When upgrading from SQL 2000 to SQL 2005 workgroup there's a couple of things you should read up ahead of time... the first being the "official" upgrade guide. the second is the "Susan" version of the document that just covers the needed steps for upgrading SQL 2000 to SQL 2005.

Extracting the XML files using the 'cab' method is much easier than typing in the command to extract (the first time I did it I obviously typed in the command wrong).

But if you are planning an upgrade, print out both documents 'and' the KBs and you'll be in good shape for the upgrade... uh.... just don't follow my lead and lock your car/office keys in the server room...that's not exactly a best practice I'd recommend to follow....

First off... just to let everyone know that one can change themes on a Sharepoint that's backended by SQL 2005 as is evidenced by this view:  http://www.sbslinks.com/shareview.htm.  There was a question in the newsgroup that pointed to a old blog post where someone said you couldn't.  As you can see from there.. I can. 

But you have to hear the rest of the story of how I spent my Friday night....and here's how NOT to party ..

Okay so first off just a reminder that you need to review the documentation on the web for upgrading SQL 2000 to 2005... http://download.microsoft.com/download/4/0/8/40860507-c351-4308-a876-e1b83ee4e77a/sqlinstallsteps.htm and in particular pay attention to the section that tells you to review this KB article: http://support.microsoft.com/kb/918767/ 

When you are reading that article...make sure the thoughts that go through your brain are not 'just' that WSUS will stop functioning.. which .. hey it's not a Patching night anyway...who cares... but that when you are running ISA Server 2004 with a msde database that it will stop to function....and not only that ...that it will see the failure in logging as not a good thing and go into server lockdown mode.

Uh huh... you can see it coming can't you?  The Blonde moment dead ahead.

Oh but wait... you gotta here what else I did.... oh it gets better...

You see.. earlier in the day I had gone into the server room (the one with the lock and the deadbolt you know) and had gotten the cdroms out from the room and taken them back to my office to read the readmes like a good little geek should so Marina would have been proud of me...and I left my office keys in the server room.

So..... 5 p.m comes and the folks at the office pack up ...and our dutiful secretary does exactly what she has been told to do religiously every night is to lock the server room door (oh yeah... you see what's coming next... don't you? The truly blonde moment of the evening)

So... I'm in my office about an hour later when I start uninstalling SQL 2000 and I stupidly forgot to flip the ISA to a flat file logging before uninstalling SQL 2000 as the migration instructions don't really wack me upside the face that once I mess up msde for WSUS..... it's also going to mess up ISA.  So there I am uninstalling SQL 2000 and I go to confirm that WSUS doesn't work as the instructions say.  Which it doesn't as I expected.  All of a suddent my IM shuts down (I'm doing this via a TS session at my desktop ...not in the server room) and all of a sudden the brain kicks in and I realize that ISA has just gone into lockdown mode... so not only is the Internet dead...but I've just lost TS access to the box.  Rats.  No problem.. It's just ISA not being able to connect to the database... I'll just go to the server room and log in physically to the server and flip the database to file and I'll be back and running again...as soon as I find my office keys which are.......

.....uh.... they are..... uh... 

..... oh yeah....

......locked in the server room.... uh huh.... yeah.

So fortunately I have Outlook in cached mode ... oh yeah because the network is like dead... to look up a fellow office mate in Outlook to come back...unlock the server room so I can get my office/car keys.

Okay so one set of office keys later... we are in the server, logged into the physical box which of course is just chugging along happy as a clam and we flip the logging databases of ISA to file and restart the Firewall service which of course stopped.

One delayed migration/upgrade later... we have a Sharepoint who's now backended on SQL 2005 workgroup... 

(make sure you read the follow up exact "how to")

Migrate a SHAREPOINT Instance of SQL Server 2000

The steps to migrate the SHAREPOINT SQL Server 2000 instance are nearly identical to the steps to migrate the SHAREPOINT WMSDE instance to SQL Server 2005 Workgroup Edition. Use the following procedure to migrate the SHAREPOINT SQL Server 2000 instance to SQL Server 2005 Workgroup Edition.

New advisory --
http://www.microsoft.com/technet/security/advisory/926043.mspx

Group policy once again to the rescue --
http://msinfluentials.com/blogs/jesper/archive/2006/09/29/Set-KillBit-on-Arbitrary-ActiveX-Controls-with-Group-Policy.aspx

Here we are again, Patch Tuesday not yet in sight, a security issue.... and thanks to Dr. J we have a new Group Policy solution to protect us.

Without patches... NOT without options.....

http://blogs.technet.com/backroom/archive/2006/09/28/459832.aspx

If you have a box that needs a product key changed to make it WGA compliant, the System Builder guys point to a WGA tool website.

(and I still down know what was in that WGA update, yesterday, do you?)

The "Sky is Falling" Podcast is up for the month -- 

Resources for the Podcast this month:

• September security bulletins -  http://www.microsoft.com/technet/security/bulletin/ms06-sep.mspx
• September security advisories - http://www.microsoft.com/technet/security/advisory/default.mspx
• Keeping our tubes clean - http://www.youtube.com/watch?v=6iMDRVzMfEM
• Offline IM message risk - http://www.viruslist.com/en/weblog?calendar=2006-09
• Microsoft Security Advisory (926043): Vulnerability in Windows Shell Could Allow Remote Code Execution:
  http://www.microsoft.com/technet/security/advisory/926043.mspx
• Microsoft Security Advisory (925984): Vulnerability in PowerPoint Could Allow Remote Code Execution:
  http://www.microsoft.com/technet/security/advisory/925984.mspx
• Microsoft Security Advisory (925444): Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution:
  http://www.microsoft.com/technet/security/advisory/925444.mspx
• Jesper's Blog : More options on protecting against recent IE vulnerabilities on a domain:
  http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspx
• Rereleased bulletins - Compressed files that are larger than 4 kilobytes may be corrupted when you create or update the files:
  http://support.microsoft.com/kb/925308/ now included in the original security bulletin
  
  
  
  
  

http://www.microsoft.com/technet/technetmag/issues/2006/10/SBS/default.aspx

You betcha!  I have it here and use it as my test bed for many things.

Check it out!  Pretty cool!

(update)

Check out Dr. J's (one of the authors) take on SBS in a home
http://msinfluentials.com/blogs/jesper/archive/2006/09/28/New-Article_3A00_-SBS-At-Home.aspx

The other day on one of the listserves, the question came up about finetuning networking in Quickbooks. 

http://www.quickbooks.com/support/networking/

First off start there... as it's the best place to ensure that you are following the latest and greatest networking guidance... next, make sure you are the latest version of Quickbooks.  The early versions were a little rough around the edges but you need the latest for the best networking experience.

There's a specific help document to help speed up and identify performance as well.

Now then in the latest Quckbooks Pro Advisor there was even better news... for the 2007 version there will be a new install option:

Three Options to Cover Most Environments - in Plain English

When installing QuickBooks: Premier and Pro 2007 (and Enterprise Solutions 7.0), an improved installation routine will guide the user through several choices. In clear language, easy for colleagues and clients to understand, the interview helps the user choose the installation that's right for the environment.

In addition to a Standard Installation (for a single machine) and a Multi-User Installation (for networked machines), the software provides for a Server-Only Installation. The Server-Only Installation enables you to access QuickBooks files on a data file server without installing or running the full QuickBooks application.

New QuickBooks Database Server Manager

To support networked accountants and bookkeepers with multiple client files, the new QuickBooks Database Server Manager can run in the background to find and track unassociated QuickBooks files. Use of the manager in this way will remove the need for manual processes or iterative running of a separate utility.

Detailed Network Installation Instructions to Be Posted by October 2. As this issue goes to press, we are completing detailed network installation instructions to update our network site for QuickBooks 2007 at http://www.quickbooks.com/support/networking/ . Check back at this site when you receive your copy of QuickBooks 2007 before your installation or assisting clients to do their installation.

...this is very cool:

No more "credit card" offers on the desktop of our servers.  Very nice!

As a customer, as a consumer, as a shareholder I expect a certain level of communication.  And today during the 06-055 Security webcast I received a "communication" that the WGA tool was updated.  Mind you this is a "non security update" being discussed in a Security webcast.

Earlier this month I went to a presentation on business communication... and talking about the 'critical communication' that sometimes gets lost when one person expects one kind of communication and gets delivered another.  This is a prime example of a loss of "critical communication".  I expected a blog post on the WGA blog for this kind of update occurred.  There is none.  While I don't expect to see such an announcment on the WGA forums, given the past outcry over this piracy tool, as a shareholder of Microsoft I hope someone up there learned from the lack of communication in the past to better communicate in the future.

Lessons to learn:

• Learn from your past mistakes here and tell us ahead of time that a WGA update will occur, what it's doing and what to expect.
• Don't have it as a bullet point on an Out of Band Security Patch webcast (it's not a security update, is it?)  If I had not attended for the 06-055 bulletin issues, the first way I would know is seeing an update on a system under my control.  Just like I've bugged in the past to the WSUS folks.. I should not have to go to the computer to see what patches will be there.. I should be informed ahead of time so that I know what to expect and it's more of an 'audit' process.

As someone who has stock in this company called Microsoft, all I respectfully ask as a Shareholder, is that someone takes a moment to post to a blog.  I expected that they had learned the lesson of communication the last time the WGA hit the you know what.  Apparently they didn't.  Or perhaps my expectations of where the communication would be regarding a WGA update was wrong.  I was hoping that the WGA blog or forum would be a communications vehicle to better prevent this lack of communication.  Maybe my expectations are wrong?  I don't know.

What I do know is that I don't accept the "we don't have the bandwidth" excuse that I'll get sometimes.  I have the bandwidth to test patches and deploy them in my network, I have the bandwidth to beta test stuff, I have the bandwidth to help Microsoft make a better product.  You, the company of Microsoft has the fundamental responsibility to communicate to me in cases like this.  I understand the issues of limited resources even in a large company... but communication is a fundamental tool that cannot and should not be overlooked by any organization.  I now have to find the bandwidth to go to machines to figure out who's getting offered up WGA and why so that when I get questions about it, I am ready to communicate.

Without "critical communication" at the appropriate time, things can become critical.

Communication.  It's part of being human.  We all need to do more of it. 

To all blog readers:

You will be happy to know that there will be no more airline rants about the fact that I cannot take mascara in carry on luggage.

http://www.tsa.gov/travelers/airtravel/prohibited/permitted-prohibited-items.shtm#1

From now on I can.

(Sister and I were joking this morning ...we could just see a SNL skit where the plane was overtaken by a bunch of women and their Maybeline Great Lash... "back off.. I have Waterproof")

...okay so we're a little sick...

I hear from folks that there were people in the SBSC quarterly webcast that were not SBSCers.

Folks... let's be up front about this shall we?  This was not "intro to SBSC" or "why you want to be a SBSCer" webcast, this was "Yes, you ARE a SBSCer and thus here's the cool stuff because you've proven to us that you want to be taken seriously" webcast.

So if you are not a SBSCer and you attended that webcast... you are planning to sit for the exam and be one, aren't you?

Because folks, it's 'put up or shut up' time folks.  You can argue all you want that SBSC is a marketing exam, that it has no value...but if you were interested enough to show up to that webcast, then it's time you got the real deal and became a SBSC.  For me it separates out the folks that want to take small business seriously.  That want to showcase to clients that they specialize in it.  And for all those folks that complained that Microsoft never made an effort for the single guy shops... well folks.. Microsoft has done just that.

So if you were thinking about making yourself stand out from the rest... it's time you got your rear in gear and got serious about that exam.  It's back to School time for kids...how about for yourself?

I was chatting with Marina today (you know M of the M&M's of www.smallbizserver.net and all that) and she had a client using software from www.netop.com for remote control...and the vendor indicates that the software requires inbound port 80.  And the two of us are like ... excuse me?  We both think it's like gotomypc and probably sends out a beacon signal that you can then tunnel back in on.  Fortunately she has clients who know her style and trust her judgement and when the vendor said "inbound port 80", her client said "I don't think Marina will like that" and called her.

I too have had a vendor tell me "inbound 80" and I had to go up three levels of support until I found someone who said.. "uh...no, just outbound".

When a vendor tells you something that you just don't feel is right...question them.

Things like "guaranteed 100% uptime".... okay you don't install patches and reboot then do you?

Things like "inbound port 80".... you running a web site?

Things like "hipaa compliant".... ask Alun about that one....

Bottom line... when things don't sound right... ask.

Microsoft Security Bulletin MS06-055 - Vulnerability in Vector Markup
Language Could Allow Remote Code Execution (925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

The zero day IE patch is now released but it's very important that you undo whatever mitigations you performed in order to protect yourself for this.

In my case it's a piece of cake to undo what I did, but if you unregistered the dll, reregister it, if you acl'd the file, de-acl it.

Review Dr. J's blog as well for follow up issues with the mitigations you took:

Jesper's Blog : Negative Impacts of VML Vulnerability Workaround:
http://msinfluentials.com/blogs/jesper/archive/2006/09/26/Negative-Impacts-of-VML-Vulnerability-Workaround.aspx

Thanks Tim!  Tim reported earlier a bug in the "how to block VML using ISA 2004/2006" and it looks like it should work just fine now without any editing.

So class, what are our options?

• Don't panic
• Use "how to block VML using ISA"
• Use Dr. J's "how to block VML and that other xero day one that we haven't heard much about"

And remember both of these are a piece of cake to do in an SBS 2003 premium network.  Dr. J's methods work on a standard SBS server as well.  But above all else... DON'T PANIC.

http://www.microsoft.com/technet/technetmag/issues/2006/10/default.aspx#Small%20Business%20Server

As there's an article in there about running SBS in a home setting.  I just got my paper copy to day but the online one should be up there soon... keep an eye out for it.

"Just a FYI, Lacerte announced that they will not support MS Vista for 
Tax Year 2006. See link below:

http://www.lacertesoftware.com/products/tax/sysreq.aspx

We typically "lock down" our systems before the end of this year for the
tax season.  Vista would have been a stretch to implement before tax 
season, but this announcement will delay our implementation until 
November 2007"

Lacerte is an US based Income tax software program

Word is that it's because the platform needs MSDE for a database app and Vista won't support MSDE.

CA antivirus installation guide -- for those that got a SBSC CA antivirus kit and you are reading through the install instructions and not quite getting it.... here's some SBSized instructions from Jeff Demsey on exactly how to do just that:

http://abc-solutions.org/Documents/How%20to%20Install%20-%20Rev.%20A.pdf

And thank you Jeff for this write up!

A registered Microsoft partner had an issue with his Action pack version of Windows XP... it said it was not valid and set off a WGA notification... and while I applaud Microsoft for their efforts in trying to clean out the scum of the world who rip off intellectual property, the current manner in which WGA issues get attended to is still very annoying.

The WGA forum is about the only and best channel there is to get specific and direct help on this issue....

http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=485803&SiteID=25

But right now it's a web based forum that right now every single time I post errors out.  A forum filled with folks that range the gambit from ones who didn't know they bought bogus software, to ones that think they are in the XP tech support forum to ones that clearly want to rip off Microsoft.  Now Microsoft would probably say "well that Partner needs to escalate the issue to their Account Manager to handle this".

Wonderful.  Okay.  But who "IS" your Account Manager?  In fact, it wasn't until I became a SBSC credential holder that I started getting emails from my NorCal Account Manager (see it pays to become a SBSCer).  The partner that is having the issue with his Action pack validation doesn't know who his account manager is either.  And currently there's no place that he can call to work through the issue.  I do know that SBSC members will get T-PAMs, dedicated telephone partner account managers in the future (yet another reason to become a SBSCer). But the average registered partner typically has no idea who their account manager in their region is.  On the one hand it's a strong reason to become a SBSC partner, but on the other hand, it's hard for a mere registered partner to know where to turn.  In fact being in the "belly button" of California, there are times I'm not sure if I'm a SoCal Microsoft partner or a NorCal Microsoft partner.

Bottom line, that forum doesn't make a partner feel like they are treated any better than a software pirate.

So for those that are having issues with WGA here's the steps.

• Run the WGA diagnostic tool - you'll see at the top if the product key comes back genuine...
• To resync the validation files go to www.microsoft.com/genuine and click on Validate Windows
• Then click start, run, type in "WGAtray.exe /b" click OK and reboot.

Many times it's an issue with the validation files.  If that doesn't work... go to the forum and post your issue there.

(Mind you I don't run a Sonicwall but picked this up from the listserves)

So someone was having problems where the calendar invites wouldn't work.  Would work for some of their clients but not others.... the reason?

The Sonicwall.

The Sonicwall sees those calendar invites as a threat and blocks them.  I'm assuming that somewhere in the documenation it tells you this...but since I've seen a couple of folks get stuck on this I'm blogging the response from the folks that use Sonicwall to make it a smidge easier for folks to find:

In the Intrusion Protection Service (part of the comprehensive security suite), uncheck the IPS box that checks for meeting requests.