SBSDiva Mobile

Migration Step Thirteen: You installed in migration mode!

And we finished the install and the "migrate to Windows SBS" is ready to go.

Under the hood the FSMO roles have been added to this box and the SBS 2003 is no longer the king of the domain.

[Meanwhile I have to take a break to wash my car so I'll be back later tonight to continue blogging this test migration]

We have 21 days from this point to have the two SBS boxes work together.  After 21 days you have to demote/remove the SBS 2003 box.

Migration Step Nine: Check the health of Exchange

c  Optimize Exchange Server and mailboxes. Follow the instructions on pages 16 through 17 in the Microsoft migration document.

c  Empty the Deleted Items folder.

c  Archive older mail

It can take a long time to migrate large Exchange Server mailboxes. It will take less time if you reduce the size of the mailboxes before the migration. To help reduce the size of the mailboxes, ask each of the users to do the following:

·      Empty the Deleted Items folder

·      Archive older mail

For additional information about optimizing Exchange Server, see the Exchange Best Practices Analyzer at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=101795).

To empty the Deleted Items folder

To archive older mail

Well since this is my test run, I will suck this up and not do this step, but in the real migration about a week before the real migration, I'm going to remind folks of the tasks they should have been doing all along...that is keeping their mailboxes clean.

Now Amy Babinchak and Philip Elder recommend to defrag the exchange databases:

The following can be done to test the health of the Exchange databases at the command prompt and with the stores dismounted (remember to backup):

• MS KB192185: How to defragment with the Eseutil utility (Eseutil.exe)
• TechNet: Eseutil /G Integrity Mode.
• TechNet: Eseutil /P Repair Mode.
• MS KB301460: Exchange Command-Line Parameters for Isinteg.exe Tool

So here's what I'm going to do:

1. In Exchange System Manager, right-click the information store that you want to defragment, and then click Dismount Store.
2. 

Now that the databases are stopped you can make a copy of these files (just in case)

In my case I have these on another drive, you may see these on your C: drive.

1. At the command prompt, change to the Exchsrvr\Bin folder, and then type the eseutil /d command, a database switch, and any options that you want to use.

 This will take some time.

And then it will indicate it's done.

And don't forgot at the end to go remount the store

Migration Step Eight: Raising the functional level of AD

c  Raise the functional level of the Active Directory domain and forest. Follow the instructions on pages 12 through 14 in the Microsoft migration document.

To be fair this probably should have been done sooner in the steps, but it's still in the prelim phase and before we've started the install of SBS 2008 so we're still during the time phase appropriate to this.

Download details: Windows SBS 2003 to 2008 Migration Guide:
http://www.microsoft.com/downloads/details.aspx?FamilyID=52b7ea63-78af-4a96-811e-284f5c1de13b&DisplayLang=en

On page 12-14 of that document is the instructions to change the functional level.

To raise the functional level of the domain

Now we do the forest....

To raise the functional level of the forest

Migration Step Six: Removing ISA

When I moved the SBS 2003 over to the (unsupported) HyperV platform, one of the things I had to do was to uninstall ISA 2004 and take the virtualized box back down to one nic.

Just a reminder of the steps I took -- this is from the SBS 2008 migration checklist:

c  Uninstall ISA Server 2004. If ISA Server 2004 is installed on the server running SBS 2003, you must uninstall it before you can begin the migration.

c  Uninstall the ISA Server 2004 desktop client. To uninstall the ISA Server 2004 desktop client, follow the instructions in this blog post (http://msmvps.com/blogs/kwsupport/archive/2008/09/07/uninstalling-isa-2004.aspx).

c  Export your third-party SSL certificates. If you have any third-party SSL certificates installed on the server running ISA Server 2004, you should export the certificate for reinstallation on SBS 2003.

c  Uninstall ISA Server 2004. Uninstall ISA Server 2004 from Control Panel using Add or Remove Programs.

Import your third-party SSL certificates. Once you have uninstalled ISA Server 2004 you will need to import your third-party SSL certificates onto the server running SBS 2003. To import your certificates, follow the instructions starting with the section “Installing the SSL Certificate into IIS” in this blog post (http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx).

I also relied on Chad Gross's "killing off ISA" blog post here:

Killing off ISA - Aimless Ramblings from a Blithering Lunatic . . . - MSMVPS.COM:
http://msmvps.com/blogs/cgross/archive/2009/10/11/killing-off-isa.aspx

One setting I noticed that needed to be updated (especially if you removed the ISA a week or two before you did the rest of the migration was/is to remove the proxy ISA server settings from inside WSUS server proxy settings.   If you leave that proxy server information behind inside of WSUS, your WSUS server won't sync up to get patch information.

Just a reminder of all of the key migration resources

Just a reminder of all of the key migration resources that I'll be referring to and using during these blog posts/dry run of migation that I'm doing.

That first url -- www.sbsmigrationtips.com is actually a key SBS blog post entry that I got lazy enough to get a url redirect so I could find that blog post. 

Then there is Philip's blog post -- MPECS Inc. Blog: SBS 2003 to SBS 2008 Migration Guide – v1.4.0:
http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migration-guide.html

Then the key official documents you need:

Download details: SBS 2008 Migration Checklist:
http://www.microsoft.com/downloads/details.aspx?familyid=F67148DA-CBA8-4222-8AE5-136A6597A340&displaylang=en

Download details: Windows SBS 2008 Migration Help:
http://www.microsoft.com/downloads/details.aspx?familyid=95E4863E-BB59-4A66-9FEE-9874E8903888&displaylang=en

Download details: Windows SBS 2003 to 2008 Migration Guide:
http://www.microsoft.com/downloads/details.aspx?FamilyID=52b7ea63-78af-4a96-811e-284f5c1de13b&DisplayLang=en

MPECS Inc. Blog: SBS 2003 to SBS 2008 Migration Guide – v1.4.0:
http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migration-guide.html

Migration Step Seven: Checking Exchange is ready to go

We're back on our Migration blog post series (hint all of the Migration blog posts are tagged with "Migration" for easy reference).

And now we're going to check and make sure our Exchange is ready to go:

I.  In the source domain, check for the existence of an account named Postmaster.

SBS setup tries to create a Distribution List with the SAM account name of Postmaster. If it already exists, you will receive the following errors at the end of setup.

Setup errors due to an existing Postmaster account:

• The e-mail distribution groups cannot be created.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.

To fix this, you will need to restore the source server, rename the Postmaster account and start the migration all over again.  Alternatively you can complete the steps listed in http://technet.microsoft.com/en-us/library/cc626214(WS.10).aspx and http://technet.microsoft.com/en-us/library/cc626120(WS.10).aspx.

Now while I have postmaster@domain.com addresses underneath the Administrator account, these are not what this tip is talking about.  They are looking for a specific Postmaster user account, not the Postmaster email account. 

J.  Check Exchange 2003 policies:

• Existing Mailbox Management policies
• Duplicate SMTP addresses in recipient policies
• Invalid SMTP addresses in recipient policies

If any of these are present during the migration to SBS 2008, the setup will finish with the following errors:

Setup errors due to mailbox management policies or duplicate/invalid SMTP addresses in recipient policies:

• The Exchange E-mail address policy cannot be configured.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.
• Incoming and outgoing e-mail for Windows SharePoint Services are not configured.

How to check for Mailbox Management policies:

If you have Exchange 2003 or Exchange 2000 recipient policies that are ONLY Mailbox Manager policies and do not define e-mail addresses (they do not have an E-mail Addresses (Policy) tab), perform the following steps to delete the policies:

1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
2. To verify that a policy is only a Mailbox Manager policy, right-click the policy, and then select Properties. The Properties page must not have an E-Mail Addresses (Policy) tab.
3. To delete the policy, right-click the policy, and then select Delete. Click OK and then click Yes.

If you have Exchange 2003 or Exchange 2000 policies that are BOTH E-mail Addresses and Mailbox Manager policies (they have both the Mailbox Manager Settings (Policy) tab and the E-mail Addresses (Policy) tab), perform the following steps to remove the mailbox manager portion of the policy:

1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
2. Right-click the policy, and then select Change property pages.
3. Clear the Mailbox Manager Settings check box, and then click OK.

How to check for duplicate/invalid SMTP addresses in recipient policies:

1. In Exchange System Manager, expand Recipients, and then select Recipient Policies.
2. Right-click the policy, and then select E-Mail Addresses (Policy) tab.
3. Inspect the SMTP Addresses for any that are unchecked. If you find any, place a check in the box or remove that address.
4. Inspect the SMTP Addresses for any that have an IP address. For instance, @192.168.1.1. If you find any, remove those addresses that contain an IP address.
5. Click OK.

c  Remove Mailbox Management policies. Exchange 2000 and Exchange 2003 used Mailbox Management policies for some types of e-mail. If these policies exist on the server running SBS 2003, setup will generate errors that will prevent you from completing the migration. Exchange BPA 2.8 checks for this condition. Remove Mailbox Management policies from the server running SBS 2003. For more information on how to do this, see the Keys to Success blog post.

Remove duplicate or incorrect SMTP addresses. Exchange 2000 and Exchange 2003 may have duplicate or incorrect SMTP addresses in recipient policies. If these addresses exist on the server running SBS 2003, setup will generate errors that will prevent you from completing the migration. The SBS 2003 BPA with the latest updates checks for this condition. Remove the duplicate or incorrect SMTP addresses from Exchange. For more information on how to do this, see the Keys to Success blog post.

I already ran the SBS bpa and didn't get any warnings, but I'm also going to run the Exchange BPA just to make sure:

Download details: Exchange Best Practices Analyzer:
http://www.microsoft.com/downloads/details.aspx?familyid=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en

And I'm going to run the "are you ready for Exchange 2007" test

And it reminds me that I've yet to flip the AD to the right levels... but it doesn't find any mailbox policies that I need to worry about.

Making sure you don't sync with the Parent

I have eventsentry.com on my existing SBS 2003 which also means it's now on my HyperV clone.  So I kept getting a time change alert..

DATE / TIME   11/5/2009 9:36:21 PM MESSAGE The system time was changed.
Process ID: 1368
Process Name: C:\WINDOWS\system32\vmicsvc.exe

I had forgotted to uncheck the box on the time sync setting on the HyperV.  You still want the DC inside the HyperV to get and grab it's own time from the various ntp time sync portals and not try to sync up with the HyperV parent.

Uncheck the box in that settings window and all is well.

P to Ving with the Sysinternals tool

http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx

Testing this out.  Have a HP ML370G4 that has a physical install of SBS 2003 on a raid/hardware system.  Have a HyperV on an HP ML370G6.  In a test run (where I screwed up because I didn't understand that I needed to ensure I copied the VOLUME which included both an Exchange data drive and a data data drive) I booted up the resulting VHDs and they didn't BSOD with the move.

Mind you they had ghosted nics so that's to be totally expected, and easily removed from the machine and then a rerun of the CEICW and that box was basically a running system.

How to remove ghost nics on vmware machines that have been P2Ved « Ramblings of a semi sane person:
http://secadmin.wordpress.com/2009/02/11/how-to-remove-ghost-nics-on-vmware-machines-that-have-been-p2ved/

Step 1: Open up a command prompt

Step 2: Type – “SET DEVMGR_SHOW_NONPRESENT_DEVICES=1″ and hit

Step 3: Type – “START DEVMGMT.MSC” and hit

Step 4: Once the Device Manger opens to the “View” menu and select “Show Hidden Devices”. Expand the Network Interface portion of the device tree and you should be able to remove the phantom NIC.

I'm doing it again as I need the second volume copied, and it will want reactivation in three days because I just ripped it off the hardware it was tied to, but it appears to do a physical to virtual without causing a bsod.  I'll do a longer blog post explaining the process tomorrow.

The other thing you can use this for (assuming the proper XP movable licenses) is that you can PtoV and make a real XP that XP Mode underneath that Windows 7.  Kinda kewl huh?

The most important backup of all

So before you run the source tool on your SBS 2003 box in addition to the normal backup.  In addition to the possibly paranoid backup you need to do with a third party program like Storagecraft, Acronis, DriveImageXML (paid not free), make sure you do ONE MORE BACKUP.

One that I'd argue is the MOST important one of all.

Just and nothing else but, the system state backup.

With that you can roll the AD back should something occur.  Don't stick it on your normal backup location as well, ensure that you park it several places, on the local drive, possibly on a usb drive but ensure you have a system state backup as it's key here before you being the migration.

The video card RDP bug nailed me today

So I'd always heard about this, not seen this in action... well now I did today.  Nvidia video driver and AFTER the installation of .NET family patch (that I had been holding off installing) I could no longer remote to a machine.  I would rdp and the windows would immediately come back.

When remotely connecting to the event viewer I saw this:

Mind you, nothing was actually being seen on the workstation in question, I just couldn't connect to it after the install of the .NET family update. (951847 - http://msmvps.com/blogs/bradley/archive/2009/11/02/net-patch-gets-offered-up-all-by-itself.aspx)

Brad Rutkowski's Blog : \SystemRoot\System32\RDPDD.dll failed to load:
http://blogs.technet.com/brad_rutkowski/archive/2008/01/04/systemroot-system32-rdpdd-dll-failed-to-load.aspx

Getting a new driver didn't help, I had the latest driver.

Only the registry fix worked:

It's a registry fix that increases the size of the session image space.  Add the following key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

"SessionImageSize"=dword:00000020

Where 00000020 is hex for 32

How to fix a potential security issue in QuickBooks 2007, 2008, and 2009.

How to fix a potential security issue in QuickBooks 2007, 2008, and 2009.      See Web version.
	FIX FOR POTENTIAL ACTIVEX VULNERABILITY Dear Susan Bradley, We've recently released a fix to address a potential security vulnerability within QuickBooks. The issue was related to the use of ActiveX technology in some versions of QuickBooks. On learning about the issue, we fixed the problem, tested the fixes within the identified versions of the software, and have released updates that will address the vulnerabilities. We are unaware of any customers affected. Identified versions are the Windows desktop versions of Intuit® Quickbooks® 2007 through 2009 Simple Start, Pro, Premier and Enterprise Solutions 7.0, 8.0, and 9.0. What Is ActiveX? ActiveX is a distributed object system and protocol technology developed by Microsoft. Microsoft updates its implementation of ActiveX controls from time to time through scheduled security updates. Many software and Web companies use ActiveX in their offerings. Important: If exploited, this vulnerability could allow a hacker to access the data on the user's computer. Therefore ProAdvisors will want to make sure that clients follow through with installing recent updates. IF YOU HAVE CLIENTS IN QUICKBOOKS 2007, 2008, or 2009 Requested Action. Where possible and appropriate, please encourage your clients to update their QuickBooks software. Public Announcements. Clients who are registered owners of QuickBooks 2007, 2009, and 2009 are likely to receive direct notification from Intuit. Please be prepared to answer their questions and continue to encourage them to keep their versions of QuickBooks updated with the most current release. Please remind all of your clients to keep their software updated. Not all QuickBooks users are registered with Intuit; some may not receive a direct notification. TWO FILES NOW PROTECTED With current releases, two ActiveX controls are now protected that would otherwise retain potential vulnerabilities: HtmlHelper.dll QBInstanceFinder.dll For the identified versions of QuickBooks, enabling and approving automatic updates, or manually downloading the update and then applying the updates, will eliminate potential risk. WHERE TO FIND THE QUICKBOOKS UPDATES For information on the most recent updates available for QuickBooks 2007, 2008, and 2009, including access to manual downloads, can be found at this link; users are asked to identify the product they need to update: http://support.quickbooks.intuit.com/support/productupdates.aspx Some clients may appreciate a reminder where they can learn more about the most current releases for their U.S. products. Versions in Other Countries In rare cases, some U.S. ProAdvisors may have clients who work with a Canadian or United Kingdom version of QuickBooks. Information on these versions follows: Canadian customers can download the patch from these sites: QuickBooks: http://support.intuit.ca/quickbooks/en-ca/kb/update/update-quickbooks-to-new-product-update/Update_main.html SuccesPME customers can download the patch from: http://support.intuit.ca/succespme/fr-ca/kb/update/update-quickbooks-to-new-product-update/Update_main.html United Kingdom customers can download the patch from this site: http://support.intuit.co.uk/quickbooks/en-gb/kb/update/update-quickbooks-to-new-product-update/Update_main.html Technical Support Contact Information QuickBooks ProAdvisors looking for technical support are directed to the support site for accounting professionals at http://accountant.intuit.com/support/support.aspx Technical support for non-U.S. versions of QUickBooks can be found following: Canadian customers please visit us at http://support.intuit.ca/quickbooks/index.jsp French Canadian customers please visit us at http://support.intuit.ca/succespme/index.jsp U.K. customers please visit us at http://support.intuit.co.uk/quickbooks/index.jsp COORDINATED EFFORT WITH OTHER AGENCIES As a further precaution, we will coordinate release of this information with US-CERT (http://www.cert.org) and with Microsoft, for a future release within their regular security updates for ActiveX control configuration. However, at this time, downloading Intuit’s patch is the only immediate way to eliminate the vulnerability in our currently supported versions of QuickBooks. THANKS FOR HELPING YOUR CLIENTS We may not say it often enough, but thanks for helping clients get the most out of QuickBooks software. We greatly appreciate the role you play in providing your clients with a superior experience using QuickBooks. As to the current issue, we have included some FAQs for your reference. Sincerely, ~ Your ProAdvisor Team, FOR YOU: FREQUENTLY ASKED QUESTIONS (FAQs) Questions Specific to Your Role as ProAdvisor We know you are likely to be running multiple versions of the software, each in its own directory. As much as possible, the following questions have been posed and answered in anticipation of your needs in supporting multiple clients on multiple versions of QuickBooks. We also include some additional questions that clients may have for you that are not directly addressed in the security alert that will be coming their way. Several terms used: Intuit updates its software from time to time by releasing software patches. Each update or patch is given a Release number for easy identification. In the notes that follow, you may see the term update, release, or patch, depending on the context, used interchangeably. FAQ1. Are any other Intuit products subject to this vulnerability? A1. At this time and to the best of our knowledge, other Intuit products do not have this vulnerability. If we learn otherwise, we will provide further guidance as soon as possible. FAQ2. Does this issue affect QuickBooks 2010? A2. No. Neither QuickBooks 2010, nor Enterprise Solutions 10.0, released in September 2009, are exposed to this vulnerability. Of course, we still encourage users to accept the most current releases for the software. FAQ3. What are the updates or releases that are required for 2007, 2008, and 2009? A3. Releases are cumulative in nature, and over time the most current release will have even a higher number. But for each of the following versions of QuickBooks, the release number shown marks the first introduction of the resolution of the security vulnerability: QuickBooks 2009: R8 QuickBooks 2008: R10 QuickBooks 2007: R13 The updates are also requested for the following versions of Enterprise Solutions: 7.0, 8.0, and 9.0. FAQ4. What if I have multiple Intuit products? Do I need to download and install the patch for each one? A4. If you have installed more than one of the identified versions of Quickbooks (2007-2009), you should apply patches for each version. This is because there are unique updates for each version to address the HtmlHelper.dll file. (The QBInstanceFinder.dll file is in the Common Programs folder, and one update will update all installed versions for that DLL file.) FAQ5. Are older versions of QuickBooks, that is, QuickBooks 2006 or earlier, subject to the ActiveX vulnerability? A5: Yes. Because these earlier versions are no longer supported, Intuit is unable to provide a tested solution to the vulnerability. See also the next two related questions. FAQ6. What if my client is still running an earlier, nonsupported version of QuickBooks? A6. Intuit strongly recommends that all users move to a currently supported version of QuickBooks. This recommendation will be clearly stated in the Intuit communications going to your clients on the topic. The Frequently Asked Questions that are meant to be posted for the benefit of QuickBooks users will also identify this need in the face of the potential vulnerability of QuickBooks 2006 and earlier. This means that there is no good solution to recommend to clients who continue to run QuickBooks 2006 and earlier, and the ProAdvisors who may grudgingly support them. Possibly the potential vulnerability will encourage such clients to upgrade at this time. So-Called "Kill Bit" Solution Not Recommended. In the case of systems administrators of networks where QuickBooks may have once been installed but is no longer used, Intuit has prepared some instructions that involve editing the Registry to disable calls to the Internet Browser. See here. Sometimes this approach is informally called the "kill bit" solution. NOT Recommended for Clients. This solution is not recommended for clients running an earlier version of QuickBooks. Besides the riskiness of editing the Windows registry, the kill bit solution has not been tested in earlier versions and could possibly interfere with some areas of functionality. Especially NOT Recommended for ProAdvisors. For ProAdvisors running multiple versions of QuickBooks, including QuickBooks 2006 and earlier, the kill bit solution is not recommended for the above reasons and also because the solution would also disable one of the DLL files used by ALL versions of QuickBooks, including those otherwise updated. Developing: Please understand that Microsoft continues to work on security updates for its ActiveX implementation, so more general solutions may be forthcoming from that source. If so, those general solutions may address vulnerabilities in QuickBooks 2006 and earlier. FAQ7. If I run an update for QuickBooks 2007, 2008, or 2009, won't that resolve the problem for ALL versions using the ActiveX controls? Including 2006 and earlier? A7. No. Of the two ActiveX control files identified above, one is maintained in common across versions of QuickBooks, but the other is specific to each QuickBooks version. Therefore running an update for one of the recent versions of QuickBooks does not remove the potential vulnerability for an earlier version of QuickBooks. FAQ8. I have one or more clients who are using a version of QuickBooks from outside the United States. What should I do? A8. The U.S. version of QuickBooks has cousins developed for local markets in Canada, the United Kingdom, Australia, and South Africa. The security issue is being addressed for these versions too; for more information, see the Support websites for these versions. See also the list of versions in the question below, on "How do I make sure I have the patch?" In the answer, we list specific versions from these countries. Websites for downloading the update for several countries are shown above. The following phone numbers are also available: Canadian customers: 1-888-829-1722 U.K. customers: 0845 606 2161 FOR CLIENTS: FREQUENTLY ASKED QUESTIONS (FAQs) Anticipated Questions Posted for All Users For your reference, here are the FAQs posted for all users by Intuit about the security updates. Q1. What if I've uninstalled one of these products and no longer use it? Do I still need the patch? A1. If you have uninstalled QuickBooks, you should not be vulnerable to these vulnerabilities. If you have installed multiple versions of QuickBooks, you will be vulnerable if any affected version is still installed. Uninstalling all affected versions of the software will remove the vulnerability from your system. Q2. How do I download and install the update? A2. All users of an identified version of QuickBooks should download the security update at: http://support.quickbooks.intuit.com/Support/ProductUpdates.aspx. Canadian users can also download the update from: http://support.intuit.ca/quickbooks/en-ca/kb/update/update-quickbooks-to-new-product-update/Update_main.html When the page appears: Choose your product by clicking the product selector link. Click the Update button to start the download and click Go. Select Open or Run This Program from its Current Location to begin installing the update immediately. Restarting your computer is not required. If you don'rt have time to install the update, you can select Save or Save This Program to Disk and the update file, called qbwebpatch.exe, will download to your hard drive. You'll need to open that file to run the update. Q3. How do I check that the security update has been applied? A3. To make sure the patch has been applied and is installed on your system, open QuickBooks, and press the F2 key.  In the display, you should see the product version information in the first line. Versions of QuickBooks with the patches applied are the following: QuickBooks 2009 R8 US QuickBooks 2008 R10 US QuickBooks 2007 R13 US QuickBooks 2006 R12 UK QuickBooks 2008 R12 UK QuickBooks 2009 R6 CAN QuickBooks 2008 R8 CAN QuickBooks MC R24 CAN QuickBooks 2009 French R6 CAN QuickBooks 2007 French R7 CAN QuickBooks 2009/10 AU (v18) Q4. What operating systems are supported? A4. The security update is available for all operating systems used by any identified versions of the Quickbooks applications: Windows XP, Windows Vista, and Windows 2000. [If you are running Windows 98 or Windows ME, you need to have Internet Explorer 6.0 or later installed before you can install the update. Go to the Internet Explorer 6 Downloads Web page to install a more recent version of IE. ] Note: Intuit products for Apple MacOS X are not affected. Q5: What if I have multiple Intuit products? Do I need to download and install the update for each one? A5. If you have installed more than one identified version of Quickbooks, you should apply an update for each version. Q6. I still have a trial version of Quickbooks installed on my system. Do I still need to apply the security update? A6. Yes. If you have any trial versions of one of the identified versions of Quickbooks installed on your system, you should download and install the security update. Q7. I only use the Internet on a periodic basis. Do I still need to download the security update? A7. Yes. If you installed an identified version of Quickbooks on your computer, the vulnerability poses a security risk regardless of whether you are currently connected to the Internet. We recommend that all users of an identified version download and install the security update. Q8. How do I ensure that my computer has not already been compromised? A8. If you have anti-virus software installed and have updates run automatically, the anti-virus software should detect the presence of any malware on your computer.  If you want to determine if your computer has malware on it, run a complete scan of your computer using an anti-virus software product. Q9. I'm the administrator of my office network. Some machines have had QuickBooks installed at some point but don't any longer, and aren't getting automatic updates. What should I do to secure my network? A9. If you have had QuickBooks installed on some computers at some point, and are no longer running QuickBooks on those machines and receiving automatic updates, you can secure these machines by following these steps to edit the Windows Registry. Please back up the Registry before you implement the following changes: Copy the following text to a file with the ".REG" suffix. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{596801D8-2C9D-4627-9C67-195CB81B655A}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{03C3A013-02F2-4e56-87A8-B74A7C5DC75B}] "Compatibility Flags?=dword:00000400 Import this into the registry by double-clicking on the .REG file and it will automatically be imported.  This will disable the affected ActiveX controls. Q10. What if I use QuickBooks 2006 or a previous version? A10. Intuit wants your data to be safe. We recommend you upgrade to a newer version of QuickBooks (2007 or later) as soon as possible and follow the instructions to update that version. QuickBooks 2006 and prior versions are no longer supported and Intuit does not release updates for these products.
© 2009 Intuit Inc. All rights reserved. Intuit, the Intuit logo, Intuit ProConnection, Intuit ProLine, EasyACCT, Lacerte, ProSeries, QuickBooks, QuickBooks ProAdvisor, Quicken, and TurboTax, among others, are trademarks, registered trademarks and/or registered service marks of Intuit Inc. in the United States and other countries. Other parties' trademarks or service marks are the property of their respective owners and should be treated as such. Program terms and conditions, pricing, features and service options are subject to change without notice. This newsletter is provided as a convenience for our customers and is not intended to supplement, modify, or extend the Intuit software license agreement between Intuit and the customer for any Intuit product or service. Terms and conditions subject to change without notice. If you would like to change your e-mail address in our database, please update your QuickBooks ProAdvisor Profile. Each newsletter or alert is mailed using the most recent listing in the ProAdvisor Database. If you receive an e-mail message that appears to come from Intuit but that you suspect is a phishing e-mail, please forward it immediately to security@intuit.com. Intuit Inc., Customer Communications, 2800 E. Commerce Center Place, Tucson, AZ 85706

Too much, too little, maybe just right?

For the past two years since we started rolling out Vista, I've felt like Goldilocks.  I can't find an antivirus software I like.  Trend was my choice until it started putting a firewall in there that made it not quite right.  Then I was testing out Nod32 and it nearly was my choice until it too started to have known issues with iTunes and network icon interference. 

So in addition to the desktop icon review tonight, I'm starting the process of removal of the various antivirus' I've been testing on various machines and starting to standardize on the one that I think will be the one I choose.  But I want a wider beta so I'm going to be installing it on more machines.  What is the maybe, hopefully, possibly just right antivirus?  I'm leaning towards Forefront client security now.  For those who have home users or home businesses, the Microsoft security essentials is my current choice of antivirus.  Notice I didn't say "free" antivirus, I said antivirus.  It's discouraging when we're paying annual subscriptions to products that are not catching rogue antivirus, causing slow downs of our systems, and in general, if they were operating systems, we'd be a lot more upset than we are right now.

So before you ask, can the management console of Forefront go on SBS 2008?  Nope.  Can't.  But this is part of my larger test to see if the native notification of antivirus status is good enough for this Goldilocks.

I'll let you know how this fairy tale ends.

Happy Halloween

Tonight to answer the door of the trick-or-treaters I'm asking the door as Danica Patrick's older, less sexy, sister that is a Mini Cooper race car driver.

Okay so it's a stretch, I'll admit, but with a Mini Cooper racing shirt and a black wig, what do you expect?

I'm also remoting back into the office and doing the annual "what icons landed up on the desktop" review of the desktops.  While most of us do remote work as a matter of ease and efficiency, sometimes the only time you see issues is looking at the actual desktop.  So I'll take my secondary admin account and log into the workstations remotely and see what icons are there.  See if there's patches that WSUS or Shavlik missed, see if the event viewer looks good.  While I have remote tools that also pull this info, sometimes actually LOOKING at the desktop is like most picture experiences, a picture is worth a thousand words.

In my case, that picture of Danica is worth way more than what I look like in my Mini Cooper get up.

>>> NEW TOOL: Exchange Remote Connectivity Analyzer <<<:

>>> NEW TOOL: Exchange Remote Connectivity Analyzer <<<:
http://social.microsoft.com/Forums/en-US/partnermsgexchange/thread/421c8eb2-7579-4806-a276-3aaeb90a10a4

Announcing the release of Exchange Server Remote Connectivity Analyzer for Exchange 2003, 2007, and 2010: https://www.testexchangeconnectivity.com/

Client connectivity and inbound email scenarios make up a significant portion of the Exchange support calls.  This tool will allow you to remotely test the following client types and services:

Exchange ActiveSync

Windows Mobile 5, 3rd party devices

Windows Mobile 6.1+ with AutoDiscover

Outlook Anywhere (aka RPC/HTTP)

Outlook 2003

Outlook 2007 with AutoDiscover

Inbound SMTP

The tool will simulate the protocol logic used by the specific client and not only tell you if the scenario was successful, but if it fails, it will tell you exactly where in the process it failed as well as try to guide you to the problem resolution.

HELPFUL LINKS:

More information https://www.testexchangeconnectivity.com/Pages/ChangeList.htm

Exchange team blog http://msexchangeteam.com/archive/2009/03/25/450908.aspx.

Exchange Remote Connectivity Analyzer Forum: http://social.technet.microsoft.com/Forums/en-US/exrca/threads

Provide feedback to exrcafb@microsoft.com

So what about those action pack licenses?

http://msmvps.com/blogs/bradley/archive/2009/10/30/mpan-program-closed.aspx

So the bigger and more important question is ...what about the action pack license that was allowed to be purchased by CPAs as a result?  Are they still licensed?  Can they renew?  Can they keep the licenses or do they have to buy all new Server and OS licenses to make themselves legal?  [notice I'm using the word they as I've kept my firm buying software assurance for the server all this time and didn't use the action pack for the firm]

I don't know the answer to that one.  Stay tuned.

[and shame on the Office Accounting team that didn't anticipate that this would be the bigger question of the morning]

MPAN program closed

Dear valued MPAN member:

 We are writing to let you know that Microsoft^® Office Accounting will no longer be distributed by Microsoft after November 16, 2009. As such, MPAN membership will also be closed to new members effective November 16, 2009 and the complimentary download of Office Accounting Professional 2009 and the Office Accounting Customization will be discontinued November 16, 2009. Some existing MPAN benefits, such as online on demand training, will remain.

 We would like to thank the many dedicated users and partners who have been enthusiastic supporters of Microsoft Office Accounting and MPAN over the years.

 As a registered Office Accounting user, you may continue to use Office Accounting after November 16, 2009 and Microsoft will continue to offer product support for Office Accounting in accordance with the terms of the support policy. Your current MPAN membership entitles you to unlimited phone support through January 15, 2011.

 To learn more about other Microsoft offerings that can be useful to your business, please visit the following:

   -   Microsoft's Small Business site is a great resource for small businesses.

   -   Microsoft Office is a great tool for small businesses, especially when used with our easy-to-use templates.

   -   Microsoft Dynamics products offer adaptable business management solutions, and we invite you to visit the Microsoft Dynamics Community Web site, which offers role-based content, including a Finance sub-community, product forums and networking functionality.

 Please refer to MPAN FAQs for more information on MPAN benefits going forward.

 If you have further questions about Office Accounting changes, including changes to add-on services, additional information can be found on the Office Accounting FAQ page.

 Again, we thank you for your support of MPAN and Office Accounting. 

MPAN US Team

Folder view in Win7

So on the "production" win 7 one of the feedback items was that the file open menu didn't open up the file folders the way Vista used to

http://www.windows7update.com/Windows7-Folder-Options.html

So one of the settings I put back on the workstation was the open folder settings.

And voila, the expanded folder pane on the left hand side like Vista did it is back again.

Searching for a bit of spam

Someone showed me this "trick" the other day.  Google search on a web site, limiting the domain to just your domain and then search for "sex".

http://www.google.com/search?hl=en&lr=&rls=com.microsoft%3A*&q=sex++site%3Amsmvps.com&aq=f&oq=&aqi=

See how many blog spam/web site spam/bad content has ended up on the site that you weren't aware of it.

I got some cleanin' to do.

Windows Vista Ultimate customers

While I applaud what Microsoft is doing in the retail space (decrapifying the PCs to start with, offering deals on Home Premium and Professional - http://www.microsoft.com/windows/offers/ms-store-bundle.aspx, there's one other group of users that need a bit more TLC.

Those that believed in the Vista ultimate experience.  While their Home Premium and Professional brethern get discounts, those who are running Vista Ultimate get no discount whatsoever

http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/5bad261b-4103-4f38-b76d-da2d632e2ef2

Many are in the "Windows Update" forum asking where their update to Windows 7 is since they suffered through Vista.

Ultimate users were promised extra "stuff' and it never was delivered.  Oh sure if you want to count the few crumbs that were thrown out, and the 47 million language packs that were marketed as an "ultimate extra" but now when it's their turn to look for upgrade offers, there are none to be found.

So?  Microsoft?  How about coming out with some peace offering for your Windows Vista Ultimate customers, huh?

What's your RAID favorite?

This weekend I'm just doing a play install and seeing what sort of RAID array I can build.

RAID levels: Learn about RAID 50:
http://searchstorage.techtarget.com/tip/0,289483,sid5_gci1066983,00.html

RAID - Wikipedia, the free encyclopedia:
http://en.wikipedia.org/wiki/RAID

I can do a "0", a 1+0, a 5 or a 50.

Cross out raid 0 here.

• RAID 1+0: mirrored sets in a striped set (minimum two disks but more commonly four disks to take advantage of speed benefits; even number of disks) provides fault tolerance and improved performance but increases complexity.

The key difference from RAID 0+1 is that RAID 1+0 creates a striped set from a series of mirrored drives. In a failed disk situation, RAID 1+0 performs better because all the remaining disks continue to be used. The array can sustain multiple drive losses so long as no mirror loses all its drives

When the top array is a RAID 0 (such as in RAID 10 and RAID 50) most vendors omit the "+", though RAID 5+0 is clearer.

Just for grins I'm going to try out 1+0, 5 and 50 and see what each give me.

Stay tuned.  In the meantime, what's your favorite setup?