John Howard, IT Pro Evangelist, Microsoft UK

Hows Windows stores passwords and how passwords can be attacked

I was forwarded this by a colleague last week and found it interesting reading. It's a short article written by Jesper Johannson and published last month up on TechNet. It raises many good questions, many of which arise on a frequent basis, but after IT Forum last week, I can kind of now understand why the AD administrators here in Microsoft use smart cards and seperate accounts for elevated privileges to perform almost all administrative functions. It was amusing when Brian, one of these administrators pulled out a bunch of some 24 different smartcards, just to perform his day job, and the mild panic he had when one of them went walkies - turned out he'd been using it as a bookmark. Just shows you everyone's human :-)

You can read Jespers article here.

Mice have nine lives as well as cats.

Intel VT Chips

IE Freezing - Add-Ons could be the problem

Media Center (Centre) - new downloads available

Just noticed that TweakMCE 2.0 is now available for download. My main Media Centre machine was playing up (OK, fair cop, I'd been playing with it, installing Beta software left right and centre) to the extent that I was forced to rebuild it last weekend. However, it's now far from perfect (in fact, I'd probably say worse than before). Wife not happy - it's the machine she uses every day. Hmmmm. On a brighter note though, I did put a recent build of Windows Vista on a partition on it - was the first time I'd actually had a machine which did run in Aero Glass. Unfortunately I couldn't get the AverMedia TV card working for Media Centre, but if you haven't seen what they're doing with MCE in Windows Vista yet with Beta 2, it looks very nice. More on that when it's fully open to the public.

Anyway, back to TweakMCE. I think I need work on fixing the fresh install of XP MCE before I start installing tweaking software. However the first version had some great utilities in it. In the meantime, maybe it would be more appropriate for me to take a look at version 3 of the Diagnostics Kit for Media Centre - also recently put on the web.

Singularity Operating System - another use for virtualisation?

I've always had an interest in Operating System internals, and have just finished reading the in-progress research document on a new operating system called "Singularity". The research work is being done by Microsoft Research, and the aim of this OS is to examine what a new operating system would look like if it took a fundamental design change to focus on reliability - if one process fails, it has no effect on other processes. To achieve that, they introduce the concept of SIPs or Software Isolated Processes with well-defined interfaces or channels between processes, including those of the core OS such as drivers for example.

One major effect on the isolation and trust between processes means that, on an x86 architecture, it is no longer necessary to run kernel mode in Ring 0 and user mode in Ring 3 - everything can run in Ring 0 without fear of bringing down the kernel from a user mode process. Think about the toll taken by context switching and the number of CPU cycles involved between Ring 0 and 3 - it is not insignificant. If this overhead is no longer there, although message passing across channels introduces another overhead, the net performance figures were surprising good, and that wasn't even with a finely tuned build. (Almost) all of the operating system is written in managed code (Sing#).

Anyway, made interesting reading - worth taking some time to take a look, even if it's highly unlikely to ever become a production released operating system. The home page of singularity is here. The research paper and the Channel 9 video are the links to follow.

Now why am I blogging this - when reading through, see if you can spot the references to where I think they used Microsoft Virtual Machine technology (ie Virtual Server or Virtual PC) to develop the OS. Drop me a comment if you spot it - two specific points around half way through the research paper made me think :-)

Outlook is preparing the requested view

I thought I'd seen all the Outlook prompts possible, but when I saw this one and it sat there for 30 secs or more, I had to hit "Prnt Scrn" to capture it. I've absolutely never seen this one before. Admittedly, my machine was running a couple of Virtual Machines at the time, so was a little on the slow side. This was seen when opening a folder in a PST file for the first time, although I'd already copied a number of items into it. Another instance of learning something new every day ;)

Rootkits. Be worried - very worried

Its been a busy week for me, so it's only now that I'm getting a chance to catch up with what's going on the world of IT, or even watch or listen to the news. Hence apologies if you've already seen this.

For me, RSS is a great way of catching up, and one feed I always read is that of Mark Russinovich. I am utterly shocked and stunned read some of his findings about DRM protected CD Audio employed by a certain large "giant". Normally, I wouldn't comment on news like this except on anything except my personal blog, but I'm am so outraged and stunned by what I've discovered having spent the past hour or so researching and reading about the techniques and implications of the "RootKit" approach and the legalities, the fact that a half-baked patch has been issued, and the follow up entry from yesterday on Marks blog about the way that the software "calls" home.

Yes, there is a huge amount of publicity out there about this, but what worries me most now is that even with that publicity, how many home users are really going to take action on it? There is a probable chain reaction:

• Home users generally won't read or hear about this, are highly unlikely to run a root kit revealer to discover the "rootkit", blame XP for potentially crashing or certainly being slower due to the "rootkit" performance overhead.
• By not knowing about it means the majority of infected users will not visit the appropriate site to patch/remove the DRM software (which it appears is not flawless either).
• Many people will purchased CDs with this DRM "rootkit" software.
• Given a significant percentage of purchasers will play those CDs on home machines, there will be many home machines installed with an unpatched rootkit
• Joe Hacker now has it on a plate with an easy way to cloak their worms/viruses on "infected" machines through the sys$ file prefix.

Crikey! Maybe I'm over-reacting. Lets hope so!

Only SMTP, Outlook and Exchange Gurus need read further

Iif you don't fit into the subject line category please switch off now - I just know you won't know the answer (no offence, of course). I've been an Exchange dev for years (although a little rusty now) and still don't know. However, read-on if you want to, or have some educated guesses and vaguely understand the problem I'm hastily attempting to explain.... This is the "deep techie" question alluded to in my previous blog post. I'm using CDO from Windows Server 2003, not CDOEx (the superset COM component) supplied on Exchange 2000/2003. I want to send an email using SMTP (rather than Exchange) and have Outlook pop up the email in the reminders window like below:

The above reminder was generated simply sending an email internally from an Exchange account to myself, with the message flag turned on. If you go back to an old "un-crippled" version of the Exchange Explorer from the Exchange SDK (previously known as the WSS/Web Storage System SDK), take a look at the property tags/attributes for this message, you notice a few MAPI related fields are set for reminders. Interestingly they're not MAPI property tags though, so I assume are supported tags.  (NB - Don't try this using anything later than a Dec 2001 WSS Explorer as it's crippled and you won't be able to see MAPI tags.)

Property tags such as http://schemas.microsoft.com/mapi/remindernexttime, reminderset, remindertime. So the question is, what (if you can) do you set in the X- or other bespoke SMTP message header fields to get Exchange/Outlook to recognised these property tags. I just can't work it out (and am guessing it's not possible). Yes, I can do this using native MAPI, but it kind of defeats the point of what I'm trying to achieve. Anyone on the Exchange Dev team listening???

Ta!

Improved Generic Exchange Backup Script

So after numerous emails about this, and some comments on my previous blog post back in June, I spent a couple of hours this afternoon improving the backup script (which although was written as a generic Exchange backup script, is suitable for file system, system state and more - it just depends entirely what you set the selection criteria as). I've got it running now at home great, so it's worth sharing to the bigger audience now.

The biggest request I had was for email notification if an error occurs. Sending an email is simple (honestly). However, I didn't just want to send any old boring email, I wanted to utilise some of the more advanced features capable in Outlook, and show you how you can use the extended version of CDO for Exchange (CDOEx) rather than CDO. That having been said, to keep it generic and so that this script would run on any Windows Server, I ended up using CDO and SMTP rather than the more advanced capabilities of CDOEx. I've left the CDOEx code in there if you want to go that route, and I have tested it and it does work, so is a good example if you need it. The advanced features are so that the message flag is set to highlight some action is required. It is complicated due to timezone issues, but I think they're pretty well sust, so it should work all the way from Seattle to Sydney.

Here's an example of what I mean by "advanced" - notice that the email is red, and flagged with a follow-up action

Here's the revised script. I have a question though for someone really techy which I just can't find the answer to. I'll post a followup entry shortly. Cut/Paste and save as backup.vbs. Generate your Windows Backup selection file as before, and change the series of constants at the top of the file according to your needs - recipients for error emails, SMTP servers etc. Note that I haven't tested anything except anonymous SMTP drop.

' ************************************************************************************
' * Weekly Backup Script for Exchange
' * John Howard, Microsoft UK. Created 25th June 2005
' * History:
' *  04 Nov 2005 - Added Email Sending on Failure (see inline comments)
' *
' * Feel free to use/modify for your own needs.
' * No guarantees though although it works for me :-)
' * However, if you can do better, contact me through http://blogs.technet.com/jhoward
' ************************************************************************************

Option Explicit
On error resume next
Const NO_ERROR = 0
Const BACKUP_PROGRAM   = "c:\windows\system32\ntbackup.exe "
Const cdoImportance    = "urn:schemas:httpmail:importance"
Const cdoHigh          =  2 ' Importance
Const cdoAnonymous     = 0
Const cdoBasic         = 1
Const cdoNTLM          = 2
Dim   SMTP_AUTH

' TAILOR THESE NEXT CONSTANTS TO YOUR REQUIREMENTS
Const DEFAULT_SENDER   = "Backup Job <servername@contoso.com>"
Const DEFAULT_RECIP    = "user@contoso.com"
Const DEFAULT_SUBJECT  = "Backup Failure on Exchange!"
Const SMTP_SERVER      = "exchange.contoso.com"
Const SMTP_PORT        =  25
      SMTP_AUTH        = cdoAnonymous  ' Choose one of the above
Const SMTP_TIMEOUT     = 60 ' Seconds to wait for SMTP Server
Const MESSAGE_FLAG     = "URGENT: Backup Job has failed"
Const BACKUP_SHARE     = "\\RemoteServer\ExchangeBackups"
Const BACKUP_SELECTION = "Exchange Backup Selection.bks"

Dim szYYWW                    ' Date in YYYY-WW format (Week of year)
Dim szYYMMDD                  ' Date in YYYY-MM-DD format
Dim szFlagsSelection          ' The backup selection script, prepopulated
Dim szSetDescription          ' The description of the backup set
Dim szDestinationFile         ' The destination file in the destination directory
Dim szFlagsJobName            ' Flags for the name of the job  [/j "jobname")
Dim szFlagsVerify             ' Flags for verify the backup    [yes|no]
Dim szFlagsRemoteStorage      ' Flags for remote storage       [/rs:no|yes]
Dim szFlagsHardwareCompress   ' Flags for hardware compression [/hc:off|on]
Dim szFlagsLogging            ' Flags for logging in ntbackup  [/l:f|s|n] Full SUmmary None
Dim szFlagsAppend             ' Flags for appending data       [/a] or nothing
Dim szFlagsRestrict           ' Flags for restricting access   [/r:yes|no]
Dim szFlagsType               ' Flags for backup type          [/m normal|Incremental|Differential...]
Dim szFlagsTapeName           ' Flags for name of tape
Dim oFSO                      ' File System Object to see if file already exists
Dim owShell                   ' To execute a shell command
Dim rc                        ' Return code
Dim szError                   ' If we have an error, record it in here
Dim szCommandLine             ' What we are going to run as a backup
Dim szUTC                     ' UTC Date/Time for SMTP Reply-By field

Set oFSO        = Nothing
set owShell     = Nothing
rc              = NO_ERROR  ' OK So far
szCommandLine   = ""        ' Not sure what we're running yet
szError         = ""        ' Not had an error yet

' Setup our variables
if (NO_ERROR = rc) Then
    szYYWW                   = year(now()) & " w" & formatNumber(DatePart("WW",now()))
    szYYMMDD                 = year(now()) & "-" & formatNumber(month(now())) & "-" & formatNumber(day(now()))
    szFlagsSelection         = chr(34) & "@" & BACKUP_SHARE & "\" & BACKUP_SELECTION & chr(34)
    szFlagsJobName           = "/j " & chr(34) & "Exchange Backup" & chr(34)
    szFlagsVerify            = "/v:yes"        ' Verify YES|NO
    szFlagsRemoteStorage     = "/rs:no"
    szFlagsHardwareCompress  = "/hc:off"       ' Hardware compression off - this is to disk
    szFlagsLogging           = "/l:f"          ' f=full s=summary n=none
    szFlagsAppend            = "/a"            ' /a for Append or leave blank to overwrite
    szFlagsRestrict          = "/r:no"         ' no|yes Restrict access to administrators
    szFlagsTapeName          = "/t:Exchange " & szYYWW
    szDestinationFile        = "Exchange " & szYYWW & ".bkf"
    szSetDescription         = "/d " & chr(34) & "Created " & szYYMMDD & chr(34)
    szUTC                    = GetUTCSMTPDateString()
end if

' Instantiate File System Object
if (NO_ERROR = rc) Then
    err.clear
    Set oFSO = CreateObject("Scripting.FileSystemObject")
    if (err.number) or (oFSO is nothing) Then
        rc = -1
        szError = "Failed Creating FSO: " & err.description & " -0x" & hex(err.number)
    end if
end if

' Look to see if the file exists to determine the backup type
if (NO_ERROR = rc) Then
    if not oFSO.FileExists(BACKUP_SHARE & "\" & szDestinationFile) then
        ' Normal | Copy | Differential | Incremental  Backup Type
        szFlagsType       = "/m normal "    
        szFlagsAppend     = ""  ' Don't Append if does not exist
    else
        ' File exists, so incremental backup. We are already in Append mode
        szFlagsType       = "/m incremental "  
        szSetDescription  = "/d " & chr(34) & "Inc " & szYYMMDD & chr(34)
    end if

    ' Release File SYstem Object
    set oFSO = Nothing
end if

' Create a Shell Object to be able to run the backup executable
if (NO_ERROR = rc) Then
    err.clear
    Set owShell = wscript.createobject("wscript.shell")
    if (err.number) or (owShell is nothing) Then
        rc = -2
        szError = "Failed Creating wscript.shell: " & err.description & " -0x" & hex(err.number)
    end if
end if

' Build the backup command and run it
if (NO_ERROR = rc) Then
    szCommandLine  = BACKUP_PROGRAM         & _
                     "backup"         & " " & _
                     szFlagsSelection      & " " & _
                     szSetDescription & " " & _
                     "/f " & chr(34) & BACKUP_SHARE & "\" & szDestinationFile & chr(34) & " " & _
                     szFlagsAppend           & " " & _
                     szFlagsLogging          & " " & _
                     szFlagsVerify           & " " & _
                     szFlagsRestrict         & " " & _
                     szFlagsRemoteStorage    & " " & _
                     szFlagsHardwareCompress & " " & _
                     szFlagsType             & " " & _
                     szFlagsJobName          & " "

    rc=owshell.run(szCommandLine,,True)
end if

set owShell = Nothing
if (rc) Then SendErrorEmail
wscript.quit(rc)

Function FormatNumber(szIn)
   FormatNumber = szIn
   if len(szIn) = 1 then FormatNumber = "0" & szIn
End Function

'-----------------------------------------------------------------------------------
' Function Added: JJH 04 Nov 2005
'-----------------------------------------------------------------------------------
' For Sending an Email. We have the option to use send using exchange, but
' this can only be done on the Exchange server itself and requires CDOEx which
' is only installed on an Exchange Server. However CDO (CDOSys in old speak) is
' also installed on any Windows 2003 Server, and is a subset of CDOEx, we can
' use SMTP to send from any server pointing towards our Exchange Server.
' HOWEVER: It is nice to be able to get a reminder in Outlook to say that
' we need to do something rather than just an email. This requires an additional
' message header Reply-By which is in the Format (eg) Fri, 4 Nov 2005 15:23:08 -0000.
' Now, rather than mess around with timezones etc, I just use UTC. Seems to work,
' but it probably also helps that I'm in the UK so don't have to worry too much
' about timezones generally :-) However, appreciate many people may use this
' who are outside of UK, so best to make an effort!
'
' Note: We also fail safe to assume no time bias if we can't read registry
'-----------------------------------------------------------------------------------
Function GetUTCSMTPDateString()
    Dim dtUTC        ' UTC Date
    Dim szUTC          ' UTC Date string in SMTP RFC Format
    Dim oShell         ' To read registry
    Dim szATBRegKey    ' Registry key for Active Time Bias
    Dim lMinutesOffset ' From UTC
    Dim rc             ' Function return
 
    On error resume next
    rc = 0
    szATBRegKey = "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias"
    lMinutesOffset = 0
    err.clear

    if (NO_ERROR = rc) Then 
        err.clear
        set oShell = CreateObject("WScript.Shell")
        if (err.number) or (oShell = Nothing) Then rc = -1
    end if
   
    if (NO_ERROR = rc) Then
        lMinutesOffset = oShell.RegRead(szATBRegKey)
        if (err.number) then
     rc = -1
            lMinutesOffset = 0
        end if
    end if

    ' Regardless of error, we do the formatting (default to zero offset)
    dtUTC = dateadd("n", lMinutesOffset, now())
    szUTC = WeekdayName(Weekday(dtUTC),True) & ", " & _
            Day(dtUTC) & " " & _
            MonthName(Month(dtUTC),True) & " " & _
            Year(dtUTC) & " " & _
            FormatNumber(Hour(dtUTC)) & ":" & _
            FormatNumber(Minute(dtUTC)) & ":" & _
            FormatNumber(Second(dtUTC)) & " " & _
            "-0000"

    set oShell = Nothing
    err.clear ' Don't pass any error back as we will have _something_
    GetUTCSMTPDateString = szUTC

End Function

'-----------------------------------------------------------------------------------
' Function Added: JJH 04 Nov 2005
'-----------------------------------------------------------------------------------
' There are several solutions to sending email. We _could_ use CDOEx, but we need
' to be running on an Exchange Server to do this. While you might say "But this is
' a generic Exchange backup program, so of course it's running on an Exchange Server",
' remember although I built it for Exchange backups, it's still pretty generic and
' can be used for file system backups or system state etc.
'
' CDOEx is not "remoteable" - it can only be instantiated on the Exchange Server
' itself. Hence, not very generic.
'
' BUT - CDOEx has advantages. You can use "SendUsingExchange" rather than SMTP
' which allows you to relatively easily set a reminder on the message itself.
' You would unfortunately also be limited to not just running on an Exchange
' Server, but who you are sending it _from_ must have their mailbox on that
' local server.
'
' Plan B: Use CDO which is present on all Windows Servers. However, to do this
' has its own problems if you also want the message to flag up if you're using
' a rich Outlook client to read the message.
'
' Plan B and a half is to incorporate elements of both solution (see inline comments,
' with some code commented out) but using SMTP.
'
' Note: I could have done this, but it just would have been _too_ easy :-)
'
'Dim oMsg
'set oMsg = CreateObject("CDO.Message")
'oMsg.To = "user@contoso.com"
'oMsg.From = "Exchange@contoso.com"
'oMsg.Subject = "Backup Status"
'oMsg.TextBody = "Whatever you want"
'oMsg.Send
'set oMsg = Nothing

'-----------------------------------------------------------------------------------
Function SendErrorEmail()

    Dim oMsg       ' Message we send if failure occurs
    Dim szFrom        ' String
    Dim szBaseFolder  ' Base folder for the current users mailbox
    Dim rc

    szFrom = ""
    rc = NO_ERROR
    set oMsg = Nothing

' COMMENTED OUT - COULD USE IF WE KNOW THIS IS RUNNING ON AN EXCHANGE SERVER
' REASON BEING: CDO.Person and IMailbox Interface are only implemented in CDOEx, not CDO
' Following block is to generate a full from email address so that we
' use a better display name if we are sending the email externally from
' the Exchange organisation. Not strictly necessary, but nicer.
' Also, no error checking implemented
'    Dim IMailbox      ' Mailbox Interface to CDO.Person object
'    Dim oADSInfo      ' ActiveDS.ADSystemInfo
'    Dim oPerson       ' CDO.Person
'    set oADSInfo = CreateObject("ADSystemInfo")
'    set oPerson = CreateObject("CDO.Person")
'    oPerson.DataSource.Open("LDAP://" & oADSInfo.DomainDNSName & "/" & oADSInfo.UserName)
'    szFrom = oPerson.FileAs  ' May be blank if no description in AD
'    if 0 = len(szFrom) then szFrom = "Exchange Backup Script"
'    szFrom = szFrom & " <" & oPerson.Email & ">"

    ' Need to have a default sender
    if (NO_ERROR = rc) Then
        if 0 = len(szFrom) Then szFrom = DEFAULT_SENDER
    end if

' COMMENTED OUT - AGAIN CDOEX SPECIFIC. Assuming we use code block commented
' above, we need to make sure that the users mailbox we are sending FROM (which
' is the currently logged on user) is homed on the current Exchange Server.
' The base folder will be something like file://./backofficestorage/<domain>/MBX/<User>/
'    set IMailbox = oPerson.GetInterface("IMailbox")
'    szBaseFolder = IMailbox.BaseFolder
'    if (0=len(szBaseFolder)) Then <TRAP ERROR HERE>

    ' Create a message object. Not a lot we can do if we can't - could put further
    ' checking maybe to write to event log. Exercise for the reader though.
    if (NO_ERROR = rc) Then
        err.clear
        set oMsg = CreateObject("CDO.Message")
        if (err.number) or (oMsg is nothing) Then rc = -1
    end if

    ' Configure the outbound email
    if (NO_ERROR = rc) Then

        With oMsg.Configuration
            '.Fields(cdoSaveSentItems) = False

            ' CDOEX Specific next line
            '.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = cdoSendUsingExchange
       
            ' SMTP Specific lines instead of above commented out line
            .Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 ' SMTP By Port
            .Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTP_SERVER
            .Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = SMTP_PORT
            .Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = SMTP_AUTH
            .Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = SMTP_TIMEOUT
            ' If using BASIC, need to set cdo/configuration/sendusername and sendpassword accordingly
       
            ' Update fields from the configuration
            .Fields.Update
        end With

        oMsg.To = DEFAULT_RECIP
        oMsg.From = szFrom
        oMsg.Subject = DEFAULT_SUBJECT

        oMsg.TextBody = "Backup Job has failed" & vbcrlf
        oMsg.TextBody = oMsg.TextBody & "Error: " & szError & vbcrlf & vbcrlf
        oMsg.TextBody = oMsg.TextBody & "Backup Job: " & szCommandLine

        ' CDOEX/SendUsingExchange Specific to set the message flag
        'oMsg.Fields("http://schemas.microsoft.com/mapi/proptag/0x10900003")=2
        'oMsg.Fields("urn:schemas:httpmail:messageflag")= MESSAGE_FLAG

        ' SMTP Way of doing this
        oMsg.Fields("urn:schemas:mailheader:Reply-By") = szUTC
        oMsg.Fields("urn:schemas:mailheader:X-Message-Flag") = MESSAGE_FLAG

       oMsg.Fields(cdoImportance) = cdoHigh
       oMsg.Fields.Update
       oMsg.Send
    end if

    set oMsg = Nothing

    ' If using CDOEx
    'set oPerson = Nothing
    'set oADSInfo = Nothing

End Function

Someone smart may wonder what's oMsg.Fields("http://schemas.microsoft.com/mapi/proptag/0x10900003")=2 about. If you want to know, and how I went about finding out, it's a long story. Post a comment and I'll put up the details when I get a spare day (it's that long). <GRIPE>Previous to working at Microsoft, obtaining info like this was my day job - I had plenty of support cases lined up at MS and got pretty up tight about some of the decisions made by the Exchange Dev team, and specifically those working on the SDK tools. Seems like even since my gripes a few years ago, the same lack of documentation (or deliberate hiding of this info more specifically is still there)</GRIPE>

Oracle User Group Conference

OK. Strange title maybe, but have just arrived home and am back online after spending a couple of days on-site at the Microsoft booth at the UK OUG (Oracle User Group) conference in Birmingham. Apart from doing some quick demonstrations of Windows Vista Beta 2 (Build 5231), talking about Windows Server System and Virtualisation to loads of people, handing out several hundred "Willy Wonka"-style chocolate bars (you could win a Creative Zen player if you had a winning ticket), blagging teddy bears and other nik-naks from other exhibitors stands in exchange for chocolate ;), there was one question I must have been asked a hundred times or more. "Why are you here?" Well, the answer is simple - yes, Oracle does run on Windows. Very well, actually!

BTW - most wanted give-away was an Oracle fleece (even though the Tom-Tom navigator and the little petrol motorcycle were really cool and would have been great toys) - the fleeces were just really nice. Unfortunately, they'd run out, but I did get an Oracle polo shirt. Now shall I wear it into the MS campus tomorrow....?

Bizarre Weekend Stuff - Halloween came early

Ghosts in the machine. Literally. I'm helping out at the Oracle User Group in Birmingham tomorrow and Wednesday (yes, it's also running today), and was planning on demonstrating some of the features in the latest Windows Vista build. However, on Sat morning, Halloween definitely came early - I was answering an email on my big work laptop (Dell 5160) when it hung. 4 secs on the power button, and now it won't get through BIOS startup. Tried swapping out memory chips, removing all peripherals, disk, even running on battery, but it's just one giant paperweight now. Ironic that it's just (by days) out of warranty! Plan B was to get Windows Vista running on my D600 Dell spare machine but with only 1GB. Nowhere near as powerful, much slower disk etc. However, remember I do have 2GB of spare memory in the 5160, so I put that into the D600.

I'd already started the install at the end of last week on the D600 anyway, just needed to complete the driver installation. All was going well until I tried to get the wireless adapter (Dell TrueMobile 1300 which is a rebadged Broadcom adapter by the look of it). I tried no less than 6 different versions of the driver, all of which fail. Some spectacularly (blue-screen), others which just cause the machine to hang until you power it off, others which allude to install until you enable the device. Regardless, no wireless. This was doing my head in. Then I remembered something someone mentioned a few months back about certain drivers don't work if you have more than 1GB of RAM under Windows Vista. No, couldn't be a case of that could it? Yes, that's exactly what it is. Reducing the D600 back to 1GB lets the all varients of the driver install and I'm back on wireless. Strange things indeed. At least I'll have something to demo tomorrow.....

PS - Looks like I'll be ordering a Toshiba M3 to replace the Dell 5160 paperweight. Not what I need (like 64-Bit dual core, 4GB ram.....) but it's the best I'm going to get with the corp budget for now :-(

Task manager additional network information

Living proof that no matter how much you use Windows on a daily basis, there's always something somewhere you find which strikes you as "wow, never knew that". Although I have a custom performance monitor MMC snap-in at home, for example, for monitoring network throughput on my broadband connection through my ISA Server, I never realised you could use options on the menu bar to change the task managers network tab view to show bytes sent and bytes received in red and yellow respectively. Obviously it's not as accurate or flexible as the performance monitor, it's still useful to know. The option's on the View menu under Network Adapter History.

Why business travel isn't always the best option

I got sent this through earlier today and hadn't seen it before. However, it definitely goes down as the funniest thing I've seen or heard this week. Was trying to find somewhere to file it for safekeeping, and my blog seemed fairly appropriate. It's an advert for Office OneNote about why business travel stops here. Apologies if you've already seen it. Me? Still giggling now.

Non-standard Naming conventions - is your name too short?

Naming Conventions. Now there's an interesting topic - it crops up all the time in IT: Server Names, Site Names; Group Policies etc. Where am I headed - no, not into an in depth discussion of best practices in this area, but to add a new one to for the the list of non-standard naming conventions.

There are plenty of crazy websites out there if you look. However, I had to laugh when my wife just shouted at me from downstairs (I'm working from home, you see) that her name was non-standard. Uh? A certain website she was trying to enter her details on would not accept her name - I've heard of missing phone, email or bits of address, but never a site not allowing you to enter your real name.

You see, according to this website, your first name must be at least four characters long. Since when this was a requirement, I don't know. So apologies to everyone by the name of Jo, Su, Joy, Tom, Si etc., you now have non-standard names. I'm OK though apparently. I'm glad my parents called me John rather than Jonathan. The latter, shortened to Jon (which I frequently get called in emails) is non-standard. Anyway, I didn't want to sign up for a newsletter on the latest and greatest gadgets, creams and potions in beauty therapy..... Good job too!

Help - IE Keeps opening my spreadsheet. I want to save the darn thing...

I received an email yesterday from a user using Internet Explorer to attempt to download Excel Spreadsheets (.xls extension). They couldn't see an obvious way of stopping Internet Explorer from automatically opening the spreadsheet embedded in the browser, rather than ("as they seemed to recall") being prompted whether to open or save the document.

This is a surprisingly common question - the answer is another of those "easy if you know how", but impossible to find if you don't. Half the reason for this is that the answer doesn't lie in Internet Explorer, it's actually Windows Explorer or Folder Options on the control panel (at least from a GUI perspective - a different story under the covers as to how this actually works). Now why on earth file types were ever put in the control panel under folder options is another one of those mysteries!

When you originally install Microsoft Office, the file associates are setup in Windows. Certain file types are considered dangerous (may be that's a bit strong), but worthy of asking users what they would like to do if you encounter a file with that extension on the Internet or Intranet. Unfortunately, and I personally consider this a bad thing, the dialog box which asks you has a checkbox "Always ask before opening this type of file".

The bad thing isn't so much the checkbox - that's good. It's that fact that it gives users absolutely no clue as to how to get the dialog back should you choose to not be asked again. The answer is straightforward though. Either

- Choose Folder Options from the Control Panel,   or
- Open Windows Explorer and choose Tools/Folder Options.

From the dialog which opens, select the third tab, "File Types". Scan down the left hand column until you get to XLS as shown below (note this solution applies to many other file types).

Click the Advanced button at the bottom to show the following dialog.

Notice the checkbox "Confirm open after download" is not currently checked. Check the box, click OK and OK again. The problem will be solved.

But, a quick word of warning. Be very careful playing with file associations and other options in the above screens unless you are very certain of the consequences. If in doubt, don't do it, or try it on a test machine or Virtual Machine.

Get TechNet Plus for half price

64-bit Rocks!

...for a few days anyway. I went out and bought an AMD 3400 64 bit machine yesterday for my son who started Uni a few weeks ago. It's a pretty basic machine, but I chose it for its expansion capability in the hope that with a few minor upgrades, it will last the full three years of study and well into Windows Vista. It came with 1GB Ram, a 200GB HDD (IDE though), 4 SATA ports free, DVD Burner, and with the PCI-X graphics slot available (but currently using on-board graphics which are reasonable enough). I added a Hauppauge TV card (Model 1046) to allow Media Center to be installed (unfortunately 64-bit MCE isn't available until Vista) to get rid of his TV/DVD in his room, and it works a treat (apart from the fact that I've yet to find a way of re-mapping the Hauppauge remote supplied with the wintv-pvr-150 to be re-mapped to Media Center functions). So... if anyone knows of such a utility please let me know - afterall, what's a blog for otherwise!

While it's mine (at least until Saturday), tonights job is to try out how Windows Server 2003 x64 plus Virtual Server 2005 R2 64-bit cope on this using a spare disk I've got lying around. After that, I'm back to 32-bit land for a while....

Microsoft Codename Max

Dilemmas, Upgrades and Decisions.

<Holiday Thoughts>
Returning back to work mode. Holiday season for me now finally over this year (I've been whizzing, well as much as you can at 3 knots max, up and down the canal networks in the UK). Fantastic time, can't wait to go again. While at the helm though, I've pondered a few times about what to use for my replacement virtual dev/test environment, both for work and home. The trouble is, my work laptop at the end of the day just doesn't have it when you want to push virtualisation - generally most are limited to 2GB Ram and slow-ish disks, and the home budget is, well - you can probably guess. I'd consider building my own shuttle box with a RAID disk subsystem and a couple of dual-core 64-bit processors thrown in. Trouble is, they max out at 2GB too from what I can see, and I need something still reasonably portable. It would do, but I'm still going to need more RAM mid to longer term. But, do I just get one now and deal with the future later? Speaking of the future, what about the forthcoming Pacifica/VT processor? Now they will be seriously cool (with a price tag to match I expect initially). So, what I need to do is find some nice friendly contacts internally here at Microsoft who can put me in touch with one of the processor manufacturers or OEM builders who would like a machine with a stack of ram, a couple of dual-core processors with the additional virtualisation instructions, and a few fast disks "evaluated" on a semi-permanent basis :-). Nah! Even working at Microsoft, I don't think I'll get that lucky. Never mind, I'll just have to make my own decision the old fashion way for the work machine - value for money. For home, the decisions probably already made for me - same old kit for a while....
</Holiday Thoughts>

Scripting with Monad

Monad is definitely a hot topic to watch in the future. I've just discovered that Jeffrey Snovers two webcasts about Monad are available for on-demand viewing. If you want to find out more about the future of command line scripting, these are a good place to start.

TechNet Webcast: Next Generation Command Line Scripting using Monad (Part 1 of 2)
Presenters: Jeffrey Snover, Architect, and Jim Truher, Program Manager

What is the next generation Microsoft command-line shell automation and scripting technology (codenamed "Monad") and how does it fit into the realm of tools and languages? To find out, join us in this webcast, one of the top rated sessions from Tech·Ed 2005 in Orlando, Florida (MGT320), as we highlight how the architecture of the shell supports consistent, production-oriented commands. Learn about the power to navigate and manipulate multiple data stores, and see how the powerful command-line shell uses objects to simplify scripting.
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032277851&EventCategory=5&culture=en-US&CountryCode=US

TechNet Webcast: Next Generation Command Line Scripting using Monad (Part 2 of 2)
Presenters: Jeffrey Snover, Architect, and Jim Truher, Program Manager

Join us as we drill down into more details of the functionality of the next generation Microsoft command-line shell automation and scripting technology, codenamed "Monad". First we conclude the scripting examples from the first session, then move on to advanced scripting constructs. We look at writing secure scripts, using script blocks for maximal power and flexibility, leveraging the shell's dedicated streams for RESULTS, ERRORS, VERBOSE, DEBUG, and PROGRESS, and dealing with errors, exceptions, debugging and tracing.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032277852&Culture=en-US

Don't also forget the Channel9 interview which is also available for download to view at your leisure :-)
http://www.microsoft.com/downloads/details.aspx?FamilyID=6c1191af-892f-46d5-94b6-b97521d5a0cd&displaylang=en

Making Robocopy faster

I use Robocopy a great deal to copy stuff from corpnet in a reliable way onto my laptop. One huge advantage of robocopy is that you can set it to copy in restartable mode, and if the network connection fails, it can take off from where it got to. Therefore, I can start copying something while in the office, suspend my laptop, come home, fire up the VPN and it continues. However, I've been copying down several gig of data yesterday and last night, and I noticed on my broadband performance monitor for ISA, I wasn't getting anything like the full bandwidth being used.

A bit of a finger in the air approach, but it was generally noticable that the lowest performance is on files being copied less than 100K. This isn't surprising as it has to seek to the next file frequently. Best performance comes on multi-megabyte files - again, not surprising as it flies if there's no "seeking". Fortunately, the files I've been copying handily fit into three directory sets with generally one of three names in the top-level directories - "Ethernet", "WLAN" and "Video". (It probably won't be hard to work out what I'm copying down now :-) ).

I found it best to run up three instances of robocopy in three command prompts and use the /xd option to exclude directories. Hence:

• robocopy \\server\topleveldirectory . /s /xd *video* *ethernet*
• robocopy \\server\topleveldirectory . /s /xd *video* *wlan*
• robocopy \\server\topleveldirectory . /s /xd *ethernet* *wlan*

This increased the throughput for me by a good 50K per second and saved me a lot of time. Obvious, but nice to know.

Free Technet Magazine Subscription

...but only if you're US based. I know I get readers from all over the world, and know many of you are US based. I'm hoping to follow up with the powers that be to see if we can get some free subscriptions also in the UK too! The Technet Magazine, Microsofts magazine for IT Pro's is going to be beginning a regular publishing schedule from this autumn. If you're also a talented budding author, please also let me know - they're looking for authors covering all subjects including Exchange, Office, Active Directory, IIS, Security,..... and so on.

Also, don't forget the Industry Insiders blog. If you haven't seen it, here's your chance to be able to demonstrate your ability in solving real-world problems publicly and on microsoft.com. If you would like to make a contribution, drop me an email for further details.

TechNet improvements

Just came across this yesterday. If you are a TechNet subscriber, changes to the online site have been made which makes organising your subscription much easier through the introduction of the TechNet indexes. You can find this at http://www.microsoft.com/technet/index.

In this Septembers shipment, you get an offline version of the indexes. The index allows you to easily search for products in the subscription to locate which disc it is on by Full Text, by disc number or by part number.

Windows Vista Fast User Switching on domain joined machines

Woohoo!!! I'm suddenly one very happy person. The killer feature I've been hoping to see in Windows XP Pro is present in Windows Vista Beta 1. No guarantees for the future, but it shows the boys in Redmond have the capability. Here's what it is and why it's important to me.

I have various machines at home, generally all domain joined. Until recently, there were two exceptions. One was my kids games machine where it is much easier for them to click a picture of themselves at a logon page rather than Ctrl-Alt-Del, enter a username and password. The other was the main Media Centre PC. On upgrades to MCE 2005, if the machine was previously domain joined, or the network card is detected correctly during fresh installation of MCE 2005, you can join it to a domain. Otherwise officially, and from a support perspective it is workgroup only. (There are other ways too, but this isn't the place to put that info :-) )

As much as the advantages to having machines domain joined (such as group policy etc), on the MCE, it means that you lose the FUS (Fast User Switching) capability, and the ability to use extender technology which relies under the covers on FUS. I debated long and hard about which way to go with the MCE, but the domain joined option won it for me in the end. Not that it pleased all members of the household but that's another story - I may not be the MD, but when you're the CIO at home, you trump the boss!

Now, there I was "playing" on the Windows Vista 1 Beta which is domain joined to the MSFT corporate network. Click Start/Lock (or Log-Off depending on context)/Log Off and there it is. I'm going to have to investigate this further whether this means the final shipping Windows Vista "Media Centre Edition" (not the actual name obviously) will have FUS, Domain and extender functionality all in one box. That will be cool. See the screen below - two users logged on, domain joined and FUS is available :-)

What days do spammers take off?

Kind of interesting this one. I was looking through some of the logs for my home-brewed spam system on my home hetwork. Not perfect, but a lot cheaper than commercial products - even as a Microsoft employee, I would still need to buy this stuff otherwise, and as an ex-Exchange dev, it's not that hard (well it is to be honest, but that's definitely for another day)! [There's a hint if there's any commercial vendors reading this ;-)] Over four months, I've averaged around a 48% spam detection with pretty good accuracy, so I'm pleased with how it's performing by and large.

Now here's the interesting bit. I ran off a report which shows the percentage of spam detected per day. Here's what I discovered based on the lightest days for spam for each month:

August: Sundays
July: Fridays
June: Saturdays
May: Thursdays

Of course, there's statistical error likely in all these results as I don't receive a huge amount of email compared to Microsoft for example (something like 10,000 emails in total over the 4 months). However, these results were obvious even without deep statistical analysis. I'd be interested if someone has an explanation!

xyzzy

It's a long bank holiday long weekend over in the UK, so a quick blog entry which has absolutely nothing to do with work. You need to be over a certain age to have a clue what "xyzzy" has to do with anything. I first came across the term probably in the very late 70's, maybe early 80's. A long time ago anyway. Here's a clue if you're still not with me - "you're in a maze of twisty passages, all alike", or should that be "you're in a twisty maze of passages, all alike" or "you are in a maze of twisty passages...."?  Still confused? Colossal Cave was a popular early computer game. As I recall, there were dwarves, lamps and dogs involved, and xyzzy did something, but I'm afraid I've long since forgotten. I guess I first saw the game on a glass teletype connected to one of the London university computers via something like a 75bps modem - one of those big wooden boxes you put the phone handset in and strapped it together to make sure the acoustic coupling was effective. Hence, I was chuffed to find that other people are just as nostalgic - there's a site I found over the weekend where you can play it online and even download a version to play on the PC. I've still got some original 5 1/4" Infocom disks lying around somewhere - no hardware to read them mind. Infocom did several PC games based on similar game play styles. Oh a mis-spent youth! Time to go searching for some more online nostalgia I think now :)

Vista Beta 1 and Smartcard Readers - USB may be a better option?

For connecting to the Microsoft Corporate Network over VPN, we use connection manager and SmartCards. I've got two PCMCIA smartcard readers, one for each laptop, made by GemPlus. One is the standard GemPlus PC reader, and the other is a GemPlus 400 model. There have been reports by some people internally that it is possible (albeit with some playing) to get the 400 model to be recognised through using the XP drivers available from www.gemplus.com - however, for me, no matter how much attempting to force installation, I still end up with the yellow exclamation mark in hardware manager. This obviously makes it very difficult to connect from home back to CorpNet. However, after a bit of digging around over the weekend, I remembered that when joining Microsoft just under a year ago, they gave me a "temporary" USB smartcard reader, the GemPC USB-SL. Once I dug that out, blew away the cobwebs (it was in a dark corner) and plugged it in, it was recognised perfectly. I'm back on CorpNet :-)

Vista Beta 1 Internet Explorer 7 problems with some sites

This is fairly well publicised if you look around the Internet, but not in a single place that I could find. Hence, more for my own reference once I blow this beta build away, I'll want to get back to where I am. Certain sites don't recognise IE7 in the User Agent detection coding, and you may need to apply a few changes to make it work. Take a look at http://www.fiddlertool.com/useragent.aspx for some scripts to change IE7 to switch between IE6 and IE7 mode, and to see what your browser is exposing. Also, have a look at the IE teams great blog for more information about this topic.

Part 5: Infrastructure essentials Blogcast - Exchange mailbox and Outlook Profile

Continuing the blogcast series on infrastructure essentials.

The next stage in our infrastructure is to extend our infrastructure by building in one of the most important infrastructure applications - email. Our configuration uses Exchange 2003, and the first task for email is to create a mailbox for that user in Exchange. We take a brief look at the RUS (Recipient Update Service) which determines our email addressing format. Once the mailbox is setup, we need to test it. We do this through creating a basic profile in Outlook 2003 to point to the users mailbox. Using that profile, we verify everything is working by sending an email to ourselves. Click here to view.

If you look closely, you'll notice that Outlook throws an error during send/receive 0x8004010F "The operation failed. An object could not be found", even though we did successfully send an email to ourselves. We'll solve that very simply in the next blogcast!

Series Index:

0. Network configuration and series background.
1. Getting started
2. ISA Server configuration to allow basic web browsing capability
3. ISA Firewall Client basic configuration      
4. ISA Firewall Client auto-detection through WPAD configuration

The worlds most powerful gaming server?

Network diagram correction

Part 4: Infrastructure essentials Blogcast - ISA and WPAD configuration

Continuing the blogcast series on infrastructure essentials.

Where we left off, we were able to browse the Internet from clients connected to the intranet, but we had to manually configure the ISA Firewall Client application for the name of the ISA server to be used. In part four of this blogcast series, we configure DNS and DHCP on our internal network for a feature called WPAD, or Web Proxy Autodiscover Protocol. Once WPAD is configured, we change our Firewall Client application to automatic proxy discovery to verify our changes have been successful.

Our mini-infrastructure is started to look good. However, we haven't touched on email yet. In the next part, we'll configure an Exchange mailbox for our user, a matching Outlook profile and verify we can send and receive emails internally. Check back soon!

Series Index:

0. Network configuration and series background.
1. Getting started
2. ISA Server configuration to allow basic web browsing capability
3. ISA Firewall Client basic configuration      

Windows Genuine Advantage

Security management column

<wear type="flameproof">

Jeffrey R. Jones, the Director of the Microsoft Security Business Unit has recently completed the fourth and final part of his column on Security Management. It makes interesting reading and worth a spare 15 minutes for a scan through....

Part one discusses Windows, Linux and Security Notifications
Part two discusses when an issue affects multiple products
Part three discusses patching
Part four discusses security management.

</wear>

IT Forum 2005 - Barcelona

The Microsoft IT Forum 2005 web-site is now live to take registrations. The agenda is being formulated now and will be going live in the next few weeks. This is a major event for IT Professionals in Europe (or even further in many cases) with many high-profile speakers, plus an optional full day of in-depth pre-conference on Monday 14th November. Many more details to follow soon, but there will be (approx) 175 breakout sessions, 125 chalk and talk sessions, several panel discussions plus, of course, loads of hands on or instructor led labs. For now, here's the structure of the core tracks:

• Microsoft Business Solutions
• Messaging & Mobility
• Data Management
• Management & Operations
• Connected Systems Infrastructure
• Identity & Access Management
• Office System
• Windows Client
• Security
• Core Infrastructure

I'm the "track owner" for the Core Infrastructure track and am now putting together a great set of sessions for that track.

So now your part.... If you plan on attending and have a "must see" session under Core Infrastructure (eg Windows Server 2003, R2, Virtual Server, Longhorn Server, Storage etc), let me know pronto - most of the decisions will be made in the next 10 days! Click the banner to find out more information, including registration information and early-bird discounts. I look forward to seeing you there!

Part 2: Infrastructure essentials Blogcast - ISA 2004 rules to allow web browsing

Continuing the blogcast series on infrastructure essentials.

Yesterday, we saw an overview of our network infrastructure and started diagnosing why Internet browsing from our corporate network was not working. In part 2 of this blogcast series on infrastructure essentials, we configure ISA 2004 to allow users to browse the Internet from work. We use ISA Servers built in monitoring capability to detect what is being blocked and to determine how to resolve it. However, we also notice on the ISA monitoring log that it is not picking up who is browsing - we want to have better control over this, so resolve that in the next part of this series....

Don't forget to have your say - drop me a comment if there's something specific you want to see. I'll try and fit it in....

Series Index:

0. Network configuration and series background.
1. Getting started        

Part 1: Infrastructure essentials Blogcast - Getting started

Part 1. Starting with the basics.... (it does get more complex, a lot more complex, I assure you). In this blogcast, you see an overview of the infrastructure and browse the "emulated" Internet using a client machine connected directly to the Internet. This client is move back to the corporate network and discover that Internet browsing no longer works. ISA Server monitoring is used to diagnose the cause, and find, at least in the first instance, that DNS queries to the Internet are failing. A new rule is created in ISA to allow these DNS queries to be made. Part 2 will solve Internet browsing....

Here's the network diagram as published in yesterday's post where you can also find out more about this blogcast series

If you're interested, here's the real quick and dirty ASP page I used for emulating microsoft.com

<%@ Language=VBScript %>
<HTML>
<BODY>
<p align="center">
Demonstration INTERNET Web Site.<BR>
<I>(In reality, it exists on the Virtual Machine, "INET")</I><BR>
<HR>
<BR>
</p>
<p align="center">
<B><font color=red size=4 face=arial>Welcome to Microsoft (www.microsoft.com)</B>
<% response.write "<BR>The time is " & now() & "<BR>" %>
</font><BR>
<font face=arial size=4>
<%
response.write "You requested this page from " & request.servervariables("REMOTE_ADDR") & "<BR>"
if request.servervariables("REMOTE_ADDR") <> "72.16.8.252" then
    response.write "<BR>You are directly connected to the INTERNET"
else
    response.write "<BR>You are connected to the Corporate LAN"
end if
%>
</font>
</script>
</p>
</BODY>
</HTML>

Blogcast Series: Infrastructure essentials

I've been busy over the past few days recording a series of blogcasts about setting up the essentials for a typical well-managed infrastructure. The network so far consists of six machines as shown in the diagram below.

The intention of these blogcasts are to walk through a number of steps to change a base installation of Active Directory, ISA Server and Exchange Server into what you would typically find in a small or medium sized enterprise. Of course, you'd find a similar infrastructure in larger enterprises too, so if you're an IT Professional in really any type of organisation, there should be something useful for you.

In the pipeline are:

- Allowing clients to browse the internet from the corporate network
- Configuring the ISA firewall client for automatic detection
- Setting up an Exchange mailbox for a user
- Setting up an Outlook profile to use the Exchange mailbox
- Publishing Outlook Web Access on the Internet (HTTP for now)
- Installing a Certificiate Authority
- Using the Certificate Authority to change OWA to use SSL Encryption
- Setting up a PPTP VPN
- Setting up an L2TP VPN
- Implementing quarantine
- Implementing some group policy
- Setting up mail exchange records to send and receive mail externally
....

It's probably no coincidence either that the configuration and ideas I have in mind also broadly match the types of configuration I've been using on my home network as a proving ground and test-bed production network. I find running a production network far more effective that using pre-canned demo's as the types of problem you see are real and can't be left to hang around untreated.

So, that's the plan so far - please pop a comment up if you want to see something specific in the series.

The first blogcast will be posted up tomorrow - keep an eye out :-)

IE7 Easter Egg

Easter eggs in Microsoft software are these days unfortunately very few and far between - however, this potential one in the Internet Explorer 7 beta seemed a little extreme. Kudos to the development team, and even more so for someone finding it!!!

Implementing VPN Quarantine

I see a busy weekend coming up :-) Not that I'm complaining - I'm up for the challenge.... Now that I have VPN back into my home network fully functioning with both PPTP and L2TP (PPTP is configured but disabled), it's time to implement some quarantining. There were a few reasons to setting up VPN besides the "because I can", although that seemed more than a good enough a reason to me, even if "her who must be obeyed" didn't (and still doesn't) get it :-)

One of my sons is going to university soon. Hence, part of my home implementation of Active Directory includes folder redirection so that he can roam on his laptop offline and still get to his documents. He can fire up Outlook to get his email via RPC/HTTP or Outlook Web Access, and optionally connect through VPN back here to synchronise his documents to my central servers to ensure everything's backed up daily. I've also turned on shadow copies so that he can get back to previous versions of his documents up to 2 weeks previous without needing to do a restore.

However, universities being universities, as much as I'd like to think that his machine is reasonably well locked down, anti-virused and patched, could I trust his machine to come straight back here through VPN? Nope. Not a chance. For similar reasons, any "friends or family" machines which turn up here to be fixed (I seem to get lots of these) don't get a chance to be attached to my home network - I just don't trust them, however well managed they are. Call me paranoid, but isn't that part of the job for an IT Professional?

Hence, my weekend job (kids and wife pressures excepting) is to look into implementing VPN quarantine - at a minimum checking AV is up to date, firewall is on, run the malicious software removal tool (now that's useful and timely that I found the link yesterday), check for the latest security patches and check to see what additional software has recently been installed.

Handy therefore that I spotted this on microsoft.com: Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide whitepaper. You can both view it online or download it. However, as I have an ISA Server, this link is a bit more useful and I'm going to need the Remote Access Quarantine Tool for ISA Server 2004.

So, just a simple configuration running at home. Crikey. I'll report back progress....

What do you take to the shower with you....?

Answer: A laptop keyboard.

I've been unable to do a lot of work for the past hour or so after spilling a tiny amount of coffee over my laptop keyboard. Fortunately I don't take sugar as Steve assured me that was a known killer. I dried it straight away, but of course, most keys weren't working. After spending 20 minutes working out how to take the cover off to be able to get to the screws holding the keyboard in place, head for the shower. 1 minute on a luke-warm wash, towel dry, hairdryer on cool with a full blast for another 5 minutes and leave to bake in the sun for another 10 while reading a chapter of Harry Potter and it came back to life. Phew. All except, though, the most important key - Enter. I don't have a USB keyboard to hand here, but the beauty of running Windows Server on my laptop is that at least I can terminal service in to it over the network to continue working. Strange though, half an hour later,

the

Enter

key

started

working

again.

I've got a replacement on order anyway to be on the safe side - you never know quite how much gunk may still remain there. At least all the crumbs and chocolate flakes aren't there.
PS: Best not answer my original question (unless it's safe to publish).....

Popup follow-on from yesterday

Well, there is another difference between the msgbox function and popup method as was pointed out to me by several people. Msgbox only displays the first 1024 characters of a dialog whereas popup displays a lot more (I haven't looked to see what the actual limit is although I can certainly fill the screen and more besides). Taking yesterdays script and adding this immediately before the call to msgbox

szMessage = ""
for i = asc("a") to asc("z")
    szMessage = szMessage & String(100,i)
next

Msgbox will display

but Popup will display

So now you know, but please, no more emails if there are other differences!

How to automatically dismiss scripted dialogs boxes - alternative to msgbox function

I guess I've been doing a fair bit of scripting recently - admittedly nowhere near as much as I did back in my dev days, but there's always something you learn new. I don't even have a specific use for this, neither was I able to imagine a practical situation I could find for its' potential use it, but who knows who's reading this....?

Generally, in a VBScript I would have used the MsgBox function to display a dialog. Although I've also used the WScript.Shell object a fair few times, I've never had need to use the "Popup" method to also display a dialog when MsgBox was to hand without instantiating another object if you didn't need it.

However, purely by accident I was looking at the documentation for WScript.Shell and found that "Popup" can do one thing "MsgBox" can't - it can be dismissed automatically by a timer. Here's a quick code example which shows how it works. Cut and paste into "dialogs.vbs" and run it. Two identical dialogs will be displayed, it's just that the second one will dismiss after 2 seconds.

Dim szTitle        ' Title for dialog
Dim szMessage      ' Message to go in dialog
Dim iFeatures      ' What options on dialog
Dim iSeconds       ' How long to display for :-)
Dim oShell         ' For Popup Method

szTitle = "Sample Title"
szMessage = "Do you know you could do this?"
iFeatures = vbOKCancel or vbQuestion
iSeconds = 2
set oShell = CreateObject("Wscript.Shell")

msgbox szMessage, iFeatures, szTitle
oShell.Popup szMessage, iSeconds , szTitle, iFeatures

BTW - setting iSeconds to 0, or running "oShell.Popup szMessage,,szTitle,iFeatures" will produce identical functionality to msgbox. Even if you too can't see a use, it's one of those things to keep in your back-pocket for your next geeks outing under the banner of "Bet you didn't know how to...."

Here's the links to the full documentation for msgbox and popup.

VMWare at TechEd Europe 2005 Day 1

OK, so kind of an interesting topic for a Microsoft employee presenting at TechEd about Virtual Server and Virtual PC. However, if you're over at TechEd this week, drop into booth B29. They're a great bunch of guys - we had some interesting discussions comparing Virtual PC to VMWare Workstartion 5, Virtual Server to GSX, and finding out more about ESX and just a general chat. I gave one of them a keyboard brush with Virtual Server 2005 stamped on it which sits on top of your monitor, and was trying to persuade them to pop it on their monitor in the booth. Unfortunately, they bottled it once the stand opened this morning to the public, although I'm assured it will work its way back to their offices. I have another one, so I'll post up a photo of it when I can - however I only have the phone camera at the moment and don't think I have my USB lead to hook it up to my laptop over here. Maybe I should start something like the Channel 9 guy on his travels, but have the Virtual Server Keyboard Cleaner man instead. Maybe I could start his very own blog :-)

I haven't had much opportunity to attend sessions today as I've been busy manning the "Ask the Experts" stand and working on my presentations for Thursday and Friday. I did go through an interesting instructor-led hands-on-lab about VSTO - you can now write Managed Code to write add-ins for Outlook. This is way cool for me having a significant number of years dev background with Outlook and Exchange. If only it had have been around a couple of years ago.....

Generic scripted weekly backup solution - your feedback results

Following last weeks post regarding the script I used to back up my home Exchange 2003 SP1 Server running under Virtual Server 2005 on a weekly full backup with daily differential backup, I've received upwards of 30 emails, all positive, thankfully!!! I'm overwhelmed, so a big thanks to everyone who responded and I'm glad you found the script useful. The good news is that other people have discovered (as I already had) that it is not just useful for backing up Exchange, but for just about any generic backup including data folders or even system state. That only requires a change to the backup selection file. With only a few lines change in the code, I've also had people say they are using it for a monthly schedule - if you're interested in seeing these modifications, let me know and I'll post them up - it's trivial, trust me! 

Most interestingly for me, most people's comments were along the lines of asking why this sort of functionality isn't directly in ntbackup. Well, you'll find it in commercial backup solutions for sure, but they cost money which was absolutely against my requirements when there's perfectly good free software out of the box. My response has to be to use http://www.windowsserverfeedback.com. If there's enough demand and justifcation, the Longhorn Server team will recognise it and maybe it'll be there in 2007....

The one thing I will urge you to do, though, is remember to burn the backup files to DVD/CD/Tape and store them remotely. I use a combination of garage and a friends house just in case, but for an industrial strength solution, use appropriate storage facilities with firesafe and secured access etc.

Teched Europe 2005 Pre-Conference Day

So I'm over in Amsterdam right now on the Teched Europe 2005 pre-conference day. As much as I'd want to listen to some of the great full-day sessions today, including John Craddock talking about Active Directory Internals, Mark Russinovich talking about Advanced Windows Troubleshooting or a day in the company of Steve and Jesper talking security (my brain might fry before that one was over) to name but three, I've unfortunately got internal meetings over here most of the day. What's more unfortunate is that the pre-conference days aren't recorded.

Between you and me, I'll have to sneak out of the internal meetings, but please don't tell my boss ;-!!! I'm not speaking until Thursday and Friday, so I should get a chance tomorrow to listen in to the keynote and some of the other sessions. Just got to choose which ones now. I'll post up anything blog-worthy (which there's bound to be loads of).

BTW - my remote webmail and VPN connectivity back to home is working a treat from here - that is really cool. The VPN back to Microsoft CorpNet also works, but that isn't quite so cool as a) it means I can do some work and b) I didn't set it up

Better day at the office - disk problems solved

After my bad monday a few weeks ago with a corrupt hard disk, the good news is that I picked up my new laptop disk (finally!) yesterday and am for once having a reasonably good Friday. It's been a generally quiet day having been offline for most of it during the rebuild. Fortunately, the old disk stayed going to the bitter end of when I needed it to last, and somehow didn't cause me grief during the roadshows which ended this week in London.

I spent a while this morning attempting to directly image the partition from old to new drives, but was getting lots of read errors. Hence, the slow way was to re-install Windows Server 2003 on the new disk, get everything back installed again, and copy the data from the old disk.

With a couple of problems causing the loss of mostly trivial files (excepting a VHD with my R2 build which was really annoying), I just managed to get all the old data off before it went crunch, whirr, splutter, splutter, phut. That's it. A couple of hours flat out copying off all that data caused the heads to point their metallic toes to the great disk-god in the sky. At least I have an old chair around which could do with something around 9.5mm high to stop it wobbling. Seems a shame to bin it.

At least I should be set for TechEd Europe now. Just need to finalise the decks and think a bit more about the demos. More to follow over the next week.....

Smartphone is smarter than I gave it credit for

Bit of a Friday blog this, but this may be something you didn't know or maybe I just should have read the manual :-).

I've been using an SPV C500 Smartphone since joining Microsoft last September. It's a great phone, but I've had one small annoyance. As it turns out, it was just user error compounded by a wobbly button. One of the best things for me about the smartphone is the email client capabilities which I use extensively.

When you go into the messaging menu, you get confronted by 4 choices: Media Messages, Text Messages, Outlook E-Mail and IMAP4. I could use the numbers to select the correct one, but I prefer the central control on the SPV which has up/down/left/right and middle for click/double-click. You can just press in the middle when confronted with the menu to select the Outlook E-Mail option. However, due to a slightly wobbly button, the click often gets taken as down and I end up in IMAP4.

From here, up until this morning, I've been returning back to the menu before attempting to select the right option again. My discovery of the day is that the UI designers cunningly put in the ability to switch from IMAP to Outlook with a simple left click. Another left click to get to text messaging and so on until you cycle through each option.

Colossus Rebuild at Bletchley Park - Tony Sales presentation

I felt very privileged to be able to attend a BCS (British Computer Society) event held last night, purely co-incidentally, at the Microsoft Campus in Reading where I happen to work. The event was presented by Tony Sale and about how he led the project to rebuild "Colossus", the famous code-breaking machines used at Bletchley Park in the UK during World War 2. Colossus was used to decrypt signals encoded with the Lorenz ciphers. The Colossus rebuild, mostly complete, is now installed in Building H at Bletchley Park and I will now definitely take the opportunity to go along as soon as possible. Tony Sale has his own web-site at www.codesandciphers.co.uk which documents the rebuild project in far more detail than I could possibly start to document. Tony also presents at security conferences - I cannot recommend him more than enough if you get the opportunity to see him. He was an excellent speaker - interesting, witty and entirely captivating, especially due to his "secret service" background experiences and past contacts. It was also refreshing to see someone present without the use of a laptop and powerpoint - how often do you seen an overhead projector used these days? It must be close to 20 years for me.... I'm even contemplating trying it for TechEd this year, but don't think the organisers would cope [:)]

I have a particular personal interest in the history of cryptography, and can also recommend Simon Singh's book "The Code Book" as a great read. I think I must have read it at least 7 times now, and each time I enjoy it more than the last. I must have a browse through my bookshelf to dig it out if it's not too dog-eared.

Bad day at the office - disk help needed please

I know how you all love horror stories, so for what it's worth, here's my sob story for the day. The good news (if there can be such a thing) is that I have a (hopefully) reliable backup of my data as of the end of last week. The bad news is that my Seagate laptop hard-disk is currently 78% through a full diagnostic check and reporting over 20 bad sectors so far. Now I always thought that running a disk check would ensure that Windows wouldn't use bad sectors on a disk - I had a problem like this a few weeks ago, and felt that a disk check would suffice. However, I "lost" (they're on backup) some VHD files for some virtual machines this morning plus a few other miscellaneous files. Windows was reporting event id 7 in the event viewer.

So, to all those hardware knowledgeable people - do I chance the Seagate diagnostics to remap the drive to not use the bad sectors, or am I doomed to failure with this drive. I don't particularly want to rebuild, although I do fortunately have a partition backup for the boot & system partition, so restoring to a new drive could be useful. Also, do I go for something like the new "Momentum" 7200 100GB Seagate laptop drives - not that I could find a UK distributor for these or is there something even faster? Big and fast is my only real criteria - if they did 500GB 15,000 RPM Ultra-320 SCSI hard disks for laptops, I'd be there like a shot, but sadly I'm stuck with ATA-100....

PS Make that 33 bad sectors now :-(

Outlook Date Confusion

Here's some wierdness for the day. My collegue Eileen blogged about the Outlook calendar ending on 31st August 4500. As soon as she mentioned it, a light-bulb immediately lit up as I've done many years of Exchange developer stuff in the past ranging from raw MAPI, through CDO 1.21, CDOSys/CDONTS and CDOEx, not forgetting Outlook objects all the way from Outlook 98 through to 2003.... The light was a specific date in the Outlook object model for holding a "null" date. Curiously, and I still have to admit I don't know the answer, the null date value is 1st January 4501. So where did the days from 1st Sept 4500 to 31st Dec 4500 disappear to on the Outlook calendar?

Just to add more fuel to the fire, did you also know that the Outlook calendar starts on 2nd April 1601? I tried to do the maths see the significance of these why these dates were chosen, but couldn't come up with a power of 2 type reason. There are 1059353 days between 2/4/1601 and 31/8/4501. Converting this to seconds/minutes/hours didn't show up anything obvious. Of course, I didn't take into account September 1752 where (in the UK at least) we lost 14 days when switching calendars. However, Outlook doesn't seem to either when running in UK locales, but it's probably a little too far past the event to be that worried. Kevin, with the busy schedule he has may be more concerned though that he's lost lost around 10454400 seconds from his calendar.

Mind you, I've wasted enough seconds thinking about this and given myself a headache. If you happen to know of any deeper meaning, please let me know.

How-to install windows to an external USB drive

Part of the ongoing saga with my backup solution (see earlier posts today) was a seemingly fantasic way of ensuring that out on the road, should my laptop hard-disk fail, I'd still be able to continue working. The theory was simple. Install a base copy of Windows (either XP or Server - both would do as a backup) with a minimal installation of the essentials such as Outlook, Powerpoint, Virtual Server, Virtual PC etc. On a second partition or a DVD, make sure you have a copy of the virtual machines and whatever before setting out. If the main disk fails, it should be a simple case of performing a USB 2.0 boot (I have a BIOS which supports it and has been flashed to the latest level) to the external disk.

However, I got unstuck on installation. Both Server and XP get through the first text install and goes into the first graphical boot before consistently "BSOD"ing. I'm intrigued to find out if my theory is indeed possible, or whether it's most likely a hardware problem. Hence, if you've managed to do an install to an external USB disk, please let me know especially if there's trick to share - hours of searching the Internet didn't reveal anything. Fortunately though, I do have an alternative which does work, if a little extreme. Since one of my external disks houses a standard laptop hard-disk, by simply packing a small screwdriver, the disk can be popped into the laptop as a direct replacement. Of course, I've already set it up with a bootable partition ready to run....

Good news for popular people on MSN Messenger

Media Centre (MCE 2005) changing 4:3 to 16:9 aspect ratio and zoom mode patch

Having bought a 17" widescreen media centre PC at christmas, I was struggling to work out why the screen had reverted back to 4:3 aspect ratio and how to change it back. This was a tough nut to crack with neither the MCE help, intuition or the Internet turning over many stones (unless I just wanted to be envious about all those people with 50"+ plasma screens). I did work it out in the end though

While watching a TV programme, hit the "Info" button on your remote contol and select the "zoom" option to select which option you want.

You may also need to install the following patch as well, which fixed a problem with the third zoom mode not displaying correctly. It's fairly recent - was posted up on 28th Feb this year. http://www.microsoft.com/downloads/details.aspx?FamilyID=e3ca556b-29f6-4d69-a456-aeb0b92ad57a&displaylang=en

Scripting Clinic - what would you like to know?

• Fundamentals - concentrating on the language constructs in VBScript and an introduction to the Windows Scripting Host (WSH). No prior experience necessary.
• Scripting best practices - ways to make your scripts more robust including error handling, logging and debugging techniques
• ADSI and WMI - using ADSI for Active Directory administrative tasks and taking advantage of Windows Management Instrumentation
• Other handy object models - Use CDO to send emails, ADO to access databases, WScript built-in objects for parsing command line arguments, running scripts on remote machines and creating desktop icons (for example)
• Clinic - Share your experiences and bring your real world problems to a panel discussion.

Killing winlogon.exe remotely

MSN Messenger 5.1 Tab Functions

Windows Server 2003 as a client, MSN Toolbar Suite and Orca

I'm going to have eat a few of my own words now...  I blogged in December about the "IT Pro" way of getting an unsupported program to install on a Windows Server box without a hint of an SDK in site. I relent, the Orca tool is the best tool for the job, not appcompat. Here's why.

If like me, you almost exclusively run Windows Server 2003 as a client, you can lose out on too many things. Yes, SP1 introduces Media Player 10 and some other cool stuff from XP SP2 (yippee), but at the brass tacks level, you all want things like the MSN Toolbar suite, powertoys and all the other goodies.... The method I'm going to show you is pretty well bullet-proof, and will cater for a lot more than just the toolbar suite, especially if the product group removes the highly known-about TBSDEVCODE workaround from their installer, which they almost certainly will before it goes gold.

When I wrote my previous blog, I was running the SP1 first release candidate of Windows Server 2003 on my laptop. As many of you discovered, the appcompat method was a bit troublesome on the RTM, and certainly didn't work for many programs. I tend to play around far too much, and ended up breaking that OS installation. If you know me, I do this far more regularly than is healthy. On the bright side, I rarely actually need to activate the OS :-) For now though, I'm now back at RTM build and with demo's next week in the pipeline, can't afford to break it quite yet. I wanted to get a chance to play with the MSN Toolbar Suite, which is particularly relevant as it had another beta refresh very recently.

What you'll need is the GUI tool, Orca, from the Platform SDK. Note that you'll have to use the XP SP2 Platform SDK installer, and select just the Windows Installer SDK Tools. You won't need anything else. When the installer opens, set the options to match the screenshot below.

Download the MSN Toolbar Suite and save it somewhere on your hard disk. Note that this is an EXE which introduces one slight complication - you'll need to unpack it. If you just run the .exe from the command line, all the parameters are given to you on a plate.

Assuming you saved the .exe on the C root directory, run "c:\MSNToolbarSuiteSetup_en-us /T:c:\temp /C". This will extract a setup.exe and an MSI file into the temp directory. Note that if the directory doesn't already exist, it will be created for you. Next you need to fire up Orca which will be under your start menu. You just knew they'd use a dolphin for the icon. Once Orca is running, select File/Open and navigate to the MSI file in your temp directory. On the tree on the left, click on LaunchCondition to see a number of options displayed on the right. Now you can see why the TBSDEVCODE workaround works in the Beta.

Change the following setting from "(REMOVE="ALL") OR ((VersionNT>=500) AND ((WindowsBuild<>3790) OR (TBSDEVCODE=1)))" to "(REMOVE="ALL") OR ((VersionNT>=501) AND ((WindowsBuild<>3790) OR (TBSDEVCODE=1)))" - ie change 500 to 501. Finally select file/save and quit Orca.

That's all there is to it - just run the updated MSI to install. MSN Toolbar Suite is just so fantastic - I know there's a lot of talk on the Internet about it, but I'm finding that just after a few days of use, it's invaluable. That's for another blog, but I hope you found this walkthrough useful. [Disclaimer....] Just remember that you'll obviously be doing something absolutely unsupported, and there may be licensing issues relating to the Platform SDK which you should check up on before doing this.

MSN Search Launched

Kind of hard to miss the launch party. Well, as it happens I did :-)

Even though I'd consciously seen Bill Gates plastered over the home page of both www.msn.com and www.msn.co.uk on-and-off all morning, it never dawned on me to read what the story might be about.

You can find out more from Christopher Payne, Corporate VP for MSN Search on the msnsearch blog, who cunningly blogged it just before midnight last night.

Links:
MSN Search: http://search.msn.com or http://search.msn.co.uk for the UK audience.
MSN Search Toolbar: http://toolbar.msn.com or http://toolbar.msn.co.uk/ for the UK Audience

The future of the Windows-centric IT Pro?

Even though I'm probably now leading myself down a path where I'm going to be flamed from all sides...... where as I see Monad as a huge benefit in the long term, my concern has to be that it is going to scare the wits out of most Windows-centric IT Pro's in the community at large - this is drawing a very thin line between developers and IT Pros. Although somewhat generalising, it is (in my humble opinion) reasonably well accepted that many *nix administrators are comfortable understanding or authoring complex shell scripts, and further, most have a reasonable understanding of writing at least simple programs in C/Perl/PHP etc. My experience tells me that most Windows IT Pros try very hard to shy away from these types of skills.

So, a few thoughts/questions for to throw out for comment...

• Where do you see the skill sets of IT Pros heading in the future. Windows has gone a long way with GUIs making point and click management tasks easier, but are we all going to have to get to grips with the developer 'dark'-side as well?
• How many Windows IT Pros have at least one command prompt permanently open on their desktop today?
• How comfortable would you feel if you were told you have to understand the .Net framework and all that goes with it to perform your job in the future?

OS/2 Warp 4 (Merlin) - reminiscence using Microsoft Virtual PC 2004

A little off the beaten track for someone who works at Microsoft evangelising Windows, but following Ben Armstrongs recent blog posting here, here and here about getting OS/2 Warp 4.0 running under Virtual PC 2004, I just had to give it a go. After all, it's the weekend and I've been feeling a bit under the weather, so why not curl up with a warm laptop, wireless connectivity, kids quiet on the Xbox and an inviting sofa to try it out?

Many years ago, I used to be somewhat of an OS/2 guru, having first used it in 1993 back at the time version 2.11 had just come out. I even attended a couple of "ColoradOS/2" conferences way back in 1995 and 1996 (if memory serves me right), and met Paul Giangarra, the lead architect for OS/2 "Merlin" (one of the codenames). What is most worrying is how much you forget after only 6 or 7 years - it all comes flooding back (not).... MPTS, LAPS, WPS, E, the buggy Netscape Navigator for OS/2, Mahjongg Solitaire (now there was a good game). As I recall, I must have been one of the very first people to have a copy of Warp as I brought it back from the states to the UK before it was publicly available over here.

Installation of the OS is easy enough. However, my laptop doesn't have a floppy drive (in fact I only have one machine with a floppy drive now, and besides I don't think I have any disks hanging around anyway - how times have changed). To create the floppies, I simply created a new Virtual Floppy from an XP Virtual Machine, inserted the Warp CD (bit dusty, but still working fine), and run cdinst from the root directory.

THIS WILL FAIL!, but all is OK as long as it gets to around 99%. Once you have a 99% completed disk 1, edit cdinst.cmd and see what it does to create disk 2 and the installation disk needed during boot installation, and run the commands from the command prompt. Respectively these are:

\DISKIMGS\LOADDSKF \DISKIMGS\OS2\35\DISK2.DSK A: /Y/Q/F for Disk 1 and
\DISKIMGS\LOADDSKF \DISKIMGS\OS2\35\DISK0.DSK A: /Y/Q/F for the Installation disk
Note that the file has a %1 in the above lines which you can just lop out and run from a D: prompt.

The install is fine, as long as you heeded Ben's warnings about installing NetBIOS over TCP/IP during installation. I didn't the first time, and given how much I'd forgotten about MPTS and network configuration managed to get myself into a very big mess - fix pack's half installed, network only up once in every 5 or 6 boots, shared folders not working, SVGA mode stuffed. Hence, I went back to the drawing board and started a second time.

I wish I had have found this answer before giving up and going for the second install - it gives a great deal of information on setting up the Network.

The installation of the VM additions was possible before installing FixPak 15 which did surprise me - however, it enabled me to download fixpak 15 from my host machine, and use the VM Shared Folders to copy the extracted file onto the local drive of the OS/2 Warp Guest.

FixPak 15 wasn't quite as easy to install as I thought - unfortunately Bens link to the FTP site on IBM didn't work for me. However, it is downloadable as a .zip file from hobbes (there's a name I haven't heard of for years). To install it, you will need the CSF (Corrective Service Facility) version 1.43. If you use the link I provided, you'll need to download this separately, for example from here. Take care with the directory structure you use in the guest (ie the c:\os2serv\os2serv structure which Ben mentioned), or the fixpak installation will fail.

Ben's link for the SVGA display driver and installation was perfect. Thankyou.

Browsers... Back in the days I was using OS/2, before Warp 4 you were pretty much snookered. On the bright side though, these were the days of BBS's and modems and Warp had a very capable terminal emulator, and combined with PComm/2, you were pretty much sorted. Warp 4 introduced the WebExplorer, but this leaves a lot to be desired. Netscape came out with a highly unsatisfactory browser (I can't find the link now), but fortunately FireFox 1.0 is available for OS/2 today. Note that you'll need to install libc-0.5.1 runtime on which FireFox is dependent. The rendering was a little suspect, but still very usable. Now, if only Microsoft had a version of Internet Explorer 6 for OS/2....

Things to remember about OS/2. No, it's not a bit like Windows 3.x. However, it does make extensive use of the c:\config.sys (sound familiar?). Be careful how you edit it. I think I re-discovered this fact towards the end of giving up on my first installation.

Now for the great stuff. Once it was installed, I had to get the machine participating in my home domain. Yes, you can indeed do this. However, you will need to reduce the security settings if you are running Windows Server 2003. Start the Domain Security Settings snap-in, navigate to Security Settings/Local Policies/Security Options and set "Microsoft network server; Digitally sign communications (always)" to disabled. If you've got everything setup right, go back to a command prompt on the VM and type "logon <username> /P:<domainpassword> /V:d /d:<yourdomain>". You should get back "The command completed successfully". Try using "net view \\<server>".

Finally, a dig around found a copy of IBM VisualAge C++ for OS/2 - the compiler I used for many years. I haven't done much C programming in several years, but this did come flooding back. I still have a first edition Kernihan and Ritchie "The C Programming Language" book (the definitive C language guide) upstairs, but didn't need to refer to it to get a version of the "hello, world" program running - in fact, it compiled and ran first time. There's a load of fixups mentioned on the IBM site (most recent c.2000) , but I couldn't get any of them to download. Fortunately, I didn't need them.

#include <stdio.h>
void main(int argc, char* argv[])
{
printf("Welcome from OS/2 Under Virtual PC 2004 :-)\n");
}

And here's the screen shot....

I also found a copy of Database 2 for OS/2 (aka DB2/OS2), but that's for another day. Me and databases never did get along too well. I hope you found this useful - very much a trip back down memory lane personally. I'm sure I'll be reminiscing for a few weeks yet and have loads of utilities and other software on CD's somewhere or other. Now where can you get that really cool WarpSans font for Windows.....?

Photo-album on MSN Spaces

contoso.com - why, who chose it, is it an anagram, is there a hidden meaning???

I have to admit, I'd never given a second thought to the origin of the use of "contoso". Contoso is one of a handful of domain names used in many Microsoft demonstrations. One question asked me this morning was where the name came from, with a suggestion that it was possibly an anagram (but of what, I'm not sure).

After struggling to find anything on the Internet, I figured throwing this out to the wider Internet may yield a result. You never know. I have found that the name dates back to at least 1996 though (the days of good-old NT4).

New research into why Soda drinks are bad for your teeth

Everyone knows that fizzy drinks are bad for your teeth. However, after extensive research (OK, so 8 days being over in America), I have a new theory. The first couple of days I was out there drinking "Soda", I kept hitting my gum onto my teeth every time I took a sip of coke. I figured I was just jet-lagged, but I discovered the reason. The American can is 12 fl oz's (355 ml), where as the standard UK can is 330ml. Hence, the US can was ever so slightly taller. Very strange, and I'd love to know the reason why this is?

So given how blogging is a truly global phenomena, please comment as to "how big is yours".

Here's a picture of a couple of US cans. I would have added a UK can, but it's 2 in the morning and I don't have one to hand (yes, I'm jet-lagged coming back the other way).

Welcome to the USA. Blow into this pipe please sir.

The scale of the Microsoft campus is truly awesome. I'm over the Seattle for my first internal Microsoft conference this week, but thought this might amuse some people. I was out for a quiet meal last night and needed to get back to my hotel for 10:30 to phone home as it's my son's birthday. (Happy birthday!!!)

We were about to order a cab back, but another colleague offered us a lift. We took it, but on the interstate on the way back we were pulled over by the police. The driver was asked to do a "sobriety test", and the best part of an hour later was breathalysed, handcuffed and taken back to the police station.

This left us stuck on the highway about to have the car impounded unless myself, Eileen or Steve could drive it back. Fortunately, I hadn't been drinking, but I wasn't keen on driving on the wrong side of the road either.

The officer insisted that I was breathalysed too before going on my way, so my first experience of driving in the US turned out to be in another persons hire car, with the wrong sort of gearbox (I like manual gearboxes) starting on the busy interstate while being followed by the "smokies" for many miles. To top it off, our journey back was a good 20 miles more than it needed to be due to the excellent navigational skills of one of my colleagues (I'll leave that for you to guess which one it was). I never want to hear "I know where I am now, it's just up here...." again!

Add to this having a full baggage search at Chicago on the way out, a long delay on my flight out and two full days work at the weekend, it's been an interesting welcome to Seattle. I don't want to think what else could happen over the remaining four days.

You have a nice day y'all!