Friday, 27 February 2009

A Vista Gadget Funny

It’s Friday, time to go home and one last task to accomplish was the update of this workstation’s ATI Catalyst drivers to the newest version since it started choking on them yesterday.

So, after the update reboot, we must have hit hyper-space, because we ain’t in Kansas anymore Toto:

09-02-25 Vista Weather Gadget

A blue sun!

BTW, that –5 Celsius is nice to see since it was –25 Celsius yesterday!

Welcome to the Andromeda Galaxy!

Time to go home. Will fix another day. :)

Have a great weekend!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Hyper-V Monitor Gadget for Windows Sidebar Updated

This is a neat little tool:

09-02-27 Vista Hyper-V Monitor Gadget Hyper-V Monitor Gadget for Windows Sidebar

We can start, stop, reset VMs on Hyper-V, or even double click on one to bring up a VM console session.

It is a really kewl tool!!

Some of its features from Tore’s blog:

  • Hyper-V Monitor title
    Double click on the title to launch the Hyper-V Manager*.
  • Host title
    Double click on the host title to launch a new Remote Desktop connection to the host.
  • Host title RAM amount
    Displays the RAM amount the host has left.
  • VM title
    Double click to launch VMConnect* to the VM.
  • VM Status
    Displaying the status of the VM in both color and text.
  • VM Control
    Hover over the status to get a set of buttons for the current VM. (Start, Turn Off, Shut Down and Save)
  • Large Size (Undocked)
    You can make the gadget bigger by using the Large Size (Windows 7) or Undock it from the sidebar (Vista).

It can be had from here: MINDRE.NET Tore Lervik: Hyper-V Monitor Gadget for Windows Sidebar.

Our original post: Hyper-V Gadget for Windows Vista Sidebar.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Should I disable IPv6 on SBS 2008?

The long and short of it: No!

While IPv6 may seem superfluous to us as far as, “SBS can’t possibly be using IPv6 since we don’t have it “enabled” on our network”, it does in fact play an important role on SBS 2008.

If IPv6 does get disabled in the SBS 2008 NIC’s properties, there are a number of problems that may happen: SBS Blog: Issues After Disabling IPv6 on Your NIC on SBS 2008. Most of those problems centre around Exchange 2007 SP1.

Note that the SBS Blog does include a proper methodology for disabling IPv6 if there is an absolute need for it. But, only if there is an absolute need for it!

Please remember to test any changes that are significant in nature on a virtualized lab version of the production SBS box before going about with those changes. Also, make sure the backups are good too!

Further reading:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Configure the Business Contact Manager Database on SQL Server 2005

For those looking to improve their Business Contact Manager’s performance, the BCM database can be installed and configured on SQL Server.

The catch initially was that Outlook and BCM needed to be installed on the machine too. This is not really a good practice for a server.

The BCM team has given us a tool to accomplish the task without the need to install Outlook and BCM on the server: Outlook 2007 with Business Contact Manager: Database Admin Tool.

Note that the database server needs to be SQL 2005 SP2 32bit or SQL Express 2005 SP2 32bit and needs to have .NET 2.x installed.

Some further reading from the source:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

SBS 2008 – Companyweb and SharePoint Internet Collaboration a Big Plus

On SBS 2003, giving external users access to other SharePoint sites within the SBS SharePoint v2 framework was difficult to do. Especially if the external users were not to have access to the root Companyweb SharePoint site.

In SBS 2008, this is no longer the case. When we go to create a new site collection dedicated to a collaborative task, we can set the permissions on that site respective of any other SharePoint site on the SBS 2008 box.

For example, we have a new project collaboration need for our upcoming SBS 2008 Advanced Blueprint book. So, we would create a new site collection on one of our SBS 2008 server and give it the following URL:

09-02-25 SBS 2008 - SharePoint V3 External Collaboration

Create Site Collection: SBS 2008 Advanced Blueprint

Now, we need at least 4 user CALs for this particular project dedicated to this task as we are going to give the collaborators a username and password that have been set up for this collaborative task.

Those usernames would be set up with permissions on the new site collection along with any of our internal SBS users, such as mine, and we are good to go. None of the default SBS 2008 SharePoint user groups will be given access to the new site collection. The external users would not be in the default SBS 2008 SharePoint groups either, so no access to the root Companyweb.

Anyone with no need to access the collaborative site will not have access to it. The same is true with the search and any search results for a particular user that does not have permissions to a particular site collection.

Creating a collaborative environment within SharePoint on SBS 2003 was probably one of the more troubling requests we could receive for a single server client site scenario for those that wanted to keep things in-house.

UPDATE: As per Nathan’s comment, the :987/ was missed in the original Internet facing URL. Fixed. Thanks!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Thursday, 26 February 2009

More Heartland Payment Systems Breach News and CEO Webcast today

The news keeps flowing from everywhere but Heartland! Their 2008Breach.com site has not been updated since January.

From the SEC article at PC World:

However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland's stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.

During the conference call, Carr said that his trades were part of a 10b5-1 plan initiated in August -- months before Heartland knew of any problems -- to pay off his personal debt, and that he stopped selling shares as soon as the company discovered malicious software on its systems on the night of Jan. 12. "I had no discretion regarding the terms or timing of the sales," he said.

Carr sold just over 900,000 of his 5.8 million shares before pulling the plug on the 10b5-1 plan in January, Heartland said.

Wow …

And, to top it off, the company made the breach public on January 20, 2009. That was the day of President Obama’s inauguration. So, guess where the press’ attentions were?

While it is understandable that a business needs to keep their shareholder’s interests in mind when it comes to any kind of negative publicity, there needs to be a realization that the impact to the client/customer is more important than anything else. Period.

Ultimately, the client/customer walking away from that company will also have an impact on the company due to the breach of trust. And from there, that breach of trust has led to class action lawsuits being initiated with more to come.

In this case, the breach and the way the company and its management have been handling information about it has been, in our opinion, less than forthcoming.

Taking full responsibility for the devastating impact the breach has had on, we venture to estimate, millions of folks, including us, around the world would be a good step in the right direction.

Interestingly enough, Mr. Carr, Heartland’s CEO cited above, will be giving a presentation at the Goldman Sachs Technology Internet Conference today at 18:20hrs (6:20PM) Eastern (MSN Money Article): 

A Webcast of the Heartland fourth quarter 2008 conference call can be found here along with the original link for the above Internet Web Cast:

We as a company hold our business highly accountable for everything that happens for and to our clients. If we mess up big time, to the point where the only option is losing our business, then so be it. We will take full responsibility for our error and do everything we can to make reparations for that error.

Our clients should not have to rely on lawyers and the courts for restitution if something drastic ever happened. It is a point of principle.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Outlook 2007 Cumulative Updates via KB 968009 Released - “Performance Patch”

A new cumulative update for Outlook 2007 has been released. This release will also be a part of the upcoming Office 2007 Service Pack 2.

The base article is here: MS KB 968009: Outlook 2007 improvements in the February 2009 cumulative update.

There are two Hotfix downloads indicated in the above KB article:

  • MS KB: 961752 (http://support.microsoft.com/kb/961752/ ) Description of the Outlook 2007 hotfix package (Outlook.msp): February 24, 2009.
  • KS KB: 967688 (http://support.microsoft.com/kb/967688/ ) Description of the Outlook 2007 hotfix package (Outlook-en-us.msp): February 24, 2009.

The first one has a large number of fixes included in it while the second one is specific to using keyboard shortcuts to cut and paste in a custom form.

We have applied the first hotfix since it is applicable here. The performance improvements seen in Outlook 2007 are tangible. Clicking through various high content volume folders is noticeably quicker as is the search feature for both contacts and for content within the folders themselves.

The first hotfix will require a reboot of the system even though we had Outlook and any TSRs shut down during the update.

Once the system came up after the reboot and Outlook was started, this is what we were greeted with:

09-02-26 Outlook 2007 post 961752

Outlook 2007: Preparing Outlook for first use.

The above process did indeed take enough time to refill the tea cup and get a couple of needed phone calls in!

Make sure to have a backup of your PST/OST/Mailbox prior to running any Outlook updates!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Wednesday, 25 February 2009

SBS 2008 – Get An E-mail On Failed Logon

One of the new features we inherit via Windows Server 2008 is the newly revamped Event Logs. We now have the ability to monitor pretty much anything happening on the server.

For those of us that manage SBS 2003 networks, we only knew when something was happening with a user account when we would receive an e-mail indicating that a user account had been locked out. No indication was given as to which account and when! We needed to filter through the Security log or the user would be calling for a reset of their account.

Now, we can actually have an e-mail happen from the SBS server that tells us that a failed logon attempt has happened, each time an attempt has made and in “real time” (depending on Outlook’s Send/Receive settings).

09-02-25 SBS 2008 - Failed Logon Attempt E-Mail

SBS 2008 E-Mail – Failed Logon Attempt

If there are hundreds of these e-mails filling the Server Monitoring folder for that client’s server, then obviously there is a priority problem that needs to be addressed right away!

The e-mail may be not too clear on the who or what, but we don’t have far to go to find those particulars out.

Log onto the SBS server and have a look at our Custom View in the Event logs and here is what we find:

09-02-25 SBS 2008 - Failed Logon Attempt - RWW

Event 4625: An account failed to log on - RWW.

And:

09-02-25 SBS 2008 - Failed Logon Attempt - Server

Event 4625: An account failed to log on – Server.

We get a lot more information on where the attempt was made from and to what service.

One of the benefits that comes with being made aware of failed logon attempts is getting to know when our client’s password refreshes are happening along with which users tend to miss their logons after that refresh.

The XML code for the above Custom View can be found on CodePlex: SBS Code Plex: Custom Filter for Failed Logon @ Server.

On the SBS 2008 server, install the above code into the Event Viewer from within the SBS Native Tools Management console:

  1. Right click on the Event Viewer and click on Create Custom View.
  2. Click on the XML tab.
  3. Click the Edit query manually radio button.
  4. Answer Yes to the warning.
  5. Copy the XML code out of the downloaded file.
  6. CTRL+V to paste it into the XML editor for the Create Custom View window.
  7. Click OK.
  8. Name the filter: SBS Failed Logons.
  9. You can choose a folder or create one to store your Custom Views.
  10. Click OK.
  11. Right click on the new filter and "Attach Task To This Custom View..." to have the event generate an e-mail.

Note that the XML code has been customized for the Event Viewer to pick up on both failed logon attempts via a server service and at the server console if the console was either free or locked. Thus, the code will not work for firing an event in the SBS Console under Other Alerts.

To get Event 4625 events to register in the SBS Console under Other Alerts, get the code SBS Code Plex: Alert for Logon Failure, and install it.

Just in case:

  1. Copy the LogonFailureAlert.XML file into the %programfiles%\Windows Small Business Server\Data\Monitoring\ExternalAlerts folder.
  2. Restart the Windows SBS Manager service in the SBS Native Tools Management console.
  3. Attempt a logon with bad credentials.
  4. SBS Manager cycles every 30 minutes, so the alert will show up at some point over the next 30 minutes. A force Refresh may make it show up.

We now have two ways to find out what is happening with logon attempts on the server. A quick visual glance via the SBS Console as well as via e-mail and the server’s Event logs.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Tuesday, 24 February 2009

SBS 2008 System Partition Out of Free Space and WSUS Db Size

Our longest running SBS 2008 box has been up since we got our hands on the RTM bits last fall.

We left everything on the system partition to see what happens when the server starts to get choked for space. The system partition is has a capacity of 75GB that works out to being around 73.5GB of formatted space.

In SBS 2003, we would receive e-mail warnings about any partition that was running short on space.

On SBS 2008, the only time we would see that there was a storage problem was in the weekly Detailed Summary Report:

image

SBS 2008 Other Alert – Percent Free Disk Space

If the above gets missed, surely this one, also in the Detailed Report, would not:

09-02-24 SBS Storage - Exchange Error due to disk space

MSExchangeTransport 15006 Error:

… rejecting message submissions because the available disk space has dropped below the configured threshold.

The error logged may get missed too, but users would be on the phone to the help desk, or to the I.T. support folks to let them know that there was a problem with their e-mail not getting out once things really stall in Exchange!

The biggest culprit for disk space usage on the volume that was running short was:

09-02-24 SBS Storage - Move WSUS Data - 36GB

WSUS Data: 36GB

This particular SBS 2008 network has the SBS 2008 box, Windows Vista Business and Ultimate, Windows XP Pro SP3, and Office 2007 (delivered via GP) on it.

Users are running accounting applications and some other Line of Business Applications besides the regular Microsoft applications and Companyweb centralized data shares.

So, there is nothing really out of the ordinary here.

When searching through the logs, there are three places to find flags for the space problem in the event logs:

09-02-24 SBS Storage - FRS Log - NtFrs 13570

File Replication Service:

FRS has detected that the volume hosting the path C: is low on disk space.

Note the date and time of the above error: February 13, 2009 at 11:03AM.

09-02-24 SBS Storage - System Log - SRV 2013

SRV:

The C: disk is at or near capacity. You may need to delete some files.

Note the date and time for this one: February 14, 2009 at 11:41AM.

And, the Exchange error:

09-02-24 SBS Storage - Exchange Error 15006

MSExchangeTransport:

The Microsoft Exchange Transport service is rejecting message submissions because the available disk space has dropped below the configured threshold.

Note the date and time for this one: February 10, 2009 at 7:58PM.

For servers that are being put into production, the simplest thing to do is to create a couple of custom filters for Event ID 15006 via the App Log and Event ID 13570 via the FRS Log and attach an e-mail Task to them. As soon as one of the Event IDs appear in the Event Logs, an e-mail will be fired off to the indicated e-mail address.

In this case, the SBS e-mailed reports kept coming in until February 19. 2009 which is five days after the above Exchange Transport event. So, for volumes running short on space where the Exchange databases are located, a lot will depend on the amount of e-mail volume being handled by Exchange before things completely stall out. The higher the e-mail volume growth, the quicker the stall.

The fix in this case was to use the Move Data wizard in the SBS Console to move the WSUS data off of the system partition onto the data partition we have specifically for working data. Once that was accomplished, our C: partition had lots of space on it!

Disclaimer: No Users were hurt in the making of this experiment! ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Monday, 23 February 2009

SBS 2008 SharePoint 987 and ISA 2006 Non-Standard SSL Ports

If there comes a time to work with a Web site that uses a nonstandard SSL port for its setup, then ISA will not allow the Web browser on through to the site.

For those of us running ISA 2006 SP1 to protect our now migrated domains to SBS 2008, or to manage our client’s SBS 2008 domains where the Companyweb SharePoint site now uses port 987 for its SSL connections from within our ISA protected network, there will be a need to allow that port through ISA 2006 SP1.

The same need applies for those that need to connect to remote SBS 2008 Companyweb sites via SBS 2003 SP1 and R2 Premium networks protected by ISA 2004 SP3.

To correct this, a utility is needed to modify the allowed SSL ports list in ISA. We use the ISA Tunnel Port Editor (ISAtrpe) utility that can be had from the ISATools.org site: ISATools.org ISA 2004 downloads. The download is about 2/3 of the way down the list.

09-02-23 SBS 2008 and ISA 2006 - SSL Port configuration

ISA Tunnel Port Editor

In the above screenshot, we are looking at a vanilla ISA 2006 SP1 install on Windows Server 2003 R2 Standard.

So, we would do the following to get things happening:

  1. LowPort: 987
  2. HighPort: 987
  3. TunnelPortName: SBSSharePoint
  4. Click the Add Tunnel Range button.
  5. Wait a minute or two.
  6. An “Added SBSSharePoint successful!” message will appear when done. Click the OK button.
  7. The newly added port should be listed in the ports list as shown below.

Note that if the port addition is done via an RDP session, the RDP session may be broken. It should be reestablished close to the end of the procedure.

09-02-23 SBS 2008 and ISA 2006 - SSL Port configuration with SharePoint

ISA Tunnel Port Editor with Port 987 Added

Once the procedure has completed, close the Tunnel Editor.

Direct access, or access via the Remote Web Workplace, to any remote Companyweb SharePoint site will work after this.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Friday, 20 February 2009

Hyper-V Performance Measurement

Some good reading on Hyper-V and performance:

In the beginning, it can be tough to figure out how a particular hardware configuration will behave once Hyper-V has been loaded up on a Server Core or a Windows Server 2008 full install.

If running Hyper-V on a full install of Windows Server 2008, keep in mind that there will be a significant number of patches needed for the various GUI and browser related components on Win2K8 full that Server Core will not need. This means more reboots for a full Win2K8 Hyper-V setup.

The full install will also use more resources for itself. Thus, leaving less resources over for the virtual machines.

One thing is for sure: RAID 1+0 for your VM VHD files is a good place to start. The more spindles for that RAID 1+0 array, the better the performance.

In larger settings, there are hardware and network/hardware solutions that would facilitate storage for the Hyper-V server that may no be on the box itself. But, that is beyond the scope of our SMB focus.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

Hyper-V – General Access Denied Error for ISOs via Network Share

Once the Hyper-V server on Server Core, or Full, has been set up, there is one more series of steps that need to happen before the Hyper-V server will be allowed to mount a network share located ISO file for VMs to use.

Before those steps are done, Hyper-V will throw a “General access denied error” whenever an attempt is made to mount a network located ISO in a VM.

We alluded to this procedure before: Hyper-V - Access to network shares for ISOs (previous blog post). Though at that point, we still had not found the exact methodology for getting the network ISOs accessible. Our methodology for Virtual Server 2005 R2 did not work.

In the end, there was a source for the solution: Jose Barreto’s Blog: Using Constrained Delegation to remotely manage a server running Hyper-V that uses CIFS/SMB file shares. Note that his blog came a couple of months after our initial post above.

Configuring the Constrained Delegation is actually quite simple:

  1. On the server with the shared ISO folder:
    1. Set both the NTFS and the Share permissions to FULL for the Hyper-V computer account.
  2. On a domain DC:
    1. Open Active Directory Users and Computers (SBS Console –> Advanced on 2003, SBS Native Tools Management on 2008)
    2. Find the Hyper-V server and double click on it.
    3. Click the Delegation tab.
    4. Click Trust this computer for delegation to the specified services only radio button.
    5. Click the Use any authentication protocol radio button.
    6. Click the Add button.
    7. Click the Users or Computers… button.
    8. Type the server’s name and click the Check Names button. An underline will appear under the server’s name if the correct object was found in Active Directory.
    9. Click on the cifs Service Type and click the OK button.
    10. Click the Apply and OK buttons.

Once the above two procedures have been accomplished, reboot the Hyper-V box if it still gives the General Access Denied error. Once rebooted, the ISO should mount in the VM via the Hyper-V Manager with no problems.

A screenshot of what the Constrained Delegation setting looks like:09-02-20 Hyper-V Constrained Delegation Settings in ADUC

Hyper-V Server properties with Constrained Delegation Enabled

    Note that the above screenshot is the properties for the Hyper-V role enabled server! No changes need to be made to the file server’s AD properties. Only the permissions on the folder share and NTFS permissions need to be modified on that box.

    Again, thanks to Jose Barreto’s Blog: Using Constrained Delegation to remotely manage a server running Hyper-V that uses CIFS/SMB file shares for the right answer to our problem.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Thursday, 19 February 2009

    Why do I need Small Business Server 2008 for my business?

    Because it is an awesome product!

    SBS 2008 takes the great feature set we have in SBS 2003 and augments and improves on them to provide a small business owner a great server solution!

    Some small business specific reasons:

    • A single Web site to access my e-mail, my internal Companyweb site, and my office computer with the Remote Web Workplace remote access portal.
    • My Windows Mobile Phone was easy to set up with SBS to synchronize my calendar, contacts, tasks, and e-mail.
    • I can get access to my office e-mail quickly with the Web based Outlook Web Access.
    • Access to my office computer from any place that I can open an Internet Explorer browser.
    • Excellent server spam and virus protection out of the box saves me time and money.
    • Centralized backup and recovery assures me that my data is safe … and the backups are encrypted!
    • We can simply manage who gets access to what data on our office network.

    In a previous post that was an addition to some other lists on the topic, we talked about some of the key features in SBS 2008 that we think rock: SBS 2008 - Top 10 Wow and Top 10 Learning.

    One of my other passions is cars. I have had oil in the veins since a very young age working on high horsepower Mopar, Chevy, and Ford projects! :)

    Specifically, one of the finest North American produced performance sedans is the Ford Taurus SHO (pronounced show). I currently own a 1997 Taurus SHO. It is not because I own one that I say that is one of the best. It is because of what the product is and how that product has performed for me the user that I can say the SHO is one of the best with confidence.

    Recently, Ford unveiled the new 2010 Taurus SHO boasting a 360bhp twin turbo charged V6 and significant performance and handling enhancements at the Chicago Auto SHO.

    A video of the unveiling is on You Tube: 2010 Taurus SHO introduction.

    Two very important elements are in that video:

    1. Mr. Jim Farley gave full recognition to the source of the drive behind releasing the new SHO: The SHO Enthusiast Community (1:38 minutes into the video).
    2. Various enthusiasts were interviewed as part of the introduction! (5:32+ minutes)

    Ford has made a point of letting the enthusiast community know that they were significant in the new SHO’s creation. In fact, they were invited to be a part of focus groups as well as have front row seats for the unveiling.

    Now, let’s have a look at Microsoft and the new Small Business Server 2008:

    And:

    Add a “Do” in front of the “I” for the searches and Microsoft’s Australian SBS page is about 15 links down on Live. The Australian link is number 2 on Google.ca. Note that Google.ca is the Locale specific engine for our searches.

    Kudos to Microsoft Australia for being up there in the results! :) Australia also has one of the best high performance automobile markets in the world too!

    So, okay … there is virtually nothing in the above searches on the why Small Business Server 2008 is good for a small business owner.

    Top that off with hardly any marketing of SBS 2008 in the traditional media forms that we have seen here.

    The SBS question has been asked before: Where is our oomph?

    Augment that by asking, “Where is the drive to make SBS 2008 the most popular and talked about small business server product ever?”

    Marketing a product can be a difficult thing. Ford, IMNSHO, is getting it right with the new SHO and GM was definitely getting it right with the new high performance Cadillac models as well as others ... at least they were until they cancelled the high performance program (Google News Search) until further notice.

    The missed opportunity here, when it comes to marketing Small Business Server 2008, is the ability to tap into the SBS Enthusiast community. That community includes I.T. folks like us and small business owners who use the product and know how it can improve small business operations significantly.

    Small business owners need to see and hear other small business owners express their views passionately on how SBS 2008 has made a truly remarkable difference in their business operations. They need to see the features in action to get the creative “what if” business juices flowing in their brains.

    Tie that passion into the SBS brand and we will have a real winner here … just like the SHO!

    Further reading:

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Wednesday, 18 February 2009

    Some Initial Thoughts on Windows 7

    We have the 7000 release of Windows 7 Ultimate x64 set up as a Hyper-V guest.

    Out of the box, Windows 7 has the Hyper-V Integration Services installed so there is a time savings and a manageability improvement right there. We no longer need to install the Integration Services after the fact.

    Not only that, managing and connecting to Hyper-V based VMs while connected to a Hyper-V Management capable Windows Vista desktop via RDP could be a real struggle without Integration Services being installed. Just try to connect to a Linux based VM while in a Remote Desktop Session and see what happens to mouse control in that VM as an extreme example.

    The OS definitely installs quicker as a Hyper-V guest than Windows Vista Enterprise does. It is also quicker to boot and reboot.

    The one hang-up we did run into was connecting the Windows 7 VM to our SBS 2003 domain.

    For Windows Vista or Windows Server 2008 RTM we use the following command via an elevated command line:

    • netdom join MI-* /Domain:MySBSDomain.local /OU:OU=SBSServers,OU=Computers,OU=MyBusiness,DC=MySBSDomain,DC=local /userd:Administrator/passwordd:*

    Note that in the above command line is line wrapped and the OU the system would be deposited in is the standard SBS 2003 OU for servers. We have an OU specifically for Windows Vista and now Windows 7 clients with applicable GPOs specific to those operating systems.

    It turns out that the NedDom.exe command is deprecated in the Windows 7 OS. After some searching around, and subsequently asking my fellow SBS MVPs for some direction, the PowerShell Add-Computer cmdlet was the solution.

    What we discovered after a lot of struggles trying to get the Add-Computer command to work was that it was broken in the 7000 build of Windows 7!

    We now need to wait for the newest version of Windows 7 as the problem will be fixed in it. When the new release of Windows 7 in whatever form that takes is not really clear yet. Once it does, we will post the correct syntax for the PowerShell command.

    For now, we need to settle on using the age old method of manually joining the domain and subsequently moving the computer object into the correct OU via ADUC.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Monday, 16 February 2009

    Heartland Payment Systems Breach Update

    A little while back, we posted about a breach of significant proportions at a credit card payment processor by the name of Heartland Payment Systems (previous blog post).

    Here are some updates to the ongoing saga at Heartland:

    We now have two known major breaches in recent memory with the TJ Maxx breach and now the Heartland Payment Systems breach.

    The cost to us consumers as well as institutions that provide and service credit cards in this case has been and will be huge.

    The catch is, how many more breaches of this magnitude need to happen before we consumers can be confident that the system is working at being reasonably protected?

    Certainly the TJ Maxx and Heartland breaches do not inspire confidence in the way our data is being handled by companies that do so at this point.

    As a result, it is ultimately our responsibility to keep an eye on our credit profiles, our credit card and debit card statements, and our online purchasing identities such as our PayPal or eBay accounts.

    We are our only first line of defense.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    SBS 2008 Blueprint is here!

    We just received our copy:

    09-02-16-Holding-the-New-Book

    Microsoft Small Business Server 2008 Blueprint

    Note the lack of product placement training! ;)

    The book is shipping, and it should reach you pretty much anywhere in the world! You can order your copy, if you have not already done so, here: SMB Nation Press: Microsoft Small Business Server 2008 Blueprint.

    Thanks to all who were a part of making this book happen!

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Friday, 13 February 2009

    MVP Insider – MVP Profile for Philip Elder

    A little while back I was asked to provide some answers to a number of different questions for the MVP Insider.

    There are questions about things like what I would ask Mr. Ballmer, what kind of software and hardware tools are in my tool bag, favourite software, and my hero.

    In the case of the question about who is my hero, I could not choose just one person as there are many people both inside and outside of our industry that I look up to.

    The two key heroes that I chose are:

    • In Business: Clive Bedoe (Live Search) is the former President and CEO of West Jet which started out as a small regional airline based out of Calgary, Canada. He, and is team, took West Jet from a regional player into what is now a national and international airline. In the mean time, West Jet continued to turn a profit during the early part of this decade when other airlines were not.
    • In life: My wife Monique Elder. For those of you that run your own I.T. shop business, you know the time involved in building a business. She does an incredible job managing our home life with three kids, as well as keeping my life balance just that: balanced. She is truly amazing and very supportive!

    The rest of the answered questions can be found on the IT Pro Connection blog: MVP Profile – Philip Elder.

    Thanks to all of you for your support and encouragement as well as for subscribing and continuing to read the blog! :)

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Thursday, 12 February 2009

    ExchangeDefender is a huge time and money saver for our clients and us!

    We moved our domains over to the ExchangeDefender E-mail Hygiene and Reputation Services Provider not quite three weeks ago now.

    One of the first things that got noticed was the drastic reduction of junk showing up in our Junk Mail folders. By drastic reduction, we mean maybe 1 piece of spam for every couple of days!

    Another change is the elimination of illicit SMTP connections to our SBS (previous blog post) based Exchange server as ISA now only allows SMTP connections from the ExchangeDefender servers.

    The ExchangeDefender reports are amazing. They show how much e-mail is spam, and how much is not. They give our clients and us a pretty good idea of how much time we are saving by not having to deal with spam!

    Ultimately, we no longer need to deal with all of that spam which is a huge time waster when we look at the amount of time spent sifting through the garbage everyday!

    The other aspect to having our outbound e-mail passing through the ExchangeDefender servers is no longer needing to monitor black lists for our IP address or IP subnet on all of the blacklists that are out there. That in turn means that we no longer need to jump through all of the hoops required to take our IP off of a blacklist.

    The big time waster when it comes to having our IP address blacklisted is the inability to send e-mail to any domain that subscribes to that blacklist. We would then end up waiting hours, days even, before our IP was considered “safe” by the recipient’s e-mail servers once we found the blacklist site and its Remove IP feature.

    The ExchangeDefender service is worth it for both our clients and us. That is why we signed up with OWN as a Service Provider!

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Windows Server 2008 R2 Beta Downloads are x64 Only – Windows 7 Maintains x86 and X64

    The new Windows Server 2008 R2 Beta can be downloaded from here: Windows Server 2008 R2 Beta. The downloads are .EXE files that will extract to an ISO.

    The above link will be active for a limited time.

    Our TechNet subscription has the downloads available to us too:

    09-02-12 TechNet - Win2K8 R2 Downloads

    TechNet Plus Subscription Downloads for Win2K8 R2 Beta

    Note that there are only x64 flavours available!

    Now that we are seeing the death of the x86 OS on the server side, it is only a matter of time before the desktop OSs follow suit. Windows 7 is obviously not there:

    09-02-12 TechNet - Windows 7 Beta Downloads

    Windows 7 Beta Downloads including x86

    Some reading of interest:

    BTW, the feedback on Windows 7 from various sources is really quite positive so far. Microsoft may indeed have a winner here!

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Wired or Wireless for that laptop SBS domain join?

    When joining a system to the SBS domain, it is a good idea to use a wired connection versus a wireless one.

    In our experience, when we have tried to join a laptop to an SBS domain using a wireless connection we have ended up with some sort of error or corruption of the SBS setup routine on the laptop.

    We usually ended up needing to remove the computer profile in the SBS consoles, recreate the new computer profile on SBS 2003, and clean out the mess in the local profiles on the laptop once off the SBS domain.

    Once we did that and we had the laptop physically connected to the network, we were able to successfully run the SBS Connect Wizard.

    It is a good idea to have an extra cable off of the main network switch in the server closet for this task or at least a small Gigabit switch and some patch cables on hand to share a network connection temporarily.

    We keep an 8 port Gigabit switch with all of the requisite patch cables and an APC PRO7T surge protector in the HHR’s boot for this purpose. Having this little kit available is also handy for those times where we need to set up a multiple number of new machines on our client’s SBS domain.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Wednesday, 11 February 2009

    Symantec Endpoint Protection MR4 Memory Footprint and CPU Usage

    A while back, we blogged about Symantec Endpoint Protection (SEP) and how much of a memory hog it was: SBS on dual Xeon E5345 Quad vs. 5130 Dual Core + Symantec EndPoint Memory Costs.

    We just finished our first site A/V migration off of Trend’s Worry Free Business Security back to Symantec’s Endpoint Protection in its MR4 version. In this case, as well as it will be at the other Trend sites we have, we paid for a 1 year gold maintenance SEP agreement for the client’s site, removed the Trend product, and installed SEP at no cost to our clients.

    Our Trend odyssey can be read here:

    Given our past experience with SEP RTM, the one main concern we had was with memory usage.

    We were fortunate that in this case, we had a second server with Windows Server 2008 Standard x64 installed running a number of different roles on the SBS 2003 domain. The box has 16GB of RAM installed, so memory should not be an issue.

    Here are a couple of screenshots of SEP up and running on the Win2K8 x64 box:

    09-02-11 Symantec - Program Footprints

    Symantec Endpoint Protection MR4 x64 Memory Footprint (SEP Client and SEP Management Server): ~200MB

    The above screenshot was taken after about 3 days of the server being in production. The memory footprint out of the box was not a whole lot less than that.

    Wow! What a huge step down in memory consumption versus the previous versions of the product.

    Symantec utilizes SQL Anywhere for their database structures:

    09-02-11 Symantec - Db SQL Anywhere footprint

    SEP MR4 SQL Anywhere Memory Footprint: ~82MB

    The combined total RAM usage of the product on the management server is less than 250MB! That is an awesome achievement. Especially since that number includes both the client and management components.

    The SEP client on the workstations has also taken a huge step down in its memory consumption:

    09-02-11 Symantec SEP MR4 on Windows Vista

    SEP MR4 Windows Vista Enterprise Client Memory Footprint: ~30MB

     09-02-11 Symantec SEP MR4 on Windows XP Pro

    SEP MR4 Windows XP Professional Client Memory Footprint: ~15MB

    It looks as though both the server and workstation versions were slimmed right down.

    Besides the memory footprint reduction, the CPU resources that the server A/V and client workstation A/V uses has been drastically reduced. In our workstation VMs, the client would run around 3-5% of the CPU cycles during intensive usage while on physical laptops and workstations that number would barely approach 1-3% during intensive usage.

    On the server side, Live Update is set up to run update checks hourly, and it does seem to be pulling a good number of updates down for each SEP component during those update sessions. So, it looks as though Symantec is also keen on having the product as up to date as possible.

    Now, whether our SEP clients remain virus free will be another thing to see yet.

    But, given the fact that none of our clients had a virus problem while on Symantec’s previous generation corporate products, we are counting on SEP to keep that virus free legacy alive.

    NOTE: We do not install third party firewall components on servers or workstations. We only install the A/V and malware components.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Tuesday, 10 February 2009

    SBS 2008 – RWW and IE VBScript RDC Errors

    We have a client that was having some issues connecting to their desktop via the Remote Web Workplace. Apparently the Connect button was missing (previous blog post).

    Once we had realized that Firefox was being used instead of IE, we still ran into a struggle trying to get their remote desktop connection established.

    First off, they were getting this error:

    09-02-10 SBS 2008 IE - RDP Version Error

    VBScript: Remote Desktop Connection

    The Microsoft Terminal Services Client ActiveX control (also known as the Microsoft RDP Client Control) is either not available, or is not enabled. Fore more information about installing and enabling this ActiveX control, see the Microsoft TechNet Web site (http://go.microsoft.com/fwlink/?LinkId=103719).

    Now, the above screenshot is showing Internet Explorer 6 since that was the browser that was also installed on their machine when we started the troubleshooting process.

    So, we had them run Microsoft Updates until every last update was installed. It took them a while.

    Once finished, we had XP indicating Internet Explorer running version 7 with all of the updates applied.

    We went back to RWW to try the connection again, but we still ended up with the same puzzling error.

    A check in the IE Add-ons manager showed the following:

    09-02-10 SBS 2008 IE - RDP OCX Version

    Microsoft RDP Client Control (redist) msrdp.ocx

    Now, take note that the above screenshot was taken on an XP SP2 vanilla install with IE 6. We did not see an Update ActiveX button on the client’s machine. BTW, click on that button in this case, and no update is available!

    In fact, when we downloaded the RDC 6.1 Client (KB 952155) from Microsoft’s site, it would not allow us to install it as we received a, “You already have the latest service pack installed so this update does not apply” error.

    Indeed, Windows XP Service Pack 3 was installed on this particular machine and the new RDC comes with SP3.

    Okay, so we try: Microsoft KB 951607: You cannot connect to a remote computer or start a remote application when you use Terminal Services Web Access or Remote Web Workspace on a Windows XP SP3-based or Windows Small Business Server 2003 SP1-based computer. Nothing applicable here either. Plus, we were trying to connect to the SBS 2008 RWW too.

    The key to fixing the problem was found here: Browse Remote Web Workplace from Windows XP SP3 machine on the Technology on the Move blog.

    We needed to run the following at the command line after making sure that all browser windows were closed:

    Regsvr32 Mstscax.dll [Enter]

    After a bit of a pause, a message popped up indicating that the DLL was correctly registered.

    Check in the IE Add-ons manager and sure enough the file name has changed:

    09-02-10 SBS 2008 IE - RDP DLL Version

    Microsoft Terminal Services Client Control (redist) mstscax.dll

    Once we reconnected to their SBS 2008 RWW, we were able to successfully connect to their desktop.

    We used CoPilot for our non-SBS based Remote Assistance needs. This particular client is in the U.S. on the West Coast, so we fired up a one-time session with CoPilot and worked through our troubleshooting process to the above successful conclusion.

    One of the main reasons we have stuck with CoPilot is this blog post that has been around for a while on the company’s blog: Customer service as a competitive advantage. They get it.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    SBS 2008 - Remote Web Workplace Connect button is missing?!?

    The first time one of our clients mentioned that they could not connect to their computer in the office via the Remote Web Workplace, we ran through some of the typical questions we would ask:

    But, when our client indicated that the button in their RWW for connecting to their workstation was outright missing, it took a few minutes to clue into what may have been going on.

    This is what they were seeing:

    09-02-10 SBS 2008 FF RWW ErrorRWW Button Missing

    This is what the RWW should look like:

    09-02-10 SBS 2008 RWW Proper with IE

    SBS 2008 RWW

    The question that needed to be asked as we were initiating our troubleshooting was, “What Internet browser are you currently using to access the Remote Web Workplace?”

    As soon as they answered, “Firefox.”

    We had our answer … or so we thought. We ended up needing to troubleshoot things further as the system was seemingly up to date, but not.

    More on that later.

    Once things were fixed though, we had a fully functioning Internet Explorer browser RWW based connection to our client’s desktop.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Monday, 9 February 2009

    SBS 2008 – Multiple Lacerte 200X Install Initialization Procedure on One Workstation – Including 2003

    We have posted about our experiences with installing previous versions of Lacerte on an SBS 2008 domain with 100% Windows Vista workstations:

    We now have Lacerte 2003 and up installed on all of the Windows Vista workstations with the databases stored on a network share. The procedure was the same as the 2004 version.

    What we did to install all versions on the same system:

    1. Install Lacerte 2006, 2005, 2004, 2003 in that order.
    2. Only reboot after the Lacerte 2003 install completes using the 2006 reboot dialogue (leave dialogue open).
    3. Answer NO to the reboot question in the 2005 version install and down.

    Once the workstation has rebooted after the 2003 install, each version of the program needs to be initialized.

    We found that if we ran through firing up each of the programs, one at a time, from 2006 on down, we ran into problems with the 2004 and 2003 versions hanging on a double click of their shortcuts.

    When we reversed the order, that is starting the initialization process with the 2003 version, then the 2004 version and so on, we were able to initialize each program in order without any problems with a program hang.

    Keep in mind that each program needs to be opened individually and not simultaneously during the initialization steps. Also, the 2004 and 2003 versions can take a lot longer to start up for the first time relative to the newer versions.

    So, keep a Workstation Install check list handy for each installed version as well as each version that has been initialized when installing to more than a couple of workstations.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Practice CS – The “CS” Acronym Meaning?

    We posted about synchronizing contacts between Practice CS, Outlook, and a Companyweb Contacts list: SBS 2008 – Practice Creative Suite Clients Sync with Companyweb Contacts List via Outlook.

    Now, an anonymous comment pointed out that the “CS” may mean nothing at all.

    And, somehow I defaulted to the Adobe interpretation of CS which is “Creative Suite” in the blog post title.

    Well, my interpretation of the Practice “CS” had to come from somewhere, and it turns out that other than the brain jumble of the “S” meaning, it does:

    09-02-09 Practice CSC:\Program Files\Creative Solutions\Practice CS

    The CS actually stands for “Creative Solutions” as is indicated in the folder structure.

    My bad for jumbling up the “S” to Suite instead of Solutions, and thanks to the anonymous comment on the above linked previous blog post for challenging me on the meaning of the acronym.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    Saturday, 7 February 2009

    SBS 2008 – Practice Creative Suite Clients Sync with Companyweb Contacts List via Outlook

    A while back we posted about migrating Practice Creative Suite (previous post) from an SBS 2003 Premium RTM domain to a new SBS 2008 Standard domain with 100% Windows Vista Business machines on it.

    One of the requirements the firm has with Practice CS is the ability to link and synchronize an Outlook Contacts folder with the client list in Practice CS. This gives them to the ability to keep their contacts up to date in both programs.

    On the old SBS 2003 domain, the contacts were set up in an Exchange Public folder.

    On the new SBS 2008 domain, the preference was to have the contacts also available via the Companyweb SharePoint site. This would enable users to have a third, and sometimes quicker, place to gain access to the client contact lists.

    So, we exported the entire public folder structure to a PST file, then used our test user account to import that PST into separate Contacts folders within Outlook.

    We then set up the needed Contacts lists in the Companyweb site, linked them to Outlook, and copied the contacts from the Outlook folder they were imported into to the SharePoint linked contacts.

    Once the Outlook-Companyweb synchronization process finished and we were sure that the original Outlook Contacts folder matched with the new Companyweb Contacts list, we moved into Practice CS.

    Practice CS can have a two way synchronization setup with an Outlook Contacts folder. We discovered that it did not matter where the folder resided, Exchange Public Folders, the Companyweb Contacts list, or Outlook itself as Practice CS could synchronize with any of them.

    We did discover one small Gotcha though. When we set up the synchronization relationship with the Companyweb Contacts list via the user’s Outlook, Practice CS wanted to import the entire contents of the Companyweb Contacts list even though most of the clients were in the Practice CS clients list already.

    We needed to empty the Companyweb Contacts list, then run the synchronization with Practice CS. Practice CS then copied its client list into the Companyweb Contacts list via Outlook.

    Practice CS required that we set up a “Filter” in the synchronization setup. We elected to set the filter based on Client ID with a base number of 0000 and a maximum number of 9999999. If we set the minimum and maximum based on the current Client IDs, any clients with numbers lower or higher than that in the filter would not be synchronized.

    The beauty of this new setup is the ability to gain access to the clients list via Practice CS, Outlook, Outlook Search, Windows Vista Search, Companyweb, the Companyweb Search feature, Windows Search 4.0, and the Companyweb via the Internet at https://remote.sbs2008.ca:987.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Windows Live Writer

    SBS 2008 – Lacerte 2004 Install

    We had some interesting times getting Lacerte 2006 installed and configured on an SBS 2008 network (Previous blog post).

    And, today we also installed Lacerte 2005 (Previous blog post) into an SBS 2008 and Windows Vista Business native environment.

    Have a look at both posts in order to get the run down for each version of the program.

    In the case of Lacerte 2004, once the network install was completed (again from a local folder to UNC path), we needed to copy the network installed 04Tax folder to the local machine and run the workstation specific install from there.

    We left the workstation install directory at the default C:\Lacerte\0XTax for all of our installs so far.

    Once the install routine had finished, the program fired up okay with a series of typical Lacerte startup questions.

    This one was pretty neat:

    09-02-07 Lacerte 04 Install - 18 - Monitor sizeWe have not seen a 15” monitor sitting on a desk for a long time. In this case, the question is probably referring to a CRT monitor size too. Perhaps the only exception to that rule would be the occasional 15” LCD sitting on a table in a server closet or in an older 1U KVM drawer.

    Again, keep in mind that Lacerte 2004 will need to be fired up at least once before copying over the existing Lacerte 2004 firm data on the first install to the network and local workstation.

    On each subsequent workstation Lacerte 2004 gets installed on the program will take some time to fire up, so please be patient.

    To date, we now have the following successful Lacerte network installs with full firm data access on an SBS 2008 and Windows Vista Business native network:

    Lacerte Installs on Windows Vista

    Lacerte 2008, 2007, 2006, 2005, and 2004 on SBS 2008 & Vista

    We have one more install to do for Lacerte 2003. Hopefully it will go as good as the previous versions did … at least relatively that is! ;)

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    SBS 2008 – Lacerte 2005 Install

    We had some interesting times getting Lacerte 2006 installed and configured on an SBS 2008 network (Previous blog post).

    We just finished running through various combinations of set up attempts to get Lacerte 2005 installed to a network location.

    Essentially, we discovered that the setup and data migration ran the same as it did in the previous post for Lacerte 2006 with one exception.

    It turned out that no matter how we tried to get the install to run from a network location, it would not. Lacerte 2005 would not recognize the mapped drive we were running the install from. It always assumed we were running from a UNC path \\server\Lacerte\setup.exe.

    Once we copied the install CD contents to a folder in a local folder, we were able to run the install to both the network mapped drive and to the local machine without a problem. Make sure not to use a folder that is redirected to the server such as the Documents or Desktop folders as setup will fail.

    Again, keep in mind that Lacerte 2005 will need to be fired up at least once before copying over the existing Lacerte 2005 firm data.

    UPDATE: Some of the workstations are complaining about installing from a UNC instead of a mapped network drive. If that happens, copy the 05Tax folder over to a local folder and run the setup from there.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Thursday, 5 February 2009

    Finding the weak spots … our office was broken into

    Apparently the lock on the front door was not a very good one. The folks that broke in used a pair of Vice-Grips to literally twist off the lock cylinder.

    We were fortunate that everything in the front office area, which is quite small area wise, was relatively safe from a dine and dash like this.

    They did, however, make off with the old iMac! But, they somehow forgot the keyboard and mouse as well as the second 19” wide LCD monitor that was sitting beside it. There is some justice in that! ;)

    The R.C.M.P. officer in charge of the investigation said that our alarm, which is really really loud, probably scared them off.

    Anyone see the irony (yesterday’s post) in this? ;)

    We were very fortunate as the situation could have been a lot worse.

    Our shop area is the largest part of our space here, and it is protected by heavy gauge doors along with pinned hinges and a pair of strategically placed deadbolts on each door. The server room is protected even further. So, they did not manage to get into the back or even see what was going on back there.

    A valuable lesson has been learned here for us. We need to make sure the lock smith that will be here this afternoon is going to install a very good lock that cannot be defeated by a pair of vice-grips.

    While no lock is perfect, just search out “bump keying”, having a lock that will prevent some of the easier methods for getting into our shop is a good start.

    We will also look into some security film for the glass on that door too. It does not hurt to have another layer of security.

    Philip Elder
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

    Wednesday, 4 February 2009

    St. Albert Chamber Breakfast Talk - “Internet Street Smarts” Summary

    I gave a talk this morning at the St. Albert Chamber of Commerce’s business breakfast on “Internet Street Smarts”. That is, being aware of some of the areas we need to watch out for ourselves when it comes to using the Internet.

    For credit cards:

    • Rotate the credit card numbers at least once every two years. If the Card issuer does not allow for us to initiate the number rotation, “lose” the credit card to have a new one issued.
    • If possible, use only one credit card for online transactions.
    • If possible, use a third party payment system such as PayPal to mitigate card number exposure.
    • If the card issuer will allow, have the limit on the card used for online transactions to be under $1,500.00.
    • Verify if the card issuer will callback on a “suspicious” transaction.
    • Sign up with a credit monitoring service with Equifax or Trans Union to keep a line on what is happening with the credit profile.

    Knowledge was minimal when it came to the Heartland Payment Systems breach (previous blog post). Being aware of where the credit cards are being used, along with how the transactions are processed, will help to mitigate the possibility of the card or cards being compromised.

    We then broke for breakfast.

    For the second half of the talk, I focused in on having information out there on the Internet and the impact that can have on us.

    Mention of the Pipl search services was made to make it clear that any information that we have put out on the Internet is available to virtually anyone else with a little bit of skill and knowledge.

    If possible, it is preferable to not publish:

    • University degrees, dates, and other relevant post secondary information.
    • High school graduated and the year.
    • Specific bits of information about our personal or business past that does not need to be out there.

    The following rhetorical question was asked:

    If I have a 44 magnum pointed at your chest, it is loaded and ready to fire and I ask for your purse or wallet, what are you going to do?

    100% of those attending said that they would hand over their purse or wallet.

    The point was made that unless they were running Windows Vista and had the ability to Cancel when UAC prompted them for a surreptitious software install such as AntiVirus 2009 (previous blog post), the only option for them is to log off or reboot the machine without touching the A/V 2009 window! Why? Because the window is wired to install the bad software no matter what button or area in the window is clicked on! That is the closest thing to having that gun pointed right at us.

    The last area I spoke on was the “Free”  software or service phenomena. As business owners we understand that no matter what we put out the door in the way of products or services, there is a cost associated with them.

    It is no different with those who offer “Free” products or services.

    So, to protect ourselves, we need to be very careful when we read through the Terms & Conditions as well as the Privacy Policy. We need to figure out where the hooks are and whether we are comfortable with them. If not, just say “No!”

    Find a reputable service provider and pay them. We can then be reasonable assured that our information is being held safe and sound.

    The onus is on us, both personally and in our business, to be aware of how our information is being used and act accordingly.

    Philip Elder SBS MVP
    MPECS Inc.
    Microsoft Small Business Specialists

    *All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.