their software for security purposes!

They could also build a VPN structure into their software as well. The options are there for them, they just need to apply them.

We will mention to our client our concerns regarding the security setup for the payroll service software, and then I am sure they will mention it to the payroll service provider.

We have worked with a number of other payroll services companies and their proprietary software. And, in our experience, there are those out there that have adopted SSL, SFTP, and/or other secure methods of moving data between their client and their own servers. Just not this particular one.

Something to keep in mind if there is a need to outsource payroll IMNSHO.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Monday 12 March 2007

Going to be at the TechNet/MSDN Application Platform Tour 2007 Tomorrow

I will probably not post anything tomorrow due to the above mentioned event.

If you get a chance to check out any of the TechNet/MSDN events, do. They can be very informative, and give one a practical view into existing and upcoming Microsoft Software Technologies.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

RDP into a Multiple Monitored System & Can't Find My Window?

My system has multiple monitors running on it. I use multiple monitors because they facilitate my ability to manage multiple servers, clients, and run multiple applications efficiently.

There is a catch to that setup though, when I need to RDP into the system, all of my open windows will not show up in my only available RDP desktop window. The RDP window will always open up to whatever Monitor 1 has on it. Monitor 2, 3, 4, etc. will not show up.

To get to your open window do the following:
  1. Click on the open window's button on the taskbar
  2. Hit the ALT key on the keyboard.
  3. Hit the Space Bar.
  4. Hit the M key on the keyboard for "Move".
  5. Hit any one of the Arrow Keys on the keyboard once to lock the mouse pointer to the unseen window.
  6. Move your mouse with the now attached open window to your RDP desktop window.
Voila! You can now see the desired window.

An alternative method is to click on "Move" after Right Clicking on the program window's Taskbar button.

If you remember which monitor the not-seen window is on, it is just a matter of mousing in the direction of your principle monitor.

Closing and then opening the program will not work because the program's window will open up in the previous location/monitor.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

DST - Relatively Smooth Sailing Here

Perhaps it is the symptom of managing relatively uniform, that is homogeneous, networks that facilitated a smooth transition across the board for our clients and us?

So far, other than the need to reboot some systems that did not update themselves automatically, the DST shift has been smooth!

All of our Mobile 5 based units were smooth, XP Pro, Office 200x, and client custom applications accepted the change with no issues.

We sent out a final warning letter last week to our clients to let them know that we may have difficulties. Then, on Sunday, after logging to some of the various SBS installations we manage to verify the DST shift went through, we sent out an e-mail to let our clients know to drop us a line if they were having difficulties.

The way I was reading blog posts, newsgroups, and others over the last couple of weeks, I though our phones would be ringing off the hook this morning. We did not receive one DST related call!

I do hope the same for all of you other SBSC and small I.T. Companies!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Saturday 10 March 2007

An Open Letter to Tier 1 System Manufacturers

Every once in a while we check out what the retail companies are doing via their flyers and their Web sites.

This blog post is a comment on the fine print that can be found on Tier 1 System Manufacturer’s flyers that advertise laptops, desktops, and poorly (my opinion) configured base SBS servers.

For us, it is important to comment on several aspects of the fine print.

We here at MPECS Inc. run our business based on a set of principles founded on honesty, integrity, and providing our clients with the best value for their dollar. We use what we sell; we have come to know what works and what does not work based on that philosophy. Our clients have come to expect that their solutions will work out of the box, and if they don’t, we will fix it with no questions asked.

I personally come from the school of, “A man or woman is only as good as their word”, “treat others as we would have them treat us”, and, “Under promise and over deliver”.

The above may be old clichés, but they are clichés that we live and breathe here in our company. There is proof in the pudding: we have client relationships spanning a decade now, and many more that we are building beyond the 5 year mark.

Here is an example of what can be found in the fine print, paraphrased, that I believe deserves comment:

All prices, specifications and promotional offers are subject to error, change, cancellation and substitution at Tier 1’s discretion at any time without notice.
When we provide a quote or proposal to our clients we stand by it. Generally, we give at least a minimum of 5 business days for the validity of the quote, and 30 days for the validity of the proposal. If the industry is going through a particularly volatile time, such as with production facilities being down and prices fluctuating wildly, we will notify our client as to those circumstances and request, request, permission to redo the quote at the time of purchase.

Either way, we honour the original agreement. There is no escape clause anywhere to be found in our quotes or proposals provided to our client or prospective client.

I do believe that is how a business is supposed to be run! The price is the price…A commitment is a commitment.

I really love the following paraphrased lines we have seen in some fine print:

Tier 1 cannot be responsible for typography, photography, pricing errors or other such errors. Tier 1 reserves the right to cancel orders arising from any such
errors.
We at MPECS Inc. stand by our word. There have been times where that has cost us. But, it is the price of doing business. We check, double check, and triple check our quotes and proposals before they go out the door. But, sometimes mistakes happen. We will honour the quote or proposal, even with the mistake. It will be mentioned to our client that a mistake was made and that they were getting incredible value for their purchase.

We have done a lot of publications, flyers, business pamphlets, and the like for our clients. We develop them on the Adobe Creative Suite 2 Premium Edition of applications. There is a multi-tiered vetting process that the publication goes through before going final.

Surely, in a company as large as Tier 1, there are enough people to go through the flyer before hand to make sure that no mistakes have been made?

I can’t imagine what our reputation would be like if we were cancelling orders on our client due to the discovery of a mistake in pricing!

With a reputation of cancelling orders, why would anyone want to deal with us in the first place? We quote on something, and then we turn around and cancel the order on them? If I were on the receiving end of that cancellation, how would I feel about the company that just bailed out on their commitment with me? Certainly not too happy, and possibly quite upset … to the point of letting others know of my bad experience.

To paraphrase yet again from the fine print:
Advertised configurations and limited-time offers only available to business customers in your country with xx employees or less … Tier 1 reserves the right to limit quantities to x (x) systems per customer.
Here we go again, more restrictions. Just who is this flyer aimed at Tier 1? Where exactly is the commitment to provide the products and services as advertized to anyone that may come calling after reading that flyer?

Therein lies a significant clue for those looking to get work done on their small business network infrastructure of one (1) to seventy five (75) seats: An I.T. organization that can assess, design, implement, and support a Small Business Network Infrastructure Solution may cost more in the short run, but it will surely save the small business owner from making costly purchase decisions for hardware and software that won’t do the job they intended it to.

To boot, a Solution implemented by this particular Microsoft Small Business Specialist will work out of the box! The solution would be designed that way.

Why should a small business owner need to gain an understanding of server capacity planning, server operating system features and management, and end-user support? The small business owner should be working in their respective industry generating revenues for their company!

An Intel CELERON processor based server for Microsoft Small Business Server 2003 R2 (Flyer configuration: Tier 1 Entry Level Server with Celeron D 3xx, 512 MB RAM, sub 200 GB SATA drive)? I can smell up-sell all the way in that one. To date, we have never sold Celeron into business/corporate environments. The Celeron processor was never meant to be in that environment. Also, the base server configuration with 512 MB of RAM will not stand up in an SBS production environment. There is no redundancy built into the server configuration either!

Again, to paraphrase the fine print:
Remember, backup your data. Tier 1 is not responsible for lost or corrupt data or software.
Heh, no wonder there is no redundancy!

This is a great example of why an experienced smaller I.T. Solution Provider should be dealing with small to medium businesses. We have the knowledge, the experience, and the industry specific understanding to design a complete infrastructure solution that will do what the client expects it to do, with minimal fuss and muss. Part of that solution is Disaster Recovery Planning. Redundancy is an important factor with DRP.

In the above quote, one little 4 word line nested before the (paraphrased): “we are not responsible if our server dies at your establishment” line just does not make it clear to a client that backups and redundancy matter. It does make it clear that Tier 1 absolves itself if things go sideways for the client though.

And finally, the Next Business Day On-Site Service - a paid for service BTW - clause paraphrased:

TECHNICIAN MAY BE DISPATCHED, FOLLOWING PHONE-BASED TROUBLESHOOTING.
We do not put our clients through “Phone Support Hell”. We do not put them on hold for an indeterminate amount of time for the next available “technician”, we do not make them go through phone menus to get to speak to someone here, and we do not subject them to a “technician” who will make them tear apart a system they purchased from us. That is our job, not theirs.

Recently, we fielded a call from an organization whose Board required that they purchase Tier 1 computers. They were having a problem with one of them. The machines were only a month old at best. They had purchased two (2) systems. After we assessed the system, it was clear that the problem was hardware related.

I mentioned to the Executive Director of the organization that she should brace herself for the necessary Tier 1 Support call. She was the one who had to make the call. I also mentioned that after the hold period, the “technician” would be asking her to essentially tear both the machine and operating system apart.

A callback to that particular Executive Director to determine the result of the Tier 1 support call revealed that she was indeed put on hold for a long time, then when the call was picked up, the “technician” did make her do all sorts of things in the operating system as well as open the case and start pulling cards and “stuff” out of the machine.

In the end, the “technician” absolved Tier 1 of anything wrong in the system, having satisfied themselves that there was nothing “wrong” with it. Of course, the system still remained unstable at best. It was a really frustrating experience for her and for us as we have dealt with this “Tier 1 Support” scenario repeatedly. The Tier 1 Support “Technician” categorically refused to begin an RMA process for the faulty system.

For your information Tier 1, if we determine that our system’s hardware is at fault, we replace the offending part. In a warranty based situation, the system is down for a day, possibly a couple of days for warranty replacement. We do NOT absolve ourselves from going the extra mile to satisfy our client. If there is a situation where the client would possibly be without a system for a long period of time, we will provide them with a temporary system, at little or no cost to them.

From another perspective: The client gets this great “deal” on their Tier 1 systems. Now, after the fact they can see that it was not such a great deal after all. Not only that, if they had to ship the CPU box back to the warranty depot, be without it for weeks at a time, it would have cost them at least another $75 for the shipping. To boot, who keeps the original box that the units come in? So, for the most part they would be shipping the product out in an improper manner at best.

How much did the Executive Director’s time on the phone cost the organization? How much does it cost any organization whose employee has to tear through a system at the hands of a Tier 1 Support “technician”?

Here are some observations via our experience with what is in our opinion a “Tier 1 Support Nightmare”:

  1. The hold times for support can at times be absolutely horrendous.
  2. The Support “Technician” at no time indicated to the Executive Director that she needed to follow proper anti-static grounding while handling the system components. We always ask the person who had to work with Tier 1 Support if they were instructed to be “Static Aware”. The resulting answer is always the same: “No”.
  3. There are times where one has to spend more time trying to figure out what the Support “Technician” just said than working on the system!
  4. Tier 1 system chassis are seemingly designed to be easy to get into and out of due to John and Jane Customer being the main set of hands that will have to go into the case if there is a post-sale problem.
For those of us who work very hard to provide our customers with the best possible value for their I.T. budgets, this Tier 1 situation is a sad state of affairs.

It is a shame that a Tier 1 business cannot stand by its word, that it can categorically refuse to provide a quoted product or service with no repercussions, and that we in turn accept these types of business practices as status quo.

Who are we servicing here Tier 1? Are we a company that strives to provide products and services that meet our client’s needs or are we a company that strives to put dollars into our shareholder’s pockets? At what point does the line between being a Product and Service Company and the shareholders stake in the company blur?

Cheers to the Microsoft Small Business Specialists and Small I.T. Companies out there who make every effort to be on top of technologies and solutions to the advantage of their clients.

In our particular business, there is nothing more satisfying than a compliment offered freely by our client to the effect of, “You guys are doing a fantastic job!” That makes it all worth it.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

System Builder Tip: Office 2007 OEM Editions Activation Note

Here is a scan of the new OEM licensing agreement for System Builders:


Since we are System Builders, it follows that we will abide by it.

Whenever we receive new software, or encounter new Web services, we always go through the fine print. There are so many times where we have refused to sell or support software due to the "Gotcha" clause found in there somewhere.

In the case of the OEM licensing for Office 2007, it is important to point out clause 11. We as System Builders are bound by this license to make sure we make our clients aware that they must follow through with the legitimate activation of the product they have just purchased.

As I read this clause, we must put a notice on the Microsoft Activation process somewhere in our proposals, quotes, or communication with the client who is purchasing the system from us that the Office 2007 OEM software will be installed on.

With that, we will modify our correspondence templates accordingly.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Friday 9 March 2007

System Builder Tip: "Necessity is the Mother Invention" and a Good DRP

As a small shop, it is tough to keep around systems that are tasked for just a few specific jobs. We usually keep one, possibly two around that can do a great variety of tasks.

In this case, we have a need to recover data from last year. To do this, we needed a system to install Server 2003, Veritas BackupExec, and an 72GB HP Autoloader.

The system we are using is an Intel 945 based motherboard with a Pentium D processor. I think it is 1GB of RAM. It is crammed into an Antec Minuet II chassis for portability, as we are hoping to use this box for Vista and Office 2007 demos if we can ever get Vista to install on it!

The Antec fan resting on top of the chassis is there to provide the needed air flow for the video and SCSI HBA. The system is pictured here:



I have added in an Adaptec 2940U2 PCI card, and plugged in the external SCSI cable into one of the LVD/SE internal ports on the HBA as seen in the image. That cable in turn plugs into the back of the HP Autoloader seen a little further down the workbench here:


The standard 68 pin LVD/SE internal connector on the card works with the same connector on the cable. So, no need to rig anything else to make things work. The cable is not the stock one that came with the HP Autoloader, as the original has an ultra-high density connector on 1 end that would not have worked in this situation.

The BackupExec inventory run against the tapes went relatively quick. The cataloging on the other hand is taking roughly 2 to 4 hours per tape. Other than the need to babysit things every once in a while, we just need to wait.

This particular client has two of the HP autoloaders that are used to backup a large volume of data.

Disaster Recovery is one area we small business focused I.T. companies need to keep up on. We need to know the data access cycles that our clients go through. With that knowledge, we can implement a backup strategy that gives them the ability to go back to whatever bits they may need to get access to over a time period that is required by them. Sometimes, this means that there will be a need to gain an understanding of how the client's industry works.

This particular client has an immediate data access cycle of approximately 24 months, with need to intermittently access data for the last 4 to 6 years depending on the situation.

Understanding a client's data access cycles is absolutely critical if they are covered by HIPAA or SOX type guidelines.

Also, keep in mind that all it takes to mess up both the production data and the backup data are a few bad sectors on one of your RAID 5 or RAID 1 arrays! This scenario is where the data archiving strategy becomes mission critical.

The client may not discover that there are bad bits in the data for the entire immediate data access cycle, and the server may not throw any DISK/NTFS errors indicating there is a problem until the disk degradation has already reached the point where recovery may be only accomplished via good, archived backups. The RAID controller may not throw any error codes, and don't expect S.M.A.R.T. to work either.

The combination of all conditions in the above paragraph has led us to the situation we are now in with our client.

I am confident that we will get the data we need to.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Thursday 8 March 2007

SBS 2K3 Gold, SP1, R2 - Installing Software via Group Policy

When we started working with SBS 2K3 Gold, we ran into an issue with trying to get software to install via GP.

I found a working solution that was rather elegant, and didn't involve giving users any additional permissions to the ClientApps software distribution folder.

I no longer have the link to that site, or the original references.

However, it is actually quite simple:

Setup your GP software install via the GPMC in the Server Console.

Then, head down to your Client Computer policy:



Edit the policy and navigate down to: Computer Configuration\Administrative Templates\System\Logon

There you will find: Always wait for the network at computer startup and logon. Enable this policy setting.

Next, in Windows Explorer right click on the ClientApps folder and click on, "Sharing and Security".
On the Security Tab, Click the Add button and add the following two groups and give them full control permissions:
  • Domain Controllers
  • Domain Computers

Click Apply.

You should see the following:


From the command line, or Start-->Run: gpupdate /force

That is it. Once you have set the OS to wait for logon, set the above NTFS permissions to the ClientApps folder, your software will be distributed the next time your users logon. Keep in mind workstations can take up to 90 minutes to refresh their GP.

We use this setup for software such as Windows Defender, PDFCreator, Office 2003, hopefully soon Office 2007, and others.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Every IT Project Manager's Nightmare: The Upgrade that Breaks Things

It is currently high season for accountants here in Canada. Personal taxes are being filed left right and centre, or are they?

From the Canada Revenue Agency's Web site:
The Canada Revenue Agency (CRA) is experiencing electronic system difficulties that prevent the public from accessing some electronic services for personal returns such as NETFILE, TELEFILE and EFILE. We have temporarily shut down public access to electronic services to ensure the integrity of taxpayer information.

The CRA has a team working to restore its systems to normal operations but it will be a matter of days before the system problems are completely resolved. The security and integrity of taxpayer data has not been compromised. This problem is not the result of illegal activity, computer hackers or a virus.

We have now traced the source of the problem to software maintenance conducted on March 4, 2007. We are currently working to bring all systems back online gradually.
You can find the full details here.

I wonder if any heads are going to roll? ;0) ... Probably not, it's government after all.

We service a number of SBS networks installed at accountant's offices. We received calls from many of them asking why their e-file wasn't working. After spending some time on the issue, it was pretty clear the problem was not the SBS infrastructure.

We got a call from one of our accountant clients, and he explained to me what was happening on the CRA side. According to him and his conversations with CRA, CRA has had to hire a team out of New York to come in and help them fix whatever is broken.

It is pretty obvious to me, as one who manages small business networks, that we don't mess around with our client's infrastructure during their high season. We make sure that their networks are patched and running stable before their high season, not during it!

If there are necessary patches and updates during the high season, we test them on virtual lab infrastructure that mirrors our client's current setup. There is absolutely no reason why that could not have happened in CRA's case. The technology exists to Plate Spin their entire production network into a parallel virtual environment that could be broken, restarted at square 1, and broken yet again, until they got it right.

It is pretty much guaranteed that if we had a client whose infrastructure we broke for an extended period of time as in the CRA's, we would no longer have them for a client. The client could also potentially loose their business!

In my opinion, there is no reason why we who support our client's entire livelihoods (our roles are that critical), clients who cannot get by without their e-mail and network infrastructure for any real length of time, would not put the time in to make sure that what we do with their production environments does NOT impact that livelihood.

For us, it is the cost of doing business. For our clients, it is added value.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Buyer Beware: Cabled Based Phone Service - Is it Worth it?

We just had our land line hooked up this morning.

It seems that the previous owner had the local cable company's phone system as the technician needed to come in the house to hook up the phone company's wires again.

As I understand it, cabled based phone service relies on the cable modem functioning correctly and being constantly powered.

No power = no phone.
No power = no cell or wireless phone once their batteries die.
No Internet connection = no phone.

On behalf of clients whose cable Internet connection was down, the cable company's representative would say something along the lines of, "We are doing all that we can to get your service up and running as soon as possible sir."

That answer doesn't work when I need to call 911 and my cable Internet/Phone service is down.

That answer doesn't work when the power is out and I need to communicate with the outside world.

Our land line provider may not be the best or cheapest in town, but at least the phone system is still functional in the event of an emergency.

So, the situation begs the question: Is it worth it to save a few dollars on long distance and risk not being able to use the Cable Phone?

For me, with a young family, the answer is clear.

Safety Tip: Keep an old land line hard wired phone around for emergencies. Battery operated phones will die in the event of an extended power outage. The hard wired phone can be plugged in and it just works. This goes for both the office and the home.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Wednesday 7 March 2007

Buyer Beware: Internet Prices Do Not Match In-Store

Robert McLaws blog, Best Buy Just Lost My Business Forever talks about the now documented evidence that shows Best Buy has an internal Web site that is identical to their Web facing site, but with different, higher prices.

The salesman takes the unsuspecting customer over to a terminal when the customer indicates they saw a lower price for the product on Best Buy's Web site, and shows them this internal site that, of course, has a higher price.

The customer is then stuck for the burden of proof. Most people will shrug it off and pay the higher price without really thinking about it.

I ran a similar situation last summer buying a barbeque from one of our local retailers. I happened to flag a manager down when I was looking for the model I wanted, and he and I eventually found it. The price on the unit was more than the Web advertized price.

When I challenged him on it, he said I needed to give him proof.

So, back home I went, and sure enough the price was lower. I PDFd the site page with the sale price, and also printed the product's Web page. I went back with that print-out, and the manager went with me to the till to authorize the lower price. :D

PDF:
  • It is very important to make a permanent copy of the site. The URL will be saved in the header as well as the date the copy was made.
  • If the URL is too long to show up completely in the header, copy and past it into an associated word processing document.
  • Company Web sites, especially retail and eCommerce sites, change frequently, so a permanent copy helps to preserve the evidence.
Print-Out:
  • Hard evidence for the manager or salesman/woman to prove the case.
  • Gives the buyer leverage if there needs to be an escalation in confrontation.
If there is an escalation in confrontation, and the results are less than satisfactory, then one needs to be as public as possible. Spread the word on the Internet, let your local Better Business Bureau know about your situation, and talk about it with others.

There is also the possibility of getting the local law enforcement, district attorney's office, or your own lawyer involved depending on the gravity of the matter.

Business practices of this sort need to be rooted out, and people need to know about them. If a business consistently operates in a shady manner such as this, the more people that know about it, the more likely it will have an impact on their business by not giving them any and hopefully wake them up!

Buyer Beware!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

Product Review: Microsoft Wireless Laser Keyboard 6000 V2.0


My old MS keyboard has been behaving flaky lately. It was about two years old, and had a lot of miles on it.

So, I have replaced it with the new Microsoft Wireless Laser Keyboard 6000 V2.0 (WLK). It came with Microsoft's new Laser Mouse 6000.

I won't be using the new Microsoft mouse except as a backup.

I currently use a Logitech MX Laser that fits my hand really well, and has an absolutely amazing level of precision when working in apps like Photoshop, Illustrator, and InDesign. It is also rechargeable.

On that note, I let the batteries exhaust completely before putting the mouse on the charger cradle/receiver. I do this because it gives the batteries their longest possible lifespan. Rechargeable batteries have a plug-in life, that is they will die after so many charge cycles. They also have memories. Yes, even the Lithium-Ion ones have a memory.

So, when my Logitech batteries die, I get a chance to work with the Microsoft mouse that came with my keyboard. And, when I do that, it just reinforces why I won't use it:
  • It is not comfortable to hold.
  • Its contours are just a little off for me.
  • And, I miss the multiple button features on the Logitech.
On to the keyboard.

After so many years slinging a wrench - I was a few work experience hours away from my journeyman mechanic's license when I got into computers - I need the ergonomic style of keyboard for my wrists.

The first generation ergonomic keyboards were painful for us touch-typers. Microsoft and Logitech both shifted the 5 key over to the right finger, or with later revisions, they shifted the 6 key over to the left finger. There really wasn't a whole lot of consistency as to where those two numbers turned up! One needed to "relearn" to type.

I now use those previous generation keyboards in the shop, and they still cause me to stumble!

I am very picky about my keyboard. I prefer a certain type of resistance in the keys to my touch. That resistance must notify me through my fingers that the key has indeed been activated.

The WLK does not have the same feel as my previous Comfort Keyboard 1.0A. The Comfort Keyboard keys had a lot more travel to them, and a resistance point about two thirds of the way through the keystroke.

The WLK has a very short key stroke, and the resistance point is almost immediate. It is going to take a little getting used to. It is also quite quiet. So, no real feedback from sound.

The keys themselves are recessed right into the body of the keyboard. This feature makes it a bit different to ALT+TAB for me as my fingers hit the body edge on the left side of the keyboard. This is of course on Windows XP. Windows Vista with Aero Glass enabled will change that as I will be using the WIN+TAB or WIN+SHIFT+TAB keys for the 3D view of each open window.

The quick keys are fairly standard on all keyboards now, and they work. There is a new key for Windows Vista's Gadgets. But, since I am not running Windows Vista on this particular system yet, I won't be able to use it! ;)

All in all, this is a good quality keyboard.

The keys are easy to use, and they provide reasonable feedback. The ergonomic curve of the keys is good, especially for me. I am able to keep my hand-wrist-arm quite straight, which really eases the stress on the wrists for extended periods at the keyboard.

All in all, I will recommend this keyboard product to our clients who request ergonomic keyboard references.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists