December 2011 - Posts

• “The SQL Guy” Post # 9: SQL Server Database Engine Permission Model–Part 3

  In this third and final instalment of our series on the SQL Server Database Engine Permission Model, we look execution context switching – in other words when I access an object, from whose perspective should I be assigned permissions.  As always, if you want to test these out and don’t have SQL Server handy, you can download a full-featured evaluation copy of SQL Server 2008 R2 from the TechNet Evaluation Center at http://technet.microsoft.com/en-ca/evalcenter/default.aspx (look under Server Products and Technologies | Release). If you are feeling adventurous and want to explore SQL Server 2012 RC0, you can download it from http://technet.microsoft.com/en-ca/evalcenter/hh225126.aspx. Give it a try!   SQL SERVER DATABASE ENGINE PERMISSION MODEL (PART 3) The principal of least privilege requires that users be granted the most restrictive set of privileges required to perform tasks in order to limit the damages caused by security incidents. In the context of a database application, users must only be allowed to perform those operations required within the context of an application and nothing more. Restricting user permissions thus helps to limit the potential for inappropriate data access and database actions.   By using the SQL Server permission model, database administrators can associate permissions directly to user objects or to groups. To be successful, however, database administrators must apply due diligence in setting up user accounts and should carefully provisioning groups and control access to objects by user/group entities.   Stored procedures and functions are very common in modern database applications and quite often it is required for users to get access to application database modules (i.e. stored procedures and functions) without have additional permissions to access the objects referenced by the modules directly. In SQL Server, this pattern can be accomplished through ownership chaining, context switching and module signing.   This article will focus on explaining about context switching in SQL Server. In the next article, we will explain about module signing in SQL Server. To refresh your understanding about ownership chaining, please review the ownership chaining article here.   Execution Context Switching It’s very common to have multiple users owning various objects in the database. Quite often, you might want to give access of your object to another user. Context switching can be used when a module needs to be executed under the permission of a different user and was introduced in SQL Server 2005 to alleviate the administrative burden on the database administrator.     Figure 1: Explaining execution context in SQL Server   As illustrated in figure 1, when user ‘User A’ calls stored procedure ‘Proc2’ in UserB schema, the execution context of user ‘User A’ is switched to user ‘UserZ’ execution context. The procedure selects data from Table2 and since UserZ does not own Table2 permissions are checked for UserZ on Table2.   Within functions and stored procedures, the EXECUTE AS clause supports the following qualifiers – (1)    CALLER – causes the module to be executed in the context of the user executing the module. (2)    SELF – causes the module to execute in the context of the user who created or last altered the module (3)    OWNER – causes the module to execute under the context of the module owner. (4)    ‘user name’ – causes the module to execute under the context of a given username.   It is important to note that the IMPERSONATE permission is required for creating / altering any module that specifies the EXECUTE AS clause. The REVERT statement switches the execution context back to the caller of the last EXECUTE AS statement.   A T-SQL example illustrating context switching use master GO   create database ExecutionContextDB GO   create login BarneyLogin with password='1GoodPassword' create login FredLogin with password='2GoodPassword' create login WilmaLogin with password='3GoodPassword' GO   use ExecutionContextDB GO   --Create our database users mapped to their login and default schema create user BarneyUser for login BarneyLogin with default_schema=BarneySchema create user FredUser for login FredLogin with default_schema=FredSchema create user WilmaUser for login WilmaLogin with default_schema=WilmaSchema GO   --Create our schemas for each user create schema BarneySchema authorization BarneyUser GO   create schema FredSchema authorization FredUser GO   create schema WilmaSchema authorization WilmaUser GO   --Create a table that Barney's schema owns   create table BarneySchema.RockHits ( YearPublished int NOT NULL, Title nvarchar(50) NOT NULL ) GO   --Insert some data into the table   insert into BarneySchema.RockHits values('1960','Pebbles Jam') insert into BarneySchema.RockHits values('1961','Dino Disco') insert into BarneySchema.RockHits values('1961','Fred''s Dance Formula') GO   GRANT SELECT ON BarneySchema.RockHits to FredUser   --Create the stored procedure that Fred's Schema owns --The stored proc executes under whomever is calling it using EXECUTE AS CALLER   create procedure FredSchema.ListHits @Year int WITH EXECUTE AS CALLER AS BEGIN             select CURRENT_USER as '(Execute as Caller), Current User Context='               select YearPublished,Title from BarneySchema.RockHits where YearPublished=@Year   END   --Let's grant Wilma the ability to execute this stored proc   GRANT EXECUTE ON FredSchema.ListHits to WilmaUser   --At this point we can begin playing with context switching --We have given Fred access to Barney's table of hits --We have given Wilma access to Fred's Stored Proc --Let’s begin by logging in as Fred and seeing if this stored proc works   execute as user='FredUser' GO   exec ListHits 1961     --go back to sysadmin REVERT GO   EXECUTE AS user='WilmaUser' GO   exec FredSchema.ListHits 1961   --We get the SELECT permission denied error as expected --because the stored proc is executing as WilmaUser --Now let's ALTER the stored procedure so that it will run under --its owner, Fred.   REVERT GO     ALTER PROCEDURE FredSchema.ListHits @Year int WITH   EXECUTE AS OWNER AS BEGIN               select CURRENT_USER as '(Execute as Owner), Current User Context='             select YearPublished,Title from BarneySchema.RockHits where YearPublished=@Year   END GO   --Now let's try Wilma again   EXECUTE AS user='WilmaUser' GO   exec FredSchema.ListHits 1961   --As you can see the current user context is FredUser! and we didn't --have to give Wilma explicit permissions to the underlying table in --Fred's stored proc.   REVERT GO   Posted Wednesday, December 28, 2011 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• Happy Holidays from the Canadian IT Pro team

  Damir, Ruth and Myself along with our manager Ryan and extended team member Chris want to wish you all the best. You're awesome and you make a difference for your users and customers every day. If no one has said it recently - Thank you for doing a great job this year. If things are a little slower at work over the next while - take some time to recharge and spend time with your friends and family.  Kick Back, relax (maybe take advantage of that DoubleDouble offer) and enjoy yourself. We'll be here when you get back.Get ready for a  kick A** 2012! Posted Friday, December 23, 2011 5:05 PM from Canadian IT Professionals | 0 Comments

• Online Media nourishment. Fit for IT Pro consumption.

  Hello folks, This is my compilation of some of the online resource available to you in January 2012.   JANUARY 2012 !!!  My god… Where did 2011 go???  Time really flies by,  and that’s one more reason to review this list and plan our learning opportunities. This list featuring both live and on-demand content for December including webcasts, videos, virtual labs, and podcasts by product and topic. this is not the WHOLE list of the available content. but these are the ones i thought were relevant to the conversations I've had with customers and IT pros. Microsoft webcasts are 30-90 minutes in length and feature interactive presentations, product demonstrations, and question-and-answer sessions. Virtual labs give you an opportunity to test drive Microsoft’s newest products in an online environment. It's simple—no complex setup or installation is required. Stream or download audio podcasts and quickly access content with RSS feeds. Microsoft podcasts are free — just click and Learn! You can View all the podcasts for IT professionals here. (http://go.microsoft.com/?linkid=9637723.) Or visit the Interactive IT Professional Webcast Calendar. Live Webcasts: TechNet Webcast: Information about Microsoft Project and Project Server December 2011 Software Update (Level 200) Tuesday, January 10, 2012 - 8:00 AM - 9:15 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032493964&Culture=en-US TechNet Webcast: Live! IT Time: Private Cloud Chat (Episode 3) (Level 200) Wednesday, January 11, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032496992&Culture=en-US TechNet Webcast: Information about Microsoft Security Bulletins for January (Level 200) Wednesday, January 11, 2012 - 11:00 AM - 12:00 PM Pacific https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032499498&Culture=en-US TechNet Webcast: Integrating Microsoft Dynamics AX 2012 with SAP for Expense Management (Level 300) Tuesday, January 17, 2012 - 9:30 AM - 10:30 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032499676&Culture=en-US TechNet Webcast: Career Progression: Getting Ready for the Cloud (Level 200) Wednesday, January 18, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501883&Culture=en-US TechNet Webcast: IT Pro's Heaven: The Private Cloud (Level 200) Wednesday, January 25, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501887&Culture=en-US Highly Rated On-Demand Webcasts: TechNet Webcast: Security Talk Series: Toward Privacy by Design, the Microsoft Experience TechNet Webcast: A Tale of Two Clouds: The Microsoft Hybrid Cloud Solution TechNet Webcast: The Public Cloud: What It Is and Why You Should Care? Popular Virtual Labs: TechNet Virtual Lab: Microsoft Application Virtualization 4.6 SP1 Sequencing Lab TechNet Virtual Lab: Windows Server 2008 R2 for Embedded Systems : Implementing Centralized Publishing Using Remote Desktop Services TechNet Virtual Lab: System Center Operations Manager 2012: Infrastructure and Application Performance Monitoring TechNet Virtual Lab: System Center Virtual Machine Manager 2012: Building Your Cloud Infrastructure TechNet Virtual Lab: System Center Virtual Machine Manager 2012: Building a Service Template New Videos: TechNet Video: (Part 1) An Interview with Mark Minasi – Thoughts on Windows Server 8 TechNet Video: (Part 2) An Interview with Mark Minasi – Thoughts on Cool Technology TechNet Video: (Part 1) Interview with Jeremy Moskowitz – Overview of the PolicyPak application New Podcasts: TechNet Radio: A Preview of Windows Server 8 Storage Management WMA | MP3 | WMV TechNet Radio: System Center VMM and Configuration Manager 2012 MVA Preview WMA | MP3 | WMV TechNet Radio: Microsoft Private Cloud Community Evaluation Program WMA | MP3 | WMV TechNet Radio: Vlab Insider - System Center Configuration Manager 2012 WMA | MP3 | WMV Small Business Content: New Customer Events for Office 365 Join us for a Microsoft Office 365 Customer Event to experience Microsoft Office 365 first-hand, along with related cloud technologies such as Microsoft Windows Intune and Microsoft Dynamics CRM Online. New and Exciting Uses for the New Office 365 Microsoft Office 365 is a suite of Microsoft Office collaboration and productivity tools delivered through the cloud. Office 365 can revolutionize your organization by helping to empower individuals through the best productivity experience, deliver business insights quickly, support compliance requirements, connect various devices, and cut costs for maintenance and training. Please let me know if this is something you find valuable. or if there is something specific you’re looking for.  Also, I encourage you to take advantage of the “Double Double” promotion that Rick mentioned earlier this month (http://blogs.technet.com/b/canitpro/archive/2011/12/16/how-would-you-like-a-doubledouble.aspx).  it’s a great way to learn.  go ahead, get your hands dirty… As always, please contact me should you have any comments or questions. Cheers! Pierre Roman, MCITP, ITIL | Senior Technical Account Manager | Directeur de Compte Technique Senior IT Pro blog | Twitter | Facebook | LinkedIn Posted Thursday, December 22, 2011 12:57 PM from Canadian IT Professionals | 0 Comments Filed under: Webcast, Podcast, Events, IT Guy / IT Gal, Pierre Roman

• Powershell on the Way to Work–Part 9

  Today is car pool day.   Only problem is somebody at work took that literally and I’m squished in the back seat of a Compact with a “Mr. Turtle” pool. So I promised to show you one of the cooler Cmdlets I ran into, EXPORT-CSV. Ok, so what if I told you I could give you a line in Powershell you could run on a staff member’s computer to show just HOW MANY Mp3 files were sitting on their personal folder? Let’s pick on fictional employee Mary Smith.  Mary’s boss has suspected (Due to the overheating LAN cable behind her computer) that she has been downloading a LOT of MP3’s and storing them on the company workstation.  He like to know just how bad. So you remember GET-CHILDITEM right? If we did something like this GET-CHILDITEM C:\USERS\MARYSMITH\ –recurse That would dump MarySmith’s entire folder to the screen.   That’s neat but useless.    So say we want to filter and only show MarySmith’s massive music collection? GET-CHILDITEM C:\USERS\MARYSMITH\ –recurse –include *.mp3 As the screen scrolls on by for what seems hours (for you see, MarySmith had a VERY detailed music collection) you realize it would be nice to have report to hand off to her manager to show how detailed the collection is. Well with Windows Powershell, you can take the output that is going to the screen and pipe it (SEND IT) to another Cmdlet called EXPORT-CSV.   EXPORT-CSV just takes whatever is given to it and “EXPORTS” it to a “Comma Separated Value” file.  Nothing more than that. So to get all of MarySmith’s detailed collection into a nice sheet that the Boss could navigate in Excel you just run. GET-CHILDITEM C:\USERS\MARYSMITH\ –recurse –include *.mp3 | EXPORT-CSV C:\Report\MarySmithMp3Collection.CSV Moments later a nice CSV file perfect for the Spreadsheet of your choice is ready.   The neat thing is you can run just about ANYTHING that is on the screen into EXPORT-CSV. Of course this was completely fictional.  The real Mary Smith is law abiding citizen.  When you get into Active Directory and Windows Powershell, you could with a MINOR change pull down a userlist or Group Memberships and drop them in as a CSV file. But that is another story.  We’ll chat later as soon as I get “Mr. Turtle out of my ear” Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Thursday, December 22, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• Got that FREE DoubleDouble? Here’s Things To Do While Enjoying It!

  Rick’s blog post and call to action to download the System Center 2012 RC products and get a coffee card from that great Canadian chain whose name rhymes with Jim Morton is a great incentive to action, but many folks have asked “What do I do after I have the System Center 2012 RC products to maximize my learning?”.  GREAT QUESTION! Before anything else, you have to download the SC2012 RC products like Rick said (instructions to do so are at the end of this post).  Once you have that, I would recommend doing the following: First, visit the System Center 2012 Evaluation Center on TechNet.  This is a great starting point to learn about all of the System Center 2012 RC products.  You can view the SC2012 overview video and then dig into each product in more detail and start to setup your evaluation lab. Next, go to the TechNet Library for each of the products to learn about the best way to get started.  You can get there from the System Center 2012 Evaluation Center or directly for each product in the System Center Line: Getting Started with System Center Virtual Machine Manager 2012 RC. You may also want to learn about managing VMWare and Xen virtual environments with SCVMM 2012 in addition to managing Hyper-V environments. Getting Started with System Center Configuration Manager 2012 RC.  Configuration Manager is a great tool to deploy and maintain consistent configurations that comply with corporate IT policies. Getting Started with System Center Operations Manager 2012 RC.  Operations Manager watches everything for you to make sure things are running smoothly and notifies you when they aren’t.  Combine it with Orchestrator and Service Manager to automate a large part of the process. Getting Started with System Center 2012 Orchestrator. If you have not heard of Orchestrator, read on about how you can use it to automate many tasks in your IT environment and free up your time to do more things. Planning Guide for System Center Service Manager 2012 Beta.  This is a great place to learn how to get started with this product. The final step is simple – PLAY WITH THE TECHNOLOGY! No better way to learn than to experience it yourself. BTW, if you interested in trying out some of the System Center 2012 RC products in a virtual environment, you can download a pre-configured VHD of System Center Virtual Machine Manager 2012 RC, or you can install the software products in virtual machines in your own environment.  Note however that only SCVMM 2012 RC has a pre-configured VHD available. Now, if you have not yet downloaded the System Center 2012 RC software (or you have colleagues who also want their FREE DoubleDouble – or several), here are the steps to do so: Use this link to get started Sign in with your WindowsLive ID (to pre-populate your data) Verify your SHIPPING details to your mailing address and other pertinent data. (you will want to ensure it is correct).  This is how we know where to send that coffee card I spoke of. Click FINISH – the download manager will start to download your evals in one click.  Also, don’t forget to take some time over the Holidays to relax and just enjoy yourself.  Posted Wednesday, December 21, 2011 9:34 PM from Canadian IT Professionals | 0 Comments Filed under: System Center

• Powershell on the Way to Work–Part 8

  Ok feeling better today.   Today we’re going to quickly touch on “Objects”. Now before all of you IT Pros go running into a corner screaming and casting oil slicks beyond you, we are NOT opening up Visual Studio.   But we are going to touch lightly on a topic that is important to be aware of when using Powershell.  No, you will not get tested on this.  Really it’s not that bad either. Let’s think in Dos terms first. In DOS we did this to set a variable SET THISTHING=A Whole pile of words I am staring at on the screen or SET THISOTHERTHING=55 If you had to look at that and try to describe it, what would you say it was?  Really. I would say it would a bunch of letters.  But to describe it further it isn’t just a BUNCH of letters, it is a Number of letters. Or I might describe the other one as a number. Visually to ME it appears to be a number. If I was to have certain applications in Dos that could manipulate that data, I would have some Methods at my hand. Really that’s an Object.   The way we would look at that particular information as a WHOLE is an Object and what we can do to it.   (Ok all of you Developers peeking in, this is a REEEEEAALLY simplified explanation, so please stop laughing) Is your brain spinning a bit?  Let’s look at this Powershell Variable I’m going to make. $BrainHurts=’Please Stop Talking About Objects.  Our brains are spinning.’ In Windows Powershell anything that is stored in a variable is just an object.  That’s all.   To see what is attached to this object we pull out the almighty Powershell Canopener for viewing what’s attached to an Object called GET-MEMBER We ‘re going to “Pipe” that variable into GET-MEMBER.  Piping is a term you should be familiar with in Dos land. $BrainHurts | GET-MEMBER It will give us something like this What is tell us looking up is that $BrainHurts is a String (System.String).   There’s a pile of methods (Think built in applications you can use to manipulate what $BrainHurts has) and maybe some extra information like “Length”. Do you really care?  If you try to echo it on the screen it will still work.   But understanding that everything in Windows Powershell is an object is important.  It is so much of the Power it contains.   Later on when we touch on Active Directory and understand that each user is an Object, GET-MEMBER will be a way to see what “properties” that user has (IE: Group Membership, Account Expiry, Last Logged on Date) We’ll touch on Objects sometime later.   For now, I’ll put the Genie back into the bottle (GET IN THERE GENIE!  *WHAP!*) and we’ll turn to some basics.   I’ll show you the first Cmdlet I ran into that made working with Active Directory a breeze.   EXPORT-CSV. Chat soon everyone, time to get back on the road (which is a lousy place by the way for Ballroom dancing) Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Wednesday, December 21, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• “The SQL Guy” Post # 8: SQL Server Database Engine Permission Model–Part 2

  Last week we started the first of a three-part series on SQL Server database permissions and the permissions security model used by the database engine.  Last week’s blog post covered the commands used in T-SQL to manage permissions, as well as the security scope within SQL Server.  This week we look into how permissions behave they are applied at various points of an ownership chain, such as when a table is referenced in a view which is referenced in a stored procedure and so on. What are the actual permissions that get applied?  Read on to find out. As always, if you want to test these out and don’t have SQL Server handy, you can download a full-featured evaluation copy of SQL Server 2008 R2 from the TechNet Evaluation Center at http://technet.microsoft.com/en-ca/evalcenter/default.aspx (look under Server Products and Technologies | Release). If you are feeling adventurous and want to explore SQL Server 2012 RC0, you can download it from http://technet.microsoft.com/en-ca/evalcenter/hh225126.aspx. Give it a try! SQL SERVER DATABASE ENGINE PERMISSION MODEL (PART 2) Consider the following problem, how would you give someone access to parts of a table without giving them permissions on the table directly? Column level permissions or views can be used to project only the required columns; however, when a permission check is done, it is intuitive to check access to the view and the underlying base table. OWNERSHIP CHAINING In SQL Server, when an object is accessed through a chain, the owner of the object referenced and the calling object is checked. If both objects have the same owner, permissions on the referenced object is not evaluated. This is called ownership chaining. This idea is extended beyond just database objects to work across databases as well (called Cross-database ownership chaining).   Figure 1: Illustrating ownership chaining and cross-database ownership chaining in SQL Server   As illustrated in figure 1, when Alex queries view July2003 (owned by Mary), a permission check is done for view July2003. However, since view July2003 references view SalesXY (also owned by Mary), a permission check is not done. Similarly, moving down the permission chain, a permission check is not done for view InvoicesXZ. Since view InvoicesXZ references view AcctAgeXZ (owned by Sam), a permission check is done since there is a change in the object owners along the chain. Similarly, a permission check is done on the base table ExpenseXZ since the table is owned by Joe (different user than Sam).   THE 3 BASIC RULES OF OWNERSHIP CHAINING 1.       If you have access to a given object, and then reference another object through it (such as a view that accesses a table) where both objects have the same owner, permissions on the second object are not checked. If you have access to the first item, it's assumed you'll have access to the second.   2.       If you have access to a given object, and then reference another object through it, but the second object does not have the same owner, the permissions on the second object are checked against the retrieving user's permissions. If the user doesn't have permissions that allow access to that second object, he can't read it.   3.       All of this is instigated in the security context of the user who invokes the original object. If the user doesn't have access to that original object, nothing happens (which is just standard security practice).     WHAT YOU SHOULD KEEP IN MIND WHEN USING OWNERSHIP CHAINING 1.       Ownership chaining bypasses permission checks completely, which means that it also bypasses DENIES.   For example : If Joe denies Bob access to a table (owned by Joe) but grants him access to a view (owned by Joe) that queries that table, Bob will be able to query the table through the view since no permission check is done on the base table due to ownership chaining.   2.       Un-intended ownership chaining can grant access incorrectly   It's often that objects are created as SYSADMINS resulting in the owner as dbo. Soon, a lot of objects are owned by dbo and because of ownership chaining, unintended access to objects can occur. You should always be mindful of ownership chaining when you are designing your database.   It is recommended not to enable cross database ownership chaining to prevent un-intended access. For this reason cross-database ownership chaining is turned off by default.   For example : In figure 1, Alex can use view July2003 in Database 1 to query the ProjectionsXY table in Database 2 if cross-database ownership chaining is turned on.   An alternative is using module signing as described here.   3.       Schemas and ownership chaining Ownership chaining permits bypassing permissions made by one object to another and schemas provide a way of grouping objects together under a single owner (the owner of the schema as in SQL Server 2005 and higher).   By default, schema-contained objects are owned by the schema owner. However, an alternate owner can be specified by using the ALTER AUTHORIZATION statement to change ownership.   What this means, from a security perspective, is that we need to check at both the object and the schema level for ownership and consider ownership chaining from there.   For schemas to be affective at separating access to objects, typically, they should be owned by different principals. Avoid all schemas in the database to be owned by dbo.       A SIMPLE T-SQL EXAMPLE ILLUSTRATING OWNERSHIP CHAINING   CREATE DATABASE OwnershipChainedDB GO   USE OwnershipChainedDB GO   /* Create users Mary and Alex */ CREATE USER Mary WITHOUT LOGIN GO   CREATE USER Alex WITHOUT LOGIN GO   /* Create a sensitive table and change owner to Mary */ CREATE TABLE SensitiveData (     IntegerData INT ) GO   ALTER AUTHORIZATION ON SensitiveData TO Mary GO   /* Create procedure and change owner to Mary */ CREATE PROCEDURE SelectSensitiveData AS BEGIN     SET NOCOUNT ON       SELECT *     FROM dbo.SensitiveData END GO   ALTER AUTHORIZATION ON SelectSensitiveData TO Mary GO   /*Note that at this point Alex does not have any explicit grants on the SensitiveData table */   /*Now grant execute on the procedure to Alex*/ GRANT EXECUTE ON SelectSensitiveData TO Alex   /*Note that Alex can query data from the SensitiveData table through the procedure due to ownership chaining */ execute as user='alex' exec SelectSensitiveData revert;   Posted Wednesday, December 21, 2011 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• Powershell on the Way to Work–Part 7

  “Aaaaaachoo!” Sorry got as cold today.  But we can still chat right? Today we’re going to learn about Variables in Powershell.   Ok don’t run away.  I’m not going to get all Developer on you and starting speaking in Tongues and spout Functions and code. We’re going to use Variables for the moment the same way we did in Dos.   Dos was easy SET THIS=SomethingOrOther And if we wanted to see that we did ECHO %THIS% Looks familiar right? In Windows Powershell we don’t have to use SET and the Variable name always starts with “$”  (That’s to remind you of all the money you’re going to save with Windows Powershell ) In actual fact, I think they stole it from Python (no not Monty Python) but I could be wrong.  So here is the same Variable we did in Dos in Powershell $THIS=’SomethingOrOther’ You’ll see another difference.   I put quotes around the text.   Powershell is Smart enough to know the difference between Text and numbers.  But it has to be told that.   To identify TEXT from a Number you put either a Single quote around either side or Double quotes.  There is a difference but don’t worry about that now.   Text is still text.   Double quotes just give us “extra Powers” later on. Now if want to Echo that back to the screen I can just type in $THIS or WRITE-HOST $THIS Here’s the neat part with Powershell variables.   They do all the hard work.   I can tell a Powershell variable that it’s a Number, Text or even the Date and IT will figure it out.  Like this $ABunchOfSillyWords=’Hi Diddly Dee, an IT Pro Life for me’ $MostImportantNumberEVER=42 $TheCurrentDay=(GET-DATE) I can see a few eyes popping open.  “What do you mean you ran a Cmdlet and stored it’s output away?” That’s because we’re working with Objects.  We’ll talk about that next time, Right now I have to go sneeze Cheers Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Tuesday, December 20, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• Powershell on the Way to Work–Part 6

  Hello, back on the grid again.  literally.   It appears that “Somebody” decided that redirecting all the traffic down a one lane residential street was a good idea.  So I’m stuck for a bit.  We can talk. Being that I have Time on my hands I think today we’ll talk about time in Powershell.   It IS far cooler than the old CMD.EXE prompt and far more Powerful.   Let’s try something simple.  I’ll introduce you to GET-DATE GET-DATE Yep, that was awe inspiringly boring.  I get the date.   But that’s not all it can do.    It can tell me what Day that was. (GET-DATE).DayOfWeek Or better yet, maybe I just want to know how many days into the Year we are. (GET-DATE).DayOfYear I could even with a wave of my hand do this and step into the Future (GET-DATE).Adddays(24) Pretty neat eh?  There’s even built in formats you can choose from like a Short Date or just the Time. (GET-DATE).ToShortDateString() (GET-DATE).ToShortTimeString() I can even tell it to show me a date based upon Criteria I give it. GET-DATE –Month 9 –Day 13 –Year 1999 (Ed….Hmmmm I see no “Space:1999” fans in the audience here.   Well THAT joke was lost. )  But as you can see, GET-DATE is incredibly powerful as I can even produce content from it.   In fact later on when we show you how easy it is to work with Dates and Times in Windows Powershell you’ll wonder why you never used it before. Well traffic is cleared up, I’ll be going now.  Don’t forget anytime you need examples of what a Cmdlet can do in Windows Powershell just key in GET-HELP NameOfCmdlet –examples GET-HELP GET-DATE –examples Touch base soon! Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Monday, December 19, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• What was I thinking???

  Hello folks, Today my daughters helped me realize something.  they convinced me to stop watching videos and reading “howto” articles and actually strap on the snow board and go to the hills with them. You see…  I’ve been contemplating learning to Snowboard. I went out I bought a board, boots, a helmet, the whole kit and kaboodle. (I don’t know where this expression comes from but this is something my dad used to say all the time…) Then to prepare, I read articles, I watched videos.  I thought I was learning.  WRONG!!!! I was definitely fooling myself. I thought I would look like this picture after my research. I was so far from learning to snowboard. in fact it looked like I was learning to snowplow down the hill, with my face.  I looked a lot more like this…   I then realized that this translate very well to my professional life.  I’ve never been a book learner.  I need to do it.  As my wife the grade 6 teacher tells me I’m a tactile learner.  I need to put my hands on the stuff I’m trying to learn to get it.  That’s why when trying to rap my head around new products like the new System Center 2012 Suite that just got it’s RC release I need to download it put it up in my lab and start playing with it.  As I run in to situations, I then go to blogs and TechNet to figure out the details.  there is nothing like getting your hands on the goods. that why I always go to the Microsoft Evaluation Center and download the evaluation copies that I need. Evaluation Steps Select a product from the list below Review system requirements Register for evaluation Download and install software Receive emails to access expert resources Use blogs & forums to share tips I’m telling you I spent more time reading and watching about Snowboarding then  I did actually going down the mountain.  but I can tell you that the last run of the day was the best.  I stayed mostly upright, did not break anything and learned a little.  but a lot more than just reading about it.  I love the last run of the day, because it leads to the chalet.  but whether its learning to snowboard or learning to take advantage of the System Center 2012 suite somehow I always end up here! Now, get going!  go the the evaluation center, and download something.  Never stop learning.  Whether it learning new IT skills, or learning not to break your neck. They both can bring you satisfaction and a sense of accomplishment that only that kind of personal growth can bring you. Pierre Roman, MCITP, ITIL | Senior Technical Account Manager | Directeur de Compte Technique Senior IT Pro blog | Twitter | Facebook | LinkedIn Posted Sunday, December 18, 2011 6:18 PM from Canadian IT Professionals | 0 Comments Filed under: Career, Commentary, Pierre Roman, Learning

• How would you like a DoubleDouble ?

  Time time of year everyone is rushing to get things done both work and in their home life. As you rush to the get ready for the holidays – you might also be like a lot of IT folks who relish the time in-between December 25th and new years eve.  This slower / quieter time at work could open up an opportunity – a brief window of time - where you can try some things out before the new year.  (I personally loved this break when I worked as an IT admin – I literally had the run of the office and time to try out new things.) If you are in this situation and are looking for something to try out and expand your skill base to make you into a Hero at work – might I suggest checking out our System Center 2012 product line?  It’s currently in Pre-Release RC mode (Release Candidate) that will be upgradeable to Full product when it goes RTM in the new year.  Management solutions like our System Center release of products put you in the drivers seat of your datacenter.  Need to manage the plethora of new devices coming into your office after the workers return with shiny new tablets, slates, iWhatevers – System Center Configuration Manager 2012 has you covered for those Consumerization of IT woes. Backups slowing you down? Need something more effective then tape, in multiple geographic locations? System Center Data Protection Manager has you covered. Want some down and dirty consultant-in-a-box performance monitoring and optimization across all your datacenter and non Microsoft devices like routers, switches and mystery distributions? System Center Operations Manager 2012 has your back Grappling with your physical AND virtual worlds with multiple hypervisors? Living in the land of VMware, Citrix and Hyper-V? System Center Virtual Machine Manager simplifies your virtualization woes and gives you a silver lining to your Private Cloud. If this isn’t enough to get you interested in getting the jump on your skills adjustment and checking out our latest offerings before they RTM (I mentioned they are upgradeable to RTM, right?) – how about I sweeten the deal for you, while they are downloading? Let me simplify it for ya. Use this link to get started Sign in with your WindowsLive ID (to pre-populate your data) Verify your SHIPPING details to your mailing address and other pertinent data. (you will want to ensure it is correct) click FINISH – the download manager will start to download your evals in one click. Why was step #3 so important?  We’ll ship you a gift card from a famous Canadian coffee retailer (rhymes with Jim Morton’s) for about 5 double-doubles for your troubles and enjoyment as you work through the evaluations and how they’ll make you a Management guru in your work environment.  Heck – you can even check out some of the free online training at www.microsoftvirtualacademy.com while you are waiting for them to complete their DL. What are you waiting for? Don’t Delay – we’ve only set aside a certain number of cards.  Once they are gone – they are gone! That link again is http://www.microsoft.com/canada/technet/system-center/ oh – and before anyone asks – this offer is valid and available to ALL CANADIAN Citizens in Canada, INCLUDING Québec! Posted Friday, December 16, 2011 7:16 PM from Canadian IT Professionals | 0 Comments Filed under: System Center, Rick Claus, Announcement

• Powershell on the Way to Work–Part 5

  Oh hey.  Back again are you?  Good thing too.  Flat tire so I’m stuck on side while the Tow Truck driver changes my tire…. So let me take a few minutes today and show you a pretty cool Cmdlet called GET-CHILDITEM. If you remember a bit back, I showed you how typing DIR executes a GET-CHILDITEM. So you might think “Ah! GET-CHILDITEM is Powershell’s version of DIR!” You might think that but it wouldn’t be accurate.  I could get into great descriptions about Objects and DotNet but then you would fall asleep and my head my explode.    So let me show you some things GET-CHILDITEM can do and YOU can decide just what it is. First off, it’s not only good for the File System.   It can access what the Powershell world refers to as “Providers”.   The File system is only one.  For example if I do GET-CHILDITEM C:\ You see a file directory of C:\ but I can also do this GET-CHILDITEM HKCU: Which will dump all of the keys in the Root of HKEY_CURRENT_USER GET-CHILDITEM CERT: Which will give me the ability to access my certificates.  There are others it can do as well.   We can access the built in Environment variables in Windows (Remember all stuff we used to access in DOS?  Yep! Nothing lost!) or even Navigate and filter on a much higher level. So it IS a Directory Cmdlet in a sense.  It will much of the content that you want.   To call it directory is not precise but it does meet our needs as the IT Pro.   Now let’s show you something neat it can do.   Like the old DIR it can recurse GET-CHILDITEM C:\ –recurse But we can also filter and say “Only give me these file types” GET-CHILDITEM C:\ –recurse –include *.txt, *.ini Or this was a neat one I ran across.   Go through a structure and show me ONLY files or ONLY directories GET-CHILDITEM C:\ –directory GET-CHILDITEM C:\ –file You can even combine this bits together GET-CHILDITEM – C:\SomeFolder –recurse –directory By default hidden files like System are still hidden but you can view them with a –force added on GET-CHILDITEM –C:\ –Force GET-CHILDITEM is an incredibly Powerful Cmdlet.   I’m betting you’re seeing what I did as an ITPro.  That even if I didn’t learn to script, just knowing this means I COULD have a far more powerful search tool on me.   But it get’s better.    You could actually delete files in Powershell based upon Date Time in only two lines.   But we’ll get into that later.   For now, the tire is back on the car.  Back to work and we’ll chat soon. Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Friday, December 16, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• Powershell on the Way to Work–Part 4

  Traffic was rotten today so I’m sitting in a coffee shop.  Don’t tell the boss ok? So last time I mumbled something or other about Aliases and did a Wave of my hands to make you look the other way.  No ? I didn’t do that?  Darn Jedi mind tricks. So we mentioned Aliases.    Those familiar with the Unix world will know what an Alias is.   It’s just another word or set of characters to represent something else.  Sometimes to ease typing, sometimes to give us a comfort zone. We showed you GET-CONTENT also worked if you did TYPE.  Again this was because an ALIAS already existed for this. If you’re curious… we’ll take a few minutes to look at Aliases.  They’re kinda neat. If you type in GET-ALIAS This will show you a list of the current Aliases active in your Powershell console.   But since very few people can read as fast as I can normally talk, I would recommend our friend MORE get’s tacked on. GET-ALIAS | MORE We can see Aliases for most of the Cmdlets.   If you look near the bottom you’ll see a familiar one called ‘dir’ – When you type in ‘dir’ in Windows Powershell it’s ACTUALLY running ‘GET-CHILDITEM’.  Type it in and take a look at the results DIR You’ll see output that looks an AWFUL lot like the DIR command in CMD.EXE and DOS.  That’s because GET-CHILDITEM run against a folder will do exactly that.   So although GET-CHILDITEM is an unfamiliar command to you since you’ve just started in Windows Powershell, it DOES work very much (although not the SAME) as DIR.   Using the Aliases can help Powershell become more comfortable using familiar names. Now if you’re curious what is the Powershell Cmdlet for a particular Alias, just ask Powershell.  So let’s say we were using what we THOUGHT was the TYPE command and we needed to know what it really was in Powershell?  Just key in. GET-ALIAS type Afterward you’ll see output on your screen showing you the Alias name “type” under the heading “Name” and the actual Powershell Cmdlet “Get-Content” under “Definition” Now the flip side is what if you found a Powershell Cmdlet and were curious if there are any predefined Aliases for it?  That’s an easy one as well GET-ALIAS –Definition Get-Content Again how I figured most of that out was play with GET-HELP GET-Content –examples to see if there was an example of how to use this particular Cmdlet.  I found the third example provided in help had what I wanted but I had to edit the name of the Cmdlet. If you’re feeling curious I can take a few moments and show you how to make an Alias.  It’s actually very easy.  We use the “NEW-ALIAS” Cmdlet. So let’s say we’d like to make an extra alias for Get-Content called “showfile” All we’d have to do is type in NEW-ALIAS –name showfile –value Get-Content Now you can type in showfile as well as type for Get-Content.   Take note, this is a temporary change and will go away.  Yes you can make it permanent but my Boss is now buzzing me.  I should actually get back on the road to work Until next time, Keep on Shellin’ Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Thursday, December 15, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• Powershell on the Way to Work–Part 3

  Hey!  Glad to see you again.   I took the bus today.   Gives me a little more relaxing time to clear my brain.  It’s nice not to be stuck on the HIghway today. We were playing with getting some basic help on a Powershell Cmdlet.  As we said, most of them are pretty good as they provide examples. Let’s take a look at one of the simpler Cmdlets called “GET-CONTENT”.  So who here would like to place bets on what “GET-CONTENT” does?  Anybody?  Anybody?  Bueller?  Bueller? Let’s find out. GET-HELP GET-CONTENT –Examples If you look at some of the presented examples you should be quick to pick up that “GET-CONTENT” will GET the CONTENT of a file.  It will Get the Content of any file you specify just like TYPE did.  For example if you were to key in GET-CONTENT C:\FOO\Somefile.txt It would output to the screen the content of “Somefile.txt” located in the C:\FOO folder (whether that content may contain legible data is another issue of course) Unlike TYPE in DOS we have newer features like “Tail” which can view the “Tail end” of the text file.    This line will show me the last 5 lines of a Text file called “Booga.txt” in C:\Stuff folder GET-CONTENT C:\Stuff\Booga.txt –tail 5 Now here’s a neat trick, try using “TYPE” in Powershell TYPE C:\Stuff\Boogs.txt Isn’t that interesting?  It still seems to work.  That's because Powershell offers us a feature called “Aliases” to use other words or short forms to call up the same Cmdlets. We’ll talk about Aliases a little later on and how you can use them.  Right now my bus has just gotten to it’s stop. Chat soon! Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Wednesday, December 14, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• “The SQL Guy” Post # 7: SQL Server Database Engine Permission Model–Part 1

  This week we start the first of a three-part series on SQL Server database permissions and the permissions security model used by the database engine. In conversations with many individuals across the country, I have found that not all DBAs or prospective DBAs that I have talked to are always sure about how SQL Server security works and a common understanding may help clarify some things. This week we start with the basics of understanding the three commands you use to configure SQL Server security and how they are applied in SQL Server. As always, if you want to test these out and don’t have SQL Server handy, you can download a full-featured evaluation copy of SQL Server 2008 R2 from the TechNet Evaluation Center at http://technet.microsoft.com/en-ca/evalcenter/default.aspx (look under Server Products and Technologies | Release). If you are feeling adventurous and want to explore SQL Server 2012 RC0, you can download it from http://technet.microsoft.com/en-ca/evalcenter/hh225126.aspx. Give it a try! SQL SERVER DATABASE ENGINE PERMISSION MODEL (PART 1) Imagine for a moment that you are a SQL Server production DBA. You arrive at the office and there are two new co-worker requests in your e-mail inbox: Bob works in merchandise and needs read-only access to all the sales data so that he can run reports to forecast purchase volumes, Alice is a new junior DBA who only requires access to the meta-data. These seem like easy requests to fulfill – or are they?   The SQL Server Permission model can be used to solve this.   Securables are entities that SQL Server controls access to through permissions. Permissions enable a principal to perform actions on a securable. Across all securable scopes, the primary commands to control access to a securable are GRANT, DENY and REVOKE.   UNDERSTANDING GRANT, DENY and REVOKE T-SQL COMMANDS GRANT, DENY and REVOKE are T-SQL commands for managing permissions. Although, you might have used them to control permissions, couple of times REVOKE and DENY have confused most of us.   Here’s a brief explanation of GRANT, DENY AND REVOKE – (a)     GRANT – Lets a principal perform an operation on a securable object. (b)    DENY – Denies permission to perform an operation to a principal on a securable. Denies take precedence over all GRANT permissions and thus principals will not be allowed to perform the operation requested on the securable. (c)     REVOKE – Removes the assigned GRANT/DENY permissions on a securable.   Example - You can GRANT Bob EXECUTE permissions on a stored procedure but then realize you made a mistake. If you REVOKE the EXECUTE permission then you are simply reverting back to the state before the GRANT. Bob might still have access to the procedure through Windows group or SQL Server role memberships. If you DENY Bob EXECUTE permissions, then he will not be able to execute the stored procedure even if he receives the permission through another group or role membership.   Additionally, in the case of fixed role memberships, DENYs do not take precedence.   Securable scopes in SQL Server SQL Server securables contain three scopes, which are used to assign permissions to users. The securables are nested and each securable contains various other securables as shown in the figure below –   (1)  Server scope which includes server roles, logins etc. (2)  Database scope which includes database users, application roles, database roles, etc. (3)  Schema scope which includes various database objects such as tables, views, stored procedures, etc.   Figure 1 : SQL Server Security Principals and Securables To look at the permissions that are assigned at the server scope, use the sys.server_permissions catalog view. To look at the permissions that are assigned at the database scope, use the sys.database_permissions catalog view.     What permissions do I have? You can use the sys.fn_get_my_permissions function to get a list of permissions held by the calling principal on a specified securable. SELECT * FROM fn_my_permissions(NULL, 'SERVER'); SELECT * FROM fn_my_permissions (NULL, 'DATABASE'); This function only returns the permissions obtained by one of the following : (1)    Permission directly granted to the principal and not denied. (2)    Permission implied by a higher-level permission held by the principal and not denied. (3)    Permission granted/held to a role or group of which the principal is a member of and not denied.   How many permissions and how do they relate to each other? SQL Server Code-named ‘Denali’ has 214 permissions in total and we can’t cover every permission here. Look at the poster available here to learn about them and their relationship to each other.     Back to solving the permission problem for Bob and Alice If we can identify the tables that Bob needs access to we can grant select permission to Bob to these tables. Alternatively, if there are many users such as Bob that might have similar data access requirements, we can create a database role (say MerchandiseReaders), assign the role required permissions and add users who need to access to read merchandise information into the MerchandiseReaders role.   Since Alice only requires access to the meta-data, it is sufficient to grant Alice VIEW ANY DEFINITION and VIEW SERVER STATE permissions.   In the next two posts, we will go into details on topics related to ownership chaining, module signing and suggesting some best practices around SQL Server permissions such as least privilege. Posted Wednesday, December 14, 2011 9:00 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• Powershell on the Way to Work–Part 2

  Gimme a second here, just have to park the car for a moment and get out my coffee.   Rush hour is crazy today. If I remember correctly we introduced you to a new Console called Powershell.   Really.  Just that.  A Shell.  Yeah we’re pretty certain it may bring about World Peace someday but we’re going to stick to the basics. Last time we run a Cmdlet (CoMmanD-LET) called GET-COMMAND To give us a list of available Cmdlets in Powershell.  But then I changed the landscape on everybody and added something to it to only show me the available Cmdlets GET-COMMAND –CommandType Cmdlet So how did I know I could do that? Within Powershell is a Help system.  It works a bit like the DOS and CMD.EXE one did where you would say “HELP” and put the Console Command afterwards.  But in Windows Powershell it’s called GET-HELP I can type GET-HELP GET-COMMAND and it will show me the parameters of that Cmdlet. Keying in GET-HELP GET-COMMAND –detailed or GET-HELP GET-COMMAND –full Will give me far more detailed information on it or the Full wallop that particular Cmdlet.   Just like in DOS I can use MORE and start pausing all of those goodies on the screen. GET-HELP GET-COMMAND –full | MORE But most Powershell Cmdlets have the ONE thing the ITPro needs.   Real world examples of how they can be used.   For the GET-COMMAND Cmdlet if I type GET-HELP GET-COMMAND –examples Will give you samples of how GET-COMMAND can be used.  Play with GET-COMMAND with some of the examples.  Get comfortable.  Relax Did you blink?  Guess what.  You’re already using the basics of Windows Powershell and may not have realized it.   Nice eh? Next time we’ll try some of the other Cmdlets to see what they offer us as the IT PRo. Until next time, go ahead and play.  It looks like traffic is clearing up and I’m back on the highway. Go ahead get your hands dirty Sean Kearney Twitter: @energizedtech www.powershell.ca Posted Tuesday, December 13, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• “The SQL Guy” Post # 6: Save Time Connecting to SQL Server Using Management Studio (SSMS)

  OK, so I’ve been on a bit of a break over the last couple of months. Truth is, with TechDays Canada being one of the major things I am responsible for here at Microsoft Canada, time has been a previous resource. Now that the TechDays 2011 tour is complete, things are looking up to keep these blog posts going. This post provides you with some info on how to take advantage of SQL Server Management Studio (SSMS) features you may not be aware of. They work on all versions of SQL Server that I have tried (2008, 2008R2 and 2012 RC0) and provide a great way to create shortcuts to connect to specific server instances. To take them for a spin, you can download an full-featured evaluation copy of SQL Server 2008 R2 from the TechNet Evaluation Center at http://technet.microsoft.com/en-ca/evalcenter/default.aspx (look under Server Products and Technologies | Release). If you are feeling adventurous and want to explore SQL Server 2012 RC0, you can download it from http://technet.microsoft.com/en-ca/evalcenter/hh225126.aspx. Give it a try! SAVE TIME WITH ONE CLICK CONNECTION TO SQL SERVER You are a developer or DBA responsible for working with a specific database. Every time you open up SQL Server Management Studio, you have to provide the name of the SQL Server Instance,  Authentication Type, User Name and Password and if you are planning on working with a specific database, you will need to click on Options and then select the default database. Once you are logged in, you will then need to click on New Query to open the query editor.   Performing the above operations on a frequent basis to connect to SQL Server using management studio could time consuming. Wouldn’t it be nice if you could simply click on SQL Server Management Studio and it logs you in and also connects to the database you usually work with and open up query editor by default for you?   You can now change the behavior of SQL Server Management Studio to make it work the way you want and here’s how you can do that. Please note that there are two changes that needs to be done:   1.       Update the SSMS.EXE to include the connection parameters in the Shortcut link:   CONNECT TO SQL SERVER THRU MANAGEMENT STUDIO WITH DEFAULT VALUES   Syntax: SSMS.EXE –S <ServerName> -d <Database_Name> -E   Example: SSMS.EXE –S TK2SAMSQL01 –d MSSOLVE –E   You can update the shortcut link of SQL Server Management Studio from Start->Programs->SQL Server 2008-> SQL Server Management Studio link. (Simply right click on the link and select properties to update the link)   2.       Configure SQL Server Management Studio to open Object Explorer and Query Editor by default:   OPEN QUERY EDITOR BY DEFAULT WHEN MANAGEMENT STUDIO IS LAUNCHED STEPS ACTION 1 SELECT TOOLS FROM SQL SERVER MANAGEMENT STUDIO MENU 2 SELECT OPTIONS FROM THE TOOLS MENU 3 SELECT GENERAL FROM THE ENVIRONMENT FOLDER 4 CLICK ON THE DROP DOWN LIST OF “AT STARTUP” OPTION 5 FROM THE DROP DOWN, SELECT “OPEN OBJECT EXPLORER AND NEW QUERY” 6 CLICK ON OK AND CLOSE AND RESTART SQL SERVER MANAGEMENT STUDIO   After both the above changes are implemented, SQL Server Management Studio will need to be closed. When you launch SQL Server Management after making the above changes, it will bypass the security dialog box and will connect you straight to the database you want to work with and will also launch query editor along with object explorer. This could potentially save the time of a developer by not having to go thru multiple manual steps.   SQL SERVER MANAGEMENT STUDIO CAN OPEN UP 4 DIFFERENT TYPES OF WINDOWS AT STARTUP 1.       OBJECT EXPLORER (This is the default window) 2.       NEW QUERY WINDOW 3.       OBJECT EXPLORER AND QUERY EDITOR (You should select this for this example) 4.       EMPTY ENVIRONMENT   Important: You will need to close SQL Server Management studio and launch it again for the above changes to take effect.   Posted Monday, December 12, 2011 7:15 PM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• Powershell on the Way to Work–Part 1

  I’ve heard from many IT Pros who want to learn Powershell.   They want to because they need to.   All the new technology revolves about Powershell.  Many vendors are beginning to adopt Powershell as an automation solution. But just where do you start? Let’s start at the beginning.   An Introduction.   My friends, this is the Powershell Console Powershell, please say Hello to everyone out there. Ok yes… that was silly but that is your first introduction to Powershell.  It is a Shell just like CMD.EXE was a Shell.  It can accept simple commands.  Just like ECHO was a simple command.   That is the direction we’ll try to go with. You’ll hear a lot about how Powershell is a new Scripting Solution, it can manage Active Directory, it can (if you teach it apparently) tie your shoes.   But for the ITPro you don’t need to know ANY of that just to use Powershell. Key word in there… SHELL.  We used to do a lot in the Shell before we had the GUI, there was much we did in the Shell AFTER we had the GUI.   So what we have here is a new Shell.  For me personally I consider it a Management Shell.  I do many day to day tasks with Powershell.   Sometimes it makes more sense to leverage a tool in the GUI. But to use it, I didn’t really have to sit down for days and learn it.  I just picked up some simple Cmdlets I needed to aid me in my job as a Network Administrator when I started with Powershell. First off, what is available? There is a massive amount of Commands here referred to a Cmdlets (Pronounced CoMmanD-LETs) which all follow a simple VERB-NOUN structure.   You will have options like DISABLE-ADACCOUNT GET-CONTENT EXPORT-CSV Many of them are written to just make sense out of the box.  These are actual features that can be accessed from Powershell.  Imagine being able to easily UNLOCK a user account or DISABLE a computer?  Maybe even find files buried in the filesystem. This is what I use Powershell for.  To get a list of available Cmdlets in your Powershell console key in GET-COMMAND Of course your eyes will buzz out of your head with the rows pouring on the screen.   But just like in the world of CMD.EXE our friend “MORE” is still there to help GET-COMMAND | MORE That will let us step through and view the pages full of Content.  Just like in DOS and CMD.EXE.   You’ll three different types, Alias, Function and Cmdlet.   We’ll talk about the differences next time.  But for now We’ll change the GET-COMMAND to only show us Cmdlets. GET-COMMAND –type Cmdlet | MORE Nice.   Only Cmdlets to see.   Less to confuse us with a smaller pile.   Where do you start?  Believe it not.  Just try typing in a Cmdlet to see what it does.   All of the Hotkeys you had in CMD.EXE still work too.  CTRL-C is still your best friend. But how did I find out how to work “GET-COMMAND” ? What if I want bigger letters?  What if I don’t like Blue?  What if I want to customize the console? All of this and more when we return.  Time for me to head out of the car and get to work.  I’ll see you soon. Sean Kearney Twitter:  @energizedtech www.powershell.ca Posted Monday, December 12, 2011 9:30 AM from Canadian IT Professionals | 0 Comments Filed under: Guest Bloggers, PowerShell

• Cloud Computing–You’re Probably Already Using It!

  I’m not sure if are aware of this, but twice a year through something we call "The Global Relationship Study" – we here at Microsoft Canada reach out and contact you to see how we're doing and what Microsoft could do better.  Every year a number of items come up where you tell us we need to do more to make you understand how some of our technologies can help you be successful in your role.   One of these areas that came up in the last survey was Cloud Computing.  There’s a lot of confusion out there about what the cloud is and what it can do for your organization.  When it comes to cloud computing, you may already be using it without knowing.  As consumers we use the cloud every day with services like Hotmail or another web-based email service, social media like Facebook and LinkedIn, as well as the ability to view, edit and share document on Windows Live SkyDrive using Office Web Apps.   A great way to transition your business into Cloud Computing would be to start with applications.  Microsoft has two Cloud apps that will help you with that transition, as well as help your organization reduce costs and really set you up to grow further into the cloud in the future.   Microsoft Office 365    ·         Microsoft Office 365 is a personal favourite of mine and includes cost-effective yet enterprise-grade hosted email through Exchange Online, a full collaboration platform with SharePoint Online, and the ability to easily communicate with your team anywhere in the world through Lync Online.  ·         It’s also a pay-as-you-go subscription service, meaning a smaller cost spread over each month instead of a large upfront payment helping you budget more effectively.  ·         You can try it free for 30 days to experience it for you and your team.     Windows Intune   ·         Windows Intune is a great cloud-based solution that can help you manage and secure your PCs no matter where they are located.  ·         Among other things, you can perform security and management tasks remotely and deploy updates and line of business applications from a central location and also help ensure that all your computers are fully up-to-date with the latest anti-virus definitions.  ·         To try Intune free for 30 days or learn more, go to the Windows Intune website.     When it comes to building an on-premise data center solution as a cloud service, we’ve put together a great blog post about how and why you should consider this for your business.  Want to try it yourself? Start by visiting the TechNet Evaluation Center and downloading Windows Server 2008R2 with SP1, Hyper-V Server, and the System Center 2012RC products to get started building your Private Cloud lab.   You may also want to take advantage of these other great Cloud Computing Resources: Office 365 Trial/Info page  - get more information or try it out for yourself. Office 365 Videos – see how businesses like yours have used Office 365 to transition to the cloud. Windows Intune Trial/Info – get more information or try it out for yourself. Microsoft Virtual Academy – for free online training to help improve your IT skill set. Posted Monday, December 12, 2011 9:00 AM from Canadian IT Professionals | 0 Comments Filed under: Cloud, Windows Intune, Office 365

• Demystifying Microsoft’s Virtualization Stack: #4 System Center Virtual Machine Manager integration

  Dave Kawula knows his stuff when it comes to Virtualization. When I asked him to put together some screencasts, we came up with a short series of them following the flow from planning through to deployment and management. I wanted to call each one out individually and wrap it together into a series – so we called it “Demystifying Microsoft’s Virtualization Stack” and here we go. Great stuff in here that Dave pulls in from his consulting experience with real world CANADIAN customers who are checking out Hyper-v and how it can integrate into their existing VMware solutions. Once they see how easy it is to use AND how cost effective it is for what they use their current solutions for – The next obvious question is how to Manage / Migrate from VMware to Hyper-V… Don’t worry – that’s in an upcoming series. Get the software you need TODAY to try this out from the www.microsoft.ca/evalcenter Hyper-V Server 2008 R2 SP1 Windows Server 2008 R2 SP1 System Center Virtual Machine Manager 2008 R2 SP1 or Pre-release RC of System Center 2012 products Get additional information and Training for VMware Professionals at www.microsoftvirtualacademy.com with over 15 hrs of specific VMware Admin training. Posted Friday, December 09, 2011 7:10 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Rick Claus, Hyper-V

• Demystifying Microsoft’s Virtualization Stack: #3 Disk Subsystems

  Dave Kawula knows his stuff when it comes to Virtualization. When I asked him to put together some screencasts, we came up with a short series of them following the flow from planning through to deployment and management. I wanted to call each one out individually and wrap it together into a series – so we called it “Demystifying Microsoft’s Virtualization Stack” and here we go. Great stuff in here that Dave pulls in from his consulting experience with real world CANADIAN customers who are checking out Hyper-v and how it can integrate into their existing VMware solutions. Once they see how easy it is to use AND how cost effective it is for what they use their current solutions for – The next obvious question is how to Manage / Migrate from VMware to Hyper-V… Don’t worry – that’s in an upcoming series. Get the software you need TODAY to try this out from the www.microsoft.ca/evalcenter Hyper-V Server 2008 R2 SP1 Windows Server 2008 R2 SP1 System Center Virtual Machine Manager 2008 R2 SP1 or Pre-release RC of System Center 2012 products Get additional information and Training for VMware Professionals at www.microsoftvirtualacademy.com with over 15 hrs of specific VMware Admin training. Posted Thursday, December 08, 2011 7:07 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Rick Claus, Hyper-V

• Have Many Kinds of Devices and Need to Manage Them All? We Have a Tool for That…

  Over the last few months while out visiting many communities through TechDays and other events, I often get questions from IT professionals responsible for ensuring that all devices connected to the corporate network are safe, secure, and accounted for.  With the influx of consumer-focused devices in the workplace that many of you are facing, having a tool to enable this is even more critical.  Today, I ran across a blog post on the Microsoft Server and Cloud Platform Blog on how you can use System Center Configuration Manager 2012 to do many of the things that people have been asking me about. In the blog post titled “Let System Center Configuration Manager 2012 Help You Enable Consumerization of IT”, Jeffrey Sutherland highlights the three key features of System Center Configuration Manager 2012 (download the eval here) that help you manage non-traditional “consumer” devices: Asset inventory and reporting - ConfigMgr automatically discovers all those devices that have connected through Exchange Active Sync (EAS) and collects basic inventory, so you can view them directly in the ConfigMgr console, build device collections and queries, and run asset reports. We also have a bunch of reports built-in to help you analyze the use of mobile devices at your company, such as a useful summary report that breaks out the devices by operating system. And we can even automatically associate the devices to the users, so you can pull lists of just the users who are affected by a policy change or whose chosen device may need to be updated to a newer version of its mobile operating system. Settings policy management - Define the default settings policy applied to devices connecting to EAS. Within seconds the policy will be pushed to Exchange and applied to mobile devices the next time they sync. There are close to 50 different policies that may be configured through EAS. Most common, and the most important ones in my humble opinion, are the use of strong PIN, required device encryption and remote wipe. These can ensure that your company's data is reasonably protected regardless of the mobile device choices made by your users. Remote wipe - I am calling this one out separately from the rest of the policy management as I believe it has the greatest end user impact, but it’s a critical feature to deal with lost or stolen devices or similar situations. And, if ConfigMgr has the user association information, the end user can self-service this action from the new ConfigMgr Software Catalog (stay tuned for future blogs and demos about the Software Catalog). You can read the full blog post here.  To try this out in your own demo environment, download ConfigMgr from the TechNet Evaluation Center.  You can also download the full set of System Center 2012 products from the same location and test out how System Center Operations Manager 2012 can help you monitor all your systems and applications, as well as how to manage your Hyper-V, VMWare and Xen virtual environments with System Center Virtual Machine Manager 2012. Posted Wednesday, December 07, 2011 3:37 PM from Canadian IT Professionals | 0 Comments Filed under: System Center, Cloud, VMware

• Get your SystemCenter 2012 Groove on! New TechNet Labs LIVE!

  Hot off the press! Get yourself setup with some hands on experience while you are DOWNLOADING the RC for use in your lab and test environments.  These are remote connections to our hyper-v enabled hosting services with pre-built and documented step by step labs you can try.  They are also GREAT for play time in a sandbox where you don’t have to colour inside the lines. There are four new ones. System Center Operations Manager 2012: Infrastructure and Application Performance Monitoring System Center Virtual Machine Manager 2012: Building Your Cloud Infrastructure System Center Virtual Machine Manager 2012: Building a Service Template Introduction to System Center Configuration Manager 2012 Go Check Them OUT! Posted Wednesday, December 07, 2011 2:43 PM from Canadian IT Professionals | 0 Comments Filed under: System Center, Rick Claus

• “The SQL Guy” Post # 6: Save Time Connecting to SQL Server Using Management Studio

  OK, so I’ve been on a bit of a break over the last couple of months.  Truth is, with TechDays Canada being one of the major things I am responsible for here at Microsoft Canada, time has been a previous resource.  Now that the TechDays 2011 tour is complete, things are looking up to keep these blog posts going. This post provides you with some info on how to take advantage of SQL Server Management Studio (SSMS) features you may not be aware of.  They work on all versions of SQL Server that I have tried (2008, 2008R2 and 2012 RC0) and provide a great way to create shortcuts to connect to specific server instances.  To take them for a spin, you can download an full-featured evaluation copy of SQL Server 2008 R2 from the TechNet Evaluation Center at http://technet.microsoft.com/en-ca/evalcenter/default.aspx (look under Server Products and Technologies | Release).   If you are feeling adventurous and want to explore SQL Server 2012 RC0, you can download it from http://technet.microsoft.com/en-ca/evalcenter/hh225126.aspx.  Give it a try! SAVE TIME WITH ONE CLICK CONNECTION TO SQL SERVER You are a developer responsible for working with a specific database. Every time you open up SQL Server Management Studio, you have to provide the name of the SQL Server Instance,  Authentication Type, User Name and Password and if you are planning on working with a specific database, you will need to click on Options and then select the default database. Once you are logged in, you will then need to click on New Query to open the query editor.   Performing the above operations on a frequent basis to connect to SQL Server using management studio could time consuming. Wouldn’t it be nice if you could simply click on SQL Server Management Studio and it logs you in and also connects to the database you usually work with and open up query editor by default for you?   You can now change the behavior of SQL Server Management Studio to make it work the way you want and here’s how you can do that. Please note that there are two changes that needs to be done:   1.       Update the SSMS.EXE to include the connection parameters in the Shortcut link:   CONNECT TO SQL SERVER THRU MANAGEMENT STUDIO WITH DEFAULT VALUES   Syntax: SSMS.EXE –S <ServerName> -d <Database_Name> -E   Example: SSMS.EXE –S TK2SAMSQL01 –d MSSOLVE –E   You can update the shortcut link of SQL Server Management Studio from Start->Programs->SQL Server 2008-> SQL Server Management Studio link. (Simply right click on the link and select properties to update the link)   2.       Configure SQL Server Management Studio to open Object Explorer and Query Editor by default:   OPEN QUERY EDITOR BY DEFAULT WHEN MANAGEMENT STUDIO IS LAUNCHED STEPS ACTION 1 SELECT TOOLS FROM SQL SERVER MANAGEMENT STUDIO MENU 2 SELECT OPTIONS FROM THE TOOLS MENU 3 SELECT GENERAL FROM THE ENVIRONMENT FOLDER 4 CLICK ON THE DROP DOWN LIST OF “AT STARTUP” OPTION 5 FROM THE DROP DOWN, SELECT “OPEN OBJECT EXPLORER AND NEW QUERY” 6 CLICK ON OK AND CLOSE AND RESTART SQL SERVER MANAGEMENT STUDIO   After both the above changes are implemented, SQL Server Management Studio will need to be closed. When you launch SQL Server Management after making the above changes, it will bypass the security dialog box and will connect you straight to the database you want to work with and will also launch query editor along with object explorer. This could potentially save the time of a developer by not having to go thru multiple manual steps.   SQL SERVER MANAGEMENT STUDIO CAN OPEN UP 4 DIFFERENT TYPES OF WINDOWS AT STARTUP 1.       OBJECT EXPLORER (This is the default window) 2.       NEW QUERY WINDOW 3.       OBJECT EXPLORER AND QUERY EDITOR (You should select this for this example) 4.       EMPTY ENVIRONMENT   Important: You will need to close SQL Server Management studio and launch it again for the above changes to take effect. Posted Wednesday, December 07, 2011 8:15 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server

• Demystifying Microsoft’s Virtualization Stack: #2 Node Configuration

  Dave Kawula knows his stuff when it comes to Virtualization. When I asked him to put together some screencasts, we came up with a short series of them following the flow from planning through to deployment and management. I wanted to call each one out individually and wrap it together into a series – so we called it “Demystifying Microsoft’s Virtualization Stack” and here we go. Great stuff in here that Dave pulls in from his consulting experience with real world CANADIAN customers who are checking out Hyper-v and how it can integrate into their existing VMware solutions. Once they see how easy it is to use AND how cost effective it is for what they use their current solutions for – The next obvious question is how to Manage / Migrate from VMware to Hyper-V… Don’t worry – that’s in an upcoming series. Get the software you need TODAY to try this out from the www.microsoft.ca/evalcenter Hyper-V Server 2008 R2 SP1 Windows Server 2008 R2 SP1 System Center Virtual Machine Manager 2008 R2 SP1 or Pre-release RC of System Center 2012 products Get additional information and Training for VMware Professionals at www.microsoftvirtualacademy.com with over 15 hrs of specific VMware Admin training. Posted Wednesday, December 07, 2011 7:02 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Rick Claus, Hyper-V

• Demystifying Microsoft’s Virtualization Stack: #1 Planning Hyper-V Installs

  As I mentioned yesterday in the introductory blog post about Dave Kawula – he knows his stuff when it comes to Virtualization. When I asked him to put together some screencasts, we came up with a short series of them following the flow from planning through to deployment and management. I wanted to call each one out individually and wrap it together into a series – so we called it “Demystifying Microsoft’s Virtualization Stack” and here we go. I know I posted the link yesterday for this video – but I wanted to call it out specifically here as well. Great stuff in here that Dave pulls in from his consulting experience with real world CANADIAN customers who are checking out Hyper-v and how it can integrate into their existing VMware solutions. Once they see how easy it is to use AND how cost effective it is for what they use their current solutions for – The next obvious question is how to Manage / Migrate from VMware to Hyper-V… Don’t worry – that’s in an upcoming series. Get the software you need TODAY to try this out from the www.microsoft.ca/evalcenter Hyper-V Server 2008 R2 SP1 Windows Server 2008 R2 SP1 System Center Virtual Machine Manager 2008 R2 SP1 or Pre-release RC of System Center 2012 products Get additional information and Training for VMware Professionals at www.microsoftvirtualacademy.com with over 15 hrs of specific VMware Admin training. Posted Tuesday, December 06, 2011 9:42 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Rick Claus, Hyper-V

• Knowledge is Power–Free Resources to Keep Your Skills Updated

  As someone who works in the IT industry, you know that things are always changing.  At the same time, a lot of people depend on you and your skills to keep things going. What better way to stay on top of this change than to keep learning?  Our goal is to make this just a bit easier for you.  There are a lot of resources out there so we’ve created a short list of must have learning resources that you can use to help improve your IT skill set and hopefully set you up for future career growth. TechNet Evaluation Download Center Stay up to speed on the newest Microsoft software by actually getting your hands on trial versions of it.  A great example is that there are now eight, that’s right eight new, pre-release versions of System Center 2012 available for you to try out.  Download them right now and start your learning! Virtualization Certification The path to getting certified won’t only help increase your skill set, being a Microsoft Certified Technology Specialist also looks pretty good on your resume too!  The best part is you can get certified for free with the Virtualization Certification Challenge.  Note: see the Terms and Conditions for this offer. Microsoft Virtual Academy Free training is great, free training online that you can do at your own pace is even better!  MVA has training in bite sized, consumable chunks on a multitude of Microsoft products and technologies.  Check out courses like Office 365 for the IT Pro – The Platform, or Planning, Building and Managing a Private Cloud.  There’s already a lot of content available, with more on the way.   If you’re interested in getting updates like this on a more regular basis, sign up for the TechNet eNewsletter today, a bi-weekly newsletter for Canadian Technical Professionals. Happy Learning! Posted Tuesday, December 06, 2011 8:10 AM from Canadian IT Professionals | 0 Comments Filed under: TechNet Info, Virtualization, MVA, Learning

• Canadian IT Folks–Dave Kawula–demystify’er of all things virtual

  (I know that word doesn’t exist – but I had a mental block and didn’t know what to use, so it stuck) As you may or may not know – I participate in the LinkedIn group called Canadian IT Folks – thought the name was a good fit for this series – one thing lead to another and bang – here ya go. Continuing in the series of Canadian IT Folks, I’d like to introduce you to my next Guest Blog post subject.  Who`s the subject matter expert? Dave Kawula from Tricon Technical Services in Calgary, Alberta. He and I collaborated on a screencast series called Demystifying the Microsoft Virtualization Stack earlier this year and it’s going to be posted this week here on the Canadian IT Pro Blog.  Dave also helped me out immensely being the main anchor for the Virtualization content area by shouldering the load of 3 sessions on Hyper-V, VMware and Virtualization Performance tuning. These will be available online at TechDays.ca in the not too distant future.  Here’s Dave’s Bio and Post. Dave Kawula is the CEO and Chief Architect of TriCon Technical Services Inc. based in Calgary.  Since 2004, Dave has been working with Microsoft’s internal technical SMSGR and GTR departments to create internal Microsoft training materials.  To date he has helped author over 40 courses for Microsoft.  Though Dave’s extensive virtualization expertise, TriCon has launched itself into the Hosted Solutions space with its TriCONNECT offering which features products such as Hosted Exchange, Virtual Desktops and Virtual Services On-Demand. Dave recently took on the role of Datacenter Virtual Technology Specialist at Microsoft – a recognition that he’s knows his stuff on all things virtual and helps out customers and partners where possible! You can follow Dave on twitter at @DaveKawula --- === --- === --- === --- Hello Hyper-V and System Center faithful. One of the jobs I took on over the summer was to do a screencast series on the Microsoft Virtualization Stack and how it compares to VMware. I am now done 4 parts of my Screen Cast Series. In the first Video you will get a great overview on how to start your Hyper-V Virtualization Project Properly. It’s all about the planning. Get your Trial Software to try this out yourself from www.microsoft.ca/evalcenter Check out www.microsoftvirtualacademy.com for free training on HyperV for VMware Administrators (among other things). Finally - Check out the video below… Posted Monday, December 05, 2011 1:14 PM from Canadian IT Professionals | 1 Comments Filed under: Guest Bloggers, Virtualization, Rick Claus, Canadian IT Folks