THE OFFICIAL BLOG OF THE SBS DIVA

Just got the word that we have a new SBS family member:

Part # T75-00644 - SBS Premium Step Up w/ 5CALs through Open Value. ERP: $1,367  is launching tomorrow. This is the SKU that will convert any customer with SBS Standard w/SA to SBS Premium w/SA.

VERY VERY cool!  This is what we asked for in the MSSmallbiz community and got it!  It means that if your client is on SA for the standard and they realize that having SQL server and ISA is a good thing, then they don't have to jump out of the SA world into the retail world [there was only the SBS Premium upgrade via retail channels before]

This is way way cool.  Remember what I've said about SA?  It means that I get the toys and whistles and bells in the future and I don't have to worry about them.  Microsoft even has a ROI calculator.  Don't know if that tool is SBSized, but for me, it just made sense then and makes sense now to sign up for Software Assurance.

I've almost got the last part of my Patch Management book done and I'm about to the part where I'm going to earn my Strawberry Milkshake.  I'm sure you are saying...”say what?”.  You see, Anne and I bet the guys at Ecora that we could get some C_O's to read our e-book.  [You know CFO, CIOs the head honchos that over look the company but let someone else worry about the details].  Our bet?  Milkshakes.  Why we picked that as our bet, I have no idea.  But we did.  So I already have in mind a one page or two page AT THE MOST document that has bullet points and key issues for the owner/CIO, CFO, the decision maker.  I'm planning to have instructions to tear it out and either send it annoymously or slide it under their nose. 

Something that has no more that like three paragraphs or so but will attempt to wack them upside the head and wake them up to giving their staff the empowerment to:

• Have the tools they need to get the job done [whether it's patching or group policy, you need to be on a 2000 platform]
• Wake up and realize that Windows 98/95 is dead and never had security in the first place

Too many times people state that “we can't afford to upgrade“.  But .... you aren't costing the blue screens that cost you downtime, the lack of the event viewer.  Show me an IT admin, help desk guy or girl and what's the operating system that I'll bet another set of milkshakes that they hate... 9X boxes. 

One of the things about living in California that you have to get used to is the ground moving.  You see I live on the North American plate along with San Francisco and Steve Lai [and I think Steven Banks up in Seattle is on my plate as well].  Roger Otterson down in San Diego lives on the Pacific plate.  If we both live long enough, Los Angeles will slip and be a suburb of San Francisco.  Where in live in Fresno [you know the David Spade commercial.. NO, FresNO], we are pretty clear of the plates and earthquake faults so what normally happens is someone who is sitting will feel the quake, someone who is standing will not.  Half of the office will go “Did you feel that?”, the other half of the office goes “Feel what?”  So one of the ways that I can quickly confirm that it was indeed an earthquake and not a large truck rumbling by is a web site that tracks earthquake activitiy.  Within about 3 minutes or so, the earthquake will pop up on the image in a nice big RED box.  So far we had one on Tuesday in Parkfield, one yesterday morning also in Parkfield, one yesterday afternoon near Bakerfield, and the one that just hit about 11:55 a.m. 

The funny thing about this earthquake is that a guy in the office was on IM to a client in Coalinga which is to the south of us and close to Parkfield.  The person he was IMing wrote... “whoa... another strong earthquake” and Ken at first was thinking “what earthquake?” when it hit.  Obviously the speed of the IM transmission was faster than the speed of the earthquake arriving in Fresno.

What's interesting on that map is how many earthquakes we have in California on a regular basis.  If you look, every day there's a micro one occurring all over the place.  Our earth is “humming” all the time with little movement and it's just a normal event.  If the two plates that meet in California just naturally slipped, we probably wouldn't notice a thing.  But sometimes the plates get “stuck” and then pent up energy is released when finally the one side “jumps” by the other side.  I've travelled to Hollister, and San Juan Batista and a couple of other places where you can really see the San Andreas Fault literally “slipping”, there's obvious breaks in canals or other man made objects that really showcase the power of mother nature.

There's more stuff on Earthquakes at the PBS site.  I'm really into history and if you have time you can check out the historial reports of the infamous San Francisco 1906 earthquake and even review photos online.  The San Francisco Musuem has a virtual online musuem as well. 

Mind you that it's not great to be living a city that shakes and moves THAT much, so I'm glad I live in Fresno where we go, “was that an earthquake?”

[we now return you to your regularly scheduled SBS blog]

Ron via Yahoo.com writes to “via E-Bitz:” 

“I am looking for a decent solution for backing up a SBS 2003 Server with about 30 GB of user data.  The current Seagate Travan system is both slow and unreliable.  (Lifetime warranty on tapes?  HA!)  Would you suggest that I try the Iomega Rev system or get 2 to 3 USB HD's? 

What do you use?  If you have tried harddrives, have you run into any software difficulties?  I am sure I'm not the only person curious about external drives as backup solution.”

Dear Ron:

You are not alone in looking for a reliable and cheap backup solution.  Tape drive manufacturers HAVE NOT stepped up to the plate in providing reliable and REASONABLY priced tape drives to keep up with the monster drives we are throwing into our servers.  In my own case I wasn't ready to go to a usb harddrive solution and I was anticipating backing up my main server AND a member server so I plunked down 3 grand on a Sony Quad tape loader.  Yup you read that right, $3 thousand smackeroos.  Works wonderfully  [it better at that price].  But it's not your normal SBS backup solution by any means. 

What's the best backup?  One that works.  One that you've tested.  One that the client will remember to change out. 

Do people use usb enclosure harddrives as backup media?  Yup, sure do and they work.

Do people use IOMEGA Rev drives work with SBS?  Per Eliot's tests yes, haven't checked back with him if he's using them a lot [and I need to check for that reg key for Mike  from the newsgroups who can't find it on his system]

As far as the travan drive, you do have the hotfix right? 

Too bad Iomega or some other vendor didn't come up with a “guaranteed to work with SBS” external backup system.  Something like a SBS branded SAN, or a SBS branded Iomega solution.  I mean like aren't we big enough of a marketplace now to start having vendors position themselves to be more plug and play than they are now?  We have HP with SBS and Trend pre-installed now, don't we?

Now before you ask, Ron, I'll ask the question....can DVD's be used as a backup media?  I don't know about you but a “normal” backup of a SBS box... I'm going to doubt that it fits on a DVD, even one with all sorts of compression and junk.  And I just know that on my desktop, cd/dvd rom burning is not a trivial task on this box, it does take resources.

If I didn't have my 200 gig/400 gig compressed Sony quad loader tape drive and I was backing up 30 gigs of data?  I'd probably throw in an usb2/firewire card and go for those usb/firewire harddrives.  I actually have a unit or two around the office just to aid in migrating.

Thanks for writing in Ron.  Keep us posted.  You can find me on the blog or in the newsgroups most days. 

So I'm looking at Brett Hill's IIS blog and he points to Benard's IIS blog for a SMTP IIS diagnostic tool.  Hmmm... I think that would work on our boxes....Interesting......

Also last nite on the Minasi forum I found this cool script for server documentation... very cool.

<Brent ... Brett... oops one letter sorry Mr. Hill!>

It just dawned on me that I did exactly what I didn't want to do.  First of October will be the anniversary of the official launch of SBS 2003.  And I still remember posting in the newsgroup when someone posted last year that they were thinking about waiting a year to roll out SBS 2003.  I said at that time ... no way, that I couldn't install it immediately last year in my office but that I wasn't going to wait a year.  It just hit me today that that's exactly what I've done due to a busy summer with traveling and other scheduling. So now it's definitely gotta go in because I want Windows 2003 at the office, I want the security feature of Enhanced IE lockdown.  The fact that when you give “everyone” rights to a folder that it's not like Windows 2000 and gives anonymous user rights.  And then I'm bummed because my workstations don't have the new Trend CSM suite that has the spyware protection.

I just told a guy in the SBS newsgroup who was looking for SBS 4.5 cals to save his money and budget for an upgrade.  It just bugged me tonight that I was spending time upgrading two programs that I really want to get rid of so I can be on the SMB suite.  By the way, everyone is aware of the Trend competitive upgrade, right?

I mean I love antiques and historical stuff, but not in technology, you know?

Boss/partner brings in his HP laptop so I can upgrade it to Windows XP sp2.  [It's the really cool HP with the built in ten key that all us bean counters go ooooohhhhhhhhhh]  So I boot it up to begin the upgrade process and there's a spysware scanner program on it.  Oh cool, right? 

Uh...no, not so cool.  I didn't install it. Where it came from, I'm not exactly sure.  Fortunately I do some hunting that it is a freeware spyscanner so I'm not freaking.... completely...but still it points out that “social engineering” can easily trick someone into downloading a program and installing it. 

Because he has full rights to that machine, he can install anything without thinking of the consequences. 

I/We need to get used to running as a plain user.  There was something I read a night or two ago that Network Quarantine/protection would be huge for us good guys in the year ahead at the same time Social Engineering would be huge for the bad guys.

So tonight because I'm still on the old server here, and I'm updating OfficeScan and Scanmail to the latest upgraded versions.  As I earlier blogged, Trend needs an updated engine to handle the new dat file numbering.  Well when I got back to my office, because I have ad-watch running it freaked out my Trend notificiation back to the server so now my Dat file says I'm on version ???

Of course that could be a comment on my mental state today.  This morning I was dealing with an accounting program that just drives me crazy.  You see in my biz we have every accounting program that our clients have and then some.  Quickbooks in every flavor, MAS 90, and this one that will go nameless as it's a real annoying program.  So much so that when I was reinstalling it on the local worksation of the co-worker that needed it, the file location is now c:\ireallyhatethisprogram [I'm not joking - I really called it that and it doesn't mind it one bit]

Oh and more thing... yo... Scanmail?  When updating?  Can you warn me ahead of time that you will want to reboot the server?  Good thing I did it off hours.  The life of a IT Joe [or Jill in my case] is that you work around other people's time. 

Just got an update email about Software Assurance.  You know the program we all love to hate?  And you know what, for all of it's annoyances I would still argue it's worth it for my cold server rights and the future of Windows 2003 R2.  Notice I didn't say SBS 2003 SP1 which will be coming out next year... I said Server R2.  That release AFTER Windows 2003 SP1 will include Network protection which will “vet“ your connection BEFORE it logs onto your network... not just VPN connections but local connections as well.  Understand what that means... if you have a workstation that is not compliant with your patch level, your antivirus engine, your firewall policy, it doesn't log on. 

Policy, Technology, Compliance testing.

Now that's cool.  The concept of the technology is talked about in actual practice at Microsoft.  You don't get patched, you don't get a connection.  I want that.  And I'm going to get that because I'm on Software Assurance.  See why I like it?

We are excited to tell you about new enhancements to the Microsoft Volume Licensing Service (MVLS) Web site (https://licensing.microsoft.com) that will make it easier for you, as a Microsoft Software Assurance customer, to take advantage of all your Software Assurance benefits.

The enhancements to MVLS are designed to improve your ability to get information about your Software Assurance benefits quickly. Below are a few of the key updates now available:

• Enhanced SA Benefit Reporting – Software Assurance benefit administrators can now get status reports of how benefits are being utilized within your company from your Microsoft Large Account Reseller or Enterprise Software Advisor  Reporting on available and utilized benefits for the Home Use Program, Employee Purchase Program, Problem Resolution support requests, Microsoft training vouchers and media kit shipments. Customers can continue to see training voucher, Home Use Rights for Office and media kit consumption information on MVLS.

        Benefit Subscription Transfer – When a customer renews to a new agreement, subscriptions and users on the old agreement will be automatically transferred to the new agreement when it is activated and the first purchase order with an SA purchase order line item is initiated, providing a simple and automated way to ensure no disruption in service for the customer. This will result in a benefit transfer notification email to the benefit administrators on old agreement and new agreement.       
Premier Customers can now Use Their Premier ID to Submit SA Incidents – Premier customers can now submit Software Assurance support requests by phone with only their Premier Access ID. Contact your Technical Account Manager for more information.

        Simplified Multiple Benefit Contact Assignment – Benefit administrators can save valuable time with the new ability to add multiple users at a time for end-user benefits such as Problem Resolution Support, TechNet Plus, TechNet Online Concierge Chat and Certified Partner Learning Solutions training vouchers.  

Additional features to MVLS include enhancements to several other benefits and improved navigation to provide you with more ways to take advantage of your organizations’ Software Assurance and Microsoft technology. For a full list of these system enhancements, please visit the MVLS site. These enhancements are part of an ongoing endeavor to improve the value you receive from Microsoft technology.  For more information about your Software Assurance benefits, visit our Web site at http://www.microsoft.com/licensing/programs/sa or you can speak with a Software Assurance support representative about any of these service improvements at 1-866-230-0560.

ENSURE THAT YOU UPDATE YOUR INSTALLATION TO HANDLE VIRUS DAT FILES AFTER 980
http://www.trendmicro.com/en/support/npf/overview.htm

HOVER OVER THE BLUE DOT IN THE CORNER, IF IT SAYS “980“ YOU ARE IN SERIOUS NEED OF THIS HOTFIX/SERVICE PACK.

 http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=19744

There is one thing we hate about your install.  You put everything on one harddrive when best practices say to separate the OS from the Exchange to the SQL.  So what do my fellow SBS MVPs consultants do with that lovely 15 minute install?

They take the information in the following whitepaper and move everything where it should be.

Download details: Moving Data Folders for Windows Small Business Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyID=A1D0AF69-1287-4225-BD8B-59C89F44984B&displaylang=en

Which basically takes that 15 minute install out of being a 15 minute install and makes it a much longer and much more annoying install.  They tend to take a RAID 1 or RAID5 and slam down the entire SBS install in the 12 gig partition.  As was said on a listserve  “Spend more time moving Exchange databases and user folders than is saved on the stupid thing.”  Too bad the vendors can't step up to the plate on that.  Seems like HP or IBM or Dell could poll and get a consensus, I mean like everyone knows to stick Exchange on another spindle along with SQL.  You certainly would never ever install the entire SBS 2003 on that initial partition.  That's just dumb.  And if they are selling this with and without partners installing it, you are going to get those DIY'ers into trouble real fast.  I also hear a lot of consultants flattening them and starting over so they can set it up their way.

How is everyone else handling the “OEM setups”? 

I was checking the blogs tonight and found this add on that adds ink/tablet pc functions to Outlook.  Ohh very cool.  Anne blogs about updates and add ons to One Note.  I was talking to a co-worker who was wanting to buy a laptop for there son about a year away from college and I definitely recommended a Tablet PC for his purchase.

P.S.  In case you are wondering I got a Acer Travelmate C110 which is a little small for someone like Jeff Middleton, but just right for me.  I can type on it without worrying about the guy on the plane in front of me breaking my screen as he leans back.  What I do need to get though, is a second battery for those times that I can't plug in. The battery life is good, but sometimes I like to have backups, you know?

 Engadget had a piece on Tablet pc's not selling but I tell ya, every time I've shown how mine can “flip it's lid”, there's a sell that is made.  But that's the problem.  You have to see it.  Even I ended up loving mine MORE than I thought I would because I didn't realize quite how nicely it's form was.  I love that the screen flips rather than unhooks.  It makes it so much nicer for me and my needs that the compaq's I've seen.

http://msmvps.com/cgross/archive/2004/09/24/14251.aspx

Chad points to the new update that allows workstations to get sp2 rather than sp1 when they /connectcomputer to the server

And he points to the info you need to put the file on the server in the right place:

Preparing XP SP2 for deployment on SBS 2003:
http://msmvps.com/cgross/archive/2004/09/26/14393.aspx

I was taking a break from working on the Patch Management book to put my Stereo/TV/DVD system back together after we took it apart to install tile in the family room floor.  Right now it looks like I have black, red spaghetti all over the place with the cables, splitters, a/b switches all over the place.  In addition to making secure wireless easier, how about making home wiring eaiser too?  We proactively ran RJ45 cables to the back of the wall just in case we need it for any future networking, but right now I'm on my secure wireless connection.  Ever notice how they never show computers with all the wires needed to run them?  The photos always show a nice clean computer set up, meanwhile, in reality it's a mess of wires back there!

A co-worker in my office was saying the other day that she'd like to have a home networking for dummies course.  She doesn't want a certification or anything, just a better understanding of how to set things up and set them up securely.  I agree.  Just like my train experience yesterday, I don't think we've taken the time to educate folks on how to set things up the right way.

On the train back from San Jose [well bus first then train actually] I’m sitting across from two young guys who suddenly discovered that they can set up an adhoc wireless connection between the two laptops that they have.  Me being..well…me… I’m thinking… do I lean over and ask if they have ensured that the wireless is going only to each other?  Ensure that their C: drive isn’t shared?  Ensure that that they have xp sp2 installed?  Ensure that the adhoc is secure?

Yeah, I know … really sick aren’t I?  Oh gawd… he just said “this says to enable file and print sharing I need to click here”.  Just for the heck of it, I’m firing up netstumbler just to snoop.  We have three APs… One is “HPSetup”, another is a DUSD wireless connection [must be catching a School district nearby and another one has the SSID of…. Well… this is a family blog and I’m not going to post what THAT one says ;-) 

You guys know about netstumbler and ministumbler right?  Two little programs one for your laptop, one for your PocketPC that can “sniff” and find wireless access points.  Right now I’m “War Train-ing” as I’m in an Amtrak.  When you set up a wireless connection, use one of these types of programs to “see what others see about you”. 

Download them, and do a little walking, driving around.  You would be surprised how insecurely people have their systems set up.

By the way, whomever has MAC address of 4EA4922736C9 with the SSID of hpsetup, the two young guys traveling to Hanford, California?  I’m the woman who was making the slightly funky faces from across the walkway as you were sharing out your music folder on an open ad hoc and you were laughing about a weird photo that you guys had pulled off some girl’s computer that didn’t realize that her computer was set up insecurely.

Just picked up another open wireless access for bfhsupply… must be a firm nearby.  Interesting that even on a pretty stationary traveling vehicle [a train for heavens sake] I’ve picked up 7 APs in about 10 minutes of “War Train-ing”.  I’ll be running netstumbler as we go Train-ing in North Fresno.

Well at least they are talking about “Do you have SP2 installed?” but then one is asking the other if he’s disabled the firewall.  Yo, dudes, make sure you have that ad-hoc wireless with the padlock because Netstumbler is saying it’s wide open.

We need to make SECURE wireless easier to do.  It’s still way too hard than it should be.  And yeah…. I really need a life, don’t I?

There are several GDIPlus.dll's vulns out there and as was mentioned on my of the listserves, make sure your antivirus is not “just” scanning some files, but ALL files.  Ensure that your A/V is tweaked to scan the jpgs as well [at least]

On the Patch Management listserve, Lucas Alvers talks about how they group policy tweaked their McAfee to ensure it scanned for these files as their initial set up was not set to scan for jpgs.

My Trend on this laptop it set to “scan all file types” [I just checked] so you may want to take a quick second to check your settings.

So I'm in a hotel in San Jose.  Nice hotel and all that and realize that my emails that I've sent aren't getting delivered to a list serve that I'm a member of.   “That's weird”, I'm thinking.  Well thanks to some detective work from Steve, my email was being proxied through the hotel and going through a blacklisted ISP.  I was just about to go through the web mail interface when Jeff reminded me that I could RDP back home and just send out normally.  Oh yeah. 

We got into blacklists on a listserve the other day and the consensus was from most that they aren't working and if you get on one it's a pain in the you know what to get off.  Think about your normal non geek business traveller.... would they be geeky enough to figure out what is going on?  I don't think so. 

Remember an earlier post about Postini and how they do a “relationship“ review of the SMTP sender.  I think we're going to have to rethink how we are sending email.

Switching gears I think I need to add another blog to the SBSized blog list:

MS Exchange Blog : The PFDavAdmin Tool:
http://hellomate.typepad.com/exchange/2003/10/the_pfdavadmin_.html

And remember my rant about how some of the blogs on the Microsoft community site said they were SBS but weren't?  You know me, I emailed some of the authors and said “Hi!“ and it turns out that they do intend to put SBS content but just haven't gotten around to it.  So I guess the moral of this story is, sometimes you have to wait for the good nuggets.  Take for example Matt's blog.  While he lacks in quantity... he makes up for quality and “oh I didn't know THAT“.

In my blog, the PM of the Exchange best practices tool posts that the tool does indeed have a SBSized update to it.  [sniff sniff they remembered us].  That's VERY good to know.