Archive for August, 2004

Large businesses using Automatic Updates?? – Never heard of SUS?

Tuesday, August 24th, 2004

Omg. I am continuously perplexed at how corperate IT is run around the world. Here is another halarious example.

Microsoft started distributing their new Service Pack 2 via Automatic Updates last week, but had to stop short of updating Windows XP Proffesional PC’s, because as it turns out, there are rather a lot of businesses that seem to rely on Automatic Updates.

“When we designed Automatic Updates, we had consumers and small businesses in mind. We have been surprised by the number of enterprises who use Automatic Updates,” said Jon Murchinson, a program manager at Microsoft. (From Computerworld.com, read the rest of the article here)

Now while Windows XP Home edition pc’s have been recieving SP2, MS has chosen to wait a week for XP Pro, and give admins a change to block Automatic Updates (via a registry key), until they can prepare and test properly.  I mean.. they’ve only had SINCE DECEMBER last year to prepare and test properly!!

Anyway. The reason I am rolling around the floor laughing, is that there is no valid reason I can think of, that you would want to make your corperate client park dependant on Automatic updates! its just a bad idea, and any admin with a fragment of sense should know this. I mean.. admins who use this feature for their client park, must somehow have missed the whole discussion about Automatic Updates when XP first came out!

People already expressed their concern back then, that if one relied soley on this mechanism, one risked the change of a ‘faulty’ patch, screwing things up seriously. And god knows this has happed in the past with MS hotfixes, and SP2 is of course the ultimate example.

But because this is of course a totally clear and recognized issue, Microsot came out with a totally clear and recognized solution: Software Update Services!

Now Software Update Services, better known as SUS, is basicly nothing more than a proxy server for Automatic updates, but it gives you the ability to control the distribution of updates and hotfixes, by letting you authorize patches on the server, before they are distributed to your client park. This gives you ample time to test patches and updates, before you hit the relevant checkbox.

Now SUS has been around for about as long as Windows XP has, and Microsoft extensivly supports its use and implimentation, i mean, I cant turn two pages of a Microsoft whitepaper without beign reminded about it!

So how come all these stupid businesses are not using it then! For Pete’s sake! I mean, its a FREE download! It works on Windows Server 2000 and 2003, and uses next to no resources, except perhaps hard disk space if you choose to store patches locally.

The reasons that these companies possibly have for not using SUS, may perhaps be perfectly valid reasons, involving resource management, connectivity issues, that kind of thing, even though, if anything, SUS solves more problems that it could cause, if it can cause any problems at all! (??!)

I think the main reason admins have not started using it, boils down to two reasons: A. Lazyness, B. ignorrence.

Point A: Installing SUS doesnt take 5 minutes. Anyone with half an ounce of IIS knowledge can do it, and if you are going a bit further than your average SUS implementation, and doing a multi-forward-WAN setup or something, then you might have to spend some time thinking though how your gonna deploy it.

All you need thereafter is some cool Group Policy Settings, or , if you are in the stone age and still have an NT4 domein with XP clients, some hand-made registry settings for Poledit.

And that is about it!  About a days work for the average enterprise, and you have completely streamlined your patch-management process! What could be cooler?! Cant be too hard to convince your IT manager to give you the time to do it, considdering the benefits!

But point B is trickier.

Like i have said in earlier rants, I am constantly coming across admins that seem to have burried their collective heads in the sand when it comes to IT and the developments in that field. People like that may very well never have heard of SUS, or all the work that MS is actually doing into correcting their security issues of old.

Now personally, I would like to take all these kind of admins out into the parking lot, and shoot them, but that would be rather challenging considdering that they seem to be in the majority.

Inept system admins, or IT managers, are the whole reason that worms like Blaster and Sasser are succesfull, and the reason that dispite everything MS or anyone else does for security, and exactly because it is the most used OS on the planet, it will always remain vulnerable, primairly because of human failing.

Will managers ever understand us Geeks?

Friday, August 20th, 2004

This book is great!

I have not even read a single page, but I am already convinced of the superiority of this book.. genious.

Microsoft’s FretDFire weblog alerted me to this title, and I can just imagine myself getting this book for an IT-managers birthday or something! lol!

But seriously.. the rift between managers and Geeks, is something I can really relate to, and something that kinda hits home with me.

My experiance with companies, and in paricular how they relate to their IT staff, has overall not been very good.

Though I am increasingly positive over the direction my  IT services company is taking, I am still very dissapointed in how they treat their own people, but I have run into this with client companies awell.
A lot of this has to do with the cultural gap that exists between managers and the average IT proffesional. Its just two very different worlds, and very different people, that dont seem to be able to relate to eachother.

Glen does a tremendous job of detailing the nature of IT personnel, and I certainly recognize myself in this list. They:

  • Are highly intellectual people who have been rewarded since a young age for individual achievements.
  • Value other persons of similar knowledge and can be intolerant of others not so.
  • Are attracted to this business solely by the technology and tend to work on technology for technology’s sake, not necessarily for business’ sake.
  • Can tend to view data centers and networks as their own personal toy boxes and/or creations of their own artwork.
  • Are introverted by nature, choosing machines over humans and facing challenges in effective day-to-day formal and informal communications.
  • View the business world through what I call the Dilbert filter, which from a certain point of view is a sarcastic view of business, its objectives, drivers, and more importantly, the people who make up the business units.

IT stereotype: The geek The business IT supports
Is highly intellectual and intolerant of those who do not share the same knowledge. Does not share the same knowledge and requires tolerance.
Likes technology for technology’s sake—Often views the technology as one’s own artwork and toy box. Do not care. Has business needs that technology is to solve—accompanied by statements like, “Can’t you just fix this thing?”
Is introverted by nature—a poor communicator. Is extroverted by nature—in desperate need of effective communication from IT.
Views the business through the Dilbert filter. Views the business through profits and losses—accompanied by statements like, “If we don’t make any money, you don’t have a toy box.”

Read more at this great Techrepulbic acticle

What really gets me is that companies like the one I work for, try to mold their IT staff into something more marketable. My own personal manager likes seems to really want to push my own development of ‘soft’ -or ‘people’ skills. Now I feel I am not the most communicative person in the world, but I am certainly not the worst, so I am always willing to keep her happy, and go to communications training if she wants me to, but quite honestly, I really couln’t care less. I really have no need to want to communicate with people better..  after all, I can communicate just fine with other geeks, sometimes you dont even need words, just the right T-shirt..  But these soft-skills are of course means to facilitate in communicating with the rest of the world.. managers, users, etc.

I have tried to explain geek culture to her, tried to explain that you cant really change the intrinsic nature of geeks, and tried to make her understand that culture gap, and how she must bare that in mind, always, when dealing with the average IT proffesional..  But she doesnt understand, its simply beyond her world view, and this applies to every other manager in our company.

So much to learn, so little time… and my week at DSM

Friday, August 20th, 2004

Just finished a week of ad-hoc patch management at DSM again.

Its amazing to me that a company that needs to be as secure as DSM, would allow so many of their mission-criticle pc’s to go completely unmanaged, and thus unpatchedm and un-backuped.

This time round, used my proxy account to update most of the pc’s via Windows update. Its slower than the CD I used previously, but certainly more reliable.

Also on the Windows update front, Windows XP Service Pack 2 has now started being distributed via Windows update to XP Pro users, thought they have capped downloads, to prevent their servers dying (its an 80mb download!).

I was somewhat suprised to learn about Microsoft delaying this update because it wanted to give companies time to stop the service pack auto-downloading to their clients, or giving them time to test it. I mean..  I have been running the Release Candidate 2 of SP2 for over 2 months now.. the first beta came out in March or so..  you would think that companies would be prepared.

Well of course, some will be, no doubt.

But it just annoys me that their are apparently so many admins out there, that seem to be completely ignorrent of what is going on out there in IT land. I see admins like this via my work all the time, admins that just seem to be completely uninterested in the most basic things they should be keeping tabs on; Software/anti-virus updates, security threats, end-user experience, actually using IT to meet business needs, new developments, integration and collaboration, etc…etc…etc.

I often think about being at a company as an in-house admin, and wondering if I will actually do all that I preach, (or at least try to do when I am at a customer), or turn out like all those kind of admins.. so ‘settled’ in my job and position, so lazy and comfortable, that I end up not really caring about any IT outside my own shappy network that I can’t be bothered to get working right..

Its an image that genuinly discusts me, and its a strong motivation to stay in the outsourcing scene.

On a similair strain of thought, and taking into considderation that I will have another week of study ahead, as my employer doesnt have a new job for me, I have been contemplating my knowlegde and skillset when it comes to IT. There are really a few things, technologies I mean,  that I feel I must get to grips with sooner rather than later, in order to ‘advance’ to the next level of what I can do.

I am going to list some of those subjects here.. and why I feel they are important.


Visual Basic Scripting.

The more I get into complex administrative tasks, the more I see a genuine need for me to become proficiant at scripting. I put down VB here, because it seems to me to be becoming the most widely used scripting language out there in the admin field, and in that regard, overtaking Kix, at least, this is my impression based on what I am seeing on clients networks. Also the support base for VB script is absolutely massive, and Microsoft puts a lot of effort and resources into selling it as the defacto scripting language for Windows, even though I have heard that there are other very good scripting languages out there, such as Perl. Now I have been contemplating getting into VB script for a while now, but just never had the willpower to actually get down and DO it..  (a common problem for me). However, I did purchase these two titles, and I am still looking forward to getting down and dirty with them:
Microsoft® Windows® Scripting Self-Paced Learning Guide
Microsoft® Windows® 2000 Scripting Guide

A good, fundamental knowledge of VBScript, and by association technologies like WMI and ADSI, are going to make my life a hell of a lot easier as I become more involved in bigger, active directory-based networks.

Public Key Infrastructures (PKI)
Now I will actually come across this quite extensivly in the third module of my MCSE (if I ever get passed the dreaded second module). The reason I mention this technology in particular, is because it represents a very cool security solution, that can encompass basicly anything you wish to authenticate or secure in an IT enviroment. A great example I would really love to get to implement, is a two-factor authentication system for a large company, where people dont have to remember long and strong passwords, that they are going to write down any way, but where all they need is their card (and of course, for ease of use, this would be the same card they use to enter the building/pay for lunch/idenify themselves with, and a simple pincode. Two-factor authentication: Something you have, (the card, actually the digital certificate), and something you know (the pincode). Its truly the best of both worlds; easy and hassle-free for users, and more secure than just passwords. Its been around for many years now in one form or another, but its amazing to me that it hasn’t been picked up by major companies yet.. they would have so much to gain. The only client of ours I have seen using it is Shell, but it was shabby and ad-hoc, and not standard or common.

Now in order to achieve all this, you would need a PKI, where you can generate certificates, and load them onto users cards. Of course to login, they would require a cardreader. But if you used a card that could also store other information in a seperate aea, then tadaaaa, you have a great alternative  for the floppy drive, and this would help justify the costs as well. They must be companies out there than offer cards or systems based on combining all these technologies and requirements.. I know that at least the technology is getting a boost by all those pc manufactureres stucking USB ports on the front of desktops, instead of just the back. It makes that hardware part of Two-Factor so much easier to deal with.

Of course, most of us know Public Key Infrastructures and certificats from browsing secured sites, where globally trusted Certificate Authorities gurantee the validity of certificates given to you by secures sites. But certificates can also be used to sign software. Think of that.. You have have a requirement as an IT department, that any line-of-business software produces for your company, is digitally signed. Securing software distribution and instalation using certificates helps insure that only approved software can be run on your network! I mean.. way cool! Its just a really exiting technology to me, and I dont know near enough about it!

Web design and publishing
To me this is a no-brainer. No selft respecting sysadmin should be content with being totally ignorrent of websites, web-design, web-based applications, web-services, etc.
Now I am not chanting that every sysadmin become and web-dev, I just recognize that we are moving more and more to an IT world, where the line between classical system administration, web development and database administration is becoming increasingly blurred.

As a sysadmin on Windows, knowledge of IIS, and by extention web-technologies like ASP, .NET, ADO, SOAP, HTTPS, etc. is a must. We as admins are being asked to support ever more comple web-based scenarious, and we need to be familiar with this field.. very familiar.

Oke, I am tired of typing for now.. Perhaps more in a later post.

No I will not fix your computer!

Tuesday, August 10th, 2004

I should have been wearing my T-Shirt.

So I come home. Now the house is aproximatly 3 times warmer than the outside air. So I open all the windows. Now, just so you understand the situation, I am sick as a pig. Its been 30 degreet out, then it started raining, so now I, and most of my countrymen, have been steam-broiled. So I am desperate to open some windows and cool down, I am completely shattered from a very taxing day, having sat in a noisy server room, that was too hot also!

As I am opening the window, a bunch of my criminal eastern-european neighbours (I dont exactly live in wealthy-as-fuck neighbourhood) walk by and look in.
Then they come back and walk by again. Then they stop at the window, staring at all my computer stuff.

Then they start this nonsense drivel about a laptop that they have that is slow. Now.. it actually sounded like they where serious, as in their laptop had crapped out, and the original CD didn’t work.. and it all sounded too plausible for the average clueless. Still doesn’t make me feel any better that they started asking me for tech support, just because I was standing at my open window! I have them a rather non-commital awnser about tryinng the original CD again.

As unpleasant as this kind of this is, and I have been in these situations before, I am sympathetic… for about 4 seconds. I bear daily wittness to the complete confusion and helplessness of the computer user-base. These petty-thief criminal neighbours of mine are no different to any office worker I have ever incountered; completely and utterly clueless about that thing on their desk.  I am often amazed at what kind of situation we have landed in, with millions of people going out to buy these things that hey have no idea what to do with. I worked in a computer store for 2 years, and was at the frontline of this maddness. The average computer is simply too complicated for the average person to use! We as IT people are confronted daily with the maddness of the computer industry, with software problems and incompatibilities and patches and virusses and whathaveyou. ..   Try explaining ANY of that to the average user…  you mention just a single word that even sounds technical, and its “dumb mode on”.

Well I could spend the next 4 pages (or scroll actions, whichever you prefer) on this little rant, but I am not in mood. I will in the future, no doubt spend more time with you, analyzing user behaviour, and possibily tagging some office worker to study their migrationary patterns.

Things are looking up.

Friday, August 6th, 2004

First of all, the cloud-cover for 2 days has caused the air to cool to somewhat more tollerable levels.

Then today, during a cofee break from my studies, one of the delivery managers (that is fancy-talk for personel managers), came round and commented on my involvent with an upcoming Sharepoint Portal project for one of the customers.
Now this was news to me, as I had not heard anything about this. I acted all cool and professional, and talked to her a bit about collaboration technologies and such.. and when she left I made a few cardwheels thought the room accompanied by a loud and repetative ‘whoohoo’ sound.

I have my friend and collegue MV to thank for this primarily, as he has been in the project scene for quite some time now. I have been hoping to get involved with the projects for some time now, as they are infinatly more interesting that simple ‘placement’ at a customers for a specific function.

In responce I immediatly looked up the offer we made for this customer concerning the Sharepoint implementation, and I am rather worried at the timescale they are talking about.. we are saying we will get the whole thing done in more or less 2 weeks, this includes analyzing their business needs, setting up shop, working out a design plan, setting up the server, configuring everything to their wishes, migrating their current data, and delivering system documentation. Looks like I need to get practicing! Time to whip out the old VMWare!

Hey.. I wonder if MS has a Solution Accelerator for Sharepoint Portal Server ? Ah.. here we are, they call it the Microsoft Solution Accelerator for Intranets though…  but I know MS bases all their ideas about ntranets around their Sharepoint products!

In case you have no idea what a “Microsoft Solution Accelerator” is? Uhh.. read this:

The Solution Accelerator for Intranets is a collection of documentation that presents a prescriptive, tested, and supported approach to designing, deploying, operating, and growing a highly-available intranet solution. In the development of such a solution, the accelerator documentation addresses issues that are not discussed in the product documentation, such as service readiness planning, resource requirements, and capacity planning. Topics such as monitoring, backup and restore, planning for growth, and disaster recovery are also covered.

The Solution Accelerator for Intranets adds value by prescribing a baseline high-availability server configuration, in addition to instructions for increasing capacity. By providing performance and capacity numbers for both baseline and “scaled-out” configurations, the Solution Accelerator for Intranets helps partners plan a physical architecture based on quantitative evidence.

Finally, the standardized architecture presented in the Solution Accelerator for Intranets is tested by Microsoft, validated in the field by other partners and customers, and fully supported by Microsoft Product Support.

So.. now you know.
They have bunch of these, I am most familair with their
Business Desktop deployment accelerator, as it closely resembles a lot of the work I have already done with corperate desktop deployment.

Now I have a week left that I was gonna use for just MCSE study, but now I think I might split up that time and also work on some Sharepoint setup procedures and stuff.

I also went out and bought the Sharepoint Products and Technologies Resource Kit, which I was thinking about getting anyway, as the whole Sharepoint and Collaboration thing MS has going interests me greatly!

Basicly, this is my big chance to impress some influential people in the company. They seem to have placed a lot of trust in me, based mostly on hearsay i am guessing. I also guess my continuous ethousiasm for the companies current direction, and their own Sharepoint portal,  have payed off. Not only did the personal manager that talked to me today compliment me on my enthousiasm, my own personal manager sent a similair mail to me yesterday, making a point out of thanking me for keeping her informed about stuff that concerned her, in this particular case, the fact that MCP’s kan now share their online certification transcipt.

Also, the fact that seem to be one of the few people that is actually turning up for study during my ‘available’  period, must be helping my image with the management too. Who said sucking up was such a bad thing? Thing is, I dont even do it deliberatly, unline many people in this company. I am genuinly interested and enthousiastic in what the company is doing, and it still kills me that dispite this, my salary is knowhere near market standard.