And I'm working on some slides in advance for Portland's Technology Wizards presentation on Patch Management that I'll be doing for them remotely via Office Live Meeting. I need to add some screen shots tomorrow of the various patching tools, but one of the things that I want to stress is something that Dave Sobel talks about in the managed services group time and time again... it's not about the tool... it's about the process.  And without the process in place, the tool won't help you.

But also keep in mind that patching these days isn't just about Microsoft applications.  From Sun Java to Adobe Acrobat to all sorts of applications that need patching.

Last but not least, one thing that disturbs me a bit in the patch world are people not wanting to patch because they are afraid of the issues they will hit.  Just today someone was saying they were hesitating on installing R2 and wondering how hard of an upgrade it was.  If you are updating the Standard SBS 2003 sp1 to R2, it's not that bad at all... for premium it's a little trickier with the SQL 2005 workgroup upgrade...and just make sure you don't leave your keys in the server room as a good best practice tip (if you are a follower of the blog, you'll know what I'm taking about... if you don't.... trust me.. it was a blonde moment)

And a private note to Russ, the answer is there isn't such a thing.... when someone has one... they often are the best ones...

If anyone truly needs the information in this document for an installed network that they are working on? 

Download details: SBS 4.5 Fax Client patch install instructions:
http://www.microsoft.com/downloads/details.aspx?familyid=297f5606-2941-405b-80c5-ca7add67ab4e&displaylang=en

Can you please take a gun to that machine and shoot it out of it's misery?

And this next document that showed up on the download site tonight ... I mean not only is this "new on the download site" according to my RSS reader...but to add insult to injury... not only is it about SBS 4.5 (may it rest in peace) but it's about the POP connector... or at least I think it's about the pop connector as the first incarnation of 'pop' in SBS 4.X was an eturn solution that no ISP knew about... I still remember that I found via the newsgroups the J...something... aftermarket pop connector program that was the piece of the Exchange puzzle that we needed to have the pulling of mail from ISPs that didn't have a clue of what you were talking about when you asked them if they supported SBS's eturn mail setup.

http://www.microsoft.com/downloads/details.aspx?familyid=bcd69fad-fd54-4e0a-b6cb-1bd77b62ce38&displaylang=en
Exchange Connector for POP3 Mailboxes for SBS 4.5 Getting Started

and while this isn't quite as bad..

http://www.microsoft.com/downloads/details.aspx?familyid=6d6199b5-2f7a-4cd3-bf12-4d6f5208282c&displaylang=en 
Disaster Recovery for SBS 2000

This must be blast from the past on the download servers tonight or something...

Look how 'cheesy' those GUI screens look back in the 4.5 era!

How to selectively prevent users from sending or receiving Internet e-mail in Exchange Server 2003 or in Exchange 2000 Server:
http://support.microsoft.com/?kbid=924635
You receive a warning message in the Application log when you have File Server Resource Manager installed on a computer that is running Windows Server 2003 R2:
http://support.microsoft.com/?kbid=924035  (keep in mind we don't need to do this in SBS as that membership is already there)
How to change the default settings for File Server Resource Manager (FSRM) in Windows Server 2003 R2:
http://support.microsoft.com/?kbid=925638
Windows XP-based computers that were installed by using a Volume License product key might be marked as non-genuine:
http://support.microsoft.com/?kbid=926333
Error message when you install the Microsoft .NET Framework: "Configuration Error: Unable to load JIT compiler (MSCORJIT.DLL)":
http://support.microsoft.com/?kbid=926065

Articles and vendors have been going around about how Vista will lock other vendors out of the 64bit kernel in order to keep the operating system safer.

Some vendors argue that it's another monopolistic move on Microsoft's part.  Dr J weighed in with this blog post on the subject in fact.

Okay so read that...... and when you get done, come back here.

Okay .... now I want you to read this:

 http://www.securiteam.com/windowsntfocus/6Z0032AH5U.html

Now tell me again why it's a good thing to not do everything and anything that can be done to block the kernel? If the very software that is supposed to keep us safe ends up making us more insecure?  How is this a good thing?

If Symantec can screw up their coding like this... do we really want them mucking around in the 64 bit kernel even more?

This reminds me of the American Health care system, no one truly wants to reform it because they are all making money off of it's current setup.  We need to stop fixing the patients (the computers) after they end up in the emergency room (after the rootkits) and place more preventative medicine in the pipeline in the future.

Until we stop the illnesses, none of us will get well.

(update:  Another interesting take on the subject can be read at Joe Wilcox's blog --- I don't have any 64bit machines running here at my office so I think he has a valid point)

If you have been following the IE blog and Sandi's blog you would know that IE7 is going to be shipping this month.  So how do you get ready for it?

First off understand that while it will be available on automatic updates, everyone will still have to approve the EULA before it's installed.  So it's not just going to show up on your desktop one day.

Next, load it up on one workstation... see what websites and line of business apps that are affected.

Make sure your key applications work.  So far on my tests everything is working just fine.

But don't panic... and ensure you test.

This keeps you one step ahead of everyone else.

I don't allow everyone in my office to have external IM in the office.  I happened to catch Exchange 2000/SBS 2000 on software assurance and caught Live Communication for internal only instant messenging.  If you do allow your firm to have external IM and you want to do a bit of control, here's a KB to add a bit of control...

http://support.microsoft.com/?kbid=925120

How to block MSN Messenger traffic and Windows Live Messenger traffic by using ISA Server

This workstation is one of my few that support 64 bit... and so I was trying to partition it off into another harddrive so I could get ready to load up Longhorn beta on it, but no matter what I did it would not repartition.  So I'm using Acronis Disk manager 10 and from the windows gui and it wouldn't work.  So Charlie Russel (author of SBS 2k3 R2 admin companion) tells me the way to do this is to boot from the Acronis media boot maker.  He said to boot from the boot media maker, then go in and resize the existing partition and then on the newly made empty space, right mouse click and make a 'new partition'. 

Sure enough that was the trick... of course now the Longhorn dvd won't accept the prior product keys... but at least the repartitioning finally worked. 

Between HP and the recent issues of the Board of Directors, to threads on PenTesting forums, there's been a lot of talk about ethics lately.  And lately there's been a question of ethics of software . 

I'm tired.

I'm tired of free software.  Really I am.  Because there's no such thing.  Someone pays.  Advertisement to pull your eyeballs or to entice you to change your mind is one way that 'free' software gets paid for.  Someone pays by having to figure it out all by themselves or with a community because there is no official support. 

I want ethical software.   Software that only installs what it says it will install so I don't have to read install instructions.  Software that doesn't install pop up blocker bypasses and IE BHOs. 

I want ethical websites.  Websites that don't load up back ads when I click to them. I surfed to two the other day.. one was a Disney-ish blog, the other Experts Exchange.  It annoys me when they to back ads like that.  Stop that.

So the next time someone says "oh go try this software, it's free!" ask back.. "what's the catch?" Because at the end of the day, one way or another, we all pay.

...and with respect to Mr. Paciullo?  If you want to step up to the plate and be a leader of your community?  To be a leader?  Drop the 'sponsorship' bundle.  It damages the computing experience when installed.  And if one more person comes up and says "well everyone knows not to install it it's crapware"...well then sir... if everyone knows not to install it, it's not exactly effective revenue generation means now is it?  So why do it?

There are other ways to earn revenue from endeavors.  Brian Livingston has the most ethical way of all that I've ever seen. You like what you see in his 'paid' newsletter?  You set the price.  You heard me.  You decide how much you value it.

But there is no free software...just like there is no free lunch.

From Bob Scott's Consulting Insights...

SPREADSHEETS RULE.
Despite the fact that there are all sorts of tools out there for analyzing data, the overwhelming majority of businesses still run the numbers through spreadsheets. That was the conclusion of an Aberdeen Report called "Service as a Profit Center: The CFO's View." The survey showed that 91 percent of C-level respondents from 150 companies use spreadsheets as their primary analytical tool, which proves that in this arena, big business and small businesses aren't much different in their inability to break the spreadsheet habit. (Thanks to Ibis for posting this survey.)

http://www.ibisinc.com/CFOWhitePaperform.html

So how many of your clients still use spreadsheets to bridge one application to another?  Too many in my opinion. 

So the other night I installed SQL 2005 workgroup on my R2 box and I had copied the cdroms up to the server and installed from there.  When I did that, at the end of 'cdrom 1' I got this error.

But see it wasn't really an error, it was expecting the second cdrom.  So I started up the setup.exe from the folder of cdrom 2 and if I remember right it was "client components" was on cdrom 2 that I checked to install and the install finished up without a hitch.

"Under Client Components, click Management Tools, and then click Entire feature will be installed on local hard drive. Click Next to continue, and then complete the wizard."

http://www.microsoft.com/downloads/details.aspx?FamilyID=29CB973D-41D8-4A5E-9312-90982A0FC164&displaylang=en 

So if you have a dvd or you download the files to your server and don't use the cdrom... just pick it up where it left off and finish the install.

When you install R2, make sure you read the install instructions -- http://www.microsoft.com/downloads/details.aspx?FamilyID=29CB973D-41D8-4A5E-9312-90982A0FC164&displaylang=en 

After you install ISA 2004 you'll need to install ISA 2004 sp2 for an issue with the MMC 3.0 and ISA 2004:

It is important that you install Service Pack 2 (SP2) for ISA Server 2004 if you are also installing the Windows SBS 2003 R2 Technologies. SP2 for ISA Server 2004 resolves a known compatibility issue with Microsoft Management Console (MMC) 3.0, which is included in the R2 Technologies. To obtain SP2 for ISA Server 2004, see the downloads page for ISA Server 2004 at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=22657).

Today I had to go fix a scanner copier... all I did was to basically 'reboot' it... but it was funny how when asked to fix it .. I was asked to "speak geek" to the machine.

Sometimes the help menus you get on computers and machines aren't clear are they?  Because they assume you have a knowledge of the machine or the device.  And if you don't?  You need to ensure you find someone to "speak geek". 

Do you give your clients something to help them 'speak geek' with their networks?  How about putting those 'speak geek' documents on their sharepoint site?

http://support.microsoft.com/kb/919009/en-us

Hey that Fax KB is finally public now!  This confirms that there is a patch out there and all you have to do is call for it.  And remember these calls are always a free call for these hotfixes.

P.S.

In addition to the MSFT hot fix, Cantata has now released an official signed driver update to address the Shared Fax hang issue.  Although we expect that most Shared Fax users will not be running the number of fax ports in a server to likely see this issue after applying the MSFT hot fix, we still recommend application of the Cantata driver update.  This will ensure that all the latest updates to resolve the hanging problem, are applied.  Our driver update is available at this link on the Cantata web site:

 http://www.cantata.com/support/productinfo.cfm?frmProduct=Shared%20Fax&frmCategory=Download&frmKnowBaseID=2210&Level=2

Well that's a polite service pack now isn't it?

SQL 2005 sp1 just warning me that it has files in use and needs me to shut down services if I want it to not make me reboot.

Dear Mr. Judge... or to be politically correct... Dear Ms. Judge if the Judge turns out to be a woman:

Right now I don't know who you are, if you will be an US Judge or an European one, but whomever you are, I want you to think of the decision and impact you will have.  You see right now every time I see a computer with a coffee cup in the bottom right hand corner indicating that I've been remiss in updating a Sun Java installation, I think of one of your counterparts.  Every time I go to a web site that makes me "click here to activate control" I think of another of your counterparts. And in both instances, the stances that these two Judges took, about the trade practices of one company has not made me more secure.  Not one bit at all.  IE's additional click just annoys, and leftover Java JRE's can be used by malware to infect.

So when you decide about whether McAfee or Symantec has the right to mess with the Kernel, know this:  Last night I had to unstall Trend Antivirus on my Dad's computer because when it auto updated, it got screwed up and locked down his Trend personal firewall.  But here's the thing, I set it up so that he would be protected by the Windows firewall, not Trend.  So here was some third party company who took it upon themselves to muscle in on a decision I made to change it to there product.  Okay so I'll give them the benefit of the doubt that it screwed up upon the upgrade.... But how come you don't go after Symantec for making a product that you have to use the registry editor to clean it out bit by bit?  How come you don't consider that impact?

How about you just consider that the decisions you make just might have a bigger impact than just 'business'.  Some of this stuff has security impact as well. 

Just think about that, will you?

Windows Genuine Advantage:
http://support.microsoft.com/gp/win_genuineadvantage

This specially designed support center is primarily for IT professionals and users who are more inclined to work through technical documentation.

Check out the newly opened WGA site for IT pros with tips and tricks for troubleshooting WGA issues....

Also you can check out the WGA blog which has the announcement about the Vista and Longhorn WGA enhancements.

Windows Genuine Advantage : New technology to protect Windows Vista and other products:
http://blogs.msdn.com/wga/archive/2006/10/04/New-technology-to-protect-Windows-Vista-and-other-products.aspx
 

Very nice!

http://www.justgiving.com/susanne

Way to go!

Congratulations to Oliver Sommer who won the German MS Partner award - Best Small Business Solution 2006 with his "Wake on LAN for Remote Web Workplace" (WOL4RWW) Add on to SBS 2003!

Nick talks about it here.... and Oliver's site is here!

Very very cool and congratulations Oliver!

Petergal's SBS Blog : Installing and Configuring the Windows Mobile Stand Alone Emulator w/MSFP Images:
http://blogs.technet.com/petergal/archive/2006/10/02/Installing-and-Configuring-the-Windows-Mobile-Stand-Alone-Emulator-w_2F00_MSFP-Images.aspx

If you ever need to debug or figure out why a mobile phone isn't mobilizing... then follow this post and download this emulator tool. Hands down this is the best way to debug issues with phones because you can kick up the error logging on the device and see what is happening.

Chris Rue has a way more visual how to, but if you want the non visual speed reading version... Peter's will do just fine.

http://blogs.zdnet.com/microsoft/?p=26

Mary Jo Foley reports that the next version of Vista will have Volume licensing activation.

Good.

'bout time.

Because those of us in the SBS world have been activating using our media for a while now.  And just this last weekend Microsoft Licensing folks told a SBS var/vap that the SBS 2003 R2 media that he would be getting from MS fulfillment could be used for multiple installs, that the product key could be "reused".  WRONG.  The media you get from the Open License has a unique product key on the back and you should not use it for multiple installs.  It's also activated.

So if in the Vista era more folks will have to deal with what we deal with all the time down here?  Good.  Maybe then the issues of Disaster Recovery of WPA machines will be better addressed to address the fears many var/vaps have over Product Activation.

So you are a Bob the System Builder kind of person right?  And you want to ensure that the machines you build have all the security patches, but you can't do that without Activating the machine and doing the WGA thing right?

Guess again... there's now a way that "Bob the Builder" can build a secure deployment for your customers... check it out!