THE OFFICIAL BLOG OF THE SBS "DIVA"

Need the link to uninstall Norton... REALLY uninstall it?

Here it is.

Got a call tonight about having Quickbooks go on a Terminal server and first off I should state... this is not supported by QB.  You are 'supposed' to buy QB Enterprise... that said..there's a link about QB on TS.  Remember to get Quickbooks to run without local admin or power user rights on the local XP machine [non LUA] you have to do some more tweakage.

Applications : QuickBooks

The official statement from Intuit is that running QuickBooks 2003 in a Terminal Server session is not supported. Read the details in Microsoft Terminal Server functionality for QuickBooks

Notwithstanding the above, users in the terminal services newsgroups have reported that you can make QuickBooks available in a TS environment, if you give the users some extra privileges. Here are the steps:

• perform a normal installation of QuickBooks (in install mode!)
• reboot
• enter install mode again (change user /install), start QuickBooks and activate it by entering the registration code (this is a crucial step, and must be performed immediately following the reboot
• go back to execute mode (change user /execute)
• copy the %systemroot%\Intuit folder into each users %userprofile%\Windows folder
• create a Quickbooks Users group
• add your users to this group
• give the group Full Control to HKEY_LOCAL_MACHINE\Software\Intuit\QuickBooksRegistration
• give the group Full Control to HKEY_CLASSES_ROOT\.QPG
• give the group Full Control to HKEY_CLASSES_ROOT\obja.obja
• give the group Full Control to HKEY_CLASSES_ROOT\Quickbooks.application - QB Premier 2004 only?
• give the group Modify rights to the %Program Files%\Intuit folder
• give the group Modify rights to the %Program Files%\Common Files\Intuit folder

Printing issues

Make sure that clients use short names for their local printers if they need to print to a redirected local printer. Quickbooks cannot handle long printer names.
It's also important WHEN the driver was installed. Apparently QuickBooks only sees so many drivers in the registry, so if you installed 16 printer drivers and the 17th was the one you need auto-created, QuickBooks won't see it.

Misc. issues

• 123869 - Message: "An ActiveX control on this page is not safe" or QuickBooks Centers are blank

Further reading:

• 320185 - HOW TO: Use the CHANGE USER Command to Switch to Install Mode in Windows
• 186498 - Terminal Server Application Integration Information

Disclaimer: I have no knowledge of the License Agreement for QuickBooks. You should check your License Agreement with Intuit to see if running QuickBooks on a Terminal Server is a violation or not.

Update

QuickBooks 2005 Enterprise Solutions does support Terminal Services! Check QuickBooks Enterprise Solutions: Features and Benefits for details.

After installation, follow these steps:

1. Right-click on the QBES shortcut
2. Chose properties
3. Go to the Compatibility tab
4. Put a checkmark in the box labeled "Allow Non-Administrators to Run This Program"
5. Apply and save

And yes...it REALLY wants Admin unless you hack it...

So you've put it off haven't you?

And now you know you should be there.  You HAVE to be there.  YOU MUST BE THERE.  There at SMBnation in Redmond. Mothership Redmond.  September 9th to 11th.  And now the Marriott Redmond Town Center and the Residence Inn are sold out.  So now what?

Well, there are other hotels that can put you up.  In fact you might want to drive and park at the Marriott and join us looney bins on the bus ride over.

RECOMMENDED: 
Homestead Hotel Redmond (5-min walk to conference center)
http://www.homesteadhotels.com/hotels/seattle-redmond.html
15805 N.E. 28th St.
Bellevue, WA  98008
425-885-6675

CLOSE-BY: 
Silver Cloud Bellevue Eastgate (10-min drive to Microsoft Conference
Center)
14632 Southeast Eastgate Way
Bellevue WA 98007  
800-346-8357  

If you don't go.... you'll be kicking yourself.....don't be sorry....

My city is about the same size as New Orleans.  And what if every man, woman, child, animal was ordered to leave.

Unbelievable... and think of all the SBSers in the area that are facing just that.

Gulf SMBs Flirting with Disaster:

Uh...That's us folks...we're SMBs out here too.

Some links for disaster recovery.. [not planning...but recovery] below....

 Getting back to business

• My IT Forums - Disaster/Recovery Section
• Tech Republic's Free Resources
•  CPA2Biz - Disaster Recovery: A Guide to Financial Issues:
• FEMA: Are You Ready? An In-depth Guide to Citizen Preparedness:
• SBA - Disaster Recovery | Special Interests:
• SBA - Disaster Recovery | Other Resources:
• CBS NEWS Disaster Links:

Got any other resources for RECOVERY you want to share?

Read this KB

Quoted from there:

The following list describes some of the advantages when you use a separate and private domain name for the local Small Business Server network:

• The management of the local namespace is controlled by the Small Business Server Server. When you use a private FQDN for local DNS name resolution, the DNS server becomes the start of authority for the local domain. This result means that a query to external DNS root servers is not required for local resource name resolution. 
• The security may be increased for your DNS server by not enabling zone transfers by means of the zone transfer properties of the forward lookup zone. Because dynamic registration of internal hosts can occur with the DNS server, if you disable the zone transfers from external clients, you can limit the exposure of internal host names to the Internet.
• The natural separation of internal and external networks occurs because of the use of a separate internal namespace. A client query generated from the Internet for www.contoso.local does not return any valid domain information because .local, at the present time, is not a registered domain name. However, by using the Web Publishing rules in Internet Security and Acceleration (ISA) Server, internal Web sites can be hosted externally and viewed by using resolvable domain names. This hosting still requires a registered domain name as well as the appropriate public DNS records that resolve to the external IP address of Small Business Server. Refer to "Configuring Publishing" in ISA Server Help for more information about Web Publishing rules.

The disadvantages of using the sub-domain of a publicly registered domain name or a publicly registered domain name include, but may not be limited to, the following issues:

• Internal clients may be able to resolve resources on the internal domain, however, queries to external resources of the domain are not resolved by the DNS server. For example, if the internal network namespace is configured by using the publicly registered domain name of Contoso.com, only resources that have "A" (Host) records in the forward lookup zone for Contoso.com are available to local clients. This behavior can pose a problem if Contoso.com hosts resources, such as, a web server by means of an external provider or Internet service provider (ISP). Any queries from internal clients to www.contoso.com are resolved as a negative query by the local DNS server because the "A" record for "www" does not exist in the forward lookup zone for Contoso.com. For clients to access external resources, "A" records must be added to the forward lookup zone of the DNS server for those resources.
• The use of a publicly registered sub-domain name can pose the same problems as described for a publicly registered domain name. If at any time, the start of authority for the registered domain (Contoso.com, in this example) adds records for sub-domains, the currently configured private sub-domain may become public.
• Name resolution problems that are created by using a publicly registered domain name can be avoided by planning the private namespace around a .local first-level domain so that, in this example, Contoso.com and Contoso.local are both available to internal clients, but Contoso.com is only available to external internet clients.

Split DNS and DNS forwarding... if there's something that I will go on record as disagreeing with Dr. Tom [Mr. ISA Server] Shinder on is these two items.

In part two of Dr. Tom meets SBS, he talks about both.  And while I respect his passion and belief in these topics [lord only knows I'm a bit passionate myself], in SBSland, the information he gives just ... we'll it's just not SBSized.

First let's take the easier one of the two. If you don't want to do DNS forwarding...whereby in the Connect to Internet wizard the DNS info from your ISP, then just leave it blank and your SBS box will do DNS lookup work just fine using something called 'root hints'.  It will slow down the resolution 'just' a smidge, but I don't agree that you should be putting 'bogus' entries in that box like that.

The help file says “ *Preferred DNS server*     If the value was not defaulted by the wizard, you must type the IP address of the DNS server at your ISP. The DNS Server service provided with Windows Small Business Server 2003 will be configured to forward the DNS queries it cannot resolve to the DNS server you specify.

If you do not specify DNS server information, name resolution requests must instead use root hints <#>. It is recommended that you use DNS server information if it is available from your ISP. For more information, click *Start*, click *Help and Support*, and then search for "root hints

Maybe if this warning box that you get if you leave the ISP DNS info blank was more 'in your face' it would be more obvious?  But bottom line I disagree about putting in bogus DNS info in that box.

Next the .local stuff.

There's a reason we do that... in the help file it says...

The full DNS (Domain Name System) name and NetBIOS domain name are used to create your Windows Small Business Server domain. Having a domain enables you to manage access to resources on your network (for example, user accounts, client computers, shared folders, or printers). Setup provides default settings for your internal domain, separating your local (internal) network from the Internet (external network). It is recommended that you use these values.

Dr. Tom in his article states:

Uh... say what?  Dr. Tom totally lost me on these statements.  We don't do external DNS, and more often than not we [I know I do not] host a web site somewhere else and we get WAY more people asking “I can't get to my firm's web site'.  Remember what it says in the help file regarding the .local?

Local Domain vs. Internet Domain

A local domain is a way to manage access to resources on your network (for example, user accounts, client computers, shared folders, or printers). Local domain information is also used by tools and applications, such as Microsoft® Exchange Server 2003 or Microsoft® Windows® SharePoint™ Services. The local domain, or internal domain, for your Windows Small Business Server 2003 network is created automatically as part of Setup using a default value of organization_name.local. An Internet domain name is a friendly name used to identify your company on the Internet. An Internet domain name is registered for use on the Internet through an Internet registrar and uses the extension such as .com, .net, and .biz.

Setup creates your local, or internal domain, by installing and configuring the Active Directory® directory service. Setup uses the default value of .local for the last label of the internal domain name because the .local label is a more secure configuration as it is not registered for use on the Internet. This also separates your internal domain from your public Internet domain name. Additionally, using the extension of your registered Internet domain name can result in name resolution issues.

Once you name that box the same as your firm's Internet domain [that due to firm mergers and acqusitions... I'll bet you a Mountain Dew you'll be changing that sucker at some point in time], you are stuck with that name.  Which is why you shouldn't call it the name you expect to use on email and web sites.  I strongly recommend you call that internal domain .lan for mac, .local, heck call it computer.bozo, it doesn't matter, but don't call it your email address because if you are the agile firm that I know you are, you'll be changing that sucker and then go into the newsgroup asking “can this be changed' and we'll say...uh ...no it can't. 

Furthermore, Dr. Tom says it makes it more complicated to call it .local.  I disagree... it makes it more complicated to call it the same name.  We later enter the mailhosting domain name later into the Exchange setup wizard [Connect to Internet] and it doesn't matter what the internal name is called whatsoever.  But I'll guarantee if you call your internal computer name the same as your externally hosted web site, we'll have to walk you through hacking the A record inside the server afterwards.  In SBSland it causes more problems, not less.

Remember we ALWAYS look inward for our DNS... not outside... naming us .local means the box always stays inside for inside stuff and doesn't try to resolve anything internal by looking external first.

Just as a footnote... even with a router, I use the “broadband' selection and put a static IP address in the inside NIC and outside NIC setup. 

Welcome to SBSland Dr. Tom, I just still disagree with some of your comments. 

From the mailbag today comes a question about Sharepoint security....

We discovered that a domain administrator has access to all sharepoint sites created on an SBS server.  The issue here is when the execs in the company want to create a site to discuss business, financials, HR, etc., they probably need a domain admin to set it up.  That is obviously a problem if the domain admin or anyone in the domain admins group has access to such sensitive information.  I've not had a chance to look closely, but would this happen if the domain admins group had Administrator access to SQL and the Sharepoint site was SQL based?  Any insight is appreciated.

So knowing that Chad Gross wrote the Sharepoint chapter in the SBS Unleashed that does indeed talk about changing some of the default permissions of Sharepoint to 'tighten' them up a bit, I ran the question also by him.... and he said

[Captain Obvious mode]

Well domain admins have access to everything, so if you can't trust your domain admins, time to start looking for a replacement.

[/Captain Obvious mode]

He went on to say that he saw this as an HR issue, not a technology issue.  That you could have the same issue with Excel Spreadsheets in a shared folder.  That admin is GOD. 

It reminded me of the Blog post/article by Steve Riley which drives home the same thought... this isn't a technology problem...it's an HR problem here.  Once that you need policies in place, not tweaking ACLs for.

So.. the answer is... no... you are going to have to put policies in place so you 'can' trust that Admin.

So from the mailbag tonight comes a question about getting workstations to work via RWW but it appears that the setup may be a bit more horked than that.  When the person goes to /connectcomputer it says “Page cannot be displayed”.

So googling around... I came across “Ray THE MAN Fong” postings... Ah Ray... who suffered through dealing with a bunch of us MVPs in Charlotte for training...

Per Ray here are some Steps to troubleshoot with:

• Ensure clients are pointing to the server for their DNS
• Check to see if you can bring up http://servername
• In IIS check to see if you have a virtual directory called ConnectComputer under the Default Web sie
• If you don't.... if you look at c:\Inetpub, is there a folder called ConnectComputer, and if you do, make a virtual directory called ConnectComputer under the Default WebSite, enable anonymous access to it.
• Add the http://servername to the IE Intranet zone on the local machine
• And if you are an upgrade from SBS 2000, remove the URLScan security tool and download the updated version

Thanks Ray...even more than a year later your posts are Golden!

Overheard by an SBSer at a T2 presentation.

“ “It’s AWFUL! It rebooted all of a clients machines in the middle of the workday, including the SERVERS.” ”

Uh...folks... you SET the timing of the reboot, or you can let the end user manually download.  You 'chose' it to reboot in the settings that you selected. 

Read the instructions carefully..... and I have some pictures here.

...thanks to Happyfunboy for surviving a TS2 presentation without getting up and slugging a couple of folks....

So you build a Small Business Accounting Program and you call it a multi user version...and then you don't install it on SBS in such a way so that the msde datafile is 'on' the server, but rather on a desktop inside the office.

Okay ....lemme get this straight... why does EVERYONE see the word 'multi-user' and translate that to “Peer to Peer” except for me?  I WANT that datafile ON the Server.  I mean that's WHY I have a network you know so that data can be better protected over there.  I don't see peer to peer networks as being of value to me.  I WANT a server.  I WANT the active directory goo.  I WANT the control.  So what's a gal to do? 

She gets advice from her fellow geeks who hack up the way to get it on the server. 

So here is the unofficial, unsupported instructions to get SBA on SBS 2003.

“What I have done is install Small Business Accounting on SBS2003.  This results in an MSDE instance called MICROSOFTSMLBIZ being installed there.  The instance can host the BCM database as well.  You would install BCM on your workstation, set it up for sharing and add users.  Then shut down Outlook and SQL on your workstation, copy the BCM database and log file to the server and use SQL Enterprise Manager to attach them there.  Restart SQL and Outlook on the workstation.  You should now be able to redirect Outlook to the copy of the database on the server.

Unfortunately this method is not supported by Microsoft as I mentioned in the meeting.  In fact, if you have SBS Premium you can upgrade the MSDE instance to full SQL to remove any database size or number of user limitations.”

Remind me to email Dennis Clark and give him feedback to take back that they DO start supporting SBA on SBS.  I mean... it just makes sense, you know?

There is one way to a Beancounter's heart. 

Free CPE.

So for all you SBSers out there that realize there is a potential to upgrade the Accounting industry and possibly get them off of Win9x and Word Perfect, here's the game plan for you:

In many areas of the Country there are local CPA chapters that are regional divisions of the larger State CPA Society.  These CPA Societies are the ones that can certify your presentation as CPE.  Do NOT make it 'sales-ishy', you must make it a learning experience.  Put a hook of Security in there.  Talk about how Gramm-Leach Bliley Act requires Financial Privacy.  Thus this weekend when I was watching the Hurricane coverage and they were showing ads for “Gotomypc” and the announcer was talking about how it was not problem getting the Firm's Financial Statement off of the Home PC without having to go home, boy was that a fun thought in my mind that if an employee would think nothing of leaving confidential client info on their home PC.

Contact that larger CPA society, and find the location of the local chapter.  See if they have a Technology committee that meets. Offer to do a presenation.  You do realize that for 4 years I ran the local Technology Committee here where I live before I became the State Technology Chair.  It was a fun gig because all these vendors would call and offer to present a program.  Write up an Outline, do 'death by Powerpoint' and plant the seed.  Remember how “I“ first got turned on to SBS?  In a CPE class.

Here are some ideas to help the Beancounter see the Advantage of a network

• Centralized Storage - ensuring that all the data is in one spot ensures that it's fully backed up and properly secured.  Charlie Anthe showcased an upgrade that he did where every workstation was mapping drives to each other's local drives and that totally blasts the rule of only set up those rights and privileges you minimally need.  All that mapping means that there is data everywhere and it's not getting backed up.
• Data never leaves the server - I purposely make the choice to NOT set up Outlook over Http.  Because I 'don't' want any offline data file storage on a laptop that may be stolen.  The fact that I can remote back in and never pull data off that server is wonderful in my book.
• Security - Compare and contrast the security of Remote Web Workplace to PCAnywhere.  Because, yes, that is the app you are competing with.  Point out that PCAnywhere uses two static ports and that if that router gets reset, there goes your access.  Whenever a software program starts off with “We use a proprietary encryption algorithm“ run in the opposite direction as fast as you can.  Notice that by version 11.5, they finally junked that and are using AES 256 encryption.  Now class what does RDP include?  Oh just these standard RSA RC4 encryption thingys.  So your first question should be ...what version of PCAnywhere are your running because it looks to me like those older versions need to be junked and fast.
• Multi-user means a network.  Now I'll be the first to admit that Microsoft has this problem too.  They build a package for 'multiuser' and we have to hack the package to get it on the server.  Come on gang.... a Network is just a workgroup with more toys.  All those mapping of drives from one system to another means that you've got major major goo and a major major eggshell network setup.  We can't set up this stuff like this anymore.  Especially not in a network for an industry that needs to realize that we have responsibiltiies to our clients to protect data.  SBS 2003 with XP sp2 puts firewalls on each computer only opening up those ports that are needed for operation and blocking all others.  It's called defense in depth.
• Sign them up for the MPAN program [which btw offers free CPA and an alternative to Quickbooks in the new Small Business Accounting]
• Oh and KILL OFF THOSE WINDOWS 98 WHILE YOU ARE AT IT

...do that and I'll stop yelling at them in the CPA listserves I'm in.

Let's see class how many wrong statements are in this list that was posted by “HappyFunBoy's“ blog post?

• sbs sucks...and is stupid - Hardly ... I think that partner is for having a closed mind
• sbs is slow, which is stupid  - Slow? What are you installing it on?  The minimum specs?  You know how they lie.
• running exchange on a dc is stupid  - If you only know how many firms I find running Exchange on a DC... you'd be amazed.  This is 2003 era anyway.
• putting everything on one server is stupid - Actually I prefer it all on the same box... I monitor it better than if it were strung out
• not being able to add other servers is stupid  - uh... did you miss the part where we can add additional servers in SBSland?
• sbs is a good idea for companies that will never ever grow, but stupid for anybody else - You do know about the transition pack?
• ms is stupid for not putting all this [cool] stuff in their "real" products - That's probably the ONLY good statement in this list.... except we ARE real.

You know... it really makes me question if I want to send customers over to “Microsoft Partners” if 5 years later they are still so stupidly closed minded to how SBS can absolutely ROCK for a dynamic small company.

But like HFB says... if you want to pass these customers by.... more work for him.

[BTW to make it clear... HappyFunBoy heard these comments by the TS2 attendees, partners that just don't get SBS even still.  He'll be the one reaping the rewards of SBS sales, not them.  I'm just surprised he didn't get up and slug some of these partners for saying this stuff.]

Dear Mike:

First off I have to apologize.  I'm picking on you because your name was in a CRN article about SBS.  You see you were labelled as a partner who “dislikes” SBS and that will instead push the midmarket bundle.  “Discounted software” you said and “let the actual customer needs dictate the number of servers”.  Yes Mike, let the customer needs dictate the solution, but don't close your eyes on SBS.

In 1998 I went to a class on networks and computers and in that CPE class I was first told about SBS 4.0.  I knew that it would be a perfection solution for my firm.  So I found a consultant who knew NT, but not SBS.  We muddled through, didn't screw it up too much.

So along comes SBS 2000 era and I went searching again for a SBSized partner.  And this time I was told “we don't recommend SBS”, “we find firms outgrow it”.

Yeah, right.  So here I am how many years later and still, there are Microsoft partners who turn a blind eye at their customers needs.  Oh they say they are listening, but I see the same pattern that I as a customer encountered.

You see, Mike, unless that mid market bundle, which right now is just a pricing bundle and has no 'specialness of SBS', has anything like SBS's killer apps of a monitoring email and Remote Web Workplace, all you are doing is hurting your Small Business customer.

Remember we 'can' add additional servers, member servers, additional domain controllers.  But if I'm a business owner that is in the target size for SBS, you'd really better show me a business value for 'not' being on SBS.  And it better be a good reason too. 

Rick Richardson at the Illinois Business and Technology show asked the audience “when's the last time you saw a killer app” to a room full of Accountants.  He said Visi-calc.

I said Remote Web Workplace.

I think I'm right.

Today Mary Jo Foley talks about new enhancements to SBS in the 2006 and 2007 time frame.  Looks like I'll easily snag the R2 version under my 3 year Software Assurance...but we will have to see about that Cougar version in 2007 as my Software Assurance only goes through June of 2007.

I thought it was interesting that Harry was talking about so few of us SBSer take advantage of SQL but I think some of that is still the 'tactile-ness' of flatfile storage versus SQL/database storage.  “HappyFunBoy” and Anne think that the best thing a SBS partner can do is get a handle on databases WAY more than we do now.  I think that's part of the problem.  You know how I argue that the “WOW” factor impacts SBS sales big time?  That a consultant has to use and believe in the product?  I'm wondering if it's because even among SBS consultants that the 'comfort' level isn't there.

One thing that is echoed in this article... is that in these upgrades you HAVE to have a value to the business owner.  Unless it's wacko me, you aren't going to get people to upgrade between versions [or for that matter, the mere application of service packs] unless the business owner can see value.  Unfortunately, for many small firms that don't get the security aspects of upgrading, that alone isn't enough.  While I like the warm fuzziness of upgrading, sometimes it's not enough.  Now granted Wayne's in New Zealand doing a presentation on why you want SBS sp1 [SMTP tarpit code that can be enabled, Synattackprotect now default, DEP [yup even software Data Execution Protection is available even if the hardware doesn't support it, and a whole bunch of other warm fuzzies], but I'll be the first to admit that warm fuzzies unless you are a security wacko like me, just might not be seen by the business owner as a reason to apply a 2 to 4 hour service pack.    

A ping on IM from a fellow hurricane zone survivor, Frank in Florida alerted Jeff in Louisiana to take a look at the weather report.  Within 30 seconds of looking at the storm projections Jeff had already formulated his plans.  Pack up and move out and get out of town.  And when we say pack up and move out, that meant going to the businesses that he controlled for his wife and photographing the existing location and equipment for insurance purposes.  Grabbing a backup/deployment server, laptop and his 'travel' kit, they hit the road with the bare necessities and their cats and family members in a car behind.  Being the geek that he is stopping along the way with his laptop to log into the Internet via the GPRS modem on his cell phone to hit folks on IM and to give them status reports.

Once arrived in Texas, he set up his 'disaster' server and logged into the DNS to move the DNS records.  Making plans to buy more servers tomorrow to put the business back into full operation.

Agility.

Planning.

Knowing the bare minimums you need to move your business, lock, stock, and barrel out of harm's way.

But in all of this, planning to ensure the human part of disaster planning is taken care of as well.  You can always replace things, you can't replace people. 

People say technology is cold.  That the Internet is annoymous.  I so disagree.  For when I see a friend's tag line pop up on IM so that I can ping him and say “You in Texas now?  You safe?” and he can assure me that not only is he and his family is safe but he's already been 'doing his thang' and changing DNS, ensuring his wife's business maintains a constant business level, making sure his own business keeps going and that his lines of communication stay up, and using the power of the Internet to check on his local TV reports to see what they were reporting.

NOAA still reports it's a Category 4 storm and the satellite images are pretty amazing.

To all of those still in harm's way, our thoughts and prayers are with you.

[To donate to the Red Cross, the link is here]

My HP has lots of monitoring that it throws up in the Event logs and in today's monitoring email it told me that my Power supply number 2 kicked on.  Hmmm... so I remoted in and looked for all other instances of Event 4181.  My log files is sized nice and big so I had a history of it for a long long time back to when it was built.  And the history of that.... the last time there was a 4181 event was once in June, and another in February.  Still it's an event that I'll probably call and just make sure that the vendor is on notice. 

Even if I don't take action just now, making sure that the manufacturer is on notice to make sure it gets covered under warranty is key.

See why nice big log files are a good thing?

Event Type: Information
Event Source: cpqasm2
Event Category: None
Event ID: 4181
Date:  8/27/2005
Time:  10:42:26 PM
User:  N/A
Description:
Power supply #2 is now operating correctly.
Data:
0000: 00 00 00 00 02 00 50 00   ......P.
0008: 00 00 00 00 55 10 35 44   ....U.5D
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........

Christine couldn't connect to the SBS 2003 via remote web workplace.  The ports were open, the connections in place but still no go. The server wasn't blocking the ActiveX component...so what was it? 

Anti Spyware false positive.... it had marked the RDP as spyware and had screwed up the RWW connection.

The problem lies with Spybot S&D on my laptop.  The program
reports the Microsoft RDP Client Control (the activex controller for RWW) as
malware.  I've already reported this "bug" to the publisher of Spybot &
hopefully he'll fix it soon.  Here's where I found the answer in case anyone
else runs into this problem:

A bit off topic but if you want a live feed from the local New Orleans TV channel you can find it here.

Jeff Middleton and SBSmigration.com are now far enough out of harms way but it certainly makes one think.  As he said, his server and laptop was with him and he was using his cell phone with his laptop to get a connection out to the Internet to send us a ping. 

What would you do in your business if someone told you that you had to do a manditory evacuation?  Have you sat down with your customers and clients and discussed the worst case scenerios, and then discussed true risks?  Where I live, earthquakes are rare in hard intensity, power outtages have occurred but all in all, we are pretty low risk I would argue. 

Conversely folks that live in northern and southern California need to plan for Earthquakes.

Given the news reports...maybe this is a good time to sit down with your client and discuss their agility and disaster planning strategy.  What's the risks.. what's the potential.  It was said the worse case for New Orleans would be a hurricane heading straight toward the city.... unfortunately it looks like that's exactly what is going on.

California CPA Society sample disaster plan -  http://www.calcpa.org/MAP/disaster.pdf

Disaster Recovery Journal's - Sample Plans: -
http://www.drj.com/new2dr/samples.htm

Infragard.net published this list of 7 tips for small businesses... but... I disagree with a couple....my corrections are in Red.

Seven Simple Computer Security Tips for Small Business and Home Computer Users

• Use strong passwords passphrases. Choose passwords passphrases that are difficult or impossible to guess. Give different passwords to all accounts.
• Make regular backups of critical data. Backups must be made at least once each day. Larger organizations should perform a full backup weekly and incremental backups every day. At least once a month the backup media should be verified.
• Use virus protection software and anti-spyware software. That means three things: having it on your computer in the first place, checking daily having it set to automatically get for new virus signature updates, and then actually scanning all the files on your computer periodically [personally I don't do that one, it should 'catch them' as they come through].
• Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in.   Also install and utilize the additional security provided by the XP sp2 firewall enabled inside the network.
• Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection. Leave them on so that they can be automatically patched when the WSUS is set to patch them, leave them on for remote access, and leave them on so your VAP/VAR can monitor them remotely. 
• Do not open email attachments from strangers, regardless of how enticing the Subject Line or attachment may be. Be suspicious of any unexpected email attachment from someone you do know because it may have been sent without that person's knowledge from an infected machine. Use either your A/V or the built in SBS tool to strip off those attachments that have no business needs in the office.  Determine those file extensions that are needed for critical business purposes, block all others.
• Regularly download security patches from your software vendors.  Sign up for security advisories and bulletins via RSS feeds.

So what about you?  Agree?  Disagree?

So about this time a good friend of mine is starting a journey, packing up a spare disaster server and ensuring that it gets installed in a location far away from the path of a hurricane to keep his wife's business [and his] out of harms way.  As he put it, SBSmigration.com is moving a state to the west.  And I got to thinking about how much people are so concerned about redundancy in a SBS network and when you get right down to it, unless you plan for redundant power, or a location far far away from the location of the storm, worrying about an additional domain controller so that folks can 'log in' means diddly squat.

Planning.  Disaster planning.  Here I live enough away from earthquake zones, but still I rely on such vital things as Power.

So have you made YOUR disaster plan readiness yet?  And you can fully expect that when Jeff delivers his Disaster Planning presentation at SMBnation, this won't be a whitepaper on best practices.  No, this will be, unfortunately, a 'been there, lived through that' presentation.

Stay safe, and we will all be thinking of you and everyone else in the path of Katrina.