Posts Tagged ‘Microsoft’

Time for certs, and some professional development

Saturday, April 18th, 2009

Its been ages since I did anything in the form of training.

I always loved collecting many of the Microsoft Press books, many of them training books that would lead to official certs, but I would never put the time in to actually train for them.All I ever managed to get was MSCA 2003 and the Exchange 2003 exam.

My enthusiasm about the new job is such that I think now is a good time to invest myself again.There are several products we use at the job that I am currently less than familiar with, Exchange 2007 and VMware being the main ones here, and I could seriously use a bit more depth in other areas like Citrix.

Things have changed significantly in MS cert land since I last had a look around. MSCE no longer exists, instead, Microsoft has chosen to go mainly product-specific. You are able to get a basic cert in just about any MS product, which leads you to become a MCTS or Microsoft Certified Technology Specialist. You can then chose to go deeper and becomes MCITP or Microsoft Certified IT Professional. This latter one is more like the old MCSA, but its still more oriencted towards a specific technology group that MCSA used to be.They are broader, and usually combine 2 MCTS certs with specific MCITP exam.

Its funny though, the MCTS or MCITP are not well known at all yet. Almost no where durign the last 6 months of job hunting, did I come across these terms in job positions. Its gonna take several years for these certs to gain that value that comes of managers and recruiters being “familiar” with them. That is never a strong reason for myself to go for these though.

For me, these certs, but more specifically, the training that goes with them, is a structured way for me to invest myself. I could learn just as much from the internet, all the info is out there, aswell as other great books that are not specifically training books (I love the MS resource kits for example). But I never approach these materials in a structured way.

For myself, based on my own interests but also the job I am now in, the following certs seem the most interesting to me:

MCTS: Microsoft Exchange Server 2007 – Configuration, Exam 70-236
This one comes mostly from the fact that at the job, we run this, and neither me nor my collegue know much about it. As with almost all of the infrastructure, it was built by a third-party, and there has been no time to really get into it.
My own relationship with Exchange has always been a little strange. I have had a distant interest in the technology, but never really got the chance to work with it consistantly.

To this day, I am annoyed at my lack of experience with any version of Exchange. I won’t claim its my first choice for training from the standpoint of personal interest, however going for this one first has 2 large advantages: 1. We are currently working with the product and are unable to adequately support it. 2. It will be a nice introductory for myself back into the MS training scene.

I also plan to get this cert completely on my own. Self-study, and probably even pay for the exam myself. I want to use it as leverage, to show that i am willing and eager. That way, when I ask them to send me on a VMware course, it will be an easier descision for them. In other words, I want to give them this one as a freeby, while giving myself the breathing room to get back into the routine without any external pressures.

MCTS Self-Paced Training Kit (Exam 70-236): Configuring Microsoft® Exchange Server 2007

To this end, I am ordering the self-paced training book from Amazon this afternoon.

Transition path from MCSA on Windows Server 2003 to MCITP:
I am MCSA+Messaging, and of course there is a transition path to take.
This consists of transision Exam 70-648 which leads to two MCTS certifications:

And then a, what they call “Professional series exam”, Exam 70-646, which leads to: MCITP: Server Administrator. The way its described, seems to place it a little beyond the MCSA level, but not exactly MCSE.

The books that go with this are:

MCITP Self-Paced Training Kit (Exam 70-646): Windows Server® 2008 Administrator

MCITP Self-Paced Training Kit (Exam 70-646): Windows Server® 2008 Administrator

MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory®

MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory®

MCTS Self-Paced Training Kit (Exam 70-642): Configuring Windows Server® 2008 Network Infrastructure

MCTS Self-Paced Training Kit (Exam 70-642): Configuring Windows Server® 2008 Network Infrastructure

From there on, I may later wish to procede to MCITP: Enterprise Administrator, which requires a further 3 exams, which includes a choice between 2 desktop MCTS certs. (see link).

Lets see if I can get the exchange cert before August. Then it may be realistic to expect myself to get to MCITP: Server Administrator by the end of the year.

SP1, x64, DSI, VS Team System, ADFS, Istanbul – All at the Spring MSDN Technet brief in Rotterdam

Thursday, March 31st, 2005

Today I was at the spring MSDN Technet brief in Rotterdam, a free event that you can attend, where Microsoft and partners get you up to speed on the goings on, and where you can follow some interesting sessions and labs.

The Keynote, given my MS’ Tony Krijnen (exellent speaker) of course focused on the bran-spanking-new SP1 release for Windows Server 2003, which was last night released as RTM, aswell as going into some depth on the x64 versions of MS products that are also RTM as of today.

No mention though of the new Exchange 2006, even though that news has seen hitting the MS news crowd today also.

Followed 2 sessions on security, one was on security policies, which was terribly presented, and was nothing new for me. The other was very interesting; all on hardening and securing Exchange 2003, which I still have way too little experience with. Level 300 material does it for me! 😉

Also attended an in-depth session on Service Pack 1, with special focuse of course on the new Security Configuration Wizzard. I couln’t help but wonder weather there is now a rather large overlap in the way one can role-out security settings, and the tools one can use for it: Group Policies and the various interfaces we use to administer them, Security Templates used locally, again with associated consoles, now the SCW. I mean.. all great stuff, but i feel MS might be getting a little bit away from itself here with all these different aspects of doing basicly the same thing!


Also demo’d briefly today was Visual Studio’s new DSI (Dynamic Systems Initiative) interface, by which I actually mean the Visual Studio 2005 Team System To show it off they did a little play-act between the “sysadmin” and the “developer” , where the developer could inport a “model” of the sysadmins network, and test application design and deployment against it. This was definatly a tool that got me looking, and I would make good use of it if the oppertunity presented itself. However.. I have very rarely been directly involved with developers, because of the services-based orientation of my job.

Now it was interesting to see this particular angle of DSI, as I was more aware of it as a drive towards more interoperability and procedural administration (think MOF), amungs other things. That there is also this development integration aspect was not something I was aware of, so back to the technet site for me! (or perhaps the MSDN site? 😉

Speaking of DSI and the server products that are associated with it, I picked up the SMS2003 Administrator Companion, at 40 euros. Still my intention of getting into that.


Also demonstrated was the Office Communicator 2005 (Istanbul), the client portion of Live Communication Server 2005. I was impressed by the deeper integration it appears to offer.. also it looks dead cool with its steely gray standard skin 😉 Tried in vain to find a picture to post here, must be NDA or something 🙁

We also got a little sneak preview of Windows Server 2003 “R2” in action.. we where briefly shown the Active Directory Federation Services tool, where you can couple AD to another Identity system. Learn more about ADFS here and here . (for lack of a better resource currently). After hearing all those cool talks on Federated Identity on IT Conversations, this was pretty cool to see. Also, being the silly and backward Dutch IT crowd, I am sure this is the first time many of them even heard the word ‘federation’ ..or “Identity” for that matter 😉

Security: Linux vs Windows, administering Windows over telnet

Sunday, October 24th, 2004

This report just out by Nicholas Petreley takes a good hard look at both OS’s from a security standpoint, comparing design charateristics and the way vurlnerablilities en inherrent buildup of the OS influences the actual severity of exploits and how this is messured most effectivly.

Though the arcticle is clearly anti-MS biased, I found it a insighfull read and will be using its many facts and figures often. I must also say that I agree with every single critisism pointed at MS.

I have to this day, never touched Linux. But articles like this are really making me enthousiastic to get to know it. But coming from a MS background, the hurdle is gonna be pretty big, and I am not quite prepared yet to really delve into it at this time.

Another thing in the report that got me thinking again was the administrative requirements of Windows.  Now I have infact been thinking about this a lot for the past year or so..

I have a Pentium 3 800 that functions as my server. Its running all kinds of stuff: IIS6 with all kinds of web-based stuff like Sharepoint, some static pages, OWA, SUS, and Gallery running under PHP; SQL Server 2000, Sharepoint Portal Server, DNS for inside and outside, Its my DC running my internal domain, and of course its a massive Fileserver.

Now I am very very aware that running all this stuff on the same machine is a security nightmare, and it is. But until I have some money to start to build a serious machine that will do MS virtual server or VMWare ESX, and build instances on top of that… well I am gonna have to deal with my current setup.

But anyhow.. in order to manage it, I sit both at the console, or use RDP (remote desktop), which is esentially the same thing.  Now I have even used RDP on my Pocketpc over GPRS, which is of course rediculous considdering the bandwidth of gprs (or the lack thereoff), and the screen resolution of my XDA.

A few times I have basicly told my self: “Damn it all to hell, I should get my hands of a secure shell program for Windows, and use only command line from here on in!”

WHY on gods green earth would I be so masorchistic?!

Well the why is the easiest part:

-Its more secure. By Administering Windows only via command line, you restrict yourself to one and only one avenue of access. All you need is that telnet access, and it would be secured and encrypted to boot. By not using the GUI, you dont let yourself use the browser either, or run any office app on your server, or any other app for that matter, exept if you really need it! This decreases the area of attack considerably.

-Its less resource intensive. Think of all the resources a single logged on use on Windows eats up? Go have a look in terminal services manager, its crazy. Now Windows loads the gui by default, not much we could do there..  at least..  i think there are ways out there to deacticate lots of this stuff, you can at least kill explorer.exe.. but by not letting yourelf log on to the gui, you prevent all kinds of situations where apps that you are running in your user mode or context, could interfere with what the server is suppose to be doing.. serving.

-Its informative. By forcing yourself to do this, you wil learn a great deal about Windows and how to control it remotly. In the end I believe I will be more effecient in maintaining Windows Server by forcing myself to get down on how to administer it remotely.

-Its damn cool. Command line is cool. Simple as that. You are far more impressive with complicated command line running across your screen, Linux administrators are gods in my eyes.

Can it even be done?

Well, I havn’t really put any serious effort into researching this yes, but I have a fair idea what it would require.

First of all, I would need a deep and thourough knowledge of many many Windows command line tools and command, I would also need to include in this everything from all the resource kits, and plently of third-party tools.

I have in fact had some practice with running in non-admin mode, as I use the cool little makemeadmin.bat that Aaron made which gives me the admin command line mode.. I had to change IP config a lot for my laptop cause the different networks I hook my laptop into, so I delved into netsh for the first practicle time, and made a little batchfile.

Now Microsoft has since Server 2003 put a far larger emphasis on command line tools. This is most evident in their study material, take the 70-290 exam for instance. You are required to know how to do almost everything via the command line now, aswell as the GUI. Many people haven’t relized it, but this is a major shift in MS training methodoligy.

Microsoft also added 60 new command line tools to 2003, adding to an already impressive ammount.

I would also really need to learn how to script. Being dependant on command line means repetative typing tasks.. almost no way around it, so advanced batching and vbscript must be mastered.

Now apart from the command line, there is a pletora of non-gui ways to administer Windows, I mean every MMC console in existance, for instance.. plus plenty of other tools,  But there is no real chalenge to using them.. I use all that stuff already. Also.. you cant realisticly use them over the internet, exept via VPN.  (Yes, RPC over HTTP is an option..but would you trust it? Considdering Microsofts track record with their RPC and HTTP service, I wouldn’t).

Another way is WMI and ADSI, but that requires some scripting knowledge again to make effective use of.

Anyway…  this is at this point just an idea I am playing with, but is academic until I can start virtualizing my server, as I would always need an XP instance for doing my p2p downloading, and browsing when my other pc’s are not available (when I am out of the house for instance).

MSDN Technet brief in The Hague

Tuesday, October 5th, 2004

Today I attended the fall MSDN/Technet brief in the Hague, Netherlands, which is a free event. It was, therefore, nice to see Steve Balmer make an appearance. The theme was ‘Security eXPeriance’ and the sessions centred around ISA 2004 and MOM 2005 mostly.

I attended the hands-on lab for ISA and was quite impressed, even given my limited experience with ISA 2000. I like the fact that MS is now basicly moving towards a single interface that is a lot more intuitive than MMC.. everything now looks like Outlook 2003 😉
Took the lab manual with me, I am sure I can get my hands on the virtual lab to continue playing.

(ISA Server 2004 interface example)

I also attended a very interesting session that basicly squared off firewalling on a Linux platform, agains ISA Server 2004.
Now I know jack about Linux and the software you can get for it, but it was much as I suspected. Now I dont know specificly what firewall tool the Linux guy was using, he was using a web-based admin tool for everything on that machine, including the firewall bit, but even though it was point and click, it was considderably more work to configure anything, as even the most simplest rule had to be built from the ground up.

Now this is probably not a fair test, as I can easily imagine somewhere out there making rule-scripts available for whatever Linux firewall app. But apart from all that, you simply cant get around the interface ease and richness of ISA as a firewall product. Linux requires you to download (and compile) every element of functionality you need seperatly. And when it comes to interface, the only only thing that can compare.. and thus can directly compete.. is checkpoint, and even then ISA just looks plain better, but that should not be a point to take into considderation.

(Checkpoint Smartcentre interface example)

I can predict exactly what the average manager must think, and you should know I considder the average manager rather shallow; “Hey.. that ISA costs no trouble at all to administer.. I’ll just hire an junior admin, with no infrastructure experiance or knowledge at all, for that, and get rid of the Linux specialist who costs 4 times more per hour!”

The most important reminder I got out of the session, is that nothing beats in-depth knowledge of what you are doing. To use Linux effectively, you really need to understand what you are doing. With the average Microsoft product, this is often not the case.

This leeds to masses of lazy administrators. the ones I have often refered to in my previous posts. So I can tell you right now, if something broke down with the infrastructure, then I would far rather have a Linux sysadmin working on the problem, that your average Windows sysadmin, as with the Linux sysadmin, I can probably assume that he has more in-depth knowledge, simply because Linux requires that to get anything done.

As for Windows.. you have masses and masses of admins that know just enough to keep everything working, but not enough to effectivly troubleshoot issues, or help build better solututions to suite business needs. Who cares that you have a really easy to use firewall tool, if the firewall admin cant troubleshoot a routing issue effectively!