What happens when the big boss or HR delivers a honky piece of new software for you to install and manage? No prob. You've done this about a billion times.
But what happens when this new product is designed to spy on employees -- including you, your staff and all the execs?
Often there is no training, no clear policies and no guide to follow when entrusted to monitor the online activities of others. Sure, you can evaluate and install the software. And if forced to, you can even manage it (click here for some pointers on how to do this).
Here is my advice from years of sometimes looking into the matter:
- Make sure your company has a clear policy that everyone understands.
- Don't use the software for kicks and never share what you know with anyone other than HR or other qualified managers.
- Carefully control access to this software.
Have you been put in the position? How did you handle it? Advice and anecdotes welcome at [email protected]
Posted by Doug Barney on 07/23/2012 at 1:19 PM1 comments
Ex-Microsoft exec Paul Maritz is now ex-CEO of VMware.
Some see the move as indication that Maritz failed to keep Hyper-V at bay. The Microsoft hypervisor is absolutely on the move. My guess, the replacement with Pat Gelsinger, COO at VMware parent EMC, is a move by EMC to exert more control.
If any clown tells you that Maritz did a poor job, feel free to laugh in their fool face. First off, VMware is making gobs of money, and the latest quarter, announced alongside Maritz's departure, was a stunnerwith a record-breaking $1.1 billion in revenue. That's a run rate of over $4 billion a year.
More than that, Maritz led a technical charge any geek would be proud of. Under his leadership, the company moved from a company with a hypervisor surrounded by some good management tools to a true platform, one that is arguably the leader not just in virtualized data centers but in true private cloud creation.
Martitz isn't leaving entirely. He'll be on the board of the d irectors and serve as chief strategist. Often positions like the latter are just to calm the feathers of investors or the exec himself. Give it six months and we'll see which is the case with Maritz.
Posted by Doug Barney on 07/20/2012 at 1:19 PM0 comments
Microsoft Azure keeps growing into a fuller and fuller cloud platform. The latest addition is what actually sounds like a narrow piece of function, Windows Azure Active Directory (which has the unfortunate acronym of WAAD).
This WAAD, first shown last month in a developer preview, supports directory services such as identity management and will eventually be WAADed up into Azure itself.
New features include the ability to create cloud apps offerings, single log-on support and a new API that lets apps tap into WAAD data.
Posted by Doug Barney on 07/20/2012 at 1:19 PM1 comments
I'm both old enough and lucky enough to remember Windows NT. I watched as it mopped the floor up with Netware. Many thought Microsoft broke every antitrust law in the book to do so. I might have agreed until I remembered the very first demo of the server operating system. I thought it odd that the interface was identical to the Windows desktop interface. It was that familiarity and interoperability that ultimately made NT a better fit -- at least in my estimation. Novell experts are welcome to define me as the dummy I may be at [email protected]
Redmondmag.com columnist Brien Posey was looking forward to a similar deal with Windows 8 clients where all the clients are managed the same way -- easy as pie. Posey was stoked.
Then Brien learned the ARM version is different enough that it has to be managed differently. End users won't likely notice. To them, Metro on Intel and ARM are the same (except for the battery meter).
To IT the management makes all the difference. Win 8 on Intel is the same as in the past since it can be joined to domains, can be managed by Active Directory and includes tools such as System Center 2012.
Win RT, the unnecessarily different name for what should be Windows 8 on ARM, doesn't work with AD. Instead, Microsoft is pushing the cloud-based Windows Intune. Let's assume Intune is the best thing that ever happened to management. Microsoft is still asking IT to buy, learn and support another tool if they want Win RT devices in their shops.
Posted by Doug Barney on 07/18/2012 at 1:19 PM10 comments
Readers share their early impressions of Microsoft's upcoming OS:
It's going to be hugely successful!
I don't understand why you say, 'However, Metro is only good for touch -- don't even think about upgrading desktops.' What is wrong with Metro on a desktop? You (and some of your readers) keep saying that, but I have been using it on a desktop and I don't see the problem.
I just received and read your latest Redmond Report newsletter. Overall, I like Windows 8. The one thing that I really do not like is the lack of the Start button on the Desktop interface. As you pointed out in your newsletter, I am not even thinking of upgrading machines here -- in fact, I can't see Windows 8 on anything that doesn't have a touch screen -- and that includes our laptops as well. I believe the omission of the Start button will hinder early sales of Windows 8 on desktop and laptop machines until organizations and individuals begin in earnest to migrate to newer touch-screen equipped machines and significant numbers of mainstream applications are adapted to run under the Metro interface.
I am a technology director for a district of 27,000 students. I have spent about three months using Windows 8, and I felt I became fairly proficient with the OS. However, there is no way I dare to start any kind of upgrade within the next year or maybe even two. The learning curve is too big for teachers (not students), and it would be a nightmare to try and provide training for an OS. I've worked with teachers and Windows since Windows 3.1 (and used DOS before that). I think this is the biggest change since moving from DOS to Windows 3.1.
My vote on Windows 8 is that it will be a winner. When Apple introduced the latest iPad, I figured it was finally time to get one. Still, I held off hoping that there was going to be some compelling reason to have it, not just because everyone else says I should have one.
I am glad I did. I am really looking forward to having a tablet that can also function as a regular PC -- at least if you believe the hype. I hope it lives up. I am definitely holding off on an iPad until I get a look, even if it means being jeered for not keeping up with the times.
Share your thoughts with the editors of this newsletter! Write to [email protected] Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).
Posted by Doug Barney on 07/18/2012 at 1:19 PM2 comments
Next up to bat in my series of Q&A blog posts is cert master James Carrion of Mountain View Systems. Here's some of his thoughts on why increasing your Active Directory knowledge is key for IT
Q: What are your thoughts on the value of certifications in today's IT job market?
A: Any technical certification serves two purposes. First, it's a resume stacker -- the certified in one pile, the not certified in another. Second, it indicates to prospective employers the exposure level of a job candidate to a particular technology. It's easy to pad your resume with technologies you allege to have experience with, but having the certification shows that you spent time learning the product in order to pass the certification exam. It doesn't attest to your level of proficiency, as that can only be ascertained during a technology interview, but it does provide a useful measure to find the most qualified candidates.
Q: Active Directory is a critical IT tool. What do you think about it not being able to manage Windows Runtime (WinRT) devices?
A: With the explosion in tablets and touch interfaces, users are demanding that IT support their favorite tablet in the workplace, and it's only natural that there be a directory service that manages these devices. To counter the iPad and Android devices in the workplace, Microsoft introduced its Surface tablet, which could become the work tablet of choice if easily managed through standard Active Directory tools. Surface Pro will run Windows 8 Pro and can be managed, but the basic Surface running WinRT can't.
The Windows 7 consumer editions lower than Ultimate also have this lack of workplace integration, and by not including it in WinRT, Microsoft is sending the message that a basic Surface tablet is not seen to be fit as a workplace device. The Microsoft workaround of a cloud-based self-service portal will be intimidating for the smaller IT shops who don't have the programming resources to implement it.
Q: What's your advice for someone committed to truly mastering Active Directory?
A: Read every Active Directory technical document you can get your hands on. Play extensively in your own Active Directory sandboxed test environment if you're not fortunate to already have enterprise admin credentials in your organization or don't manage a multidomain or multiforest Active Directory environment. Many Active Directory admins have a narrow view of Active Directory due to their limited delegated permissions. You can't appreciate the complexity and richness of Active Directory as an organizational unit admin or even as a domain admin. It's easy to create a multidomain and multiforest environment on one or two robust x64 computers using Hyper-V, where you can play and gain that level of experience.
If you already have considerable experience with Active Directory as an enterprise admin and want to reach the next level of mastery, consider pursuing the Microsoft Certified Master [MCM] certification. The knowledge experience alone is worth the price of admission, though the program is expensive and may be out of your reach if you're paying out of pocket. If you find yourself in an MCM rotation at the Microsoft campus, you'll be taught by Microsoft experts and find yourself in a room of peers that will impress you with their collective knowledge and experience.
Q: What career doors does Active Directory expertise open up?
A: The future is the cloud and for Microsoft cloud solutions, Active Directory is still there playing the role of directory service. So investing in learning Active Directory will pay off in traditional IT jobs or in future cloud-based jobs. It's an essential skill set you must learn if you want to maintain an edge in the IT job market.
Q: What other areas of technology does Active Directory knowledge make easier to learn?
A: Active Directory is broad-based and is more than just the directory service. There's a reason that Microsoft renamed some of the services on [Windows Server] 2008 and prefixed them with "Active Directory." By understanding Active Directory Certificate Services you'll understand how Public Key Infrastructure [PKI] works in any application of PKI. By understanding Active Directory Federation Services you'll have an edge on implementing Web-based collaboration in a business-to-business scenario. If you already understand how Active Directory domain controllers manage and replicate the Active Directory data store, then you can easily understand how Active Directory Lightweight Directory Services works.
Want to learn more? James will be speaking at our Techmentor 2012 conference, being held at Microsoft HQ in August.
Posted by Doug Barney on 07/18/2012 at 4:59 PM0 comments
If there is any doubt that Microsoft is serious about making and selling its own tablets, the acquisition of Perceptive Pixel Inc. should put that to rest. The doubt comes in the form of those who think Microsoft announced a line of Surface tablets just to needle OEMs into getting more aggressive with their own tablet plans. Buying hardware companies doesn't quite fit that theory.
Perceptive Pixel does super high-end touch displays that sell for up to 80 grand. That's pretty smart, as Microsoft can build state of the art touch tablets, rather than follow the crowd with me-too machines. It's what Steve would have done -- Jobs, in this case.
Pretty smart, Steve -- Ballmer, in this case.
Posted by Doug Barney on 07/16/2012 at 1:19 PM0 comments
Windows 8 code will be essentially locked down early next month and ready for all to buy in October. Windows Server 2012 is on the same exact ship track.
For the last few days I've been completely steeped in all things Windows 8. I'm writing a big feature story about the OS based on your experiences with the beta, a story you'll get to read in our September issue of Redmond.
There's a lot to like in Metro because it brings the full power of Windows to touch-based tablets. What's cool is you can have an actual PC in a machine the size of an iPad. I know Netbooks offer the same promise, but no one has fun using Netbooks, and Netbooks have never been accused of advancing the state of the art in software.
However, Metro is only good for touch -- don't even think about upgrading desktops. The fact that Windows 8 has Metro and the old-fashioned desktop interface is disconcerting. Then again, when Windows arrived, didn't we all get used to the GUI and the DOS prompt on the same system? And trust me, Windows was ripped to shreds by IT when it came on the scene.
The early reaction from you all is a bit negative, but that is common for anything new from Microsoft. Some items, like Windows Vista, never recovered from the initial bad feedback. Others, like the Ribbon, generally recovered (by that I mean it sold well), but have lingering and deep resentment. And some products, like Windows itself, faced early hatred and ended up winners.
I have no idea which category Win 8 will end up falling into. What's your vote? Cast your ballot at [email protected].
Posted by Doug Barney on 07/16/2012 at 1:19 PM5 comments
Nokia just saw its stock reach junk status. Yahoo goes through CEOs faster than Egypt goes through parliaments. And Barnes & Noble has been looking for a lifeline for the last two years.
What do these three companies have in common? They are all critical Microsoft partners.
Redmond's back-page columnist is scratching her head, wondering why Microsoft picks these guys first when any other player would choose them last.
Not only are all these in decline, none have the resources to mount a decent fight. For Nokia, the battle is smartphones -- and the iPhone and Android devices are no slouches.
Yahoo is the search/Internet partner, and Googe ain't exactly going to lay down.
So what about Barnes & Noble. Who's it taking on? Just little 'ol Amazon. No sweat.
Posted by Doug Barney on 07/11/2012 at 1:19 PM5 comments
Recently I argued that the Microsoft Surface, being both a tablet and a full PC, is twice as good as an iPad. The iPad is cool and super stable with an unbelievable design, but only does so much. The surface won't be nearly as elegant, nearly as well executed, but will be a true workhouse.
Half of you believe me an idiot, the other thought I might be onto something (sounds like home). Need proof? Here you go.
Apple made a concerted decision not to build a computer but a pure tablet. And for me, that's the problem. I want the opposite. I want Apple to rethink its strategy and start building a Mac tablet (if it hasn't done so already). Now I know Apple's stock is bigger than Donald Trump's ego, but even though I think the Win 8 Surface will be superior for the enterprise user, the Mac tablet would be superior by virtue of better execution and design.
Just as the iPad is an opportunity for the Surface, the Surface is an opportunity for a Mac Tab.
To be clear, from just a tablet perspective, the iPad will, in all likelihood, be far better than Win 8 tablets. Fortunately for Redmond, I don't think that's the game it's planning to play.
This one is going to be fun.
From a pure tablet standpoint, how does Windows 8 stack up? Give it to us straight at [email protected]
Posted by Doug Barney on 07/11/2012 at 1:19 PM11 comments
Up next in my series of Q&A blog posts is contributing editor and columnist Greg Shields, who also happens to be a senior partner and principal technologist with Concentrated Technology.
Ahead of Greg's busy speaker schedule at this year's TechMentor, he took some time to discuss the benefits of migrating to the newest version of Windows OS.
Q: What's your advice for shops still using Windows XP with Windows 8 on the horizon? Many don't want to move at all because they know how to fix all the common problems with Windows XP and have older peripherals.
A: Stop fighting forward progress. In an apples-to-apples comparison, Windows 7 will beat Windows XP every time in terms of security. Furthering that issue should be the realization that Microsoft will no longer support Windows XP in a few short months, which means no updates when vulnerabilities are found. IT professionals still fighting the upgrade are not only doing their businesses a disservice, they're being negligent of their duties.
Q: What do you say to those who want to skip from Windows XP to Windows 8? Microsoft wants them to go to Windows 7 first. Is there a technical reason for this or is this all just licensing revenue?
A: That's a tough one to provide guidance for right now. There's plenty of data -- both successes and lessons learned -- on the Windows 7 platform. There's nowhere near the same for Windows 8. A move from Windows XP to Windows 8 will be riskier, but the reward also potentially bigger, at least in terms of length of service.
Q: What tools make moving to Windows 7 simpler?
A: Plenty, ranging from no-cost to for-cost, and they're all incredibly mature. Even free solutions from Microsoft are worthy of a look by businesses from small to enterprise. These days, they're just that good.
Q: How do I make noncompliant software work? Should I?
A: Potentially, if it makes good business sense. In fact, a fairly strong reason to embrace System Center -- and particularly System Center Configuration Manager -- is for its excellent software-metering feature. With that in place, you can determine exactly how much those noncompliant applications are actually being used. If they're still in use, the Microsoft Application Compatibility Toolkit delivers a framework for "shimming" bad apps into functionality.
Q: Does running Windows XP software in a virtual machine add to my security exposure?
A: That's a loaded question, but I'll answer it like this: It's little different than running Windows XP software on a physical machine.
Q: How do I make expensive, perfectly functional printers and such work in Windows 7 when there are no new drivers? Should I really just dump them all?
A: These questions make me wonder, "Seriously?" Here's a fact: Windows Vista was released on Jan. 30, 2007. That's more than five-and-a-half years ago. Nearly every printer driver that works with Windows Vista also works with Windows 7. If you're still using printers that are that old and your manufacturer has already sunset their support, isn't there an argument that they're not "perfectly functional printers"? Are you instead creating a risk for your business by relying on equipment that's long past its manufacturer lifecycle support? I'll argue you are, and that -- as before -- you're not saving your business money. You're doing your business a disservice, and being negligent of your duties.
Want to learn more? Greg will be speaking at our Techmentor 2012 conference, being held at Microsoft HQ in August.
Posted by Doug Barney on 07/10/2012 at 1:19 PM1 comments
Gary Olsen, a solution architect for Hewlett-Packard's Technology Services organization, a Redmond magazine contributor and a Microsoft MVP, takes some time to answer some of my questions on the status and future of Active Directory.
And for those attending this year's TechMentor conference, don't forget to catch Gary's speaking engagements.
Q: How do I know if my Active Directory infrastructure is healthy?
A: Sometimes you don't. Active Directory is often self-healing in that it will still "work," but not efficiently. If you aren't watching, it will lull you to sleep until something really bad happens.
Q: Do I have to spend an arm and a leg?
A: No -- that's the point of my session ["Active Directory Health Assessment and Troubleshooting -- Five Answers You'd Otherwise Pay For"]. All these tips use native tools, but you have to know which ones to use and how to interpret the data. That's not hard, as you'll see in my session.
Q: What kind of tools does Microsoft have?
A: Very basic ones that have been around since Windows 2000, just waiting for someone to wake them up! In my session we'll explore Repadmin, event logs, ipconfig and dcdiag -- and MPSReports, which is a free download.
Q: Do I just use these tools once, and then I'm all set?
A: That would be nice, wouldn't it? Because they're free they don't have fancy monitoring capabilities, so you have to do more manual intervention. However, periodic checks are easy when using a tool like MPSReports, which runs a plethora of these tools and can be scheduled to run if you like.
Q: What happens if I don't give Active Directory a checkup?
A: Possibly nothing. But just like anything else, you run the risk of something breaking and causing an outage. I saw one case where the admin reported a domain controller was not replicating. Looking in the logs, it hadn't replicated in more than three years. So while you could say it wasn't broken, it wasn't efficient, either -- and if you let enough of these slide, it can lead to a disaster.
Q: Do you expect Microsoft to update these tools as new OSes arrive?
A: Microsoft updated these tools regularly until Windows Server 2003. Many of the old standbys are obtained from the Windows Server 2003 resource kit, and some were added to the Windows Server 2008 OS as native tools, but most have not been updated. The basic ones I'm going to demonstrate are available and still work well in Windows Server 2008. We'll see about Windows Server 2012.
Want to learn more? Gary will be speaking at our Techmentor 2012 conference, being held at Microsoft HQ in August.
Posted by Doug Barney on 07/10/2012 at 1:19 PM0 comments