Archive for September, 2004

New job again…

Wednesday, September 29th, 2004

Well this week has been a bit of an emotional rollercoaster when it comes to employment. It all seems to have turned out well though, as today I have a good interview with the people at the media company I was enthousiastic about. Have to spend the next few days at the current job with the defence people though..  very very boring.

The job at the media company appears to be a general kind of administration of their office enviroment, including all aspects of it, so that means server administration aswell as simple service desk type work. I dont mind as much though. or at least I dont expect to mind as much, as with such a wide area of activities, I can probably keep my interest, especially because you can be more pro-active in end-to-end solutions, cause you control all the ends of the enviroment¬†ūüėČ

I am pretty exiting about the company in general, as they seem to be involved in all kinds of front-line technolgy. Besides the media services they offer, they also provice hosting and co-lo for other media companies, and they basicly administer the network infrastructure of all the media companies around them. (They are located in the middle of a Media Part; a large collection of media, television and radio related companies.) As you can imagin, these kind of companies need rather a lot of bandwidth at their disposal, and the company I will be working for supplies this also.  They also host large storage solutions, and expect to have upward of 2 petabyte of managed storage by next year, for customers and also their own activities.

They currently run NT4 front and back, but are in the middle of a migration to 2003 and XP, with Altiris as a management solution. I really cant wait to get started there! Should be able to start in the next week or so.

You have heard of Wardriving right? Well I fired up my laptop and NetStumbler in the train on my way back.. so what do you call that?
It was rather 100mph, you can cover a lot of urban ground, and within no time I had about 100 access points on the list.¬† And it indeed seems to be true what they say.. most didn’t even have WEP enabled, let alone anything better.

Got myself a 512mb Sandisk SD card to go in that USB SD-cardreader thing I got with my laptop and for use in my XDA. Will be sticking tools and ebooks on it, and some music.

Define System Administration

Wednesday, September 22nd, 2004

Its been a bit of a hectic week so far.

On sunday evening (!) one of the account managers of my company phoned with the news that he had gotten me a job at one of their frequent customers, a large military-related organisation.

Now this came as somewhat of a suprise to me, as I had expected to be going for a talk at a media company for a Windows 2003 sysadmin position. Now apparently, this was still in the pipeline, but they had not recieved word back from these people, and the positition with the militairy customer apperently required a certain type of profile, that only I and a few others that where available at the time, could fill.

So tuesday I had started, expecting to start getting into the finer points of their network. Now I already new that their network was still NT4 based, which was a dissapointment, but the scale of their operation was interesting, and they initially spoke of an pending Server 2003 migration coming along next year.

However, things turned out to be dissapointingly different.

You see, they discribe work that most companies would¬†put¬†under¬†‘second line helpdesk’ work, as ‘system administration’. They have a bunch of people, that I would include, called ‘system administrators’, that basicly go to end-users to solve calls that the first line (telephone awnsering only) have made.

Well like I said, I, and many companies, basicly call this ‘service desk’, or ‘second line’ service desk work.
ITIL metholigy basicly says the same.

That it upsets me that I was put forward for this position is to put it mildly.

What I call ‘system administration’; monitoring servers, fixing and improving network infrastructure and server-side or backend components and services. Software distributution and versioning, policy administration, security administration, patch management, anti-virus and firewall management, auditing, end-to-end process management, etc, was the domain of what they called ‘first system administrators’ and ‘seniors’ (specialists). ITIL or MSF will describe this kind of work or similair under terms like ‘Support Technicians’ or ‘Specialist Support’ , usually¬†attached to¬†Problem or Change Management.

I have been very annoyed with the historical lack of appreciation of my skills, and only very recently has my employer grudgingly admitted that I am above the level of a mere service desk tech, by granting me the posistion of ‘assistant (or junior) administrator’. This while people tell me quite frequently that I am at a specialists level, and and the very least a full administrator. I may not need to tell you that my salary does not reflect in any way, the skill level of any kind of sysadmin, en from what I hear, even barely fits a first line service desk guy.

Now before I continue, you must understand that I am of the opinion, that my employer doesn’t give a rats’ ass as to what kind of work their people do, as long as they can put bums in seats, and get the money. I am therefore quite convinced, that the account manager in question probably knew exactly what kind of job he was sending me to do. On top of that, he placed me at this customer right under the nose of a fellow account manager.. the one that was trying to get me set up with my customer and job of choice.

So today I phoned the account manager for this customer with the bad news.¬†Now I was initially going to tell him where to shove his customer and the job, but I relented just moments before speaking, and decided to take a, shall we say, more ‘mature’ aproach. I told him there had apparently been a misunderstanding, and that this job did certainly not require any specialized skills, and that I would help him find a better match, but writing up a little report on the job skills required.¬† He seemed quite receptive to this, and he will be coming to visit and talk things over tomorrow.¬† To my suprise, he told me that the satisfaction of the customer, them, and myself, was of importance, seemingly implying that they valued all three equally, which, historicly, has certainly never been the case, at least in practice.

So.. I look forward to what tomorrow will resolve, and hopefully I can be free to go talk to my preferred customer on Friday.

BBC NEWS | Technology | Taking computer insecurity seriously

Saturday, September 18th, 2004

BBC NEWS | Technology | Taking computer insecurity seriously
(on the effects of the Latest Windows flaw, that can cause jpg image files to execute arbitrary code under the users context, and on the wider implications of security management in the user community)

Bill Thomson latest column on the BBC news site, once again, parrallels my own thought on the matter. The exerpt below certainly caught my attention.

“We need to do something about this, if only for selfish reasons.

For while we shouldn’t exempt the computing industry from its share of blame, it is clear that everyone with an Internet-connected computer has a general responsibility to the network as a whole.

Just as we advocate vaccination against major diseases so that communities develop what is called “herd immunity”, so we need to reduce the number of vulnerable machines to the point where viruses and worms do not spread.

Public education doesn’t seem to be working, so perhaps the solution lies in sanctions.

At the moment those who fail to update their systems or protect them from viruses can still get online and use internet services. We could, however, make life a lot harder for these anti-social types. “

While I agree in principle with Bill on this, the reality however, is that the vast majority of home computer users would fall under, what he calls, the “anti-social types”. And then you face the problem of consumer rights. Right now, even most of the IT industry doesn’t take patch management and security¬†seriously. I come across this time and time again when working for customers.

One must remember that it still a relativly small and hardcore group of technologists, that I count myself amung, that are preaching the word on in-depth security.

If you cant even get the majority of the IT industry to support security initiatives, then what hope is there of convincing the rest of the users community that so-called ‘sanctions’ are justified, in order to force them into a certain, probably unwanted, behavior pattern.

Even if internet-invested companies banded together to enforce a minimum level of security for internet users, (and they probably wouldn’t dare to enfore such a thing, out of fear of loosing customers), then the uproar in the consumer-rights¬†community¬†would be enormous! Just as I suspect it will be, when Digital Rights Management (DRM) initiatives become more mainstream and more people start to really be affected by the limitations they will start to¬†face.

Tools of the Trade

Saturday, September 18th, 2004

Been keeping myself bussy at work with stuff that is reasonably interesting.

Oke, first the technical stuff, then the customary ranting.

Windows Update still wont work properly. Yesterday I came across some log entries that seemed to indicate hosts where having trouble finding the SUS server. I went back to my group policy and noticed that I had used wrong slashes, again, for the windowsupdate server, that we call .. http://windowsupdate
I am a little worried that there might be some host confusion at this name, as its also the DNS host name of Microsofts own update servers.
Just in case,  I then changed the same to a FQDN.

Anyhow, the reason clients are not able to resolve the Netbios name seems to be  major problems with the browsing service on the local subnet. Somehow the PDC was not properly updating its browse list, and since the PDC is also the domain master browser, everyone elses list was pretty short.  Only computers that had booted that morning where in the list, the rest, like my own, where absent. I am still looking into this, at least how it occured, using resources like the MS Windows NT Browser White Paper, and a very cool little tool I discovered here, called the NetBIOS Browsing Console (Browcon.exe), written by Brian Schafer and Tim Rains. And of course Browstat.exe. I would have used Browmon if I had the Windows NT4 resource Kit tools here, but I only have the 2003 version which I downloaded. Also the Windows 2000 Resource Kit TCP/IP Core Networking Guide has agreally good appendix on the browsing service.

That kinda pisses me off, because I had expected the Resource Kit tools to be commulative. Also, Microsoft doesn’t offer the older tool sets for download, or not completly. This is their marketing machine at work, trying to get you to buy the books, which I do, which include the ‘complete set’ of tools, while offering only a subset of the tools for download. Means in future I will have to keep the NT4, 2K, and 2K3 tools all seperatly on my laptop. I have also discovered that I need to do the same with other tools, like the support tools or deployment tools, because sometimes certain switch functionality ,or downlevel support for older enviroments, is lost in later releases. I remember a similair issue with the old NT4 regedit I think.

Anyhow, I moved about the domain browser role untill the problem was fixed. Then the domain browser service on the PDC resets, it sends out a DomainAnnouncement datagram to all hosts, and then builds up the list again from hosts sending hosts announcement messages, and they send these every 12 minutes by default. What I dont understand is why the domain master browser lost so many entries in the list, and why the list wasnt being filled up again. the eventlogs on hosts didnt give any details about netbios problems. I hope simply restarting the browsing service on the PCD helps to solve this problem in the future!

Oke. Rant time.

I am here only 2 weeks, and yet I find enough reasons to have installed the support tools, the Windows deployment tools, the Resource kit tooks, the adminpak, the Office 2000 Resource Kit tools, and various other small tools like the Process Explorer and Browcon.

Now why do I never ever see any other admin doing this? I find these tools indispesive! They are always the first things I am installing on any new pc that I will be using for administrative purposes! Why do other admins never seems to be creating distribution points for Office? Time and time again I see people dicking around with CD keys; its so unnessesary! Any new server I install, gets the support tools and resouce kit tools by default, aswell as the network monitor components. I build these installations into every unnatended install I do, so you dont have to worry about them anymore! Yet I have never ever come across a server installation at a customers, that had this stuff installed on it!

Oke.. lets think about this.

Do admins simply not know about what these tools have to offer? I am convinced this is the case, because everytime I show them these tools, they are obviously suprised!

So why then do they not know of these tools? Why is it that I do know of then? Because these tools are mentioned time again time again online, on support page, and Microsofts support sites, in documentation, etc.

That must mean that most of these admins I meet dont read or browse this kind of matieral often. Why not?

I come across this material all the time, for 2 reasons:
A. I use these resources in troubleshooting problems that I encounter.
B. I am genuinly interested in the material, so I buy a lot of books on this stuff, read a lot about it online, follow lots of Microsoft blogs, read a lot of technet stuff.

Now, I can well imagine most admins not spending their time reading technet or MSpress books. Fine. But I cannot imagine them not coming across this stuff when troubleshooting problems.

But perhaps that is the whole point. Often, these admins dont seem to be troubleshooting problems! Like they didn’t even notice the lack of NETLOGON replication on both office domains, or the fact that nothing was up to date with Windows patches.

Now the reason they dont notice these thigns , at least here, is because their allerting software, in this case Sitescope, doesnt seem to alert them. This is perhaps something I can fix in these last 2 days if me being here.

The second reason, is that they are simply not interested enough in their office network, to even care to check manually. Their main business is their digital tv channel stuff, for which they have seperate domains and subnets, and they are bussy with that all day. They have left their office network to decay to the point of being a massive security and functionality hole, and their support persion, who has become their defacto sysadmin for the office network, simply doesnt know enough.

Unfortunatly, this is a scenario that seems to repeat itself over and over and over, and I come across it at almost every customer I am placed at. No wonder IT is so untrustworthy, with investment like this, or lack thereoff, and i am talking mental investment, not even financial, IT enviroments will never improve in reliability or managebility, and the way IT is practices will only ever be second rate. God how I long to work for a company that has their shit together in this.

First post – and a short introduction

Saturday, September 18th, 2004

Hello everyone.

This is my first post at, and I am happy to be here.

Just a little introduction: My name is Robert, (But I prefer my nick Jemimus), and I am a 25 year old system administrator, working for an IT services company in The Hague, Netherlands.
In my job I am frequently doing jobs and assignments for customers for short projects or for longer periods.

I have previously been posting at, but my largely technical posts are a little out of place there.
This community seems a far better place to post. I am certainly not a guru as some here seem to be, and I am not a developer, so I hope the quality of my posts will not dissapoint.

My first few posts will be copy-pasts of posts from my old blog, and I usually post 3 to 4 times a week.