Lately I’ve been doing some work in Win2k8 RC0 and when you work on “big server” platforms, you forget all the little things that you take for granted on SBS that .. are just there.  When you fire up Win2k8 Enterprise and look in the group policy management console, the first thing you will notice that it’s a blank slate.  And I do mean a blank slate. 

Now while some would say “Oh this is cool as i can set it up the way I want to”, I’d argue that there are efficiencies because I’m not having to reinvent the wheel.

Firewall policies for Vista and XP are preconfigured.

WSUS policies in place already. 

The foundations are built for you.

And I strongly feel that if SBS ‘fits’ the small business, you are doing them a disservice if you choose the regular server platform.

Does it fit in all places?  No. But when it does..and you don’t install it.. man you are doing a client a disservice.

I buy a Mac Mini and a Social Engineered Trojan hits the news…


But the story at points out that Social Engineering is the hardest one to patch for and the threat is now on the Mac platform as well. 

All you have to do is entice me enough to think it’s a normal app that I want to install and you have me nailed. That’s not hard to do these days.

Well here I am… with the laptop on wireless… I’m sitting in the living room with sounds of “Trick or Treat” wafting down the street where I live.   This year is the first year of the “daylight” Halloween ..where 5 p.m. was still light because we haven’t moved to daylight savings yet.

So far we’ve had more kids ..either due to the time difference …or the fact that the weather this year is very mild. 

Based on my unofficial candy count… I think we’ve had about 125 or so kids, teenagers tonight…. and I think I hear some more coming up..

When I first read this .. I went.. no way… they didn’t do that did they? And I had to fire up the OS and drill around and check…

All the operational computers in my network look like this…

Now mind you .. BSOD’s happen so infrequently that when they do it’s such a rare treat to dig up Peter Gallagher’s blog post so I can figure out what third party driver was the culpret…

I did have one last week but that was a known self induced event anyway due to not following my own cardinal rule of using a driver from Microsoft Update.

But you know… Apple needs to get on board with Interoperbility.  Having Macs and Windows side by side working happily is what he’s all about and embracing technology to just work better together is what everyone in this industry should strive for. 

That icon is indeed a bit lame in a shipping product.

Three interesting threads.

I personally didn’t notice surfing delays on the Leopard so I can’t confirm that I’ve seen that issue here in the office, but there are some default settings in Leopard that definitely make me poke under the hood a lot more.

“Allow all incoming connections” was the default setup.  It would be nicer if stealth/set access was the default.

Another ..hmmm… long term is that wise?  Guest is enabled…

Leading to tell tale signs of it hitting network resources until I provided authentication.  Another …hmmmm … will have to understand that more….


A good moment?  Where Safari in one click will allow you to go into private browsing mode.  Nice touch.

The hmmmm …. moment was the web page before where Safari autofilled my contact in and I didn’t realize that it was going to keep the MacMini registration as auto fill info as the auto fill info.

It just points to recent posts where privacy and security is different for different generations.

Updated info on connecting a Mac to a SBS is here:

Connecting a Macintosh to an SBS 2003 Server via SMB (2007):

Author: Eriq Neale

Sometimes it’s nice to just pretend …. what if I were in charge of the Universe.

Well the first thing I would do is that I would put out a formal statement (and not just a blog post) about how I’d be planning to help the patching admins clean up the Windows Desktop Search …. well…mess that was blogged about here: 

I’d state a timeline of actions and I’d give people a variety of tools, options and guidelines to pull that patch back off.

I’d first build a scan tool that would allow folks to scan their networks for that patch.  MBSA is already build, how about a special build that would look for that Search KB/registry?

I’d then give guidance on removal. 

I’d take what was added as a suggestion on the blog…

Put the script in your Active Directory Computer Startup GPO and this runs with the necessary rights, also /norestart if you don’t want it to retart the PC
[ instead of /promptrestart  ]
 %windir%\$NtUninstallKB917013$\spuninst\spuninst.exe /q /promptrestart

And I’d see if there’s more options I could do to help admins.

And then I’d start a WSUS advisory council.  Okay so it’s probably too much to ask that there’s an external WSUS test network, but if there was some way that Microsoft would have WSUS deployments monitored around the world so that when they deployed something, they could call the admin and just say “everything okay?” and confirm that what was intended to occur, really did occur.

But first off… I’d make a formal statement.  No this isn’t because blogging is maturing or dead or anything else… I just think that Blaine and his fellow Patch Admins deserve it is all.

1.  I think the router on our DSL freaked yesterday we lost DSL connectivity for most of the day and all night and today I had to log all the way into the DSL modem/router before it would connect to the Internet.

2.  Our Ricoh copier thinks it’s an hour earlier… obviously we missed that patch….

Heard about some VOIP systems that had some minor date issues.

And I had patched all the phones so didn’t see this..