Here’s an interesting report that crossed my transom today.
An administrator of a domain-joined machine created a share, and wanted to make sure that it could only be reached by the administrators and local accounts on the machine (service accounts, basically).
So, he created the share, and edited its permissions – removed “Everyone”, added “Administrators” and “Users”; clicked OK and went away.
Domain users still had access to the share – and this somewhat worried the administrator. But, after some time considering, he thinks he has the answer, and removes “MyDomain\Domain Users” from the “Users” group; clicks OK and went away.
Surprise – domain users still have access to the share.
Before I give away the secret of how, can you see it for yourselves?
In case you’ve missed it over the past week, there was a storm in the teacup that we call the “blogosphere” (horrible name, someone please come up with a better one) over the delivery of a number of Acer Ferrari laptop computers running Windows Vista.
First, a clarification – this was a joint PR exercise between Microsoft and AMD. Not sure if that makes a lot of difference to the story, but it’s glossed over frequently in blog titles (including this one).
The laptops were sent to popular technical bloggers – I didn’t get one, but I know a couple of people that did. For many of the recipients, this was going to be the only way they’d experience Windows Vista, Microsoft’s new operating system release, in the next several months, because it’s quite a hazard putting a new version of an operating system on any live production equipment – and of course AMD got the benefit out of people seeing what they could do with a 64-bit system on AMD’s 64-bit processor.
[Me, I have to make sure my software works on new versions of Windows before they come out, so I bought a test machine just for that purpose several months ago - as did many of the laptop recipients!]
A number of blog comments went out – pretty much from the same two or three people, to judge from the writing style and choice of words – along the lines of “how dare you accept this free machine, your integrity is now compromised and I will never trust another word you write”.
I find this a little hard to understand. After all, when I read blog content, it’s because I look to be informed. If I can’t verify what the writer is saying, I’m going to take it with a pinch of salt. Over time I build up an idea of which blog writers I can trust through my own verification of what’s said, or whether they agree with other blog writers that I trust. Rather like reading a newspaper – you know that there’s a bias, you just have to spend time to figure out how much, and in what direction.
The second reason I find these complaints hard to understand comes when I imagine what my own behaviour would have been like. Let’s see, I receive something free in the mail, and it’s a significant chunk of hardware. Straight away, I’m making the choice “is this something I can use?”, and if not, I return it or give it away already (I haven’t the time or energy to try to sell it on eBay). Then, if I use it, and it’s a pile of crap, I post a review to that effect; if I use it, and I like it, I post a review to that effect. I don’t see how the provision of a laptop would change my opinions.
Even if you view the laptop as an inducement, it’s clearly an inducement to continue current behaviour, because it is your current behaviour as a blogger that has brought you to the attention of the PR company.
So I’m happy for those of my friends (and strangers) that have received a laptop, and I’m envious that I didn’t get one for myself. Let that be a lesson to you, dear reader – pass on my blog to others to read!
Now comes the kicker – the PR company used by Microsoft and AMD have responded to all this furore with a new email sent to the recipients of the laptops – asking them to either return the laptops or give them away after reviewing them. This is, of course, an “ask”, rather than a demand, because if you receive an unasked-for gift in the mail – addressed to you, you are allowed to do with it entirely what you wish.
I wish the PR company would simply “grow a pair”, and realise that there will be envious types who have nothing better to do than trash Microsoft, or trash people who are more successful or popular than they are (in this case, bloggers who are more popular than those guys who didn’t get laptops). Realise, also, that freebie review copies of hardware and software are a common occurrence in this field. I run several copies of software I got for free, besides a number of small pieces of hardware (thumb-drives, hubs, etc) that I have picked up here and there.
The stuff I like, yes, I’ll occasionally mention and say “I’ve been using Acronis True Image Workstation to image my systems for a few months, and enjoy the fact that it allows me to create local and networked image files, both full and incremental backups, that I can recover from by using a simple boot disk”. If the free software is bad, I’ll often simply drop it, but sometimes I’ll post something to persuade people not to buy the worst offenders.
But then, I buy a lot of software, too, and I’ll review that on occasion, too, whether it’s good or bad. If it’s really bad software, I’ll write something like “QuickBooks Pro requires that I run as administrator, and constantly pesters me to join a payroll service – for one employee, whose pay I can calculate in a thirty-second glance at a lookup table, if the pay hasn’t changed from last half-month.” If it’s something whose competitors I can use, or isn’t a business-critical function, I’ll return it to the store or vendor, as unsuitable for use. And I get refunds, so that sort of makes it a free review copy.
I guess the point I’m trying to make in this rambling article is that you should be aware that anyone giving a review of any product probably got it for free, and may be keeping it. The PR company used by Microsoft and AMD should be aware that some people will get irritated at other people receiving stuff they want for themselves. And those of you whining about blogs being compromised by this, take a good, honest look at yourself and ask if you would change what you were doing, if what you were doing had caused you to receive a laptop.
In December 4’s edition of eWeek, Jim Rapoza writes a piece titled “Mine! All mine!“, in which he decries the inclusion of Rights Management Services (RMS) in Windows Vista, comparing it to the rather unsuccessful launch of Circuit City’s DivX DVD player (not to be confused with the subsequent codec, DivX, that has been put into DVD players now on the market).
DivX was a protection measure that allowed Circuit City to “rent” a movie to you for watching over a couple of days, after which time the player would no longer play the disk that you had in your possession. Pretty much nobody bought a player, and Circuit City gave up on the idea – so much so that a group of openness advocates took the name and used it to make a codec for compressing movies, which is now used in more pirated movies than I care to mention.
Jim ends his article “As the history of the now-dead DivX player shows, people don’t like systems that tell them how and when they can use content.” – this would be appropriate commentary if, like the dead DivX player and disk format, the new system provided no extra features outside of RMS that made it worthwhile.
Windows Vista, with added RMS, plays existing – and new – DVDs with the same quality that you ever got before, and RMS features only come to play if the following conditions are met:
If the content could previously have been opened without requiring RMS, it can still be opened without activating RMS – RMS is not forced on you by the operating system, nor even by the application – it is forced on you by the provider of the content. Unlike Circuit City’s defunct DivX, this is not intended for commercial use, but for corporate use – where the purpose is to remind your honest employees that they shouldn’t be printing or forwarding sensitive email without permission, and to remind your dishonest employees that they’re about to do something that will get them fired.
Like all DRM, it can’t be made perfect – you can always take a photo of the screen, or stick a tape recorder’s microphone close to the speaker – but by having to go these more extreme routes, rather than simply printing the message, or copying the audio file, you demonstrate that you’re willing to ignore the wishes and rights of the content provider, and will happily pay the consequences.
RMS will not be the death of Vista, and its inclusion by default may even improve its adoption in corporate circles, where such protection is appropriate. RMS can be downloaded and installed on other platforms, too, should you wish to protect your documents from users of current operating systems.
If you find that content is unnecessarily protected with some form of DRM – whether it’s RMS, or some other standard – take it up with the content provider. Microsoft is in the business of making and selling technology that its customers want to buy. In this case, the customer is the content producer, and they want to buy a copy of Outlook that they can use to send their employees proprietary and confidential information with something significantly more intrusive than a “please don’t copy or print this message”.