|
|
March 2009 - Posts
-
Regardless… Like Murphy said… “He who laughs last probably made a back-up”. In this case “He who laughs last probably applied MS08-067 to all his systems”.
I’ve received a lot of questions from enthusiasts & customers about the latest version of Conficker discovered earlier this month, Worm:Win32/Conficker.D. Well, like it has been the case since the first discovery of Conficker, (see timeline below), Microsoft is making huge efforts to resolve this. Including offering a $250,000 reward, for information leading to the arrest and conviction of those responsible for Conficker.
So what is this about? Any computer infected with Conficker will presumably start trying to contact domains on the Internet, presumably for a new set of instructions. Tomorrow, it may begin using a new algorithm to determine what domains to contact. However Microsoft has not identified any other actions scheduled to take place on April 1, 2009.
There are 2 resources from Microsoft for the best practices to protect yourself from Conficker:
- For consumer go to “Protect yourself from the Conficker computer worm”
- for IT Pros you want to read “Protect Windows from Conficker”
Following the guidelines that Microsoft has always promoted should find this event manageable. These guidelines are in this case:
- Apply security updates
- Update security software signatures ( That means keep your anti-virus and anti-spyware up to date.)
- Clean infected systems
More that the vulnerability identified in Microsoft Security Update MS08-067 Conficker exploits weak passwords and auto-run features to spread itself. IT Pros that manage Active Directories should ensure that passwords are managed using the Group Policy Object. (AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide)
As for the auto-run, it’s pretty easy to spot as long as you know what you’re looking for. In the screenshot below the option Open folder to view files — Publisher not specified is not the standard Open folder to view files — using Windows Explorer that you would normally see. If you select the first option, the worm executes and can begin to spread itself to other computers.
If you wish you can manage the AutoPlay behaviour through the Group Policy as well.
If you think your computer is infected, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or access some sites like our own Microsoft Update. If you can't access them, try using the Windows Live OneCare Safety Scanner or there is always help from your preferred anti-malware vendors.
It’s very Important that everyone ensures that Microsoft Security Update MS08-067 has being applied to all the systems in your environment.
See also this post on the Microsoft Malware Protection Center: Information about Worm:Win32/Conficker.D.
And of course, if you’re still concerned about Conficker, you can get more information and free support by going to http://microsoft.com/protect or customers in the US and Canada can call the PC Safety hotline at 1-866-PCSAFETY
I hope this helps.
Cheers!
Pierre Roman, MCSE, ITIL| Microsoft Canada Co.| IT Pro Advisor | pierre.roman@microsoft.com
phone: 613-212-2370 | mobile: 613-715-2311
IT Pro blog | Twitter | Facebook | LinkedIn
|
-
(This is part 3 of a 4 part series, you can read the first post here) Here is the second part of my discussion with Shane Schick on the Myths & Realities of the IT Skills & Talent landscape in Canada. This part is titled “Myth 3 – I have to leave to stay employed”. Check it out, let me know what you think. 
|
-
(Cross-Post. This is part 2 of a 4 part series, you can read the first post here) Here is the second part of my discussion with Shane Schick on the Myths & Realities of the IT Skills & Talent landscape in Canada. This part is titled “Myth 2 - There aren’t enough Skilled IT people in Canada”. Check it out, let me know what your thoughts on the topic are. 
|
-
(Cross Posted With Mark Relph’s Blog) Working in today’s IT industry comes with a variety of challenges, especially in these tough economic times. Jobs are becoming more complex, employers expectations are high and employees need more than just technical skills to grow their careers. I had a chance to sit down with Shane Schick from itWorldCanada to discuss the state of the IT Profession in Canada. We discussed several “myths” and industry perceptions on the IT skills shortage and lack of IT talent in Canada. We chatted about what the IT industry as a whole can do to help close the gap between employers and employees expectations. The key is driving the right demand for IT skills, while meeting this demand with the right supply of talent. We also highlighted some of the things that Microsoft Canada is doing to address these issues – such as Techdays, EnergizeIT and the Ignite Your Career Series. Shane and I divided our chat into the discussion of 4 “IT profession myths”. Shane even had actual comments from his readers that we used as the focal point of the discussion. Here is the first part of the series, titled “IT Doesn’t Matter” (in Silverlight). Check it out, let me know what your thoughts on the topic are. I will post parts 2, 3 and 4 later this week. 
|
-
Qixing wrote up this post and took some photos from these events on the CanUX blog and I thought I’d share it here as well… This week Rod, Joey and I kicked off the EnergizeIT tour on the west coast. Joey showed you the Road Warrior Office we had in London. Here, let me show you some pictures from our User Group, Student Connection, and EnergizeIT events. Below Left - Rod is getting ready to start the Future of the Platform user group connection in Kitchener. Below right – user group members are sitting around the collaboration tables listening to Rod’s talk.  
Below Left - Rod and Barnaby are answering user group audience questions on IPv6. Below right – We saw Ruth at the Kitchener event. She is now a proud mom of twin boys and we are looking forward to having her back on our team in the summer.  
Below Left – I’m demoing the new Window 7 user experience at the EnergizeIT main event: From the Client to Cloud in London last night. Below right – We had a full house at London EnergizeIT event. They are listening to Joey’s demo on Windows Azure attentively.  
Below Left and right – We are at Fanshawe College talking to students about new technology trends from Microsoft and career in IT.  
We are taking a break now before heading over to Fanshawe college again for the London user group event tonight. Next week, Rod, John Bristowe and I are going to be in Calgary for EnergizeIT Calgary. Looking forward to see all of you in Calgary! 
|
-
So you were at TechDays and you went home with your 6 month subscription to TechNet Plus and wonder what else there is besides software you can download? How about some free virtualization training and some free exam vouchers? You see there is a lot more to TechNet than just software you can download for your lab, there is a whole bunch of e-learning opportunities as well. I actually took some of the courses below in February to try them out as I prepped for my 70-652 exam. There is some great information there to help you get some hands on prep time and get ready to write the exam. In case you missed the email I’ve pasted it below, and if you are looking to get a subscription you can find out how on the TechNet subscription page. ------------------------- Businesses today are already achieving additional cost savings by consolidating their server environment through virtualization. Due to the unique way that Microsoft builds virtualization into server, desktop, and management platforms, as well as through innovative pricing and licensing, Microsoft customers have the opportunity to lower both acquisition and ongoing ownership costs. As the premier provider of evaluation, deployment, and support resources for Microsoft customers, we are pleased to offer our TechNet Plus Subscribers the opportunity to be among the first certified in Virtualization, with your chance to receive up to $250 value in preparation and exam costs. - FREE ONLINE COURSE OFFER FOR ALL TECHNET PLUS SUBSCRIBERS: Take the five eLearning courses needed to prepare for the Windows Server Virtualization, Configuring exam. (Valued at $160) – see offer details below
- FREE EXAM VOUCHERS FOR THE FIRST 200 QUALIFIED RESPONDENTS: We’re giving away 200 vouchers for exam #70-562 TS (valued at $125) so you can take what you’ve learned and get your certification. – see offer details below
Both the free online course offer and the Windows Server exam voucher offer are valid until May 15th, 2009. Take advantage of this special offer today! Send questions to tnprod@microsoft.com Below is an overview of this exclusive offer for TechNet Plus Subscribers: OFFER REDEMPTION INSTRUCTIONS: To access your free online courses* 1. CLICK - http://www.microsoft.com/learning/access 2. Enter Access Code:9350-Y2W6-3676, and the collection will be added to your “My Learning” page To receive your free exam voucher* Follow these instructions 1. Complete your online training 2. Take a screenshot of your my Learning Page showing status complete for Collection 6319: Configuring Hyper-V in Windows Server 2008 3. Send your screenshot in email to tnvouch@microsoft.com. Include in the subject line “Virtualization Exam Voucher Request” The first 200 respondents will receive a certification voucher in email. 
|
-
I managed to find a spot for myself on the DirectAccess dogfood going on now at Microsoft. This is by far the single best technology that Microsoft has produced that I can remember. Remember back to when you first got Outlook Anywhere back with Exchange 2003 SP2 and then think about expanding that to the entire corpnet. I tweeted my excitement and Sean Kearney did some investigating and has some information to share and be sure to add his blog to your RSS reader, he has a tendency to find a lot of gems! P.S. You’ll see a little on Direct Access at EnergizeIT 2009 too :) ------------------------------------------------------------------------------------------------------ You know, listening to Twitter for me pays off. A little birdie mentioned “DirectAccess” as a means to eliminating VPN and my first words were “What’s DirectAccess” DirectAccess is a new secure method to connect users to a server Environment vs VPN. Utilizing IPSec and IPV6, there is now a new, better and more seamless way to connect to the server environment. Forget VPN. Forget multiple ID’s passwords, reconnects, additional management. Throw that headache to the past. I’ll try to go quickly into what it is but I’m reading THIS WHITEPAPER from Microsoft as a type. What are the requirements? Rather than retyping and messing up, I’m going to take the EXACT text from the Whitepaper. ============================== DirectAccess requires the following: · One or more DirectAccess servers running Windows Server 2008 R2 with two network adapters: one that is connected directly to the Internet, and a second that is connected to the intranet. · On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that is connected to the Internet. · DirectAccess clients running Windows 7. · At least one domain controller and Domain Name System (DNS) server running Windows Server 2008 or Windows Server 2008 R2. When smart card-based authentication is required for end-to-end protection, you must use Active Directory Domain Services (AD DS) in Windows Server 2008 R2. · A public key infrastructure (PKI) to issue computer certificates, smart card certificates, and, for NAP, health certificates. For more information, see http://www.microsoft.com/pki. · IPsec policies to specify protection for traffic. For more information, see http://www.microsoft.com/ipsec. · IPv6 transition technologies available for use on the DirectAccess server: ISATAP, Teredo, and 6to4. · Optionally, a third-party NAT-PT device to provide access to IPv4-only resources for DirectAccess clients. ============================== As you can tell, this is a new technology, Native to Windows 7 and Server 2008 R2. My only comments to Microsoft would be that Vista is a current operating system too. The DirectAccess client should be provided via a service pack or update. To the user the connection seems to almost happen, There is definitely preparation involved from the Administration side. But the immense advantage is that users can’t just somehow “guess the VPN” gateway and pop it onto a new system. Certificates are involved, domain credentials, Active Directory and your Server 2008 R2 infrastructure are what control this. You’re not knocking on a single Cisco VPN box or a Remote Access Server. You’re banging on a big beefy security team that’ll knock you flat down if you trip on the way in. THAT’S secure. But I’m reading how it’s setup, it’s far superior to VPN. One of the biggest headaches I had as a user with VPN was the fact my Internet traffic would route to the office whenever I was connected. This mean if I wanted to download anything off the internet it would automatically route to the office’s slower internet connection as opposed to my nice fast Cable highspeed at home. And an added bonus to this setup it is seamless AND secure. By establishing (via certificates) a direct trust involving both the machine AND the user, it keeps it smooth, it keeps it secure. The more seamless it is to the user, the better their experience (and by proxy, the fewer headaches I get). Read up the Whitepaper. You’ll see why I’m truly impressed. And looking forward to it. 
|
-
Every so often you miss something, perhaps it was all the Energize IT prep the team was heads down in, regardless I woke up this morning with tweets, emails, blog posts in my RSS all about a free PowerShell book. 
Free as in beer, not even an email registration! Just hit the link below and download the 1MB PDF full of great information on PowerShell! Effective PowerShell: The Free eBook One of the blog posts was written by Wilbour Craddock, a Canadian transplanted in Ireland, who mentioned the Virtual PowerShell User Group. This group is run by a Canadian MVP, Marco Shaw, who always manages to get some great guests. All their meetings are recorded and he is always willing to speak to other user groups through the power of LiveMeeting. Lastly be sure to check out PowerShellCommunity.org where you’ll find Marco and many other PowerShell experts. 
|
-
Peter Piluk is a 15 year veteran Jack of All IT guy from Cambridge, Ontario, Canada. He has used every version of Windows since 2.0 and every version of MS-DOS since 2.1 and has been using Vista since its beta days. Peter has been involved in just about every aspect of IT from custom software development to Web Development, to Network Design and maintenance, to training to general consulting. Currently, he is a self employed IT worker as well the President of the Waterloo-Wellington IT Pro User Group. He is a single father of a 13 year old girl Emma and a 9 year old boy Damian. - If you could ask Steve Ballmer one question about Microsoft, what would it be? – As Open Source software becomes more prevalent in the offices of today, what changes do you envision Microsoft making to maintain their market share.
- What do you think the best software ever written was? – Wow, great question. There have been so many exceptional pieces of software that I have used over my career. If I had to pick one, I would have to say PowerShell. It has got me out of more than a few jams!
- If you were the manager of Windows Vista, what would you change? – The system requirements are too high. There are too many computers purchased in the last 24 months that are unable to run Vista. I would have ensured that most computers less than 2 years old would be able to run Vista.
- What are the best features/improvements of Windows Vista? – The biggest improvements with Windows Vista are in the area of security. My favorite features of Vista are the UAC, BitLocker and the protected mode of Internet Explorer. My daughter has been using the Windows Movie Maker recently and she thinks that’s the best feature of Vista!
- What was the last book you read? – The Watchmen Graphic Novel
- What music CD do you recommend? – My favorite band is The Clash and my favorite singer is Johnny Cash. You should check out Joe Strummer and Johnny Cash’s cover version of the Bob Marley tune Redemption Song!
- What makes you a great MVP? – I am a great MVP because I am connected in the community and love sharing what I know. If you are connected into the community you do not have to be the smartest or most knowledgeable, you just have to know who to ask.
- What is in your computer bag? – My laptop, three notebooks, a 250GB portable hard drive and a copy of Starcraft for those boring server installs.
- What is the best thing that has happened since you have become an MVP? – I am a relatively new MVP but the best thing has been the sheer number of quality people I have met since January.
- What is your motto? – You only fail when you stop trying.
- Who is your hero? – Not sure if I have any, I do have plenty of people who I admire and respect greatly.
- What does success mean to you? – Success to me is having the respect of my friends, family, peers and clients.
|
-
We’ve written a few posts here on IE8 centered around what you need to know as an IT Pro and/or dev. In fact I just wrote one and posted it a few hours ago. I have been using IE8 final now for a couple of days (call it a perk of working here) as well as participating in the beta and RC trials and thought I’d share some of the new features I’m using… Web Slices  The Weather Network is one of Canada’s most visited websites and they have built a web slice for IE8 that allows you to keep an eye on your local weather.
You can grab it here –> http://www.theweathernetwork.com/desktop/webslice ![clip_image002[6]](http://blogs.technet.com/blogfiles/canitpro/WindowsLiveWriter/UsingIE8_CF76/clip_image002%5B6%5D_thumb.jpg "clip_image002[6]")
Canada.com is one of the sites I visit for Canadian news and they also have built a Web Slice that has some really cool interactive features. When you see this icon  on Canada.com, or any other website, click on it to add the slice to your Favorites bar.
Accelerators 
The feature I use the most so far has to be the Accelerators. I love the fact that I don’t have to copy and paste any more, just select the text and search, define, email, blog, map or…the list goes on. You can find more Accelerators here http://www.ieaddons.com/en/accelerators as well as guidance on how to write your own here http://blogs.msdn.com/miah/archive/2008/10/04/ie8-rocks-creating-custom-accelerators.aspx Are you using IE8? Have you tried found a useful Web Slice or Accelerator? Share what you have found in the comments or email us! 
|
-
So IE8 has been released to the web and is ready to download. I’ve run through the betas, the RC and went to www.microsoft.com/ie8 this morning as soon as I heard it was released. If you haven’t you can hit that link and download it now for Windows XP, Windows Vista, Server 2003 and Server 2008. If you are using the Windows 7 beta you’ll have to wait until the RC for Windows 7 before you get to see a newer IE8. So what do you need to know? Let’s break it down… Deployment and Management: Not much has changed here but there are updates to the tools you use that add support for IE8 -
The Internet Explorer Administration Kit (IEAK) 8 simplifies the creation, deployment and management of customized Internet Explorer 8 packages. IEAK 8 can be used to configure the out-of-box Internet Explorer 8 experience or to manage user settings after Internet Explorer 8 deployment. -
Web Development: While not totally inclusive list I know a lot of readers who also maintain a website or two, myself included. There is a lot more information to come and I urge you to keep an eye on the Canadian Developers and User Experience blogs for more information. - Standards Compliance Updates in Internet Explorer 8 Internet Explorer 8 is more standards-compliant than earlier versions of the browser. Many DHTML objects from earlier versions did not comply strictly to standards. While there is still more work to be done in this area, some of these objects have been updated in Internet Explorer 8. When rendering your pages in IE8 mode, these updated objects might cause problems with Web sites that rely on the behavior of earlier versions of Internet Explorer.
- X-UA-Compatible tag and future compatibility This document describes the document compatibility modes supported by Windows Internet Explorer 8 and explains how they may be implemented on a per-page or per-site basis by using custom headers. By implementing the appropriate compatibility mode, a site can ensure compatibility with Windows Internet Explorer 8 and beyond.
- What's the Compatibility View List? By default, Internet Explorer 8 displays standards-based Web sites as closely to industry standards as possible. Certain Web sites do not display properly when viewed in Internet Explorer 8 Standards mode. To try to display such sites correctly, users can enable Compatibility View.
You can be sure to learn more about IE8, web slices, accelerators and such as we have the time to write it. In the mean time if you have any questions, post a comment or email us! 
|
-
A while back Ruth did an interview with Cameron McKay about an upcoming infrastructure project he was in the planning stages on. While the planning is done and the implementation also complete, I thought it was time to revisit with Cameron and talk about how things went. Turns out Cam was one step ahead and posted an entry on his blog which we are cross posting here. ------------------------- And here we are.... it's March 15th, I'm now 25 Years old, and the largest infrastructure project of my career to date is wrapping up. Now, I originally planned to have all work completed in a weekend... I may have been off by a week or two. Not a result of unknown factors, but delays in setting up systems and the occasional hour or two of sleep. February 27th at 10PM my Team and I started by redirecting all web facing sites to the ubiquitous "planned downtime" graphic to alert clients that the geeks are hard at work somewhere... :) First up on the task list was to modify our Cisco switches and firewalls and setup 10 new VLAN's. The tricky part here is that the Cisco VOIP servers also need to be re-IP addressed and this is where we had to take our time. While our contractors were busy checking everything with the telephony systems, our team was busy setting up the base AD Infrastructure (DNS, DHCP) and getting ready to deploy all our new servers. What servers exactly? - Windows Server 2008 /w Hyper-V
- Exchange Server 2007 SP1
- SQL Server 2008
- IIS7
- Team Foundation Server 2008
- Office Communications Server 2008 R2
- Groove Server
- ForeFront Client Security
- SharePoint Office Server 2007
Not to mention: - WSUS
- NAP
- Certificate Services
- Rights Management
- File Screening
And if that wasn't enough... We rolled out Vista Enterprise and Office 2007 to 100 workstations and also deployed the latest Blackberry Enterprise Server. I also felt the need to deploy the latest version of GFI Faxmaker to handle our some 300 faxes a day at the office. And of course, it's all managed by System Center. So around 2am on Saturday morning all the network changes were completed and the base AD deployment completed. At this point, we have taken a flat network and diced it up into 10 VLAN's, a DMZ, and 4 Windows domains. I'm still pretty excited and pushing through the night. Next up was taking all our existing physical and virtual servers and switching the IP's. This took us until around 6am... We took a coffee break and then moved onto deploying Exchange Server 2007. About this time I realized that I haven't slept yet and shrugged it off... I'm an IT Pro. At 9am we brought our SQL Servers online and IIS 7 web farm. My network team was working on all the ACL's and settings for the DMZ to make sure that we were ultra secure, as this is a Fortune 18 we work for and information security is paramount. Our developers came in around 10am to start migrating content from the old network and get the business up and running again. One challenge here is that there was no connectivity from the old LAN to the new network, so terabyte hard drives were used to move all the files. This took the better part of the day to get all the files over and onto the new servers. Once this was done, the Dev's could start configuring all the new database servers and IIS sites. I had our network team leave the edge network accessible from the internal LAN to make it as easy as possible for the development team to get access and complete the migration. Around 6pm on Saturday evening the Boss realized that I hadn't been to sleep yet and "suggested" that I go over to the hotel and get a few hours sleep. I slept from 7 until 11 and then showed back up at the office to continue working on the deployment. Sunday morning we started our LT deployment of Vista and Office 2007 to all the desktops. I was left configuring Exchange 2007 and the Blackberry Server and a half dozen other servers. We were having some issues with migrating the data. As it turns out, moving everything onto SQL 2008 and IIS7 is a big deal. Who would have thought? At this point, the comment of "backing out" came up. I didn't like the sound of that... and the discussion became a pow-wow a couple hours later. I'll spare everyone the discussion, but we decided to push forward and not roll back. Forgetting that all the workstations were already converted to Vista and on the new network, it would of been about 6 hours work to bring the old LAN back up. Around 2am on Monday morning I had my first real challenge of the deployment. The Exchange Hub Transport and Edge Servers suddenly stopped working. The EdgeSync connectors were all there and all the settings were correct and by-the-book.... but still, I couldn't send or receive email. So, 6 hours from the start of business, email was down. This was my worse nightmare. After a couple hours of troubleshooting and rebuilding the EdgeSync, I had email working again. Come Monday morning, we had core systems online and our CRM application was functional but none of the file shares or printers were up. Throughout the day we were busy assisting the developers, as their apps are all client facing and most of my Infrastructure changes were completed. Again, sent over to the hotel late Monday afternoon for a few hours sleep. Back at the office come 2AM. At this period, I'm feeling like the biggest geek in the world... and loving it. Tuesday I had the file shares and printers online. The task for the next couple days was to import all the old email from our 5.5 server and load it into each users new mailbox. This was a tedious task that took us until Friday to complete. Why? Lot's of old email... Over the weekend we brought ForeFront Client Security online. This is probably my most favorite piece of the new Infrastructure. All workstations and servers were now protected. The following week we were tweaking group policies and completing the configuration of all our web portals and databases. Fast forward to today. It's Sunday March 15th... and we have the most modern network in the company. Built for High Availability and Security from the ground up using the latest Microsoft technologies. I am very proud to say that I was apart of this great project and it has definitely been a fun and exciting ride. The best part is that 90% of the Datacenter is virtualized on Hyper-V. I'm a huge fan of the technology, and the benefits it provides our business in the DR / BC areas. It was interesting to see the entire IT Team, all 9 of us, pull together and stand unified behind this project. Sure, it's difficult and I've only had 20 hours total sleep in two weeks, but this is what I live for. We now have a platform to work off of that will drive the business for the next 6 Years. Was it as easy as I thought? NO. Would I do it again knowing what I know now? YES. Why? Because it had to be done. Our business is very competitive and we were working off technology that was 10 to 15 years old. More time was spent on maintenance and workarounds, then innovation. And how do I feel? Great. I slept in this morning and looking forward to getting back into the office tomorrow to work on my new state-of-the-art Infrastructure. All 100% Microsoft software based. ------------------------------ You can read more about the project at Cameron’s blog! 
|
-
A little while ago I got an email from a friend of mine who works at Dell Canada. It talked about a game they developed in conjunction with us (Microsoft) and Intel that allows you to test your skills and knowledge at protecting a data center from security and other threats.
The new Data Center Defender game offers you an opportunity to test your skills at building server towers to defend against attacks. It is quite addictive and also gives you a chance to challenge your colleagues to see who can do the best job of defending the data center. You could also win a 46” HDTV if you’re really got. To find out more or play the game, go to http://www.dellenterprise.ca/.
|
-
I noticed that Christian over on the Developer blog has posted up that we’re heading out to “la belle province” with EnergizeIT kickin’ it in Montreal next week. From Damir’s TechNet Flash editorial to Rodney’s blog post – you still might have missed some of the finer points of what exactly is taking place. I’m going to do my best to to follow the K.I.S.S. principle and just say it. EnergizeIT is a series of activities/events that are going on AROUND a city or region for about a week. We’re targeting different types of people with different interests who all want to see what is possible with the upcoming platform and how to get ready for it. These are all very cool events that are heavily DEMO weighted to SHOW you stuff – minimal architecture slides and marketing information. So what type of activities/events are they? (check Rod’s Post for even more detail) Let me list them off: - Academic/Student (Monday) – Christian and Pierre are going to John Abbott College on Monday to talk about the IT industry, Job Skills and trends in Software plus Services. Are you a student? Are you interested in having us “stop by” for a chat about the industry, MS or other Technology, trends, job skills – almost anything? I LOVE TALKING WITH STUDENTS! All you have to do is ask us and help setup a time to come in and talk!
- Infrastructure focused User Group/community event (Tuesday). Get a peek at Server 2008 R2 and Windows 7 and how it eases branch office pain and web server deployment. This is a demo heavy show and tell for the platform and what you can do today to get ready for what’s coming down the pipe tomorrow. Oh – it’s also St. Patrick’s day – I am sure we can be convinced to have a pint in a pub someplace after the event – come on along!
- Faculty Roundtable (Wednesday) – Christian also setup a “faculty roundtable” where professors from colleges and universities are welcome to join us in a deeper conversation around partnering, curriculum, industry trends, resources available to them – really it’s about connection and giving us the opportunity to LISTEN to what they have to say.
- EnergizeIT main event (Wednesday) – this really is where anything is possible. We’re going to show you the whole platform from the client (Win7) to the cloud (Live and Azure S+S). This event spans all focus roles of infrastructure, developer and IT Manager. Besides the “anything is possible” view – it also is structured so that you can make new personal and professional connections in your local network of resources.
- Install Fest (Thursday night) – bring your machine, get ready to have some fun. We’ll supply the Windows 7 Bits and facilitate helping you install it on your box or in your virtual machines. We’ll show off some things you may not have seen before about Windows 7 and see what’s possible with the new client. You’ll once again have a great opportunity to make new connections as local resources will be helping out making sure your upgrade or clean install goes as smoothly as possible.
Note: go to www.energizeit.ca and click on the Quebec tab to REGISTER for these events. Some may be maxed out already, but you need to be registered to attend. As you can see – there is a LOT going on. to top that off – Wanna have a coffee to connect and chat? Christian has organized at least ONE “Coffee and Code” drop in session in Montreal on Monday from 1 to 4 at Café dépôt (550 Sherbrooke – map is here). He’ll be there along with Pierre Roman (I can’t make this one) to balance out the tech equation for Devs AND IT Pros. Even outside of this organized drop in session – if you wanted to keep track of us and hook up to talk / chat - follow us on twitter! My contact details are below, but the energizeIT announcement account is http://twitter.com/energizeIT for the events and activities OR just search for the hashtag #energizeIT (see results here from the search page). Have a great weekend – see ya Next Week Montreal! 
IT Pro blog | IT Manager blog | Twitter | Facebook | LinkedIn
My Shared Bookmarks I'm a PC 
|
-
In my previous post on our EnergizeIT activities out east and why there were not readily apparent on the mass mailing, I mentioned that we were going to a number of cities, including Halifax, Moncton, Fredericton and St. John’s. I neglected to include final Registration links – so I thought I would take a moment to give them to you here. UserGroup session: Future of the platform. Learn more and Register (Moncton, NB) UserGroup session: Future of the platform. Learn more and Register (Fredericton, NB) UserGroup session: Future of the platform. Learn more and Register (St. John’s, NL) Special Note: Halifax Venue change and CONTENT change. 
I wanted to call out a BIG thank you to our friends at the Nova Scotia Community College in Halifax / Dartmouth. We have been making a point of visiting them whenever we pop in to Halifax – great bunch of faculty as well as some awesome students. We were originally having difficulty sourcing a sizeable venue for Halifax and they saved the day by offering up their Presentation Theatre at the Dartmouth Waterfront Campus to support our UserGroup event. This is fantastic news! We have been reaching out and talking with CIPS BlueNose, ITANS and the local Dev and IT Pro usergroups to ask them to let their membership know of the changes. If you are in the Halifax/Dartmouth area and would like to attend – use the registration link below! Learn more and Register (Halifax, NS) I also mentioned a Content Change to go along with this. After talking with the local community and discussing it with the team, we’ve decided to change up the content from the smaller UserGroup session (future of the platform) to the larger and broader EnergizeIT session (from the client to the cloud) that is taking place in the larger event stops. We feel this is the right thing to do in order to reach the broader interest of the community which spans academic, infrastructure, developer and IT manager. How will we know if this is the right thing to do? You’ll tell us with your feedback/email as well as by your registration numbers! This event is FREE to attend and will be covering off technologies of our platform (Windows 7, Live On-Line Services – Wave 3, Microsoft Online Services and our new Azure services in the cloud) and how you can prepare for them today in order to discover what is possible. This event is also an excellent opportunity to connect with like minded individuals who share a passion for Technology in order to strengthen you local network of technical resources. I encourage you to sign up, reserve your spot and share this broadly with your colleagues – spaces are filling fast! 
IT Pro Team Blog | IT Managers Blog |Twitter | Facebook | LinkedIn
My Shared Bookmarks
|
-
Three guys got together over pints a while ago and talked about how one of the issues facing Technical Professionals today is keeping their systems patched and up to date. This issue was brought to the forefront at a User Group meeting we were attending (Ottawa Windows Server User Group) where we were holding an “Ask the Microsoft Guy” panel discussion.
Over pints at D’Arcy McGee’s, we decided we would try to help solve the issue of information overload and put together a timely podcast to go live each “update Tuesday”.
Goals:
- Use plain English terms and every day language that any Technical professional can understand – minimize “corporate speak”.
- Breakdown each Security Bulletin with summary information first followed by more details as to the impact an IT Pro would face.
- Outline mitigation factors in case patches couldn’t be tested or applied in a timely fashion
- Keep it top 15 minutes OR LESS. this one is critical – Keep It Simple, repeatable and get out of the IT Pros way to get on with their day.
- Have fun!
Well – here is our first attempt. Have a listen directly from the embedded Silverlight player OR subscribe to the specific feed and download it to your iTunes / Zune software. We’re still working out the kinks and flow – please let us know what you think and if it has been useful for you. Mail me directly with comments – rick.claus@microsoft.com
Direct Download:
Subscribe to the podcast: (so you don't miss an episode)
  
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
Bulletins discussed for March 10th, 2009: MS09-006, MS09-007 and MS09-008.
Podcast Participants: Pierre Roman (IT Pro Advisor / previously a Senior Technical Account Manager), Bruce Cowper (Chief Security Advisor) and myself.
PodSafe music from PodSafe Music Network @ http://music.podshow.com. Artist: Derek K Miller, song - “You’re the Big Sky - rock guitar instrumental” IT Pro Team Blog | IT Managers Blog | Twitter | Facebook | LinkedIn My Shared Bookmarks
|
-
I recently got an email from Yaroslav Pentsarskyy who has a blog at http://www.sharemuch.com/. He contacted me with feedback that the Canadian IT Pro blog, and others blogs that the Canadian Audience Team contributes to like the Canadian Developers Blog, do not have all that much SharePoint content. He asked why and also wanted to know if he can help. My first reaction to this was “Yup, he’s right. Not that much SharePoint content”. My second was, I think I’ll take him up on his offer. Here is the first in what will hopefully be a series of contributing posts from Yaroslav to the Canadian IT Pro Blog. BTW, if you like the post or think we should have more SharePoint content (or content on other technologies), leave a comment or email me through the email link on the top left or at damirb@microsoft.com. Your feedback allows us to add content that makes the blog a better resource for you. ------------------------------------------------------------------------------------ Authentication and credentials management is not a trivial thing anywhere, least of which in SharePoint. You have to ask yourself the following: - How do I handle new user registrations?
- What about resetting passwords?
- How do I handle the “forgot password” scenario?
- How do I ensure password complexity requirements?
- How should I handle password expiration?
- Should authentication be going through an encrypted connection (SSL)?
- Should user login be an email address, or just a name?
That’s a lot of questions, and if you maintain a public site, all of the questions above are very relevant. This is true not only from for security purposes but also from a usability perspective, since you don’t want to confuse users with some unusual workflows and scenarios. If you have a customer service or support portal implemented as a SharePoint solution you might want to consider Live ID authentication to address all of the challenges above. Many people have one or more Live IDs for their email and other online services’ access now. Microsoft widely uses Live ID in many scenarios. People have learned to trust Live ID user interface, and are familiar with basic workflow. There are few implementation of Live ID/SharePoint integration out there. Some of them are commercial. In this article I wanted to share a free community toolkit from CodePlex (developed by Lawrence Liu) which takes care of Live ID/SharePoint integration: http://www.codeplex.com/CKS/Release/ProjectReleases.aspx?ReleaseId=7746 The integration module is implemented as a SharePoint solution, therefore allowing for quick deployment
and management. Here are the steps: - Download Community Tookit from http://www.codeplex.com/CKS/Release/ProjectReleases.aspx?ReleaseId=7746
- We’ll place CKS.MembershipProvider.WindowsLiveAuthentication.wsp into c:\LiveId
- Execute: “C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe” -o addsolution -filename C:\LiveId\CKS.MembershipProvider.WindowsLiveAuthentication.wsp
- Execute: “C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe” -o deploysolution -name C:\LiveId\CKS.MembershipProvider.WindowsLiveAuthentication.wsp -immediate -allowgacdeployment
- Execute: “C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe” -o execadmsvcjobs
This will take care of installing the solution to your farm Next, you’ll register your public site with the Live ID Authentication server using the steps below: - Open https://msm.live.com/app/default.aspx and click on “Register an Application”.
- You’ll be required to sign in and fill out few registration steps.
- Take a note of the Application ID provided since you will need it during the next few steps.
Next we’ll configure SharePoint to use LiveID as a membership provider, following the steps below: - Go to the Central Administration and click on Application Management tab.
- Open the Authentication Providers link.
- Pick the Web Application and Zone you’d like LiveID authentication to be enabled on.
- Ensure Authentication Type is set to Forms
- Enter a Membership provider name of LiveID and a Role manager name of LiveRoles
- Click the Save.
Finally, we need to ensure SharePoint knows how to communicate with LiveID webservice for its Authentication needs. In a command prompt we execute the following: "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin\stsadm.exe” -o addwindowsliveauth
-appid <application id> -appkey <application secret key> -appmode <http/https> -profsite <URL of site that contains the profile list> -proflist <user profile list name> -locked <URL to send locked users to> -url <URL of the Web Application> This needs to be executed for both URLs (selected web application and central administration). The Central administration part is important for this configuration since that way site collection administrator (administrator LiveId) can be assigned. As you can see from the last command prompt statement “-proflist” will define the name of the list where new users
will be added as they register. Once new users exist in this list - you can manage their IDs and other information using a default user management and permissions interface. Hopefully this was helpful, if any more details required either ping me at www.sharemuch.com or
check with the Tookit developer at http://www.codeplex.com/CKS/Release/ProjectReleases.aspx?ReleaseId=7746 Cheers! Yaroslav Pentsarskyy 
|
|
|
|