Checkpoint still don't support Vista, what kind of idiot would buy their crap...oh wait...i know.

Well i headed down to Harvey Norman in the city and asked why they were not open, their excuse is that they couldn't afford the security....um, ok, sure that makes sense, if you were in Lismore, not f-ing Brisbane. The sales persons reasons/excuse for the false advertising were, well, lacking.

The sales person did tell me that around 50% of the stores in the Brisbane area were closed. AMAZING.

Microsoft, if you want Vista to sell, don't become a launch partner with retards, its just not going to go well.

I would like to congratulate Dick Sith Electronics, they didn't need to open, didn't have much support from Microsoft, but they did a better job a selling Vista than either Microsoft or Harvey Norman.

Shame Gerry Harvey, SHAME.

The Dick Smith near the Winter Garden is open for business, they have had some sales, no wonder, Gerry Harvey doesn't want any.

Perhaps Harvey Norman was running on Daylight Saving Time? or Idiot time? Will post my thoughts about this in the morning.

Well, the Harvey Norman at Queen Street is closed, well the whole Broadway complex its in is closed....

Well, Harvey Norman at Indooroopilly is closed....what the?

Well I already run Vista on my desktop (i am using the free version Microsoft gave my for being involved in the beta), however I am still waiting for Checkpoint and Mincom to get their act into gear before i can install it onto my laptop.

I think i know of a way to get it to work, much like some of the firewall appliances that you see in the VMWare appliance listing.

I am planning of wandering down to the local Harvey Norman, taking some pics, getting involved in the fun, so i will post some updates.

Amazon (http://www.amazon.com/Microsoft-Windows-Ultimate-UPGRADE-Signature/dp/B000M2WPIQ/sr=8-18/qid=1168091593/ref=sr_1_18/105-7283195-3868416?ie=UTF8&s=software) are selling Microsoft Windows Vista Ultimate UPGRADE Signature Edition [DVD], thats right, Bill Gates has signed it. There are only 20000 copies.

As usual, Australia doesn't get this chance, when i went to pre order, i recieve this message:

*** We're sorry. This item can't be shipped to your selected destination. You may either change the shipping address or delete the item from your order by changing its quantity to 0 and clicking the update button below. ( See geographical restrictions. ) ***

I love how mos tof the things i want to buy are on Amazon, but i cannot because i am not in the US. Amazon has always been one big annoyance for me, because i can order crap, but not the useful stuff i want.

As no one thought of me at Microsoft when they were giving away laptops (they should remember i am the only one who keeps Mincom from going all hippy), I would have thought Microsoft AU would be able to get some supply of these over here.

Found at: http://bink.nu/Article9216.bink

Now maybe I missed something while watching the Penn and Teller Bullshit episode that just aired on Channel Nine, but there seemed to be alot of segments in regards to the arguments against the War on Drugs that were missing. Now I understand that when you try to fit 29 minutes of programming in to 30 minutes with 15 minutes of advertising, that somethings got to go, but their selection, of mainly the views expressing critical opinions on the war on drugs as well as opinions on why drugs should atleast be explored for medical use, was to say, disappointing. If you have seen the unedited version, you will understand.

I really like to think we live in a democratic society, one where people are free to discuss issues and make up their own mind. It seems however that Channel Nine feels this isn't the case.

I am going to contact Nine and see if I can find out some more information.

I would also like to remind everyone that I have never taken drugs, but I believe that it is our right to do so if we decide we want to.

Well I thought I would update you all on the MOM deployment.

Several weeks ago we decided to deploy MOM onto the Domain Controllers of a new network we a building up (we will be migrating all of the servers to this network in the comming months), and all hell broke loose. The issues seemed to centre around the Distributed File System pack in particular, with it generating a huge number oif alerts, the majority being either:

1. the DFS client side monitoring computers, all of which are on the old network, unable to connect to the domain roots on the new network

2. the domain controllers on the new network were unable to verify their links were up

We think this is just authentication issues, in the first case, its kind of obivious, even though we do have a 2way trust between the domains. In the 2nd case, the DFS links on the domain controllers/domain roots, actually point back to the file servers, all sitting on the old domain.

In both cases, if you logged in as a user with Administrative privilages it worked, just not the Local System account that the agents are running under.

After seeing how easy, and how powerful MOM 2005 SP1 was at a recent Brisbane Infrastructure Group meeting, I convinced they guys at work it was a good idea to deploy. We decided for the Proof-of-concept that our Infrastructure and critical VMs should be monitored.

We are currently running MOM in a VM, with the SQL and Application all hosed together (its a proof-of-concept, its no big deal), and we were surprised with how well its running.

Currrently we have the following packs deployed:

• MOM packs
• Base Server OS
• Base Client OS
• DNS
• AD
• DFS
• DFS-R
• Terminal Server

With the aim to setup the performance monitoring and SQL in the comming weeks.

Number of Agent managed: 6 (Only the Domain Controllers, File Servers, MOM Servers, WSUS/Patching Server and our Licencing Server and sharepoint server)

Number of Agentless managed machines: 20 (Currrently our Automated testing and other critical VMs and all physical machines - bar one as we cant work out where it is or if its powered on)

Issues encountered:

• We didn't get as many alerts as we were told to expect, but there are still quite a few
• Global Catalogs: um, we only run 2, probably should have the recommended 3
• Printing: Yes i know that the printer redirection failed because you don't have the drivers, but please shutup about the printer redirection in TS.
• Firewalls: The XP Firewall was randomly switched on, its not meant to, but is so annoying
• WMI: We are experiencing alot of WMI related issues, and from what i can tell its in regards to permissions. On some machines its as simple as going in and resetting the permissions so that local and network service suers can access WMI, others we are still troubleshooting.
• Checkpoint Firewalls: Don't they just suck?

All in all, we are getting there and once alot of the issues we have are sorted, i am sure we will have a great monitoring solution.

Well it has been a long road for Microsoft, filled with alot of doubt along the way, but Vista was RTM'ed earlier today (http://www.microsoft.com/presspass/features/2006/nov06/11-08VistaRTM.mspx.). As you would have heard by now, 2007 Office System RTM'ed about 2 days ago.

I was lucky enough to attend but the general Ready Summit and the OEM Ready Summit, and from what I saw, I truely believe that this is a turning point for the industry. To finaly have a product which is not only easy to deploy (Windows Deployment Services combined with windows PE will take care of all of your deployment needs, and hopefully kill any nead for Symantec Ghost), but is also easier for users to configure, and in terms of the Enterprise market, easier to manage.

As I work in a company still using stone carved tools, I mean, Windows NT 4 and Lotus Notes. I really hope that the up comming products (esp if the server product is just as good) will encourage companies to upgrade, I mean, its going to help productivity if I don't have to manually apply our Login Script because it died, or reboot because Lotus Notes f-ked itself (the count is up to twice today).

In the OEM sessions, i discovered why those guys want WGA, and now my views are turning on the subject. Its all about the competition, and if your competitors ain't playing right, its just not fair. I spoke to one guy who knows he as lost sales to guys peddling boxes running pirated copies of Windows and Office, just because he wouldn't match his price (even though the hardware was the same and the reason for the price difference was the illegitimacy).

Versioning for both Vista and Office is something i find very interesting, and i really believe that the average user will be right with Home or Home Premium (why half of the gammers our there use XP Pro always ammused me), with people like myself probably running Ultimate on our desktop machines (I will be running Business or Enterprise on my laptop for work). I really doubt that the average user needs Ultimate.

Exchange 2007 is a product I look forward to running at home, and I do look forward to setting up Sharepoint 2007 at work and consolidating some of our intranet sites (wiki, twiki, sharepoint, corp intranet, sales sharepoint etc etc etc). The way that employees will be able to share information, and work together (esp if LCS 2005 is deployed), is just fantastic.

On Tuesday night i also attended the Brisbane Infrastructure Group meeting on Forefront. All I can say is this, Symantec, Mcafee, your two in particular are toast. Did someone mention I can work in one console and manage nearly all of my AV scanners (ie, my sharepoint, exchange, isa, clients, im), and I can define policies accross them easily? And there is multiple scanning engines (which any good Exchange and ISA product has), which simplified updates (don't start me). All i can say is that i don't wonder any more why McAfee, Symantec and Checkpoint are worried, Its like comparing a BMW to walking...

The next couple of weeks are really busy for those in the Microsoft world. I will be attending the following events held by Microsoft, I hope to see you all there.

7th Nov: Brisbane Infastructure User group meeting - Forefront

8th Nov: Ready Launch, I will be attending the IT Pro tracks during the day, and will be hanging around for the System Builders/Partner event in the Evening. I probably will not go to the Partner Events in the evening.

16-17 Nov: Defence in Depth Training - As a Microsoft Partner we were offered free tickets!

7th Dec: Microsoft Search Strategy Breakfast

I know its been a while, and i know i need to get back in the habit of blogging. I will be have some great posts comming up shortly, including my trials and tribulations of getting push email out of Domino, and much more.

 

Kieran.

At Mincom, we use an application called Winrunner, from Mercury. Its a really cool application testing and debug tool.

Currently we have 6 VMS running XP and this tool, which the developers can connect to and use to test their code. It was suggested that we should move to Windows Server 2003 because we could have more than one user connected to each box, and because we could reduce the number of vms to two (load balancing across them). This suggestion was quickly accepted and so one of my colleges, Rene, went about making it so.

We have discovered some very disturbing things that Winrunner does on server 2003. On XP, we can connect to the machine with RDP and make use of the tool. On Windows 2003, when we open the tool on Window Server, it tells us we have broken the licensing policy of the application, it still works if you go to the computer and logon locally, but you cannot use terminal server (be it application or administration modes). IT appears they are actively detecting that their application is being opened in an RDP session (be it normal or console), and throwing an error.

Mercury supports Server 2003, but apparently don't like terminal server on 2003. I don't even know where to start when it comes to this product, its just outrageous that a company is acting like this. Its not even like the licensing is per user, and we are only looking at Server 2003 for performance and to reduce the administration overhead.

So the reception rang a few weeks ago and told me that the new IBM server had arrived. Several days later, Keith (the guy I work with most of the time), and I got around to unpacking it. When we opened the boxes, we discovered that the server cam unassembled, that's right folks, all we got was the parts.

So we rang IBM and asked if we had to assemble the server, they said we could if we wanted to, else, they want another 1000 bucks....so of course, we had to do it ourselves.

We assembled the server with no issues, but we couldn't start it, it simply wouldn't boot.

So we rang them, they sent our some technicians, and they found a cable that IBM didn't connect when the box was sent out (Some stuff was assembled).

We now have one big ESX server. For those of you who are wondering:

• IBM  XSeries
• Quad Xeon 3.6 MP Dual Core
• 24gb ram
• 2 36gb 10K SAS Drives
• 3 74bg 10K SAS Drives
• 2 Dual Port GBIT cards
• 2 HBA Cards

Its big, its powerful, and basically all MINE.

So, next time your ordering a server, remember to get it assembled.

Well over the last 2 weeks I have been very busy getting ready for the final stages of the project I am involved in. In a few short words, the project involves separating the servers that the developers and external contractors use from the main Mincom Corporate network. So basically we need to have a formalized AD structure and supporting security and user policies, and then get ready to start moving the computers. There will be several firewalls and security devices (that's all I can say for now) between the two networks.

There have been many issues, one being Clearcase (I will post about this separately), our new IBM ESX Server (will also post about it later) and then there is the generally financial and time issues that all these sorts of half arsed project seem to have. I was promised some physical servers, but I didn't get them...

So I just finished building our first domain controller, and am making the OU/GP structure that we need, I have also configured DNS with the zones that we require. I have finished merging all of our old developer domains into one, from there machines will be then moved across to our new domain.

I had some of the Managers come to me with concerns over the up coming Mincom Corporate/Developer network separation. They discovered that our very expensive Clearcase setup will not work through a firewall, yes that's right, you cannot separate the clients and servers with a firewall. My first response was "right, and I am using an invisible computer", I mean, who would make a product like that, who doesn't separate their roles with some security?

So we rang the IBM Clearcase guys in Melbourne. Their response was simple, "we don't support our product through a firewall, in fact it will not work, it was designed for LAN, nothing else"...my response "what the?" several managers responded "huh?". Who makes a product like this? I asked them for a workaround, or at least some ideas on how we could get this setup going, and their suggestion was to do either of these to ridiculous suggestions:

1. Remove the firewall

2. enable ports 393, and then 1024 and upwards

Well 1 and 2 are fucking stupid, why would I do either of those options? I am adding the Firewall for security, not just to look pretty in the data centre! IBM what were you thinking?

The reason for these ports and issues is because of the architecture of Clearcase. Clearcase is much like most P2P apps (except they will work through firewalls), that is, Clearcase is a distributed application where servers and clients can just start talking to each other, unlike most others which are client/server based. Why Clearcase is a distributed application and not simply a client communicating with a server is beyond me, but I am told its a pretty cool app. ITS JUST SO INSECURE!

So what's our workaround? Well we are opening those ports for just the clear case servers and clients. This is restrictive, and means a lot of maintenance. IT's a very bad workaround and I wouldn't normally do it.

IBM should be ashamed, not only does Clearcase attempt to live in a secure environment, it breaks! I cannot belive that a company like IBM would make this product. Microsoft products, and other proprietary applications are better that that, it jut shows you how much better Microsoft products are becoming, lets face it, TFS wouldn't be broken this badly. Mincom is a IBM partner, I would have expected a little more support and help from them in securing our corporate network, hell, they don't seem to even care if their partners are secure.

SHAME IBM SHAME.

Schneier just posed that you can get Ross Anderson's book, Security Engineering for free.

http://www.schneier.com/blog/archives/2006/08/ross...

Just downloading the Vista RC1 now, will update you when i know more.

Its good to see the team are making some progress, if the last refresh is was anything to go by...

I just hope my Video Card finally works properly.

I have discovered a strange issue with syncronizing my JasJar with my Exchane Server, basically I can sync with the server remotely, but not when connected with a usb cable...I dont know why, but its broken.

 

Anyone know whats up?