Just a quick commentarty on what appears to be a trend at Microsoft, Don't Lead, Just Follow.

Over the past few years Microsoft has released some pretty good products. Exchange 2003 had some much needed updates and I would not even consider running another email/collarboration product. XP obvuilsy dominates the desktop and had some nice updates to the core Windows 2000 it was built on. The Small Business Server 03 package was a huge improvement over prior releases and actually makes deploying it a no brainer for any small business. Can you though think of any product release from Microsoft in the past 3-5 years however that was a must have product that was not either an upgrade from a prior bugged version or a clone of what some other company was already producing?

Google dominates the search market so what does Microsoft do, they dive into a major search push with both desktop, enterprise and web search solutions. I'll admit I don't have an Ipod but it appears everyone else does so what does Microsoft do, they annouce they will ship a MP3 player. Latest news is Google released a web based Office Suite so what are the rumors, Microsoft will put a variation of Office Works online. In the meantime Vista, Microsoft's latest desktop OS which has been delayed time and time again is still in Beta and to get it released Microsoft has pulled feature after feature out of the product. 

Guys this is not market leading technology if your either copying everyone else or buying up ideas that you did not think of yourself. Foldershare, a neat application to allow you to share documents between PC's, bought by Microsoft not designed by them. Groove, another similar product for sharing, again not designed by Microsoft but they sure own it now. A fantastic set of tools for working with Windows and finding out what's actually going on called Winternals, bought by Microsoft, not designed by them. Got bugs in Windows, use Giant, oh wait Microsoft buys a product which protects Windows from it's own security problems and calls it Windows Defender, I won't even comment on that. Need a great search program for Outlook and anything else on your PC then go get Lookout, oh wait Microsoft bought them too. Hey surely Microsoft didn't miss the VOIP market since products like Skype are taking off but wait Microsoft buys Teleo a VOIP provider. Are you seeing a trend here?

Sorry Microsoft I may be a partner but your not leading the industry as of late. There may be big changes inside SQL 2005 over SQL 2000 but the public wants to see the differences and they don't see it. It looks from the outside as if all the real talent is headed for the doors as fast as they can and any new products are just relabeled Microsoft products that Microsoft had nothing to do with until they bought it.

Windows exec Valentine leaves Microsoft

Head of Microsoft's ERP business bows out

Brain Drain at Microsoft

What is Beta, where do you test Beta and do you install Beta Software on anything remotely considered a production box? 

A beta version or beta release usually represents the first version of a computer program that implements all features in the initial software requirements specification. It is likely to be unstable but useful for internal demonstrations and previews to select customers, but not yet ready for release.

From Office Beta to MS AntiSpyware/Defender MS’s position on what is a Beta and where you install it has been very muddied over the past year. This morning however I got an email from MS telling me to boldly go forth and install not only one Beta but TWO Beta applications on my CUSTOMER’s network:

“Download Forefront Security for Exchange Server Beta

Protect your customers' Exchange Server 2007 messaging environments from viruses, worms, and spam. With a layered, multiple-scan engine approach, Microsoft Forefront Security for Exchange Server helps stop the latest threats before they impact users. Download the beta today. “

So not only am I as a Microsoft Partner apparently to be installing Exchange Beta 2007 on my customer’s sites but an add on application, Forefront Beta, as well. If this is not a mixed message from MS as to installing Beta software into Production then I don’t know what is. Note it does not say deploy this in your test setups it says deploy it into your “customer’s Exchange Server 2007 messaging environments” meaning as a Partner I should have my customer’s running a Beta product as their primary messaging platform.

This is not the only product with such mixed messages from MS on what you should be doing with Beta software. Understanding that we as Techs may have a background in what a Beta is and means but many customers and novice techs are reading this stuff as well and from what I see MS is telling those people “Install Beta Software into Production”. Just take a look at some of these statements right off of MS’s “Marketing” websites:

MS Office 2007 Beta: “Evaluate the next release of Microsoft Office products”

MS Office 2007 Beta: “Preview the 2007 Microsoft Office system”

MS Office Live Essentials Beta: “With Microsoft Office Live Essentials, you can take your business online”

Visual Studio Beta: “deploy applications based on these products in production environments”

Windows Defender Beta: “install it on your 2000, XP, or Microsoft Windows Server 2003”

IE 7 RC1 “Be sure to download Internet Explorer 7 RC1 today”

Then there is this from the Vista site:

“Windows Vista empowers people to work more efficiently, helps your teams collaborate and communicate more effectively—regardless of their location, enables your IT managers to lower costs and increase security, and improves your organization’s ability to comply with reporting and regulatory requirements.”

So it certainly appears to me that MS is telling end customers that Beta software is for everyday use and we as Partners and our customer’s support staff should be deploying this stuff. The Defender Beta says to deploy it on your Servers meaning I guess I can start web browsing from my server now as well. In the case of Vista it would appear I must be overcharging my customers if I have not deployed Vista already since it “lowers cost and increase security”.

If this is not a mixed message on what Beta is then what is it? Not only this but to suggest we install Beta development tools into production setups to push out production applications slaps any concerned security types right in the face. Build a web app with a Beta product, deploy it on a Beta web server and offer it up to your production environment is what I see from some of this stuff, oh while your at it and go ahead and browse the Internet from that server because it’s got Defender Beta on it.

If your running Microsoft CRM 3 and your getting the errors below then I might have a fix for you.

Like I said this MAY fix the problem and it appears to have fixed it for me, at least so far I've not seen the error since I made these changes. On top of the Windows Event shown above it appears the application pool crash was leaking over to my other app pools causing some of my public facing Sharepoint sites to have issues.

Anyway if you want to give this a shot here is what I've done so far. If you make these changes I make no claims or warranty as to this "fix" and you are taking all responsiblity for doing so (and all that other legal BS)

 

To set permissions on the folders for the IIS_WPG group, follow these
steps: 1. Start Windows Explorer, and then open the following folder:
   %systemroot%\Help\iisHelp 
2. In the right pane, right-click the Common folder, and then click Sharing
and Security. 
3. Click the Security tab, click Add, type IIS_WPG , and then click OK. 
4. With IIS_WPG selected, click to select the following check boxes under
the Allow column, and then click OK:
   . Read and Execute 
   . List Folder Contents 
   . Read 
5. Open the following folder:
   %systemroot%\system32\inetsrv 
6. In the right pane, right-click the ASP Compiled Templates folder, and
then click Sharing and Security. 
7. Click the Security tab, click the IIS_WPG group, and then click to
select the Full Control check box under the Allow column. Click OK. 
8. Open the following folder:
   %systemroot% 
9. In the right pane, right-click the IIS Temporary Compressed folder, and
then click Sharing and Security. 
10. Click the Security tab, click the IIS_WPG group, and then click to
select the Full Control check box under the Allow column. Click OK. 
To set permissions on the folders for the NT Authority\Network Service
account, follow these steps:
1. Start Windows Explorer, and then open the following folder:
   %systemroot%\Help\iisHelp 
2. In the right pane, right-click the Common folder, and then click Sharing
and Security. 
3. Click the Security tab, click Add, type NETWORK SERVICE , and then click OK. 
4. With NETWORK SERVICE selected, click to select the following check boxes under the Allow column, and then click OK:
   . Read and Execute 
   . List Folder Contents 
   . Read 
5. Open the following folder:
   %systemroot%\system32\inetsrv 
6. In the right pane, right-click the ASP Compiled Templates folder, and
then click Sharing and Security. 
7. Click the Security tab, click Add, type NETWORK SERVICE , and then click OK. 
8. With the NETWORK SERVICE group selected, click to select the Full
Control check box under the Allow column, and then click OK. 
9. Open the following folder:
   %systemroot% 
10. In the right pane, right-click the IIS Temporary Compressed folder, and then click Sharing and Security. 
11. Click the Security tab, click Add, type NETWORK SERVICE , and then
click OK. 
12. With the NETWORK SERVICE group selected, click to select the Full
Control check box under the Allow column, and then click OK. 
After you have completed these steps, restart the IIS Admin service from
the Services snap-in or from the Computer Management snap-in.

Like I said so far so good but only time will tell if this is "the" fix.

I will admit I don't use Veritas Backup Exec and only support it at a few client sites that already had it in place prior to my taking over the sites. That said I understand it's basic setup and features since as with Arcserve most backup software is similar in design. So why can't I get my backup jobs to complete without the need of a user to click "OK" to Tape Alerts?

Well it appears I am not the only person wondering this as a quick search of Symantec Forums found multiple users with the same problems and unfortunately multiple answers from Symantec as to the fix, some of which do nothing in fixing the problem.

The problem itself is when you select "Eject Tape" as part of the backup job you will end up getting a Tape Alert somewhere between 96%-99% complete asking for the user to "Remove the Tape and Press OK". As soon as you open the Alert menu and click ok to the Alert the job will finish and eject the tape but not without that user intervention.

The solution you would think is to open the Alert Configuration and under the Media Alerts set the Alerts to "Automatically Clear Alert to say 1 minute however that does not seem to actually do anything to fix this problem:

The real solution however is to open the BEUtility found in c:\Program Files\Veritas\Backup Exec\NT. With this utility you can set the responses to be used by Backup Exec as default. Once open find your media server or add it if necessary and then click "Edit Configuration" and change your "Automated Responses" as needed, for me this was "Yes or Ok" to all options but the Insert Alert:

Then for good measure I clicked the Repair Database from the Database Task.

Since making those changes my jobs are running just fine, the tapes are ejected and my alerts go out just like they should. Hope you find this helpful.

Here we go again with more personal data loss by companies that should know better. This time it's Wells Fargo, AGAIN, and again it's from letting the data out of their secure network (or at least we hope it's secure).

What is it with these companies that have not learned one simple rule, DON'T LET YOUR DATA GO OUTSIDE YOUR PROTECTED NETWORK! This is just the latest in a rash of data losses being reported this year where there was no hack of the network, the firewall was not breached, somebody did not break into  the office and use some fancy hacking tool to get into the servers but rather the company took their data and put it in harms way. There was the IRS employee who checked his laptop with his luggage which was subsequently stolen (DUH),  but the Veteran Affairs gets the Blue Ribbon for two losses once by Unisys when they lost a computer and then again when an employee took a laptop home with over 26 million veteran records on it and it was stolen. That is only a few of the many breaches this year all of which occurred when the data was taken offsite and it was not encrypted.

People if your not familiar with some of the basics in security let me just say this about data security. If you spend millions setting up secure servers, located in secure buildings, that can only be accessed using secure passwords over secured links you just wasted your money if you let a vendor TAKE THE DATA HOME ON A LAPTOP!!! There is simply no excuse for this to happen folks. If these vendors and employees need this data to do their job then very simply verify the laptop is secure which BTW does not mean it has a Windows Password enable. BIOS password, Biometric access requirements, Windows strong password, Antivirus installed and up to date, Third party authentication and more should be required to even let the laptop out of the office and that's not even discussing the requirements for access the data. The data itself should not be anywhere but in it's secure location and if these vendors and employees need access then you setup secure connections allowing them remote access. By setting up VPN's and other secure channels to view the secured data by the remote user you can log the data access, verify their right to view the data and most importantly the data stays on the servers and not the laptop they are using. These are not unheard of rules for data access but it seems to be a foreign concept to some of these companies who keep losing data.

A Few of the Lost Data Reports:

• IRS lost data on laptop at airport
• Equifax lost laptop on a train
• Chicago Employees Data Lost by Contractor
• Compass Health laptop with customer data stolen
• Bank loses multiple laptops
• Chevron vendor loses laptop with employee personal data
• Hope the Navy doesn't lose ships like they do data
• USDA stolen laptop from car
• Red Cross Laptops Stolen

Just go Google "Personal Data Loss" to see hundreds of stories on data loss and why there is just no excuse in these losses.

One last note about some of these reports where the company makes some sort of statement like "the data was password protected". Guys this means nothing! Any Windows system can have it's password bypassed by using a multiple tools found on the web if you have access to the system. In the VA's case where they say the laptop data was not accessed they have no clue if that is true or not because any tech worth a damn knows how to boot a laptop using a CD and then making a copy of the laptop's HardDrive without ever changing a single file on the laptop itself. Now that the tech has a copy of the HD he can access the data as needed leaving no tracks on the laptop itself. Even if that system was using Windows encryption, which in this case it wasn't, it would not take long using some very basic tools to gain access to any and all data on that HD. Not to scare everyone to death but it takes very little effort to access a stolen laptop, make a copy of the HD and then return the laptop but still have all the data which you can then access as needed later on. In as little time as it takes you to go into Walmart a serious thief could break into your car, copy the laptop and put everything back and you would never know the difference while the thief now has all the data and all the time in the world to crack whatever protection is on it.