DST Patch for Windows 2000 updated

Just a quick update on the DST issue, I've tweaked the MSI I put together so that it can no longer be uninstalled. This is because the MSI overwrites the timezone values in the registry and uninstalling the patch was causing timezones to disappear.
There is no problem with the MSI if you don't uninstall it so I've created a v1.1 that does not allow uninstall.

The patch has been tested on Windows 2000 but not on Windows NT4. I will test on NT4 this week and post a blog article if it works.

The v1.1 patch is available here free of charge.

MM&M UG February Meeting

The February Meeting of the Microsoft Mobility & Messaging User Group was the normal interesting and informative event. It's not just the content of the user group meeting that's informative but the ability to get a view into how other people do things. With these sorts of meetings/seminars people are more likely to be more open about issues and problems they have encountered as well as about practices they follow when confronting problems.

February's MM & M User Group meeting had two very good speakers. The first (Richard Siddaway) concentrated on Powershell and specifically how power shell interacts with Exchange. The demo of using power shell to manipulate both windows and exchange was quite impressive. From what was said it does seem clear that VBScript is going to be depreciated and cmd.exe will go the same way.

Right now, Powershell is limited in what it can do simply because it's not possible for me, sitting at my PC to connect to another machine running powershell and run commands. It IS possible to embed VBScript and batch files into powershell so in theory its possible to use VBScript and WMI as well as DOS tools such as the PS Tools which will extend the functionality of the powershell.
Goning forwards I'm certainly going to try to do more with Powershell. It will be interesting to see how it develops.

The second speaker was James Clifford and this one hour session concentrated on best practices for email security and touched on elements like Microsoft Forefront. The presentation jumped about all over the place but was a hugely enjoyable session thanks to James history and insights into both the Anti-Virus industry and Microsoft. I think the key message for this session was one of how proper planning can prevent a lot of issues with the email environment and I plan to touch on these through more email and security focused future blog articles.

Technet Magazine hits the UK

Microsoft have been publishing technet magazine in the US for sometime now and it's finally reached the UK. Subscription is free and it covers the latest Microsoft technologies so it's well worth grabbing yourself a copy

The Technet UK website does have some articles available in PDF which, if you are not a subscriber yet, are well worth looking at.

It get's published about every three months so you won't get information overload like you can with some technical magazines.

Those damned quick fixes

July of 2005 was a very hot summer and I was stuck on Jury duty at Southwark crown court.
I remember the great attention to detail that the legal team paid to the proceedings. They really did cross every t and dot every i. That attention to detail sticks in my mind to this day because it's something that's lacking in virtually EVERY IT Department out there right now.

I fully accept that not every IT department needs to be as thorough as a court room and that sometimes the 'quick fix' is needed because without it you will have a system out of action for sometime but in far too many places the 'quick fix' becomes the accepted way of working, There seems to be no pride, no attention to detail, no following up or raising issues just generally sweeping it under the carpet and moving on to the next crisis.

In this type of environment no one is to blame and yet everyone is to blame. It becomes the accepted way of working. Any person who points known flaws is generally frowned upon and shushed until they slowly slip into the companies way of doing things.

Further down the line a crisis will occur which is either hampered or CAUSED by the multiple quick fixes and other shoddy practices that have been building up over the months/years.

What I've said here is nothing new. No doubt many of you who read this will be familiar with the pattern. No doubt many of you will be able to relate to what I've said here. No doubt the pattern will continue to be repeated and I am just as guilty as anyone else.

My problem is that I'm quite disorganised so I make a note onto a scrap of paper and promptly lose it or make a note into notepad and promptly lose that or have it get lost into a myriad of other files and folders.

I think it's time to get more lawyer-like. More organised. At least KNOW where we have quick fixes and other potentials issues.

Knowing where the problems are likely to occur is a good start to fixing them.

Time to get organised, Time to start being professional.

Setting up Email on Nokia E61

I've upgraded my personal mobile to a Nokia E61 which is based on Symbians 9.1 Operating System and it's a very nice phone especially built for it's extensive messaging capabilities which do work well.

One problem I had at first was working out how to configure the E61 to pick up email from my IMAP server. The help page described how to do it but the menu I needed was hidden so deeply down the tree that when I finally figured it out I thought it would be worth passing the configuration process on.






From the main menu click on your messaging button (the envelope icon to the right of the joystick).










Click on Select then onto Settings













Scroll to Email
















Just click on start











elect the mailbox type - POP3 or IMAP. It's important to remember that once selected you CANNOT change it. You must delete the mailbox and then recreate it.
A second thing to note is that POP3 does not delete email from the mail server but works pretty much the same way as IMAP.












Enter your email address












Enter the name of the mail server. Note: This server must be on the Internet if you want to pick up your emails from remote locations. Internal mail servers are fine for using the phone via wireless over the LAN.









Enter the DNS name of the outgoing mail server. You need to put something in here even if you don't want to send emails.












Pick the default type of connection for that email account









Give it a nice friendly name - This is the name that will appear in the messaging list.













All done! And that's all there is to it.

Automation in IS Depts

These days it's all too common to walk into a 'modern' day IT department, even one within a high technology company and find that many of the things they are doing are still very much paper based or based on technologies in the 1990's. It's now 2007 and many vendors still claim they have software which will automate most of the IT Administrator's job - They have been promising this since computers first found a home in the workplace though.

So, whats gone wrong?

There are many people who feel comfortable in manual processes, For example, How many people do you know who print out every email they receive?

Automation actually requires a lot of up front work for very little initial benefit - Take something like SMS or MOM, The amount of effort required to install it and learn it is quite high plus there needs to be an investment in effort which is ongoing in order to maintain the systems. For some companies this is too high a price.

Finally, Many managers and even the IT Admins prefer the older methods. They would rather use excel to record disk space usage instead of purchasing a piece of software with unfathomable reports which could do it for them.

However, All of these are no real excuses for NOT automating where possible. If you don't automate and don't use these sorts of systems then you will be forever firefighting and that's not a pleasant place to be.

Time Zone changes - Part II

As promised (if a day late) I've taken the registry keys that Microsoft list here and created an MSI package for them. This package should ONLY be used on Windows 2000 as Windows XP and 2003 are already covered thanks to Windows Update.
Note: This package is used at your own risk. PLEASE TEST before deploying and let me know of any problems you may encounter.

Microsoft also have a webcast on the issue.

It's not just Microsoft apps that have this issue, Any application that looks after it's own sets of timezones could suffer. The ones that spring into my mind are NetWare servers, NetApp, Domino and JAVA. There are certainly others.

NTP & Time Zones

With the upcoming DST issues it's worth remembering how NTP works.

NTP and SNTP both work in the same way, time is pulled from a time source (generally a server on the Internet) as UTC time. The Operating System THEN applies any change relevant to the time zone that the server lives in. NTP cannot and will not change any clock on a server or other operating system, this is something the application must deal with itself.

Tomorrow I will cover how this problem affects Windows and other various applications as well as provide a download for Windows 2000 machines which Microsoft no longer support for anything other than security updates.

Patch Tuesday nightmare due

For anyone who hasn't read the Microsoft patch tuesday pre-release notification you might want to sit down, have a STRONG coffee with some brandy and then click on the link.

12 Patches covering Operating Systems and applications. Yes, Patch Tuesday is going to be a very interesting day.

The strange case of the disappearing server

Sometimes you have one of those REALLY odd requests... Today I was asked to fix a problem with a web link. A quick look showed that the DNS entry had been removed but no one could remember when it was done or how far back......

A quick hunt around the change recording system had no mention of it so this meant the change occurred OVER 2 years ago.

Further digging revealed that this particular system hadn't actually been accessed since something like March 2005 and that some managers thought the problem was down to an intranet 'look and feel' change which months after the system was last accessed.

This actually means it was almost TWO YEARS before they raised the call since then most of the people that worked on the system have left the company.

It's a bizarre world in IT sometimes.

Truly secure internal servers

The problem with security lies in striking a balance between being secure and enabling people to do their jobs.

The above phrase is pretty much my security mantra although I'm wondering if I should change it to add " and trust your IT staff" as it seems that many companies these days expect their IT staff to do the impossible and secure systems to the point where even they cannot access them (payroll systems spring to mind).

Well, Here is a shock - There is no such thing as a truly secure system. As soon as you allow someone inside the network perimeter and give them the ability to change something you just reduced the security. The problem here is one of security being a double-edged sword. As soon as you put the simplest security in place you need someone to administer that security.
Make someone log into a system and you have to give someone else the rights to reset passwords.

Once you have a system where data is changing then you need to have that data backed up that means the backup team also have access to that data, Remember to encrypt those backup tapes and to ensure only authorised personnel can call the data back.

Does the system need a sql database? Well, better trust your sql admins then because they will have access to the data and it's database dumps.

Putting the database or application data onto a NAS or SAN? Congrats, you just gave the storage team access.

OK, lets isolate the system totally in a corner of the server room.. well that won’t work either because you still need to have a server person build and rack the server, probably a database person to install the local database and you still need it backed up now remind me who has access to those tapes?

The only solution to servers that hold such confidential data that even the IT dept cannot access them is to outsource them but then you have to trust the outsourcing company.

The real answer to this dilemma is to trust your staff But audit regularly, use an external/independent team. That's the closest you can get to a secure system when you HAVE to people accessing the server(s). If you don't trust you admin(s) then fire them because in any industry where you have confidential data and trade secrets you must be able to trust people at the core of the systems.

Photography

Photography is a hobby that I have had for some years now and is mostly thanks to a former work colleague who left IT to pursue a career as a photographer in journalism. He has an amazing set of photographic work here.

Recently, I've become the proud owner of a Canon EOS 350D and I've been using part of my web space to host my pictures. Just a few days ago I came across a piece of free software called JAlbum which makes creating photo albums a matter of a few mouse clicks. the default look and feel of the webpages produced is very nice with smooth transitions between photos. You can create your own style or download others and once done you just upload the files to your webspace and it just works.

I have redesigned my photographic webspace and if you want to have a look then click here.