Thursday, 27 September 2007

Temporary Blogging Stoppage for a Funeral

We need to head out tomorrow for a funeral. Monique's Grandpa has passed away.

My Dad will mind the shop while we are gone. We should be back next Wednesday or Thursday.

Thank you all for the support and encouragement! :D

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Blog - Blog Links Update

It sure pays to check one's links! Holy Smokes!

One of the links, which has now been removed, was to a blog on security: Info Security Sell Out.

There was a point where the blogger posted about some vulnerabilities in Apple's Safari browser. Well, all heck broke loose for them and the blog was hacked.

The blogger managed to get their blog back, at least for a while it looks like.

After clicking the link to the blog that was available in our Blog Links section, there was definitely a not family friendly bit of content there.

Please accept our deepest apologies for not being aware that our link to that blog should have been removed! We will be a lot more diligent about our links!

Thank you,

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Business Principles: Converting the Business Model to Managed Services

Karl Palachuk has an excellent series of articles on converting an I.T. business model to managed services: Managed Services in a Month.

There are a number of parts to the series, and all are very well rounded in their explanation of the methodology for the conversion.

One of the biggest benefits of the conversion process is getting a different perspective on the business that we run. It forces us to examine everything we do, how we do it, and whether it is beneficial to our clients and us or not.

As far as managed services go, there are a number of excellent benefits:
  • Improved and steady cash flow.
  • Billing ahead as opposed to terms behind the service.
  • Client Support Contracts/Agreements.
  • Prepaid hardware and software.
  • Enforcing the finance charges for overdue invoices.
  • Managed Services tiered pricing structure - Silver, Gold, Platinum or the like.
  • Client management and selection.
There are a lot of words out there indicating that I.T. support companies need to convert their business model or else. It is a common thread we have seen often.

Given Karl's excellent perspective on the subject, there is a much more positive reason to convert: It will grow our business and smooth out the feast or famine cash flow situations. It will deepen our business relationship with already established clientele, and provide a way for us to lock in new clients.

So, please give it some thought:
  1. Managed Services in a Month.
  2. Managed Services in a Month - Part One.
  3. Managed Services in a Month - Part Two.
  4. Managed Services in a Month - Part Three.
  5. Managed Services in a Month - Part Four.
  6. Managed Services in a Month - Part Five.
  7. Managed Services in a Month - Part Six.
  8. Managed Services in a Month - Part Seven.
  9. Managed Services in a Month - Part Eight.
  10. Final Thoughts: Managed Services in a Month.
For those of us who own and manage our own small businesses, we have already taken a huge risk and started our own company. That, in and of itself, is probably one of the most stressful decisions one can make short of mortgaging a house. That mortgage, and our family's livelihood now depends on us all the more! ;)

So, after careful evaluation of Karl's articles, it is not hard to see that one can indeed take on his suggestions and do it!

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

System Builder Tip: Intel TST is now available

For Intel Associate and Premier Members, your Intel Technical Solutions Training (TST) invite should be arriving in your inbox soon.

The Intel Technical Solutions Training program used to be by specific invite only. Generally, that meant that only Members with high product volume, which meant Premier Members, received that invite.

Now, the TST is being opened up to both Premier and Associate Members. The number of seats is limited, so get in there quick, and register.

This program does carry a fee in US$ which for us Canucks is a real bargain right now! ;)

The fee is relatively small compared to what we will receive:
  • Intel technology training direct from Intel.
  • Inside NDA related technology information.
  • A fully configured Intel Core 2 Duo E6850 2GB system with Windows Vista Ultimate.
  • A chance to meet and share experience with our industry peers.
For us, it will be time well invested. Since we base our corporate system designs on the vPro Q series motherboards, this will be the second opportunity to work with the new DQ35JO motherboard. The first time we saw this board was via our system builder who has been testing a DQ35JOE in their shop for a number of weeks now. They are happy with it, so we are sure that we will be too.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 26 September 2007

Windows Live Search versus Google

We have left the default Windows Live Search in Windows Vista x64 IE7 on this particular workstation to see how it compares with Google.

We need to install a second child seat anchor in my V8 Taurus SHO. The closest Ford dealer is City Ford.

Do a search via the browser's built-in Windows Live Search and this is what we get:

Note that we put "City Ford" in quotes which is supposed to delineate the search to those exact words. It did not, instead it gave Edmonton City as the top series of search results.

Yes, there is the City Ford Sales link at the top right, but a second click does not count.

Here is Google's results:

They were bang on with the search results with no quotes. We even received a map to the location plus all of the relevant contact info for the dealership. No second click!

Note to Microsoft: There is a very good reason why the graphs near the middle of this article show your search share slipping. The above search result comparison clearly demonstrates the reason.

UPDATE: Might as well show Microsoft a bit more. :('s results:

The top two links are totally relevant just as Google's results were. No map though.

UPDATE 2: The link that eluded us earlier: Todd Bishop's Blog: Reports: Microsoft's search market share slips.

UPDATE 2007-09-27: As per our Microsoft friend in the comments, we were consistently getting the same results as we tried the same search again and again. At least initially. Perhaps there is a new Web farm and DNS was a little slow on our end of the world to get there? Anyway, this is the NEW results we just received for the same search:

Bingo! Now that's what we are talking about! Excellent improvement! If the Windows Live Search Team continues to make service improvements such as these, we may actually see those curves start to move up!

In our case, the default search in IE will stay at Windows Live for now!

Kudos to the Windows Live Search Team for the huge improvement.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - ISA 2K4 - Publishing a DNS Server behind ISA

When we did our very first SBS 2K to SBS 2K3 Premium upgrade for one of our Internet facing clients who have their own little Web farm and Internet DNS settings, it was a lot of "fun"! :(

This is what we found in the ISA 2004 help file for publishing their DNS servers:
Publishing DNS servers

ISA Server does not translate the IP address of DNS servers. To publish a DNS server, configure a route network relationship between the Local Host network and the network that includes the DNS server. Similarly, ISA Server must know the IP address of the DNS server.
Um, huh?!?

We ended up having to call the Partner Support line and work with the ISA troubleshooting team for hours upon hours spanning days. Eventually, while on the phone with a Microsoft tech, we actually figured it out. And, guess what? The answer was just too simple.

  1. Create a Server Publishing rule
  2. Call it DNS Publishing or the like
  3. Assign the DNS Server's internal IP
  4. Assign the DNS Server protocol

  5. Select the External Network
  6. Click Finish
  7. Click the Apply button in the ISA console
  8. OK
That experience over a very poorly written Help File entry was an incredible amount of frustration for us! It was even more so because we had a number of SBS 2K3 Premium migrations with Web farms behind them waiting on us to do after that.

Truly, it must have been a real pain point because Microsoft actually published a KB article about it: How to publish a DNS server in Internet Security and Acceleration (ISA) Server 2006 or in ISA Server 2004.

When publishing any form of manual for users, it must be "User" tested. It must pass the, "My mom can read and do it" test. The language must be simple and bullet proof. All of the bases need to be covered. If we professionals can't read and understand whatever was written in the manual or Help File in the first place, then we can sure as heck count on the phone to be ringing with our users calling us for clarification.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 25 September 2007

SBS - SysInternals BGInfo Quick Config

Every server install that we do, whether SBS, Windows Server 2003, or others, we always copy the BGInfo - Background Info - utility into the Startup folder on the server.

The utility can be obtained here: Systernals BGInfo.

A screen shot of the background from the SysInternal's site:

Also from the SysInternal's Web site, a screen shot of the default settings in the utility:

This is the standard background configuration we use:
Host Name: <>

Boot Time: <>
Snapshot Time: <>

CPU: <>
Default Gateway: <>
DNS Server: <>
IE Version: <>
IP Address: <>
Logon Domain: <>
Logon Server: <>
Machine Domain: <>
Memory: <>
Network Card: <>
Network Speed: <>
OS Version: <>
Service Pack: <>
System Type: <>

Volumes: <>
Free Space: <>
The Blogger interface is really having a hard time with the greater than and less than symbols. It keeps wiping out the data in them, or not showing them at all. The latter is due to the software assuming that whatever is within the symbols is code.

There should be no space between the symbols and the data field.

So, when we have a moment, we will post a zipped text file of the configuration. It is nice to have access to when we setup new site servers.

Update: They showed up in the post, so you can copy and paste them into a text document as well and remove the spaces!

UPDATE: Here is a link to the text file: BGInfo Settings (zip file).

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 21 September 2007

SBS - Fax and modems - USB or Serial?

Lately, we have been in a bit of a quandary. Pretty much all server boards no longer have PCI slots to install that 56K fax modem into anymore.

So, we started selling the US Robotics USB based external: 56K* USB Fax Modem:

All in all, we have had pretty good success with these units. There have been some anomalies with them that we haven't been able to pin down 100%. But, we are pretty sure they are the culprit. The anomalies are not critical in that they don't spontaneously reboot the server or interfere with critical server services. They are minor inconveniences.

One thing we like about them, they tolerate having other fax machines, such as MFPs, on the same line that are only used to send faxes from.

In some cases, we have installed the US Robotics USR5686E, USR325686E 56K V.92 External Faxmodem:

These serial based modems have worked well where the phone line quality is not so good. They do however, have an issue with any other fax machine trying to send a fax on the same line. They like to pickup and try and receive. So, they need to be on their own line for receiving faxes. They are that sensitive.

What are your experiences? What modems do you use, and how well are they working out for you? Have you had any issues with USB modems?

Please, let us know and thanks in advance! :D

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - Top Ten (Plus One) Myths about Windows Small Business Server 2003

We came across this Microsoft site: The Top Ten (Plus One) Myths About Windows Small Business Server 2003.

Here are the myths in a nutshell:
  1. I cannot add additional servers to a Windows SBS domain.
  2. I cannot run Terminal Services in the Windows SBS domain.
  3. Windows SBS doesn't scale.
  4. Windows SBS requires different hardware than Microsoft Windows Server 2003.
  5. I cannot upgrade my current server.
  6. I'm going to outgrow Windows SBS.
  7. The Exchange Server 2003 mail store limit is too small.
  8. My applications are not supported on Windows SBS.
  9. Windows SBS has scaled-down versions of applications.
  10. I can't use the tools from Windows Server 2003 in Windows SBS.
  11. Windows SBS isn't secure.
For those of us who design, implement, service, and support network infrastructure around SBS, we know these myths are a load of bunk.

If anything, it is a good 5 minute read to refresh and/or inform us of what SBS is not.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows Vista - USB Reliability Stack Update Required

Keep in mind that any Bluetooth enabled Microsoft Hardware product carries the following in the product box:

Critical Update Warning

One needs to go to the Microsoft Hardware site via the link indicated: Update for Windows Vista.

The link brings you to:

Note that the update applies to both the 32bit and 64bit versions of Windows Vista.

This is a pair of updates that one should keep on their technician's memory stick for those just-in-case moments where there may be no Internet access or site restrictions.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 20 September 2007

Windows Vista x64 - Adobe Acrobat 8 Professional "Printer" not Generating PDFs

Out of the box, we had a couple of issues with installing Adobe Acrobat 8 Professional (previous blog post).

So, we have not been able to use the product to generate PDFs via the built-in printer AdobePDF setup.

When trying to diagnose what was going on we went into the Adobe Printing Preferences. Initially the "Adobe PDF Folder" was blank. When clicking the down arrow for any options, the only one available was LPT1:.

So, we selected LPT1:

Adobe PDF Printing Preferences & Properties

Click the General tab in Adobe PDF Properties, click on the Print Test Page button, and bingo! We have a standard Windows Printer Test Page that indicates we have correctly installed our Adobe PDF Converter.

Well, the next step was to figure out how to get it to prompt us to save the PDF in a directory.

We have another system setup with Acrobat Pro running on Windows XP Professional, so we took a look:

Adobe PDF Properties on XP Pro

So, on our Windows Vista x64 Adobe Acrobat Professional 8 did not setup those ports.

From Adobe's support site: TechNote: Error "Warning 20225..." or no Adobe PDF printer appears (Acrobat 8.0 and Acrobat 3D 8.0 on Windows).
Acrobat is not supported on a 64-bit operating system [emphasis ours]. Acrobat 8 should be able to install the printer but not the Adobe PDF port on the 64-bit operating systems; although, the remainder of Acrobat functionality should remain intact. In addition, Acrobat is unable to install the printer if extended ASCII or double-byte characters are found in the path names. Third-party programs can interfere with the installation of the printer by attaching services to the Print Spooler service or installing print monitor software. Lexmark and Dell printers are known to install services such as lexbce.exe that can generate this error message.
There is not Detect and Repair on our help menu either.

Some things are just to "Check for Updates" and the first thing it does is download 168MB of updates.

The first one it installs is on Acrobat, so after the update is done, guess what:

Adobe PDF Port is now available

Adobe, you have great timing! :D The Help --> Repair Acrobate Acrobat Installation menu item is there too.

Some further links:

Kudos to Adobe for bringing about an update to support those of us who have paid the big bucks for their products.

It is good to see!

UPDATE 2007-09-25: Okay, my bad ... It is Acrobat not Acrobate! :D

UPDATE 2008-08-26: As per the comments:

  1. In the Printer list delete the Adobe PDF printer
  2. In Acrobat run the repair routine.

Once the repair has run, you may need to update your Acrobat installation to the newest revision.

That works.

Thanks to those who commented for contributing a fix! :)

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows XP/Vista - Configuring a Static Route

There are occasions where we may need to have a static route configured on a Windows desktop operating system.

With a server, it is no big deal as we configure it in RRAS.

But, with the desktop operating system, we need to work at the command line with the route command. Note that on Windows Vista for IPv6 one needs to use the netsh command to set the routes.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows Vista x64 - Some Observations

There have been some interesting pluses to installing the 64 bit version of Vista.

One is the full 4GB of RAM on the system is now utilized. Another, and this could be purely subjective as we haven't run any actual tests yet, is that the system seems to run faster - way faster. Photoshop just opened for the first time in a couple of seconds. It definitely did not do that previously.

After booting, the system settles in around 2-2.5GB of RAM allocated. Keep in mind that this particular system has a lot of TSRs on it. This is a screen shot with several browsers and Outlook open in the background:

That resource metre is always kept open on the desktop. It is a bird's eye view of what is happening on the system at any given time, and is a good indicator as to an application's ability to utilize all four cores on this system.

Even Outlook 2007 doesn't seem to stall as much as it did before. There is still some waiting for some emails to open when clicked on, but no where near as bad as the "go get a tea and come back" waiting that it was before when running on XP Pro 32bit.

There are some issues with third party software though:
  • To install Adobe Acrobat 8 Professional, one must extract the AdobePDF.dll_64 from the to the desktop and name it AdobePDF.dll when the install chokes and asks for the AdobePDF.dll from the "Windows Vista CD-ROM"!
  • The Adobe PDF "printer" does not work as it should for creating PDF documents from applications. From IE, it just hangs IE and the Spooler. From an application like Word the print job flashes through the print manager with no dialogue to save the newly created PDF.
  • Chapura's PocketMirror Professional for Windows Mobile is not compatible with Vista x64 despite the "Now Supports Windows Vista" logo on their site.
  • The Creative X-Fi drivers did not setup properly the first go around. The noise that came from the speakers was unbearable. After one day of the system being on though, Vista popped up the "Problem with" dialogue that had the Creative driver site link in it to "resolve" the problem. Funny thing though, since that dialogue box came up the sound has been working fine!
IMNSHO, this operating system ROCKS! :D

Why do I say that? Because there are two people in my life who are examples of typical Windows users: My wife Monique and my Dad. We transitioned to Vista at home back in October of last year, and with a bit of orientation, Monique has picked up on the OS and its features with no problems. My Dad, whom I introduced to the world of technology and its benefits around ten years ago, has worked his way into the more advanced features of the OS after we upgraded his system last winter. They both made the transition with little effort.

The OS does improve a user's computing experience. The user needs to know that those features are there before their experience improves!

I do believe that the so called "negative" side of the OS does not exist. The problem has more to do with third parties not having their stuff together for drivers, or application coding trying to run over Vista's new security enhancements. This in turn damages a user's perspective of the OS and its abilities.

All in all, I agree: "The Wow is Now".

And, to the old guard ... remember managing those TSRs?!? ;)

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 19 September 2007

Business Principles: SBS, The Job Interview, and a Raised Eyebrow or Two

Whenever we have guests for the first time at home, there is always the obligatory tour around the house.

Nothing gets more raised eyebrows than the following:

SBS and Web on the feezer

On the left is our W2K3 Web Edition box that publishes HTML and PHP/MySQL sites, as well as DNS to the Web. On the right is our SBS 2K3 R2 Premium box serving our home network with ISA providing filtering for the Web facing services.

It isn't hard to see what is going through the observer's minds by the expressions on their faces: Everything from knowing grins, mischevious grins, or deer in the headlights. They all get a bit of an explanation depending on their technical abilities.

And, it brings up something that we think is very relevant in any person we may consider to help us out either under contract or via being employed in our company: Motivation and Experience.

We are very limited on the way an interview can proceed on the first visit in Canada. But, we can ask experience related questions:
  • How many computers/servers do you have at home?
  • How many virtual machines do you run and what are they?
  • VMWare or MS VS and why?
  • Dual Boot and what OSs?
  • How many years in the industry?
  • What is your operating system of choice and why?
  • What is the approximate mean throughput of a Gigabit connection (trick question too: duplexed or not!)?
  • Name 5 wizards in SBS.
  • What are the benefits of ISA on SBS?
  • LAMP?
  • *BSD?
  • Tiger?
  • Looking forward to Leopard?
  • Fusion or Parallels?
With these questions and more, we can better understand the candidate's motivation for being there. We tend to lean towards those who are passionate and motivated by that passion to delve deeper into the areas they love. There seems to be a direct correlation between the number of machines at home and the person's passion for what they are doing! ;)

And why not? It is the reason we are doing what we are doing! If it wasn't, then when things begin to seemingly fall apart, nothing seems to work, clients are upset because something isn't working as it should, a vendor just bailed on us, there seems to be nothing in the future for us, etc, etc, then that would be the distinguishing point between those who are motivated to get beyond "The Dip" and those who would walk away.

Karl Palachuk has a good blog post on the subject of "The Dip": Mike Writes about Right-Sizing.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - Changing Exchange MailBox Storage Limits

If a user forwards an email that comes to them indicating that they are near their mailbox storage limit, then we need to increase that storage amount, or set their AutoArchive to pull data out more aggressively.

A quick method for changing the 200MB limit on a person's mailbox store size:

In the Server Console:
  1. Advanced Management
  2. Right click on Exchange Organization and properties
  3. Tick both Display routing groups and Display administrative groups
  4. Close the Console after clicking Apply and OK.
  5. After reopening, go to Advanced Management
  6. MYDOMAIN (Exchange)
  7. Administrative Groups
  8. first administrative group
  9. Servers
  10. MySBSServer
  11. First Storage Group
  12. Right click on Mailbox Store and Properties
  13. Click the LIMITS tab.
  14. Change the Issue Warning and Prohibit send and receive amounts to something higher that is appropriate to your organization.
  15. APPLY and OK.
  16. Close console or move onto the next admin task.
The 200MB limit is definitely something we change right out of the box. We have clients that have 1GB to 2GB mailbox sizes. In their cases, now that we are moving our clients over to a ShadowProtect workstation environment, we can get more aggressive with our AutoArchive Group Policy settings and not worry about SOX/HIPAA or the like compliance.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 18 September 2007

SBS - RWW, Windows Vista & Connecting Remote Drives

In some cases, we have clients who need their local machine to be physically connected to the remote desktop by linking the hard drives via their Remote Desktop session.

To do that in Windows Vista, the Remote Web Workplace (RWW) certificate needs to be imported to the "Trusted Root Certification Authorities".

But first, one must Trust the RWW site. After navigating to the RWW site:
  1. Double click on the planet at the bottom right of IE.
  2. Click Trusted Sites.
  3. Click the Sites button.
  4. Add the RWW URL which will be sitting there.
  5. Close the Internet Security window.
  6. Close the browser.
After opening the browser:
  1. Go back to the RWW site.
  2. Click on the red shield in the Address Bar after clicking past the initial certificate warning.
  3. Click view certificate.
  4. Click the Import button.
  5. During the Import process, choose the "Place all certificates in the following store" radio button.
  6. Click the browse button.
  7. Choose "Trusted Root Certification Authorities".
  8. Click OK, Next, Yes, and so on until finished.
  9. Close the browser, reopen it and navigate to the RWW site.
One should no longer receive the certificate warning, and be able to select the connect local drives option when connecting to a remote desktop.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

System Builder Tip: Intel RAID Controllers At-A-Glance

We primarily install Intel RAID controllers in our server builds.

One of the main reasons we now stick with Intel controllers is due to hot swap enclosure compatibility questions. When we are going to install a SRCSAS18E and 10 hot swap drives with an Intel Hot Swap Enclosure or Enclosures, we would configure the following in a SC5400 chassis:
  • SRCSAS18E (120 Drive capable)
    • 4 Drive Hot Swap Enclosure with Expander (2 SATA Connectors)
    • 6 Drive Hot Swap Enclosure (6 SATA Connectors)
Here is a link to Intel's RAID products:
A secondary reason for us sticking with Intel RAID controllers is their support for the channel. As an Intel Associate Member, we have a single point of contact for all of our support questions including immediate RMA service for a component.

Our membership has been very beneficial to us! If you are a system builder, and registered with the big 3 distributors, then check out the program.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 17 September 2007

Windows Vista - Creative X-Fi Snap, Crackle, & Pop Noises on Vista x64 with 4GB+

No, we are not talking about the breakfast cereal! ;)

It seems that there is an issue with the Creative X-Fi sound cards and their drivers on Windows Vista x64 with 4GB of RAM or more.

After installing the drivers, the sound coming up right the first time, it was a complete and utter shock to have this incredibly rude sound screaming from the speakers. Good thing no one was holding their tea or coffee at that point! :O

So, after a great deal of searching, we came up with this: Vista X64, released drivers, scratchy / snap / crackle sound - XFI. The Creative Forum posts are dated in March or thereabouts. Apparently there were a number of people with the sound problem if they had 4GB of RAM or more.

Fast forward to May: Creative Sound Blaster X-Fi series Vista Driver 2.15.0002 - 30th May. These are the drivers that are still available via Creative's Windows Vista x64 download page. Guess what? Still the huge snap-crackle-pop and static noises from the card on boot up. This is not the case for everyone however. For some, the noise went away and the card started to produce the proper sounds.

BTW, Creative has pulled out native support for digital sound decoding, such as Dolby and DTS Digital signals, at the driver level. One has to go out and purchase some sort of video player that can do it. Not too sure about the ability to pass digital out of the system for decoding on an audio/video receiver yet.

For now, a workaround is to hit the Device Manager and uninstall the card after a reboot, rescan for new hardware, and allow itself to install again. For the most part, it works almost every time. When it doesn't, it is pretty shocking.

It means turning those speakers off before leaving, or they could be damaged.

Hopefully, Creative will get their stuff together and work out what the problem is, and update their drivers accordingly.

UPDATE 2007-11-12: There is a new driver set for the X-Fi on Windows Vista x64. They are dated November 5, 2007.

This is the Canadian Link: Sound Blaster X-Fi Elite Pro on Windows Vista x64.

The drivers make a huge improvement on the sound card's performance. MSN pings actually work now, the click sounds in IE are working for the most part, and the sound is way better.

Good on Creative!

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows Vista - Fresh Install BitLocker Drive Prep

This process was pointed out by Chris Knight in our previous post: Windows Vista - BitLocker caveat - Or maybe not?.

From the TechNet article - Windows BitLocker Drive Encryption Step-by-Step Guide:

Partition a disk with no operating system for BitLocker

In this procedure you start the computer from the product DVD and then enter a series of commands to do the following:
  • Create a new 1.5 GB primary partition.
  • Set this partition as active.
  • Create a second primary partition using the rest of the space on the disk.
  • Format both new partitions so they can be used as Windows volumes.
  • Install Windows Vista on the larger volume (drive C).
You must create a second active partition for BitLocker to work properly.

Your drive letters might not correspond to those in this example. In this example, the operating system volume is labeled C, and the system volume is labeled S (for system volume). In this example, we also assume that the system has only one physical hard disk drive.

To partition a disk with no operating system for BitLocker
  1. Start the computer from the Windows Vista product DVD.
  2. In the initial Install Windows screen, choose your Installation language, Time and currency format, and Keyboard layout, and then click Next.
  3. In the next Install Windows screen, click Repair your computer, located in the lower left of the screen.
  4. In the System Recovery Options dialog box, make sure no operating system is selected. To do this, click in the empty area of the Operating System list, below any listed entries. Then click Next.
  5. In the next System Recovery Options dialog box, click Command Prompt.
  6. Use Diskpart to create the partition for the operating system volume. At the command prompt, type diskpart, and then press ENTER.
  7. Type select disk 0.
  8. Type clean to erase the existing partition table.
  9. Type create partition primary size=1500 to set the partition you are creating as a primary partition.
  10. Type assign letter=S to give this partition the S designator.
  11. Type active to set the new partition as the active partition.
  12. Type create partition primary to create another primary partition. You will install Windows on this larger partition.
  13. Type assign letter=C to give this partition the C designator.
  14. Type list volume to see a display of all the volumes on this disk. You will see a listing of each volume, volume numbers, letters, labels, file systems, types, sizes, status, and information. Check that you have two volumes and that you know the label used for each volume.
  15. Type exit to leave the diskpart application.
  16. Type format c: /y /q /fs:NTFS to properly format the C volume.
  17. Type format s: /y /q /fs:NTFS to properly format the S volume.
  18. Type exit to leave the command prompt.
  19. In the System Recovery Options window, use the close window icon in the upper right (or press ALT+F4) to close the window to return to the main installation screen. (Do not click Shut Down or Restart.)
  20. Click Install now and proceed with the Windows Vista installation process. Install Windows Vista on the larger volume, C: (the operating system volume).
In our case, we always setup a small partition at the end of the disk for the Swap File. So, we will format as follows:

  • BitLocker Partition T: (Active)
  • System Partition C:
  • Swap File Partition: S:
We are in the process of setting up one of our high performance workstations in the office with a fresh install of Windows Vista Ultimate x64 with the intent of setting up BitLocker and running a few drive scans after the fact.

We will be using this x64 based station as a litmus test for the extra memory capabilities of Vista x64 and Adobe Create Suite CS3 performance among other things.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Saturday, 15 September 2007

SBS - Backup and SS4000-E Intel NAS

Besides using ShadowProtect on our servers, we have a couple of SS4000-E Intel NAS devices to keep live data mirroring on.

Part of our maintenance routine is to use a compressed air source we have in our shop (150psi compressor with dried air) to blow out any equipment we work on.

We had this unit apart to clean out all of the fuzzies and dust. Our office/shop is on the fringes of the city, so there are a lot of fields and bush areas close by. Plus, the construction around us is huge as the area is starting to be developed.

So, we shut down this box and cleaned it out.

When we booted it back up, one of the drives was down. This particular unit has 4 x 300GB Seagates in RAID 5.

We swapped out the "dead" drive and ran the scan on the SS4000. It did not pickup the new drive. A reboot later, and still no sign of the new drive.

We pulled it apart, made sure to give it a good looking over to make sure none of the contacts were dirty and put it back together with the original drive (it tested out okay).

On this boot up, we received a degraded array message, along with a "rebuilding" status for the array. This time around, it had picked up the original drive, but not the data on it.

So, we will keep an eye on this unit to see if it fails the same drive again. If it does, we will swap the unit out for another one with Intel.

The unit is about a year old and has been stable up to this point. We do have a lot of them out there doing similar duty with no issues to date.

There is a firmware update that was released earlier this year that allows for drives larger than 500GB: Intel SS4000-E Downloads Page. Keep in mind that this firmware update will destroy any data on the device.

And, one more point: To rebuild a degraded 900GB RAID 5 array (4x 300GB) on this unit is approximately 17 hours with no other activity to or from the device. Start moving data on or off of the S4000-E and that time quadruples.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 14 September 2007

SBS - Post Install - Rename that Administrator Account

There are a number of arguments we have heard over the years about "Security by Obscurity" not working.

In some cases, such as in the case of moving ports about, this may be true. A port sniffer can run the full 65K+ ports in very short order.

In the case of renaming the administrator account, this is not the case. At least, we haven't heard a convincing argument for not renaming the account yet. In our experience, there are many circumstances in life where one can discover that "Security by Obscurity" does indeed work.

So, we change the name of the admin account on all of our SBS installations. But, we do things in two tiers, that is the Group Policy Object (GPO) for the change is at the domain level, but we set another GPO at the workstation level that is enforced to change it again.

Here is a screen shot of a GPO we create by default on all of our SBS installs:

Default Domain Security Policy
As you can see, there are a number of settings that we enable by default to tighten things down. This particular screen shot is of one of our TechNet Plus SBS lab setups.

In this case, we set the default domain admin account to be renamed to: technetadm1n

In our case, we tailor the admin account to our client's circumstances. Of course, we never use their company name, or portion of their company name, for the changed admin account.

One of the objections heard to renaming the account, is that it is public. To mitigate this aspect, we create a workstation level GPO:

SBSComputers Security Policy
After creating the GPO, we right click on it, as in the screenshot, and click on "Enforced". Thus, any settings in the SBSComputers Security Policy that are different than the domain level settings will take precedence.

In this case, we make the following change in the SBSComputers Security Policy:

Rename administrator account: "Administrator"
In this example, we change it back to the default, which causes the Local Admin Account to be set back to being named Administrator. That would be the name to use to log on to the local machine with local admin rights.

One could also set an alternative name for the local administrator depending on the client situation.

With the ability to assign user management privileges to an on-site person via the "Power User" account level, there is no reason why the only people to know the admin account access are the company's partners or contact partner, and us, the supporting I.T. organization.

And, to conclude, the argument we use: If one can't first find the door, how can one pick the lock?

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - CEICW - Web Services Configuration Choices

At one point during the Configure Email and Internet Connection Wizard, we get to choose which services are exposed to users that logon to the Remote Web Workplace:

The following are the choices:
  • Outlook Web Access: Direct Outlook Web access via
  • Remote Web Workplace: The Web site we use to access internal SBS resources via
  • Server performance and usage reports: For anyone given permission to see the reports via the Reports and Monitoring Wizard, they will be able to click on the link in RWW, logon, and view the reports live.
  • Outlook Mobile Access: Permission to configure your Windows Mobile device to synchronize with Exchange for email, contacts, appointments, tasks, and more from anywhere.
  • Outlook via the Internet: Allows Outlook 2003/7 to connect to Exchange via RPC/HTTPS.
  • Windows SharePoint Services intranet site: The Companyweb internal site made available via RWW. A logon may be required.
  • Business Web Site (wwwroot): Setup a Web site such as to be hosted on the SBS box (not recommended).
  • Allow access to the entire Web site from the Internet: This is not recommended at all as everything in and under the Default Web site will be accessible via the Web!
The Configure Email and Internet Connection Wizard is probably one of the most important wizards in SBS. Understanding the mechanics for how the wizard goes about configuring the various components is not required. It is, however, imperative that we understand all of the available choices to us as we run through it in order to make the proper decisions.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Blog error and apology

When I was in the process of putting together the SBS CAL post yesterday, I clicked on the Link to in his post.

I clicked publish thinking that it would give me an URL inserted into the current post I was working on, instead it published the link to the blog itself.

My mistake there, and my apologies to Chris, I have since removed the mistaken post from the blog.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

System Builder Tip: Asus P4C-800 3Com NIC Install

The P4C-800 was the very last Asus board we ever sold.

We had a bunch of systems built around the boards and pretty much all of them came back.

Therein lies the reason behind our conversion to Intel only for our system products.

Here, we are rebuilding a system based on a P4C-800.

The NIC driver will not install. It is the 3Com 3C940 based on board adapater. No matter what we try, it just is not happening.

Here is what we came up with:
  1. Regedit
  2. HKLM\System\CurrentControlSet\Enum\PCI
  3. Find the Ethernet properties - VEN_1148&DEV_4320...
  4. Right click on the key and Permissions
  5. Add yourself with Full permissions
  6. Find and modify CompatibleIDs by adding the line: VEN_10B7&DEV_1700
  7. Modify the HardwareID by adding the line: VEN_10B7&DEV_1700
  8. Close RegEdit
  9. In Device Manager uninstall the Ethernet Adapater
  10. Rescan for hardware - right click the computer at the top and "Scan for changes..."
  11. Select Advanced and choose the 3Com driver yourself from the CD
  12. Do not reboot the system during this process. Just delete the adapter and install the 3Com drivers from there.

And, if it is important, such as in the case where the computer is directly connected to an ISP that registers the MAC address, they come up as all zeros. So, one needs to set the MAC address for the NIC too.
  1. Right click on the NIC and Properties
  2. Click the Configure Button
  3. Advanced Tab
  4. Network Address
  5. Click the radio button beside the data and enter: 02-60-8C-AA-BB-CC
    • The last three numbers can be made up. the 02-60-8C is 3Com's vendor code.

Once those two settings have been taken care of, one is good to go!

Thanks to advil about half way down page 2 for this: P4C 800 Deluxe Lan not working.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 13 September 2007

SBS - Lost CAL recovery or reset CAL count to 5

Chris Knight mentions a situation where his SBS server had its CAL count reset to 5: Small Business Server 2003 - The Dreaded 5 CAL Reset Issue.

The following KB refers to the methodology to recover your CALs if they were somehow lost as was the case in Chris' case:

Microsoft KB 888818: The number of client access licenses may be reset to five in Windows Small Business Server 2003.

If none of the methods in the KB article can work for you, then there is a fall back: The backup licensing file that is created by SBS.

To recover your CALs via this file:
  1. Stop the License Logging Service.
  2. Rename the existing to
  3. Copy the to %Windir%\System32
  4. Rename the to
  5. Restart the License Logging Service.
One only has to verify that the existing licenses are back by opening Licensing in the Server Management Console.

There is another good use for this information: For one who has setup the server, and installed the CALs as the wrong type. Indicated Device CALs instead of User CALs or vice versa?

Stop the License Logging Service, rename both and, restart the License Logging Service, and open the Licensing in the Server Management Console.

You will get a 1016 error in the event viewer when the service cannot find the license file, but it will create a new one back at the default of 5.

When you go to reenter your CALs as the correct type, keep in mind that the online method of registration may not work. You may need to call into Microsoft to register the CALs.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 12 September 2007

Windows Vista - BitLocker caveat - Or maybe not?

Looking forward to incorporating full encryption via the new Windows Vista BitLocker Drive Encryption? We are, and so are our clients who have a huge exposure with client data on all of their laptops.

EFS was not a foolproof option. BitLocker is.

However, a little beforehand research is in order.

One needs to have at least two (2) volumes created before installing Windows Vista.

At least that is how it reads until about the middle of the Help article where it states that if you only have one volume, you can use the BitLocker Drive Preparation Tool to "help get your system ready for BitLocker by creating the required second partition".

From the Windows Vista Help for BitLocker:
Set up your hard disk for BitLocker Drive Encryption

Before you can turn on BitLocker Drive Encryption you need to make sure that your computer's hard disk has the following:

At least two volumes. If you create a new volume after you have already installed Windows, you will have to reinstall Windows before turning on BitLocker [emphasis ours].

One volume is for the operating system drive (typically drive C) that BitLocker will encrypt, and one is for the active volume, which must remain unencrypted to start the computer. The size of the active volume must be at least 1.5 gigabytes (GB). Both partitions must be formatted with the NTFS file system.


The terms partition and volume are often used interchangeably. On most computers, they are the same: one partition equals one volume. On larger computer systems, however, it is possible to have a single volume span several partitions. BitLocker installs on a simple volume, where one volume equals one partition.

If you do not already have two partitions, you can use the BitLocker Drive Preparation Tool to help get your system ready for BitLocker by creating the required second partition [emphasis ours].

If you are using Windows Vista Ultimate, you can download and install the BitLocker drive preparation tool from Ultimate Extras. Download and install the Ultimate extra called BitLocker and EFS enhancements. After you have installed this tool, type BitLocker into the Start menu search box, and then double-click BitLocker Drive Preparation Tool to run the tool. After the tool runs, you must restart your computer before turning on BitLocker.

If you are using Windows Vista Enterprise, you can get the BitLocker drive preparation tool through these standard support channels:

Microsoft Volume Licensing Services

Microsoft Services Premier Support

Additional information about the BitLocker drive preparation tool is available in Knowledge base article KB# 930063.

If your computer meets these requirements, you can turn on BitLocker.

To turn on BitLocker
Click to open BitLocker.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Click Turn on BitLocker.

Follow the instructions in the BitLocker Setup wizard.
From the above mentioned Knowledge base article:
How to obtain the BitLocker Drive Preparation Tool

Windows Vista Ultimate

If you are using Windows Vista Ultimate, follow these steps to obtain the tool:
  1. Click Start, type Windows Update in the Start Search box, and then press ENTER.
  2. Click Check for updates.
  3. Click View available Extras.
  4. Click to select the BitLocker and EFS enhancements check box, and then click Install.
We don't have a free system with a TPM at the moment. So, we won't be able to run through the setup procedure to figure out just what is up.

To the Windows Vista team that wrote this particular Help item, please clarify whether we need to have two partitions/volumes before we install the OS or not. The above Help article certainly, at least in our opinion, doesn't make things clear.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Product Review: HP ScanJet 5590 - Error 23

Not much to review. How is that?

Because we have had a dismal record with them. We are batting close to 80% fail rate on the ones we ordered - all within a short period of time.

Error 23 flashing on the display seems to be the common thread. That error indicates a lamp failure. Sometimes a power cycle will bring the unit online, in many cases it may take several. And, in some cases it may never come back. It seems to be a common problem with these scanners.

We have had our issues with HP product in the past. We will never install an HP optical drive in our systems. Ever! Talk about grief ... if it wasn't burning properly, it would constantly require firmware updates.

Just recently, we received an HP DVDRW drive that was seemingly labelled a Lite-On when we ordered it. We figured we would give it a chance. It would not read any of the TechNet DVDs. It was not a reliable burner. So, out the door it went ... into recycling.

Remember the USB duplex issues with the 2400 series LaserJets? Ouch! We began to cringe when we saw who was on the Call Display. :(

It was always a firmware related error code 42.Fxxx or something like that.

Those ones hurt as we sold a whole bunch of them when they first came out. Firmware after firmware update did not resolve the problems. HP even sent us replacements! And they too had the same problem!

In 99.9% of the cases we installed a network switch to split off the one network connection for the PC and printer. We then statically assigned an IP to the printer, and gave the person using it print and manage access. No one else on the network could print to it. That avoided whatever goof up in the firmware when it came to duplex a print job that came to the printer via USB. But, we had to go through a lot of pain before we figured that one out.

So, it is late, and the scan job that needed to get done, won't. The HP 5590 is just not cooperating. If our supplier won't RMA it, we will just write it off and send it off to recycling. :(

Looks like we will be moving over to Epson or another suitable replacement product for our scanning needs.

Any recommendations? We need ADF with duplex as we scan a lot of documentation for archival purposes.

Other than the driver issues on Windows Vista, HP seems to have done a decent job on the recent models of LaserJet and MFP printer units.

By the way, we did try HP's online support chat for the scanner. That did not work out too well either.

Ultimately, they seemingly have pointed to a "software problem". :8(

Yet another *sigh*

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS & Windows Vista - Group Policy Team Survey

Hey folks, here is a way to let the Group Policy team know what we have been doing with Windows Vista Group Policy on SBS.

From the Windows Vista Blog: Give the Group Policy team your feedback.

The Windows Vista Group Policy Survey is here.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 11 September 2007

System Builder Tips: Intel S3000AH "PCI Device" and "PCI Serial Port" Unknown in W2K3

There is an issue for the S3000AH Intel server boards with Windows Server 2003 or SBS 2003 installed.

From Intel's site:
Intel® Server Board S3000AH
Two Unknown Device Under Microsoft Windows* Device Manager

On Microsoft Windows*, after installing all the drivers (onboard LAN, video and chipset), Microsoft Windows* Device manager is showing two devices - "PCI Device" and "PCI Serial Port", each of which has a yellow question mark.

The devices "PCI Device" and "PCI Serial Port" are the components of Intel® Active Management Technology(iAMT). iAMT is not available without driver installed for these two devices. The .inf file for these devices are included in the LAN driver package (10.4 or later), rather than the Intel® Chipset Driver Package.

There are two ways to resolve the warning:

On LAN driver package 10.4 or earlier releases :

(1) Manually install the iamt.inf for the devices. Extract the LAN driver package, select the "PCI Device" in Microsoft Windows* Device Manager and direct Windows to find iamt.inf in the \platform\IntelAMT\Drivers\WS03XP2K (for IA32) or \platform\IntelAMT\Drivers\WS3XPX64 (for EM64T). This will install the iamt.inf. Do same steps for "PCI Serial Port" device.


(2) Run the setup utility provided for the LAN driver package in \apps\setup\SETUPBD. This will install the LAN drivers and the iamt.inf. Alternatively, you can install the LAN drivers, PROSET software and iamt.inf file from \apps\PROSETDX.

On LAN driver package 11.0 or later releases :

(1) Manually install the iamt.inf for the devices. Extract the LAN driver package, select the "PCI Device" in Windows* Device Manager and direct Windows to find iamt.inf in the \PLATFORM\IntelAMT\Drivers\Win32 (for IA32) or \PLATFORM\IntelAMT\Drivers\Winx64 (for EM64T). This will install the iamt.inf. Do same steps for "PCI Serial Port" device.


(2) Run the setup utility provided for the LAN driver package in \apps\setup\SETUPBD. This will install the LAN drivers and the iamt.inf. Alternatively, you can install the LAN drivers, PROSET software and iamt.inf file from \apps\PROSETDX.
Intel's Site: Intel® Server Board S3000AH - Two Unknown Device Under Microsoft Windows* Device Manager.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows Vista - QuickBooks still doesn't work properly.

This post may come across as somewhat cranky ... as it has been months - no years - since Intuit has had an opportunity to get their QuickBooks product to work properly on Windows Vista RTM as well as the Beta 1 and 2 versions!

We support a number of small to medium size accounting firms so we provided the initial troubleshooting to get things running. We also run our business on QuickBooks, so much of the troubleshooting was done at our expense.

So, what does the small accounting firm that works very occasionally with an outside I.T. support firm supposed to think when they are installing QuickBooks 2007 (QBs) for the first time and see this:

There was a problem accessing the Fonts section of the Registry.
So, off to the QuickBooks support site they go, and, all the person would come up with when searching the QuickBooks Support site?


Nada, nothing, zippo. Click on the link and one is taken to the general support pages related specifically to QBs on Windows Vista.

We see that error every time we install QuickBooks on a client machine with Windows Vista installed. So, after all of this time, why isn't there a support page to at least assuage the user's fears?

Okay, so, they clicked OK, and now have their QuickBooks product installed. After the mandatory reboot, the user double clicks on their QBs icon and low and behold:

QuickBooks - Unexpected Error

QuickBooks has encountered a problem and needs to close. You may lose the data that you recently entered. We're sorry for this inconvenience.

You can look at the error report that QuickBooks created about this problem, then choose to send it to Intuit through a secure SSL Internet connection. the process is private and fast. The report will help us improve the QuickBooks product.
Okay, so the user clicks the View Report link. Um, huh?!?

Yes, we already know that the program has crashed. There is absolutely no information there to helps us figure out how to get the program started. Click the Send Report button, and we are greeted with:

Thank you for submitting your report!
Nothing there for us to work with. Okay, off to the support site yet again. The result of the search: QuickBooks encountered problem needs close?

Nothing that can be seen that is relevant to our specific situation. Okay, add the word Vista to the mix: Vista QuickBooks encountered problem needs close?

Nothing yet again. There is absolutely nothing that can be seen on Intuit's support site, when using their built-in search, to help us out here. By now, we are sure the user would be right upset. We sure were after fighting to get things running for a good chunk of time.

So, we go to the Internet search engines to try and find out more information. Even after sifting through the various search engines' results, we had a hard time finding something.

But, we finally found a QuickBooks Knowledgebase article via a search engine other than Intuit's internal one: When installing QuickBooks on Windows Vista OS I get error messages. What does this mean?

Here is the article wholesale:

Windows Vista is designed to be a more secure operating system, so it will present you with security warnings you may not be used to. When you first install the program, and when you run the program, Vista will tell you “An unidentified program wants access to your computer.” If you’re installing, the file it mentions will be “setup.exe”; if you’re running the program, it will be “qbw32.exe”. You should allow these programs to run. If the error message “QuickBooks has encountered a problem and needs to close. We’re sorry for the inconvenience” appears when trying to run QuickBooks it is because you set up QuickBooks to run in the Program Files folder instead of the Documents folder. You can work around these errors messages in either of the following two ways:

Run QuickBooks as an Administrator [bold emphasis ours].
Install QuickBooks in the Documents folder instead of the Program Files folder.
To run QuickBooks as an Administrator after installation:

Right-click the QuickBooks icon on your desktop.
Select Properties.
Select the Compatibility tab.
Click the box next to “Run this program as an administrator” to insert a check mark.
Click OK.
Double-click the QuickBooks icon on your desktop.
Enter the Administrator password if prompted.

To install QuickBooks in the Documents folder:

Insert the QuickBooks Installation CD in your computer’s CD-ROM drive. The installation Wizard prompts you to install QuickBooks. Click Yes.
Type in your installation key code, and click Next.
Follow the on-screen instructions until you get to the QuickBooks Install Options screen.
Click Change New Directory on the QuickBooks Install Options screen.
Navigate to your Documents folder, and click OK.
Follow the on-screen instruction to complete the installation.
So, we have two options: Run as a local admin, or install to the Documents folder?!?

Installing an application to the Documents folder is not an option. Just think about the possible pain points in that one ... they are endless.

Okay, so we follow the instructions to elevate privileges on the shortcut:

We then double click on the icon, and what do we get greeted with? A UAC prompt:

An unidentified program wants access to your computer

Don't run the program unless you know where it's from or you've used it before.

Unidentified Publisher
So, we click allow. QuickBooks finally comes up, and we are off to activate and update the product.

Keep in mind that all of the above was accomplished with the user in the Local Administrator Group.

So, after the install, what happens if we remove the user from the Local Admin Group and run the program?

We get a UAC authentication request for admin privileges:

Now, we still had the "Run this program as an Administrator" checked for the shortcut. Thus, the authentication request. But, we were not able to remove that check mark, so, no restricted QuickBooks users on a SBS domain.

Anyone else sensing our frustration with this situation?

What really brings this situation home is the fact that we can get Sage's Simply Accounting installed on Vista with NO pain points at all. None. The install and subsequent update is seamless on Windows Vista.

From the QuickBooks Support site: Benefits of Windows Vista and QuickBooks 2007 for clients 1004160

When you are working on a network, Windows Vista and QuickBooks 2007 make it easier to manage and share the business information your employees need to be productive. Both QuickBooks 2007 and Windows Vista provide dramatically easier navigation to help you get to the information you need when you need it. In short, you can work more efficiently and effectively with QuickBooks 2007 and Windows Vista together.
Afraid not Intuit. To date, we have yet to get a QBs install on Windows Vista up and running without some sort of grief or the UAC warning every time the user starts QBs.

From Intuit's support site: Issues That May Be Encountered Running QuickBooks 2007 on Windows Vista .

And Intuit, please don't counsel your customers to turn off Vista's User Access Control: Turning User Access Control on or off in Windows Vista 1007076. The security was built into Windows Vista for a reason!

A long list of frustrated QuickBooks on Vista users at the Intuit Community Forum.


Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Saturday, 8 September 2007

SBS Premium - Intel ProSet not working?

So far, with every build of SBS Premium, we have lost the Teaming ability on the server.

We have run the P3Uninst.exe file on the server to no avail.

We made sure to shut down all IP related services on the server before attempting any form of uninstall/reinstall.

We then ran the ProSet install utility with the Remove option. This too did not bring back the teaming ability.

Out of the three adapters in this server, two showed the Teaming tab, but if we tried to create a team, we were greeted with:

No Intel server adapter or Intel integrated connection is available for teaming. Each team must include at least one Intel server adapter or Intel integrated connection.
There is something on SBS Premium that is interfering with the teaming. So far, we have not been able to figure out just what that is.

We do not W2K3 SP2 our SBS boxes unless absolutely necessary at this point. So, the problem is not stemming from SP2 issues.

It does not seem to matter whether we are building on a S3000AH Xeon 3000 series board or a S5000PSL Xeon 5000 series board.

Anyone else having similar experiences?

Note: We only build our SBS based servers on the above Intel Server Platforms. We are very conservative in our choice of platform for SBS, and the Intel one has worked very well for us.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 6 September 2007

SBS - Installing Windows SharePoint Services 3 on SBS

Some How To articles:
To quote from the Official SBS Blog on the proper order of things:
How to install SharePoint 3.0 and then WSUS 3.0.
  1. Install SBS R2 including WSUS 2.0.
  2. Install WSS 3.0 using the side by side installation steps in the white paper. Complete all steps.
  3. Upgrade to WSUS 3.0.
If you install WSS 3.0 after WSUS 3.0, the SharePoint setup will complete, but the SharePoint Products and Technologies Configuration Wizard that runs after setup will fail to create a configuration database and WSS 3.0 will not be functional.
To obtain the above mentioned KB 934790 hotfix if WSS 3.0 was installed after WSUS 3.0, one is required to call Product Support Services.

This post is further to step 13 (reordered), install WSS 3.0 in side-by-side mode, in the previous blog post: SBS 2K3 R2 - Setup steps and resources.

UPDATE: Missed an important link!

Installing Windows SharePoint Services 3.0 on a Server Running Windows Small Business Server 2003 (Link to download SBSWSSv3.doc).

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 5 September 2007

Workbench Update Bandwidth Saver - ISA 2000

A while back, Susan Bradley mentioned a service called AutoPatcher: AUTOPATCHER TOLD TO CLOSE UP.

To be honest, we did not realize that there was even a need for this type of service! Who was to know that in certain parts of the world, bandwidth is paid for on a per bit basis!

With that realization, we can see why AutoPatcher would be totally relevant.

In our case, we have a workbench server setup that mitigates our bandwidth costs by caching updates locally. It is also isolated from our internal network.

The workbench servers used to run on two VIA EPIA miniITX boards crammed into an old Compaq case with a couple of tiny power supplies and a couple of laptop hard drives to provide local storage.

Both machines ran Windows Server 2000. One was DC and one was a domain member with ISA 2000 installed on top. Why ISA 2000? Because, in our experience ISA 2004 (we haven't even bothered with ISA 2006) could not come close to caching the content we wanted cached: Microsoft/Windows Updates via the Microsoft Update site.

So, what exactly does this mean for us and our bandwidth costs? Well, for example, we just finished rebuilding three Toshiba Tecra laptops. They were all XP Professional Service Pack 1 versions. We then needed to install Office 2003 Professional on top of that!

Whenever we deal with a machine that is using older media, we have an unpacked XP Service Pack 2 folder resident on the workbench DC. We then have a shortcut in the root of the share:

\\WorkbenchDC01\Company\Microsoft\XP\SP2Unpacked\i386\update\update.exe /passive /forcerestart /n /f

Once the shortcut is double clicked on the machine that is pre-SP2, the SP runs on its own with the reboot happening automatically at the end.

From there, we go to Microsoft's Update Site and upgrade the system to Microsoft Update right away. A reboot later and we are on to all of the critical and optional updates to download and install.

Any guesses on the volume of data needed to update each of these laptops' Windows install only as of this blog post?

At last count, it was in the neighbourhood of 210MB on the first run of critical and optional updates! Never mind Office 2003 Service Pack 2's additional 102MB. That would be a combined total of close to 1GB for the three machines first run! There were more to come after that.

When we work with situations like this often enough, we hit close to 95% of all updates cached locally in ISA 2000. The subsequent updates, as well as the Office Service Pack are also cached locally. When we have multiple units to run updates on without any updates being run lately, we always let one run through first to catch any new updates into the cache. From there, the rest of the units will pull from cache.

Do them at the same time, and they all will pull from the Web and thus cost us extra bandwidth and time.

In the above situation, all three laptops were running their post download update install routine within a short period of time.

Recently, the workbench VIA EPIA W2K DC had its hard drive blow up. So, we moved everything into a virtual setup on one box.

Here is what we did for hardware:

  • Intel D945GTP Main Board
  • Intel Pentium D 950 3.4 GHz
  • 3GB Kingston DDR2
  • 320GB Seagate RAID 1 (Software)
  • 10/100 Built In NIC
  • Gigabit D-Link DGE-530T
  • Gigabit D-Link DGE-530T
  • Antec Minuet 300
And the software to do it:

  • Windows Server 2003 (Host)
  • Windows Server 2000 Standard x 2 (Guests)
  • ISA 2000 (member server)
Memory for the virtual machines is set to 512MB each. The DC has a dynamic VHD of 72GB and is currently using all of 3.4GB. The member server has 2 VHDs attached: One is a dynamic 72GB for the OS and ISA install and is using 3.0GB while the second is a dynamic 120GB that is using 1.5GB.

ISA 2000 has the following cache settings:

The "Less frequently..." lets the objects sit in the cache longer. Thus, we have those updates staying put instead of being pulled from the Microsoft download site.

There is 75GB available to ISA to cache updates. So far, it is holding about 1.5GB.

The 3 NICS are physically setup in such a way as to isolate the workbench setup as follows:
  • Gb NIC 1: Internal IP for Virtual Server and VM management - No VMs attached.
  • Gb NIC 2: Static IP 192.168.x.x is bogus but plugged into the Workbench Gigabit Switch (File & Printer Sharing off).
  • Mb NIC 3: Static IP 192.168.x.x is bogus as it is plugged into the Internet (File & Printer Sharing off).
The workbench VM DC and ISA box both share NIC 2 for "internal" connectivity to the Gigabit switch that we connect any machines we need to run updates on or keep isolated due to some sort of infection. The ISA 2K VM also has a second virtual NIC that is tied to NIC 3 and pulling an IP from our ISP.

We have had great success with this arrangement as well as the previous VIA based one. Due to that success, other than our endeavouring to get ISA 2004 to do the same thing and failing a few years ago, we are leaving things status quo.

Some of you may have a similar arrangement, or know whether ISA 2004 or 2006 in their current iterations would actually accomplish what we are doing with ISA 2000. Is it possible? If so, please feel free to let us know.

And to our friends in Australia, we do hope that you will be able to utilize this kind of setup to facilitate a huge reduction in your bandwidth overhead. It works for us.

UPDATE: 2007-09-22: A sample update run on multiple HP systems:
  • HP Pavilion a605x with XP Pro 32bit SP2 OLP fresh install
  • Update to MS Update = Reboot
  • Update run 1: 202MB includes Critical+Optional+3 hardware
    • Total download time for 202MB: 8 minutes (keep in mind the age of these machines)
    • Install of 202MB including IE7: 31 minutes
  • Update run 2: 43.2MB includes Critical+Optional+1 hardware
    • Total download time for 43.2MB: 3 minutes
    • Install time: ~10 minutes (keep in mind the large .NET updates)
  • Update run 3: 8.8MB (.NET 1.1 SP1)
    • Total download time: less than a couple of seconds
    • Install time: ~2 minutes
Total time spent on updating all of these machines: ~54 minutes plus a little time for setting them up and taking them off of the bench. Our client's site has the rest of the installs setup to deliver the balance of the needed software via Group Policy Software Install. So, we will let WSUS take care of the balance of updates post domain install.

For Windows Vista Business and Ultimate systems that we have received from our System Builder, they seem to be always up to date. Every time we run Windows Update, upgrade the Windows Update Service to Microsoft Update, there are usually no updates to apply.

We will make a point of visiting them to see just how they do all of that since our OPK/OEM Preinstall requirements and experiences are virtually nil.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.