Adventures with Gmail

Last week, I had a bit of a Gmail scare. I arrived at the office and did my usual routine of logging onto the computers at my desk, including logging into my Gmail account. I always have it open in the background, because let’s face it, I’m addicted to “the grid.” All was good for most of the morning. Then at about 11am, I turn around to do something on that computer and my browser window has a big warning message:

Account Lockdown: Unusual Activity Detected

The page also listed several possible reasons for this and indicated I’d be in the penalty box for up to 24 hours. (24 hours?!?)

According to Google, unusual activity includes, but is not limited to:

Receiving, deleting, or downloading large amounts of mail via POP or IMAP in a short period of time.
Sending a large number of undeliverable messages (messages that bounce back).
Using file-sharing or file-storage software, browser extensions, or third party software that automatically signs in to Gmail.
Leaving multiple instances of Gmail open.
Browser-related issues.

It’s really hard not to want to panic in this situation, but what can you do? 24 hours seems like a really long time when it comes to email access and I didn’t just want to sit and wait. Ultimately, my access was restored in a few hours, and I learned a few things about the big “G” in the cloud.

My first concern was that my account might have been compromised, so I wanted to change my password. If my account had been compromised changing the password would likely stop any potential abuse (activity #2). I happen to use several Google services, which made it possible to change my password without having access to the email service. Since the “unusual activity” was limited to email, my account itself wasn’t locked, only it’s connection to mail. I could still access Google Reader, etc – any of those services have a portal to the account management. Using that I changed my password, which made me feel a lot better. (I might not have had access to my mail, but I was sure no one else did now either!)

The only devices connecting to my email at the time where the one work computer and my BlackBerry. Perhaps the BlackBerry BIS service was making too many calls to my account? I logged onto the website for that and disconnected that service. I believe BIS uses IMAP to connect (activity #1), so I figured that couldn’t hurt.

I cleared my IE cache, deleted all my cookies and ran a virus scan on my computer (activity #5). I even cleared the cookies and cache on the other machines on my desk even though I don’t usually use them for Gmail access. At this point I was pretty sure I didn’t have any other machines attempting to connect (activity #4). My home computers were off, my office computers were not connected and my BlackBerry service was removed.

I’ve been told the most common cause of this problem is a “cookie gone bad” or the potential false positive on Google’s side, which clear up in a few hours. I would have liked to have access to the Recent Activity page that you can get to from the bottom of your Gmail Inbox. You can use that to close any other sessions (from home computers, for example) and see the IP addresses from your most recent connection points. Turns out that URL doesn’t change, so bookmark it and it will load if you are logged onto any other Google service.

I don’t think I’ll ever know if I was unintentionally abusing the system, but I can’t help but to feel the punishment was punitive, even for a free service. Google is excellent at collecting data – I’m sure they could tell that my account was not newly created, I was a daily user of the service and I had no prior history of excessive usage patterns. Since I do have an alternate email address in the system, a warning notice or a post-lockdown follow-up message giving me some actions to take would have been helpful. I would have happily performed some remediation checks and then clicked a link to have my account rechecked within a hour. The suspension system is automated, so automating a recheck after the user responds to a message shouldn’t be so difficult.

If I was truly a spammer or if I was someone who wasn’t a daily user of Gmail, I may not even care that the service was suspended for 24 hours, but for those of use the service regularly, a little tech support love can go a long way.

Today is Safer Internet Day

Organized by Insafe (a European network of Awareness Centres), Safer Internet Day is held annually on February 9th to promote safe and responsible use of the Internet, especially by children and teens. The topic for 2010 is “Think B4 U Post!”

Speaking of online safety for teens, check out this PSA video by CyberTipline. And for more information about staying safe on the ‘web, check out Microsoft’s safety website or follow them on Twitter @Safer_Online.

Secrets of the Ease of Access Center

If you are a Windows user without any physical handicaps, chances are you’ve never even looked at the “Ease of Access Center” in the Window 7 control panel. However, there are some interesting things in there!

I find Mouse Keys to be handy from time to time, especially if I’ve been doing a lot of mousing and my hand needs a break. (This isn’t recommended on a laptop with an embedded number pad.) You can find those settings under the Make the mouse easier to use options. There are also different mouse style options than you’d find under the regular mouse settings – good for when you are doing presentations and want to make the mouse easier for others to follow.

Under Use this computer without a display, you’ll find the setting to adjust how long notification boxes stay open. This is adjustable up to 5 minutes. You can also change the thickness of the blinking cursor in the Make this computer easier to see section.

Under Make the keyboard easier to use there is the a couple hidden gems. First, “underline keyboard shortcuts and access keys” can make it easier for you to perform some tasks without reaching for the mouse.

Finally, if you aren’t impressed with the new Aero “Snap” features for docking your windows to the sides and top of the screen, you can turn them of by selecting “Prevent windows from being automatically arranged when moved to the edge of the screen.” For those of you who like shoving windows to the side to take advantage of screen real estate, this gives you that power back.

Not only can you find some interesting options for occasional use, it’s helpful to familiarize yourself with what Windows can do for someone who may need some adjustments in order to use their computer to the best of their abilities.

Terminal Services RemoteApp – Bumps in the Road

This month I’ve been trying to nudge the project of moving to Windows Server 2008 Terminal Services RemoteApp forward at the office. The goal is to get away from using a version of Citrix Presentation Server to access applications over the Internet. The needs of our office have changed and the new features with Terminal Services in Server 2008 make this something we want to adopt instead.

However, nothing is without an occasional bump in the road. Here a couple of ours:

Bump #1 – No way to filter which applications users see on the RemoteApp webpage.

I know this feature was added in Server 2008 R2. Unfortunately, we have to stick with the Server 2008 “classic” due to an important 32-bit application that does not install or run properly under WoW. We debated the importance of filtering the application list and decided it wasn’t a deal breaker. Or we can look at some third-party workarounds.

Bump #2 – Users with passwords set to “enforce change at next logon” can’t get past the TS Gateway.

We have to remember to handle first time password changes for users who only be using RemoteApp by NOT checking the enforcement box and instructing them on how to change there password after they launch an application. (CNTL + ALT + END does the trick from any launched application.)

Bump #3 – No support for Macs with the Mac version of the RDC client.

Ouch. We only have a few employees that use a Mac at home and we’ll have to continue offering GoToMyPC to meet their needs. Not what I’d like to do, but hopefully support for the Mac will come along soon.

Bump #4 – Limitations with multi-monitor support.

Microsoft KB925876 gives some of the details of what type of multi-monitor support is available with Server 2008 Terminal Services and should automatically support spanning if your monitors meeting the configuration requirements. Those rules are: the total resolution on all monitors must be under 4096 x 2048 pixels; the monitors must have the same resolution; the monitors must be aligned side-by-side; and the far left screen has to be the primary one.

This is pretty limiting, especially if you have a laptop connected to an external monitor and want to take advantage of both screens. Or have monitors set up in configuration where one is turned vertically. Or any other number of possible configurations. Windows 2008 R2 improves on this as well, but as noted in #1, we just can’t quite use that yet.

So yes, we’ve got a few bumps, but nothing that would keep us moving forward with the project at this point. Our remote access isn’t supposed to be used by someone as a long-term way to work, nor is used with a frequency that demands extra capital expenditures to overcome a few relatively minor issues.

PacITPros February Meeting

Yesterday evening, I gave a short presentation at the monthly Pacific IT Professionals meeting on Windows Server 2008 Terminal Services. Highlights included some of the changes, feature improvements and cavats between Server 2003, Server 2008 and Server 2008 R2. If you attended and would like a copy of my slide deck, click here. Also look for a post tomorrow that covers some of the highlights of the presentation.

There were two other great presentations at the meeting. Ed Horley presented on Network Filtering and Joanie Rhine from Microsoft presented on the most recent Security Intelligence Report. Their presentations will be available on the PacITPros website.

MSI Installer Error: What Advertised Application?

I ran into an interesting error message while reinstalling a custom piece of software on my Windows XP machine recently. The software processes small text files with a custom file extension and uses them to locate a particular document in our document management application. Users can also use the software to generate these custom files to share with others via email, etc.

The program is deployed using a Group Policy software assignment. My computer was handling the files properly from my desktop, but was not working as expected when accessing the same file if it was stored in SharePoint. I had tested the SharePoint functionality previously on another computer and it worked as expected. The MSI Installer includes the option to repair the application, so I attempted to run it again in order to see if that solved my problem. Instead of a successful run, I got the following error message:

“This advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic.”

First, the application is “assigned” not “advertised” with the GPO. Second, I’m a local administrator on my machine, so I thought it was strange I was unable to run it. I pulled our DBA over (who wrote the program) and he confirmed that I should be seeing a “repair” option when the software is run after being installed once before.

A little searching brought us to this post, which recommending running the MSI installer from the command line using the /qb switch. We didn’t bother looking for the “product state value” as Soumitra Mondal suggests in his post, but it appears my PC was a bit confused about the install state of the application and reinstalling with that switch did the trick.

She’s Geeky Conference: Days 2 & 3

This weekend I enjoyed some more great sessions at the She’s Geeky unConference. Not only was this event filled with a collection of fantastic women with a variety of tech interests that I can’t even begin to list, it was a great opportunity to learn new tips and tricks for soft skills that aren’t always high on the “geekdom” list! Practicing the “elevator pitch”, improving your speaking skills and discussing how to manage transition as tech roles evolve were some of the sessions on agenda wall today. The notes for the sessions will be posted to the She’s Geeky Wiki over the next few days and I’ll post the links to the sessions I enjoyed most when they are available.

The one thing that seemed to be missing from the weekend was other system administrators. I was excited to enjoy the experience with Jessica DeVita, the owner of UberGeekGirl, but it was a little hard to believe that out of approximately 300 registered attendees, less than .01% identified themselves as server or desktop administrators. Those that even hinted they might have done it previously didn’t even utter the word “Windows”.

Is there something about this particular area of tech that makes it even less appealing for women? Maybe that will have to be a session topic when I attend next year.

She’s Geeky: Day 1

Today I attended my first “She’s Geeky” unConference. I didn’t know what to expect, but after today I highly recommend checking it out if you are a woman who works in technology (or mention it to a woman you know in the math, science or tech fields).

Lots of women were willing to talk about the areas that interested them in technology, so the day was filled with a variety of topics ranging from using social media to “green” technology, programming and development to Internet privacy and identity. (I even managed to make some time to present an overview of Windows 7!)

The privacy and identity talk was lively and full of ideas about one’s online identity(s) and how managing those can be different for women for a variety of reasons. Managing online privacy is only going to get more important as data continues to be collected, stored and mined, regardless of gender.

Notes from all the sessions will be compiled and available online, so I’m looking forward to being able to recap what I’ve learned (or missed) at the end of the weekend. While not everyone does the same type of “tech” it was a great experience to spend the day with other women who were all passionate about whatever thing that made them “geeky”.

SharePoint 2007 Notes & Oddities

Since working with SharePoint for a couple of weeks, I’ve noticed a few oddities that I think are worth mentioning. Some I have an explanation for, others I don’t.

Oddity #1 – Rich-Text Editor for Web Parts doesn’t work properly on 64-bit Internet Explorer.

I get a scripting error when I try to use the rich-text editor and when I edit a wiki page on a machine using 64-bit IE, I get the HTML code instead. This is a known issue with “Level 2” browsers – of which 64-bit IE (7 or 8) is considered. TechNet details out the compatibility issues. This issue still appears to remain with SharePoint 2010 according the compatibility table for that version as well.

Oddity #2 – I can’t link SharePoint calendars to my Outlook 2007.

This seems to be a problem that only affects my user account at the moment and it follows me from computer to computer. I have two machines at work 64-bit Windows 7 with Office 2007, and Windows XP SP3 with Office 2007. In both instances, if I select the option to “Connect to Client” I get the prompt to accept the connection and then nothing happens. No link to the calendar, no sharepoint.pst is created, no mention of calendar link in the Sharepoint Lists under account settings. Outlook 2007 reports an information event in the application log – Event 27: The operation failed.

I’ve had two other people test the functionality with no problems, so this is bizarre for sure. But I want to work out why this is a problem before rolling SharePoint out across the board. If I want to get rid of public folder calendars, everyone needs to be able to link SharePoint calendars into their Outlook. Even me.

Special Note #3 – Make sure the SharePoint site doesn’t launch in Protected Mode.

Protected Mode blocks a lot of the functionality of ActiveX, so the drop down Action menus won’t work for users in this mode. I noticed this when I accessed the site from Terminal Services RemoteApp. I’ll need to adjust some of the policies and IE security features on terminal services to make sure regular users have the same experience they would in the office.

Upcoming Conferences

Just a quick reminder that the She’s Geeky conference is happening later this week in Mountain View, Friday through Sunday. There’s still time to register, so maybe I’ll see you there.

Also, if you have a little bit of wiggle room in your training budget for the first half of 2010, you might want to check out this local one-day conference, Windows Intelligence, hosted by QuickStart Intelligence on April 26th. Several MVPs will be presenting, including myself and Ed Horley.

More details to come!