I’ve been pinged a few times by folks looking at the CRM 3.0 SBE version wanting to know how to go from Standard to Premium.  They get the Premium CDrom package and want to know if they can go up to Premium without having to reinstall all over again.

…and the answer is …”Well of course you don’t have to reinstall”….but I guess if it was that obvious, they wouldn’t be asking.

All you need to do is buy the Standard to Premium upgrade SKU and just merely add the SQL on top of what you have.

The CRM 3.0 implementation guide is here…. and in Chapter 14 they talk about installing on SBS.. just watch out for an issue called out here.

Title: Microsoft Security Advisory Notification
Issued: February 28, 2006

Security Advisories Updated or Released Today

* Security Advisory (912945)
 – Title:    Non-Security Update for Internet Explorer

 – Web site:

Okay so read that……..

And this is a non security update that replaces a security update and will be replaced by a security update, but it’s not a security update.

Got that?  (yeah… I’m going huh?  as well)

Okay so you want to know what this is really all about?

In general it’s a process called “Rembrandts in the Attic” and I don’t think it’s always a good thing when some of the patents issued are very vague.

And yeah… in Shavlik or WSUS you don’t have to approve it.

There’s a thread going on PatchManagement.org listserve and according to some folks I am severely deficient in allowing my end users to leave their computers on.

Because they say, when a system is turned on, it opens up a hole for intruders to drop things on those boxes.

They only want the systems on when a user is there, and they trust their users to patch their machines.  That to leave the machines on for remote access is insane of me to even think of doing.

I find these ‘absolute’ conversations to be quite interesting.  Because it’s my belief that there is no such thing as a black and white answer in security.  It’s about risk analysis and finding a balance.  Of being just enough security, of the right amount, at the right time, in the right amount of annoyance so that end users don’t find a way around it.  Because at the end of the day, security HAS to take an equal weight with the business of the firm.  If it takes an extreme higher priority, then you might as well turn off the computers and servers, and stop doing business.  Because if you go and live on an island with no computers and no need for interactions, that’s probably the only way you will be absolutely secure from all technology risks like Identity Theft and what not.  Of course then you will have a new set of risks to worry about.  Just go ask the folks on the TV show Lost about the risks they face “without” technology around.

I find the thoughts that “you must turn off your system otherwise bad guys are sitting there dropping bad things on your systems” to be an interesting thought.  If you believe your internal network to be that infected, then yes, design your network with that risk and threat in mind.  In my mind you must then design the network such that you assume all tcp/ip packets are hostile and you cannot trust anything that you cannot verify coming from something you trust.

It’s my understanding that Microsoft designs their network in this manner with an IPSec set up so that unless you have a SmartCard you don’t get domain access.  Conversely all the new Network Access Protection stuff that’s coming down the pipeline looks very interesting to better protect and ‘vet’ the connections coming into our networks.  But in a small network, it’s my opinion that I can still do what I need to do to have a somewhat more ‘trusted’ internal network.  Now I’m sure I’m absolutely the naive one, but with the additional tools I have  –like the SBS build in monitoring email, and ISA 2004 and the Scorpion Software’s Firewall Dashboard (that just is releasing a final beta as a matter of fact) can help keep me a smidge informed that once something happens (please note I said when not if as one should always be prepared for the worst) I can act as fast as I can to take whatever actions I need to do.

But I think for someone to say “look at the packets hitting your desktop firewalls, all those bad guys trying to intrude” means that I shouldn’t be just calmly looking at those firewall logs, but having a heart attack and freaking out and trying to either block the entry point, or figure out what machine on my internal network has gotten owned and starting an investigation.  As someone coined the term… “draining the network” at that point and rebuilding it.

I guess I’m of the opinion that if I can’t reasonably protect with “good enough” security machines that are merely turned on, how in the world can I protect them when there are end users sitting at those machines using them?  Our end users are not trained in security AT ALL.  The entire computing industry has done a poor job in educating us at all on technology, let alone securely operating computers.  Walk into ANY office and talk to an end user about the application they are using and I’ll bet you that they don’t know how or if their systems are being backed up, they don’t know anything about patches, or care about firewalls, don’t understand that bad guys are being paid $10,000 a pop for vulnerabilities, and I would argue that it’s not their job to be that geeky and know all about that… it’s mine.  There job is to just do what they need to do, sticking sticky notes on the monitor for all the ‘to dos’ that they need to do.

I don’t trust my end users to be on top of patching like I am and I want to be the one installing and approving patches.  I don’t want them to be the one assigning risks to email attachments, it’s my job.  There are some users of technology that telling them to look for a button in a tool bar is asking them way way too much.  Now maybe we shouldn’t have those folks using computers, but the ugly reality is that we have these users in our networks, using technology.  So we’d better plan our networks for these folks.  Ensuring that as much as we can we build in secure processes that aren’t such an extreme bother that folks go around it and find another way to do their job. 

I know they say that the network guys shouldn’t be in charge of the security because there’s a conflict of interest, but where is it in the computer security book that the folks on the business side can’t be involved in this process of security as well.

Because folks at the end of the day this is about acceptable risk.  And quite honestly I cannot see how you can make a determination without a business hat at the table.

I just don’t think that the risks that are acceptable for my network are acceptable for yours.  Especially not if we’re not the same size and you don’t have the technology that I do (like Remote Web Workplace).

And you know what…. that’s OK.

Subtitled…. “Does Susan blog too much?”

Earlier today I talked about the member of my SBS Partner group who said he was getting near information overload from all the various vendors and sources of Small Business Information.  My earlier post was asking us to brainstorm about the ways to make the various “official” web sites better. 

This post is about “What if you were in charge of the Universe” and could change anything you wanted to on the community listserves and newsgroups and blogs and web sites and podcasts and what not…..

It’s come up before that someone has asked us a few years ago that wouldn’t it be grand if we in the community could all come together and coordinate and work on the ultimate perfect SBS site/web/wiki/thingamabob in the world.  There’s one problem.  Because we all come from various places all over the world, and for most (if not all) of us, the things we work on are a labor of love and volunteerism so you’d better make it in a venue that we find “entertaining” while we volunteer on it, it’s hard to get coordination from a bunch of volunteers.  Add to that that most of us are control freaks, or that getting a collaborative site would probably mean that someone would have to sit down and understand licensing…and well…. this is why we sort of have all these places to go to for information.

So how do you harness this spirit to be able to make it easier for folks to find things with ensuring that the person in the community likes to do it and gets an “attaboy” for doing it?  Look at all the volunteer energy that folks give around here.

It’s not easy is it? 

I call SBSers “cockroaches”.  We’re little, small, indestructible… and we’re EVERYWHERE.  It seems like everytime I turn around there’s someone in some venue asking a question about SBS.  And sometimes I know it’s hard to be aware of all of the venues and resources and web sites and links and…. just everything we’ve got around here. 

So let me ask this again…. So how do we as a community do better in helping you, the Var/Vap not get overloaded with information?  I was reading the book by Shel Israel and Robert Scoble and one of the things they said was to blog consistently.  Once a week, Once a month, Once a day.   But be consistent. 

The other day Jeff Middleton pointed out to me that I was about a three times a day blogger.  And I think he’s right.  A break at lunch.  And two at night before going to bed for relaxation.  But am I blogging too much?  Should this blog be more on just techy geeky stuff or do you mind the occasional introspective post… the every now and then (okay so it’s probably a bit more often than every  now and then) rant post?

What about our other communities?  Are the listserves getting too much into theory?  I think we’re not as patient in the listserves as we used to be….and I think we’re getting too much into theories and arguments and maybe a lot of folks are tuning out?  What do you think?

Grey Lancaster used to say “kill folks with kindness” and “be patient with newbies”.  Now that “small business is big business” are we as patient with the newbies?  Should we be?  Or should we say “You know, if you are serious about small business, show it by buying a book, reading, and then come back.”  Or should we follow Grey’s leadership and welcome folks into SBSland and help them learn and grow in this profession?  Because all of us started just like that, with a kind word from Grey.  Including me.  When I was cleaning out my SBS 2000 notes and paperwork I found a bunch of newsgroup posts that Grey had done in the newsgroup that I had saved.

So how would you make the community listserves better?

How about the podcasts?  What topics aren’t being covered that you’d like to see (not that I don’t think Vlad and Chris and Suzanne and the SBSPodcast gang aren’t picking fabulous topics…but since we’re brainstorming…let’s have some fun and see what we can come up with)

What about SBS Partner groups?  I know that SMBTN.org is doing mini conferences and emphasizing ‘business’ talks as well as tech ones.

Blogs?  Websites?

What other community resources could be made better and how?

Now I’m not promising that I can keep myself to one post a day…but let’s just brainstorm on some ideas.  How can we make the community resources better than they are now?

So if you were in charge of the universe…what would you do?

The other day in my SBS Partner group this topic came up…. Do we now have what we asked for …. And is it too much?

It was about how before in SBSland there was a veritable waste land of information.  We shared because we found that when we relied on each other we learned more, we shared the “been there and done that” information.  Even the Microsoft partner site was geared toward certified and bigger partners.  The comments I heard from folks that while it looked nice, it was hard to navigate around.

So here we are… about a year… year and half later and the comment was made that now, instead of the wasteland, we’re tripping over Small Business information all over the place.  To the point that we’re getting overloaded with stuff. 

I mean I was telling someone the other day about the resources and it was kinda silly… Podcasts over there….. webcasts here….. listserves… and web sites….. and are we getting too much information?  And are we getting the right kind of information that we need?  But at the same time are we not ensuring that once people have met a certain milestone that they have access to the right kind of information and someone or something is filtering out the noise so they can do a better job and they are rewarded for stepping up to the plate and being serious about Small Business.

Every now and then I like to do what I call “what if you were in charge of the Universe….what would you do?” and think about how we can do things better in SBSland.  It’s something that Jeff Middleton of SBSMigration.com once asked in the newsgroup.  I’m going to do a series of two posts… in this one I’m going to put you guys on the spot and ask how you think Microsoft could do a better job, and in the follow up one, I’ll ask you how you think the Community of SBS could do a better job (including me). 

Now I’m not promising that anything will happen because of these questions… but sometimes…just bringing stuff out in the open and hearing different ideas give us things to think about long term (and okay so I’m hoping folks in Redmond may just get an idea or two from the feedback posted, so it will be a fun experiment nonetheless).

So now I’ll turn it around to ask about the various community and partner sites in SBSland:

Right now there are three major landing places for SBSers and web site that are official from Microsoft…… the www.mssmallbiz.com site, the Microsoft.com/partners site and the new landing place inside of that that is unique for SBSCers.

If you were in charge of the perfect site(s) for SBS partners….both registered AND Small Business Specialist Certified…. what would you do to make it better?  Would you leave the www.mssmallbiz.com site just the way it is? Use it for a launching point to the Partner site?  Have all Microsoft information regarding SBS behind the Microsoft partner portal?

Here’s my two cents of why I like the www.mssmallbiz.com site just the way it is.  And this is just my opinion so I want you to think about your thoughts on these sites and post in the comments about what you think. It’s a little bit rough.  Unpolished.  Got some frayed edges on it.  It’s a Sharepoint site.  But it looks like something that a busy Small Business owner would put together.  It showcases the very technology that SBS has in it.  Sharepoint.  It sends me Alerts when there are new things.  It helps people join in the small business marketplace by putting out the welcome mat and letting people come in without having to register for anything right at first.  They can look around a bit before walking in the door.  A lot of stuff is in the window where you can take a look at it.  There are notifications and alerts. 

Now let’s look at the Small Business partner site behind the Microsoft portal and the SBSC partner portal.  You can only get there once you register.  It was funny but on a SBSC listserve someone asked if having that designation would “put your clients off” because they would perceive that you were not independent.  Let’s be honest with ourselves…..there is a definite lack of trust by both clients and Vars and Vaps of Microsoft.  But at the same time, for those folks that have stepped up to the plate and taken the certification and “paid the dues” you need to ensure that they have something special and unique that they get out of the certification.  But are there enough “push” technology from these sites?  RSS feeds?  What about the newsgroups?  One of the advantages of the Partner site is access to the managed newsgroups because you are guaranteed one on one Microsoft engineers.  But because I can’t search them as well as I can the public newsgroups via Google Groups, I’ll be honest and say that I tend to use the Public newsgroups as a resource, where as the Partner newsgroups are more for a one on one issue resolution venue.

Then there’s the issue of getting folks to sign up for the Partner site.  There’s many a time I have to urge a person installing SBS networks to sign up for the Microsoft partner site.  And then there’s the issue of “so can’t I look at what I get before I sign up for it?”

I’ve been involved in other organizations where a credential process has been underway and it seems like everyone struggles with this.  You have to have the bar for entry such that a ‘critical mass’ gets the credential.  But once this critical mass has been reached, you need to raise the bar so that the credential means something.  Then you need to ensure that there is information and value unique to that credential so that others will want to be part of the membership as well.

Coming from where we have been in SBSland, the historical place where we share everything to anyone…. to now where we honestly have to step back and say… you know …maybe we need to organize ourselves a bit more and start asking for things changed and let those who have ‘paid their dues’ have a little bit better space over there…but still keep a space over here as the Welcoming committee place.

So what do you think?  

If you were in charge of the Universe and could do anything you wanted to the Partner and SBSC sites, what would you do?  Do you use the www.mssmallbiz.com site?  What do you like?  What don’t you like?   How would you make the Microsoft Partner site for registered partners and SBSC ones better than it is now?

I think there should be more RSS feeds and push technology.  I know that I visit www.mssmallbiz.com a lot more than the SBSC site because stuff gets pushed to me.

So come on… let’s brainstorm!  See what things we can come up with as ideas….and then we’ll ask.  Hey, they can always say no, but you have to at least try to ask in the first place.

Dear Greg:

When I asked you and others to look at the SBS R2 webcast I wanted you to look at it from a “new client” viewpoint.  When you say that “how can I sell this to my existing clients?” you are right.  This will be a hard sell.

But I think all of the “Gregs” out there are missing the point on this release.  Regardless of how we feel about it, listen to the webcast again… hear how the emphasis is on new clients?

Can you answer one more thing for me?  Why is it that even to this day there is evidence that we have SBS 2003 boxes that don’t have Service pack 1 on them?

I know I’m in the serious minority of how much a PatchAholic wacko I am, but you know what…. I shouldn’t be.

That’s what R2 is all about.  And yeah while some of the more talented in SBSland can roll out WSUS in nothing flat, it’s pretty obvious to me that many of you guys and gals out here have not installed it, have not even tried it, and are not using it.

Now granted WSUS can’t put SBS 2003 sp1 on that box, but if you haven’t begun the process of getting a Patching process in place, then when that new client of yours shows up on that doorstep with a R2 box in tow, and you’ll look at that WSUS going…. okay what the heck is this patching thing about anyway….needless to say you’ll be starting off on the wrong foot.

Yeah, the first thing you should understand about me is that I will throw on a patch or a hotfix to a server or workstation without blinking an eye, but it will take me longer to roll out a Service Pack.  I’ll wait, and I’ll see, and I’ll test on a test box, but I roll it out.

Right now the word on ISA 2004 sp2 is that we’re seeing some issues with websites and downloads, and yeah if you must have it installed, the best advice is to delete the cache, install SP2, then disable the compression filter.  (Obviously not a biggie for us down here anyway).  Due to the time of the year at my office…. I have not installed it.  But the best advice I can give on patching in general is ….

  • Get a test program in place
  • Learn how to google for issues (hint put the KB article in the Google Groups box and chances are you’ll hit someone talking about an issue)
  • Install it on your machine…and then let it bake before rolling it out to others. Yes, Microsoft tests these…but the cannot test them with every line of business stuff you have.
  • You don’t have to be first. I still remember the day that Windows 2003 sp1 came out and someone downloaded it and installed it during the lunch hour.  I mean come on….

Service packs are a big change management.

So yeah Greg… don’t look at this as something you’ll necessarily need to get for your existing clients unless they are looking to get the SQL 2005.  Instead I’d be looking at those clients who could benefit from a member server running Windows 2003 R2 for your existing client base.  Or looking to upgrade folks from Standard to Premium (which of course is ONLY one cdrom, you do NOT need to start over and install the entire Premium cdrom set, all you need is the ONE premium disk and you install the SQL…like for example for CRM 3.0

But don’t blow this release completely off.  Because for the PatchAholic that I am, this is a milestone for us.  Be proud that SBS showcases how far patching has come in Microsoft.  Realize how this means a lot of work has gone on under the hood.

Okay so I was playing this morning with Vista where “admin” isn’t even really admin and to get yourself as a real admin you either have to tell the system “yes, I really want to do this” or you have to click on “Run As”.

I have a concern though.

I love it.

But I think we’re going to have to take every single bit of marketing energy behind this and let people know exactly what it’s doing and why it’s doing it.  Just like folks don’t trust what patching does to their system now, I think this needs a strong does of end user/end consumer education.  I want a Security book/video …something…to be inside every OEM Vista system shipped.

People don’t understand what’s going on under the hood with Windows Update and Microsoft Update I think they need to be educated as to what Vista is doing here.  How when even running as “admin” the Internet Explorer says it’s running in “protected mode”.

Get ready folks for a lot of RunAs. And every time you do it, remember it’s the sign of a sucky app……

…and let me just say that Quickbooks 2006 doens’t much like Vista and leave it at that….

I was multi tasking a bit this weekend and the CTP build for Vista came out so I loaded that up last night as I went to bed in a dual boot manner.  So I’ve been flipping back and forth between Vista and XP when suddenly this evening the XP side of the world, dealing with the NIC card starts to freeze up the computer.  Then starts the fun stuff…the NIC loses connectivity. 

You know how hard it is to google up a resolution to a technology problem when your google can’t google because of loss of tcp/ip connectivity?  And because of course I really didn’t have a lot of time to be messing with fixing this…suddenly I became an Expert Vista user real fast. 

I still have to find the settings from Sandi that you can use in the registry to tell this blog that I’m not IE 7 but rather IE 6 so for now I’m on the wirelessly connected laptop typing up this warning about always leaving yourself a back door.

Whether that backdoor to the Internet is a wireless laptop…or… a Vista partition, make sure you have a way out to the Internet.  I can even get there via my Cingular Air Card these days.

You running Microsoft update?  You are?  Good.

I want you to click, Start, Run and in the box type in windowsupdate.log and hit enter.

Now scroll around that file… see what it is?  Is the history of your Security Updates.

I’m stealing these from Robear…..in case you need any WU/MU info.

How to troubleshoot Windows Update, Microsoft Update, and Windows Server Update Services installation issues:

1. See the “Need more help? Tell us what problem you are having” section of

3a. Check Windowsupdate.log (%windir%\Windowsupdate.log) for errors associated with the download/install.

How to read the Windowsupdate.log file:

3b. Compare errors to those listed here:
http://inetexplorer.mvps.org/archive/windows_update_codes.htm and/or go to http://windowsupdate.microsoft.com > click on Help and Support link in left pane > Solve problems on your own.

4. Windows Update Checklist:

5. Windows Update-specific newsgroup:

Archive of Windows Update newsgroup:

Some girls go out on dates on Friday nights….. I have a date with the SBS Podcast gang:

The Official SBS Support Blog : Inside SBS Episode #15 – The Transition Pack:

And after that… I’m going to head on over to the TechNet Webcasts and try out their Podcast content:

TechNet Webcast Weblog : Podcasts of TechNet webcasts – can it be?: