Monthly Archives: July 2007

You are browsing the site archives by month.

So why did they move that?

So why did they move those file locations in Vista?  More granular control so that we can change permissions and tighten up program settings is my understanding (I can’t find the page and given that I read it outside with the crickets with a mini booklight last night as we were without power until 6 a.m the following morning is it any wonder that I can’t find in the book where it said that)


\Documents and Settings is now \Users
\Documents and Settings\All Users is now \Users\Public
\ProgramData\Desktop is now \Users\Public\Desktop
\ProgramData\Documents\ is now \Users\Public\Documents
\ProgramData\Favorites is now \Users\Public\Favorites
\ProgramData\Start Menu is now \ProgramData\Microsoft\Windows\Start Menu
\ProgramData\Templates is now \ProgramData\Microsoft\Windows\Templates

 

So where did they move THAT?

Page 91 of this book lays out the facts….


\Documents and Settings is now \Users
\Documents and Settings\All Users is now \Users\Public
\ProgramData\Desktop is now \Users\Public\Desktop
\ProgramData\Documents\ is now \Users\Public\Documents
\ProgramData\Favorites is now \Users\Public\Favorites
\ProgramData\Start Menu is now \ProgramData\Microsoft\Windows\Start Menu
\ProgramData\Templates is now \ProgramData\Microsoft\Windows\Templates


I guarantee I won’t hurt you if you do this setting versus shutting off UAC completely

I’m putting folks on notice… while I won’t be too pleased that you do this… but I’d rather folks do an alternative setting in group policy controlling the User Account Control prompt than the alternative of shutting it off completely.


Okay step one you need to go buy this book:  And then as you read this you’ll begin to understand why it’s important that we understand in Vista that when people say “but I’m running as Administrator” they really are not THE ADMINISTRATOR.  They are not the BUILT IN ADMINISTRATOR and thusly things will be different.  And while it’s nicer if you are running as a standard user, even if you are running as an administrator (small caps), you are not THE ADMINISTRATOR like you were in XP era.


So if you are a geek and those UAC prompts are driving you nuts first I’m going to ask exactly what are you doing that makes you get them… like are you fiddling with network connections all the time or what?  and secondly I will say that I’m sorry they don’t drive me nuts they REMIND me of when I’m up in the “nosebleed” rights area and I should be careful.  But IF and ONLY IF you want to be less annoyed, read page 150 of that book and set up a separate Organizational Unit/Group policy and put the geeks of the office that will annoy you in their complaining with Vista the first month or so into a special bucket so they won’t see that secure desktop prompt.


What you need to do is build an OU and change the group policy setting to do this:


http://www.microsoft.com/technet/windowsvista/security/security_group_policy_settings.mspx#_User_Account_Control


Under this section:


Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options


 User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode


Now keep in mind you won’t see that up on your SBS box and you’ll need to connect to the group policy from your Vista machine (I’ll do screen shots later).  The default is to prompt for credentials… you can set it to “Elevate without prompting” and the elevation to the admin will be silent.  Now this is a bad thing because a malware could be designed to hop on that elevation and get up to admin rights… but (and this is a huge but) it’s WAY better than shutting off UAC completely.  Setting this setting leaves IE 7 in protected mode which is an EXTREMELY good thing while turning UAC off completely will turn off IE protected mode as well.


You might even consider setting this setting for a month or two after vista machines are first installed so that your users will be able to install and do the things they think they want to do and then a month or so later, take it back to the defaults where it will prompt you.


I’ll bet you that after this first install period of time you won’t see those prompts nearly like you did before.


But I guarantee you I’ll be less apt to beat you over the head with my 2×4 if you change this setting  to silently elevate and not use the secure darkened desktop (which is really a screen shot of what you were working on setting up the elevated session) than if you turn off UAC completely.


Give it a try…. and then turn that prompting back on after a while.  I’ll betcha you won’t see it much at all after the machine is set up.

I’m going upside down in November

 



Where will you be this November?  I’ll be upside down.  That’s right… at www.smbfocus.com I’ll be with Wayne Small who will be hosting and presenting the ITPro conference in Australia.  Along with me will be Jeff Middleton, Dana Epp, Amy Babinchak, Dean Calvert and Ryan Spillane and lots more.


So get ready to get upside down in November! (I’ve even put the logo for it on the side of the blog!)

Batteries and more batteries

My sister and I each have certain connections to the outside world we can’t live without.  Mine is an internet connection, her’s is the sound of a TV.  Which is why when the power is out AGAIN (it was off earlier today) I’ve got the laptop fired up and she’s got 8 D batteries in a Sony TV watching Wheel of Fortune.  Not that she’d normally be watching that mind you, but just that it’s “noise” to the outside world.


So for me my “fuzzy safety blanket” is a computer with an IM session going where even Dad can ping me when I’m on a trip and check that I’m safe in the hotel (yes.. Dad still checks in on me).  But it goes to show you how much both my sister and I are dependent so much on power.  Without power and energy there’s not much that you can do. I’d argue that energy is a key element in any business. 


But we found tonight that we needed batteries as  well,, for the cell phone, for the TV, for the laptop, for the Kitchen area…. yeah… I didn’t get out of doing the dishes though…dang… the City of Fresno has generators for the water wells so our water still works.


http://en.wikipedia.org/wiki/Business_continuity_planning


<edit: http://www.fresnobee.com/updates/story/100035.html it was a birds nest that started the power outtage, and it didn’t come back on until 6 a.m. Tuesday morning>

The Official SBS Blog : Active Directory FTP User Isolation Mode (IIS 6.0)

Today’s SBS blog moment is brought to you by Wayne McIntyre 


The Official SBS Blog : Active Directory FTP User Isolation Mode (IIS 6.0):
http://blogs.technet.com/sbs/archive/2007/07/30/active-directory-ftp-user-isolation-mode-iis-6-0.aspx



On the inside of my LAN I have ftp enabled for two key business scanners.  Yes it’s a risk, but to me an acceptable one.

Well that was easy…

http://msmvps.com/blogs/bradley/archive/2007/07/29/a-palm-750-in-the-house.aspx


Well that was easy.  I literally connected the Treo 750 to “my” computer, ran through the “connect to exchange activesync” wizard, stuck the two certs (I have ISA) on the device that I have parked on my computer and voila.


The easiest way to get a cert off your system and on to a device is to go into IE and find the two certificates, both in your trusted root certificate store in IE and export them anywhere.  Then put the cable with the device, go into explore …..



Once the device is attached, go into Explore and find a folder location that you can remember to find on the device.



Dump the cert files into this folder location


 


Now take the device and typically it’s a matter of tapping enter on the cert to “install” it on the device.  The 750 didn’t need any hacking or unlocking or anything to get it to accept the self signed cert.  Heck it didn’t even mind being temporarily activesync’d to a totally different workstation.


Now to figure out if we can do Comcast email “and” hotmail email “and” Outlook Exchange all at the same time….. 

Compatibility in Vista


When you are installing software on Vista, you may have to right mouse click on the setup and “Run as Administrator”.  Once it’s installed, if it balks a bit at running under Vista, try right mouse clicking on the icon, and go into the compatibility tab and clicking on “Run as XP sp2″.  If that doesn’t work try all the way down to Win98.  As a last resort, click on “Run this program as administrator”.  Now in a true locked down network you should use fast user switching in a domain and run the crappy apps in another profile to keep them away from the secure apps, but I’m going to guess that many firms don’t or won’t do that.


The other issue you might see is this –
http://msinfluentials.com/blogs/jesper/archive/2007/01/16/help-vista-won-t-let-me-write-to-my-external-hard-drive.aspx but I guess I’m the weird one as I don’t find the UAC prompts annoying and in fact when they do pop up I keep track of the apps (including Microsoft ones) that are still needing UAC help.  Live meeing does the yellow warning along with Live messenger on this Vista (but then again I need to see if I’m running the right Live messenger version on this Vista at home)


P.S. the thing that takes a while to get around your head is that even when logged in as administrator you aren’t quite logged in as Administrator like you were in the XP era.  Admin isn’t Admin and it takes a bit of getting your head around.

A Palm 750 in the house

http://www.palm.com/us/support/downloads/versamail/certmodtool.html
http://discussion.treocentral.com/showthread.php?p=1202566
http://www.palm.com/us/products/smartphones/treo750/


I was just put on notice that the office a partner of the office is now the proud owner of a Palm 750 and the thing on my agenda tomorrow is to get the self signed cert (yes we still use self signed certs) to be put on the unit so that they can be sync’d with the server.  If you use like a godaddy cert you won’t need the certmodtool, but if you don’t, you will.

Codename Bobcat


I was cleaning up the upstairs office and found that I’m a packrat.  I found what ended up being SBS 2003’s first beta disks.  Way back in November 2001 was the first beta of SBS “Bobcat” what ultimately became SBS 2003.  That became a long beta due to the SQL slammer and security push.  (We even patched SQL during the beta with these “by hand” instructions that were pretty lengthy).


What was in that first beta was not what we ended up with in SBS 2003.  Bottom line… while being involved in betas lets you see the direction that various companies are heading towards, sometimes even as a beta tester you can be surprised about the changes that are made.