Q&A With Gary Olsen: Active Directory

Gary Olsen, a solution architect for Hewlett-Packard's Technology Services organization, a Redmond magazine contributor and a Microsoft MVP,  takes some time to answer some of my questions on the status and future of Active Directory.

And for those attending this year's TechMentor conference, don't forget to catch Gary's speaking engagements.  

Q: How do I know if my Active Directory infrastructure is healthy?
A: Sometimes you don't. Active Directory is often self-healing in that it will still "work," but not efficiently. If you aren't watching, it will lull you to sleep until something really bad happens.

Q: Do I have to spend an arm and a leg?
A: No -- that's the point of my session ["Active Directory Health Assessment and Troubleshooting -- Five Answers You'd Otherwise Pay For"]. All these tips use native tools, but you have to know which ones to use and how to interpret the data. That's not hard, as you'll see in my session.

Q: What kind of tools does Microsoft have?
A: Very basic ones that have been around since Windows 2000, just waiting for someone to wake them up! In my session we'll explore Repadmin, event logs, ipconfig and dcdiag -- and MPSReports, which is a free download.

Q: Do I just use these tools once, and then I'm all set?
A: That would be nice, wouldn't it? Because they're free they don't have fancy monitoring capabilities, so you have to do more manual intervention. However, periodic checks are easy when using a tool like MPSReports, which runs a plethora of these tools and can be scheduled to run if you like.

Q: What happens if I don't give Active Directory a checkup?
A: Possibly nothing. But just like anything else, you run the risk of something breaking and causing an outage. I saw one case where the admin reported a domain controller was not replicating. Looking in the logs, it hadn't replicated in more than three years. So while you could say it wasn't broken, it wasn't efficient, either -- and if you let enough of these slide, it can lead to a disaster.

Q: Do you expect Microsoft to update these tools as new OSes arrive?
A: Microsoft updated these tools regularly until Windows Server 2003. Many of the old standbys are obtained from the Windows Server 2003 resource kit, and some were added to the Windows Server 2008 OS as native tools, but most have not been updated. The basic ones I'm going to demonstrate are available and still work well in Windows Server 2008. We'll see about Windows Server 2012.

Want to learn more? Gary will be speaking at our Techmentor 2012 conference, being held at Microsoft HQ in August.

Posted by Doug Barney on 07/10/2012 at 1:19 PM0 comments

Q&A With Mark Minasi: Evaluating the Private Cloud

Mark Minasi is one of those Microsoft MVPs that does it all – he's a  technical consultant, a speaker and an  author of over 40 books relating to Microsoft and IT.

So to say that his opinion carries some weight is an understatement. I recently got the chance to pick Mark's brain on the emergence of the private cloud and what kind of impact it has for your shop.

Also, if you want to hear Mark's often opinionated (and usually right) thoughts for yourself, check out his speaking gig at this year's TechMentor conference.

Q: What do you think of the term "private cloud"? Is it a good, clear term or a vague and abused buzzword?
A: The cloud is just our latest attempt to talk less about servers, cables and software and talk more about delivering fast, effective, so-reliable-you-don't-think-about-it services like Exchange mailboxes or SharePoint services. Push away the hype and I think the cloud will result in a new and improved set of best practices on how we run our datacenters and how we deploy services.

Ultimately, a private cloud will be our private datacenters employing those new best practices and those seamless deployment tools to provide our end users with self service -- a Web front-end to create and modify the services they need -- and less downtime.

If that's not clear, think of it this way: Over the past 70 years, computers have gotten easier and easier, and more and more useful -- for example, personal computers were one such step, GUIs another, networks a third and the Internet a fourth. Cloud computing is simply the most recent big step, a technology that's "disruptive" in some senses but that couldn't have happened without those four precursors.

For our attendees, I think it means: Learn about this -- it matters. Even if it does turn out to be a fad or hype, it's one that prospective employers will ask you about, so put "private cloud" on your list of things you need to get somewhat smart about.

Q: What does it mean to you?
A: Good news and bad news. It'll mean that all of my fellow IT pros will have to put up with a lot of silly marketing bafflegab from sales droids who've decided that adding the words "in the cloud!" to any IT-related sales pitch will generate interest. It'll mean that a small few might lose their jobs because some higher-up got sold a bill of goods that included a promise of lower staff requirements -- outsourcing with another name. It's good news because the private cloud takes some of the really boring scut work and friction points between IT pros and both end users and other IT pros and simplifies them. That frees us to focus on the projects that many of us haven't had time for, like, "What the heck do I do with these iPads and smartphones that want to access our important corporate stuff?!" Again, to rephrase it, for many of our organizations, adding a password self-service Web portal meant that users didn't need us and that either freed up an IT pro to do something else, or in some cases made someone whose only job was to reset passwords into – sadly -- an unemployed person.

Q: What's the difference between a good, highly virtualized set of servers and a private cloud?
A: Easy question. In its simplest form, a private cloud is virtualization plus automation plus self-service.

Q: Whose security is better: an IT shop with security based on the best person they could hire, or a cloud vendor whose whole business is presumably securing their systems?
A: It's hard to say. On the one hand, the in-house security guy gets a W-2 from the same people who use the cloud. That person is – hopefully -- invested in the safety, security and viability of the organization. On the other hand, the cloud security person honestly doesn't care all that much about one of the 10,000 accounts that his company services, but he also knows that a data breach might cost his job. Therefore, he might strive mightily to create a one-size-fits-all answer and  might have more free time to find that answer. It's sort of like asking, "From whom will you get a better pair of shoes: a craftsperson or Macy's?" Some craft pros might create the best shoes you've ever owned, but in truth most won't, at least not in a postindustrial age. Mass production -- meaning the cloud -- will naturally move to a point of standard mediocrity. But it will be a reliable level of mediocrity, and that will be better than what probably 65 percent of craftspeople could accomplish.

Q: When I build a private cloud, do I overbuild to handle spikes or deal with an outside provider to handle times of high demand? If I do the latter, don't I double my security risk?
A: One of the whole points of cloud technology, as I said in my first answer, is that we're learning new best practices. One of those best practices is about how to plan for the flood. Call it "overbuilding" if you like, but that seems like a negative phrase. I think that five years from now, even the most cloud-allergic groups will be talking about "fabric," "capacity units" and the like.

Remember: Hardware is cheap. Failures are expensive. Not serving the users is massively expensive.

Just ask the mainframe MIS and DP guys who lost their jobs because they weren't meeting user needs. They saw their clients go gleefully to the lower-tech, slower, less-capable but more-responsive PCs.

Want to learn more? Mark will be speaking at our Techmentor 2012 conference, being held at Microsoft HQ in August.


Posted by Doug Barney on 07/09/2012 at 1:19 PM0 comments

Win 8 Will Run You $40

Microsoft really wants you to buy Windows 8. How much? You can upgrade to the professional version for just $40. The poor saps who bought Vista had to shell out a minimum of $120 to get off that load and onto the proper Windows 7 (most were probably happy to pay it!).

My guess is the dirt cheapness is because Win 8 doesn't compete with the Mac or desktop Linux. Microsoft is now entering the tablet wars and it wants a coalition willing to resist the charms of the iPad and the low price of Android.

And for an extra $15, you get a backup copy of Win 8 on DVD. Now that's the real bargain.

Is this a cool deal? If not, what would you spend $40 on? Answers to both welcome at [email protected]

Posted by Doug Barney on 07/09/2012 at 1:19 PM8 comments

Patch if You Can Connect

I know that  the Internet sky crashed to fell down today because of DNSChanger, but on the off chance you are online and reading this, there are three critical patches to install tomorrow and six important ones to get to sometime after. When exactly is for you to decide.

The tired old record you know so well is remote code execution (RCE). Two of the three critical RCE items impact Windows, while the third goes after both Windows and IE. A double threat. Find out more here.

Posted by Doug Barney on 07/09/2012 at 1:19 PM0 comments

.NET Framework Repair Tool Ready To Drive

Microsoft last week released a do-it-yourself kit to keep .NET Framework 4.0 happily up and running.

The tool is pretty narrow in focus, rectifying known update and setup issues reaching back to XP SP 3 and Windows Server 2003 SP2.

Posted by Doug Barney on 07/09/2012 at 1:19 PM0 comments

Q&A with Don Jones: Why Care About PowerShell?

You probably know Don from his Redmond magazine column, his blog here on Redmondmag.com or have seen him speak at our TechMentor conference. And if you know Don, you know he's passionate about PowerShell. I recently got the chance to ask him a bit more about why he feels so strongly that PowerShell is a must-have skill for Windows IT pros.

Q: Why should IT care about Windows PowerShell?
A:Two reasons. First, we're increasingly moving toward an era where we don't physically touch our servers. They're hosted by someone else, or perhaps in our own remote datacenter; Windows PowerShell provides a more effective and consistent means of administering servers in a variety of scenarios. Second, businesses should be getting fed up with manual effort when it comes to administration. They should be demanding that anything done more than once be automated. That was always near-impossible to pull off in the Microsoft world, but Windows PowerShell is making it possible now. Frankly, IT pros who don't embrace Windows PowerShell are putting their jobs at risk, because their decision makers are going to figure this out eventually. “What do you mean, you're still using a wizard to do that? You do it 10 times a day! What a waste of time! You're fired!”

Q: Can you explain how you use Windows PowerShell without programming or scripting?
A: Windows PowerShell isn't a “scripting language.” Not like VBScript was. Calling it a scripting language annoys me, because those words turn off a huge number of admins who simply didn't sign up to be programmers. Windows PowerShell is a shell. You run commands. If you can run “ping,” you can use Windows PowerShell. Yes, it does have a scripting language within it, but that isn't the first thing you have to learn. You may not ever need to learn it! Windows PowerShell, unlike VBScript, actually has a very shallow glide path: You can start small and learn in small increments as you need more capability. So don't be put off because you've heard Windows PowerShell is like programming. That's not necessarily true—although some people do choose to approach it that way.

Q: How do I know, as an IT person, if I need to program or script or if I can use Windows PowerShell at a higher level?
A: You'll know because you'll run into a need. As you start to use Windows PowerShell, it almost becomes obvious. “OK, I know how to do A by running a few commands, but now I need to add another command that should only be run under B circumstances.” Well, you've identified a need to add some logical decision-making. So you explore a bit and learn how to use the If construct. Are you scripting now? Maybe. It's a bit of splitting hairs and applying labels to things. The point is to just focus on getting the job done. Windows PowerShell itself has the tools you need to teach yourself what you need to get today's job done, and there's no need to learn more than that. One of the main things I teach is how to teach yourself the shell, so that you don't need to learn anything more than what's needed for the job at hand.

Q: What are people who don't use Windows PowerShell missing?
A: Two things. First, quality of life. I mean, seriously, who wants to be clicking next-next-finish all the time? Automate that stuff and free up some time for interesting work. Second, career opportunity. Believe me, Windows PowerShell expertise is going to matter a lot more than an MCSE or whatever, and that day is only a scant number of years away—maybe three, maybe four. If you start now, you'll be a Windows PowerShell guru in three to four years, but you sure don't want to wait until then to start learning. Unless you also enjoy saying, “Would you like fries with that?”

Q:You're one of the people fostering the GUI versus command-line debate. Is there a winner?
A: Yes: They both win. Windows PowerShell doesn't eliminate the GUI—it provides you with a choice. Is there some task you only do rarely, like maybe adding a new site to Active Directory? Use the GUI. GUIs make it easier to perform unfamiliar tasks. Something you do every day, like adding new users, or something you need to do in bulk, like updating access control lists on a bunch of files? Use Windows PowerShell. We invented computers to do the repetitive, boring stuff for us, right? So let them do it, via Windows PowerShell.

Want to learn more? Don will be leading several PowerShell workshops at our Techmentor 2012 conference, being held at Microsoft HQ in August.

Posted by Doug Barney on 07/03/2012 at 1:19 PM0 comments

BYOD Equals BYOL (Buy Yourself Another License)

Our ace Redmond Web news maven Kurt Mackie recently analyzed what BYOD means for software licensing. At first I wondered why he bothered. Isn't it the same as a corporate device? Turns out it can be, but not necessarily, and the differences are worthy of your study. Don't get it right and you could be wasting money, or worse, not be in compliance and have the licensing cops pay you a visit.

Here's what I gleaned from Kurt's report:

Interestingly, a variety of machines, including Android devices and iPads (even smartphones) can be BYODs and may require extra licenses.

So how do you know what does and doesn't need licenses? Several issues, including whether the device is used remotely or on-premises, weigh in. Part of that is that remote devices are often companion or unmanaged devices and are apparently taxed less by the Redmond licensing machine.

One area that is relatively simple is that machines that need to access servers need client access licenses. However, if these are bought on a per-user basis, the device should be in the clear.

Beyond this, much of the BYOD licensing issues are the same as for corporate devices. The trick, so far as I can see, is to determine what licenses you can avoid if the BYOD machine is truly a companion device, to carefully parse what a per-user means and to research if that is a better deal than a per-device equivalent.

How versed are you in Microsoft licensing, are the terms more complex than need be, are they fair and have you ever been visited by the software fuzz? Answers to any or all questions welcome at [email protected]

Posted by Doug Barney on 07/02/2012 at 1:19 PM1 comments

Schools Get Office 365 for Free

Speaking of education, Microsoft just announced that schools can get Office 365  for free. The news comes as a sort of celebration for the one-year anniversary of the cloud suite.

Posted by Doug Barney on 07/02/2012 at 1:19 PM0 comments

Facebook Steps Back From Way Over the Line

Facebook has been kind of messing up lately -- however, not enough to take back Mark Zuckerberg's recently minted billions or its social media dominance.

Timeline, to me and millions of others, is the worst interface since Office Bob. Privacy doesn't even seem to be an afterthought. And if you want dirt from the past, there's a new book chock full of dirty little secrets.

More recently someone at the firm had the bright idea of building a program for mobile users, a bit like FourSquare, that let you know when other Facebookers are nearby. As if that's not bad enough, they don't even have to be your friends.

Imagine the trouble that could cause. Affairs would no longer go undiscovered. Just try to skip work. And kids won't find it near as easy lying to their parents. The stranger stuff is way disturbing, maybe too creepy to even mention.

This idiocy actually went live. And someone with an ounce of sense pulled the plug.

Posted by Doug Barney on 07/02/2012 at 1:19 PM1 comments

Greek Idiots Attack Microsoft Building

Three idiots drove a van straight into  the Greek Microsoft Headquarters, pulled weapons on security personnel and attempted to burn the largely concrete structure before fleeing. As a result, it is not clear which of the world's ills these morons are upset with.

What is clear is the Greek economy is in a heap of trouble, and a thriving company like Microsoft is only there to help. Not sure trying to drive it out of business is such a sharp plan.

Posted by Doug Barney on 06/29/2012 at 1:19 PM8 comments

Zeus-Style Worm Rips off Banks, Finance Houses

I may be naïve, but I find it hard to believe that malware (especially automated malware) in these days of layered protection, can steal millions upon millions of dollars from highly successful financial institutions.

But that is precisely the claim of McAfee and Guardian Analytics, who just published a report on the subject that printed loss figures (but didn't name the names of those companies who got hacked).

The malware is based in part on Zeus, and is cleverly (I guess) named High Roller since the companies its steals from have lots of dough.

The hacks are a combination of hands-on hacking and automated pilfering of ongoing financial transactions.

McAfee believes a little as $75 million and as much as $2.5 billion may have been lifted, but with a range this wide, does the company really have any clue?

What is your take on all of this? Is it really still this easy to steal this much money and not get caught? You tell me at [email protected]

Posted by Doug Barney on 06/29/2012 at 1:19 PM5 comments

A Drop Out Lectures on Education

Six years ago I suggested that Bill Gates run for President. I was serious. Gates knows business, and through his foundation, knows world affairs.

He also knows education, which is why I was interested to see a recent article on the subject  in The Chronicle of Higher Education.

Education today is, in many ways, stagnant. Too much of what we do is because that's the way we've always done it. Does every high school kid have to read "A Catcher in the Rye" and "The Great Gatsby"?

Recently there's been a lot of attention on the value -- or lack of value -- of the college degree. And as a Harvard dropout, Gates is qualified to address this. Bill believes you generally need something to establish that you've achieved a level of education, which the degree does. And he is interested in the notion of certificates that show that you've taken and passed certain online course.

And while you might expect Gates to be stoked that more devices such as tablets are entering the classroom, he thinks computers are useless unless the curriculum is built around them. For more from professor Gates, head over here.

Posted by Doug Barney on 06/29/2012 at 1:19 PM3 comments