My 2010 Reading List: So Far

It’s unfortunate that I feel like I’m starting the year already behind on my “tech” reading list. Here’s a quick list of I have within arms reach.

Mastering Windows SharePoint Services 3.0 by C. A. Callehan – This has been a great resource for my first attempt at implementing SharePoint. It’s a hefty book, I wish it included a PDF version I could convert onto my Kindle.
Microsoft Exchange Server 2007 : The Complete Reference by Richard Luckett, William Lefkovics, Bharat Suneja and MCITP: Microsoft Exchange Server 2007 Messaging Design and Deployment Study Guide – These have been part of my Exchange certification study materials, as well as a starting point for deciding if its worth migrating to Exchange 2007 or skipping to Exchange 2010.
Windows Server 2008 Hyper-V: Insiders Guide to Microsoft’s Hypervisor by John Kelbley, Mike Sterling and Allen Stewart – Would you believe I got this free from NetApp? It got several good reviews on Amazon, so I’m looking forward to getting a chance to sit down with it.
Group Policy: Fundamentals, Security, and Troubleshooting by Jeremy Moskowitz. I’ve read his Windows 2000 Group Policy book years ago, so I much appreciated winning this one from him via Twitter.

In addition to books, I’ve downloaded several whitepapers onto my Kindle for those free moments on the subway:

Managing Employee “Separations”

It happens at every workplace. Employees leave – layoffs, retiring, or just moving on to new things. As a systems administrator, I wish that managers understood how deeply integrated a staff-person is with the computer systems they work on daily. It’s not always a simple process to undo someone’s existence.

Processing exiting employees without identity lifecycle tools can be tedious, but it’s often the way things are done in small and medium sized businesses. I realize that several days notice isn’t always possible, but I can hope. I’ll even take a few hours of notice. However, we’ve all gotten that call at ten minutes to 5:00pm letting use know that someone won’t be coming in the next day.

I have my list of basic things I’d like a department manager to think about when it comes to seeing an employee off. The first couple can get me out out the door on time, the rest of them tie things up in a nice package.

Before beginning, it’s important to make sure the employee REALLY is leaving. It’s not unheard of to get several days of notice about a separation, complete account closure process, and then find out that the employee will be contracting from time to time and needs access when they are on-site.

What time should their network account be disabled? – Ideally this is before someone in the NetOps department leaves for the day. Worst case is having to set an account expiration, as midnight often comes a long time after the employee has walked out with their final paycheck.
Do they have remote access? – If yes, I disable that ASAP. This way if the network account has to stay active for longer than I’d like at least they have to be physically in the office log on.
Email Forwarding – Is it needed? If so, I like to turn that on as soon as possible so that any incoming emails (especially over a weekend) are not missed.
Phone and Voicemail – Is any call forwarding needed? For the same reasons as email, I don’t want any voicemail messages missed or left unchecked for too long.
Building Access – Has the access to office space been removed? Network Operations isn’t always responsible for physical access and that needs to coordinated as well.

Now those are just my “get-things-under-control” checklist. Then comes the rest of the things that need to be considered, but most managers really don’t know to mention them ahead of time.

Email History – Do someone need a copy of their email box? Does the user have any PST files that need to be located and preserved?
Distribution Lists – Is the user the sole member of any distribution lists? If so, removing them and leaving the DL empty will cause messages to go undelivered and lost. A new contact person needs to be designated.
Work Files – Does the user have a home folder or area where they store work products? Do these files need to be preserved?
Phone System – Is the user a destination for any phone tree options, a member of a workgroup or hunt groups?
Application Management – Is the user the sole owner/manager of other important enterprise products like databases or SharePoint sites? Those roles will need to be assigned to someone else. Is there any applications that regularly delegate specific tasks that would need to be reassigned to a co-worker?
External Systems – Does the user have any accounts with third-party systems (not AD or Windows-integrated) or external systems with other partners or clients where access would need to be removed separately?
Locally Installed Applications or Hardware – Do they have some special applications or hardware installed on their workstations that need to be set up for another staff member?

Finally, there is usually a change control process that documents what was done to close the network account of the user so items weren’t overlooked. In a perfect world, the manager in question would have filled out the necessary forms ahead of time, but I’ll settle for some quick answers over email that I can file in our document management system.

Every company will have it’s only list of tasks, but the premise is the same. Securing critical data and making sure that customers continue to be served after the departure of an employee are important aspects of any systems administrator’s job.

Thoughts on Air Travel Security

I know that airport security is probably pushing it when it comes to technology topics, but one can’t help but miss all the recent hoopla regarding airline travel lately.

I travelled to the east coast over the holidays (after the Christmas day incident) and had mixed feelings about the fact that security screenings were no better, nor no worse than they had been the past year. My husband got the extra “pat down” during our return trip, but stated that he’d been physically screened more significantly when going to a music concert. Overall, I find the current system to be more “security theater” than not. I’m sure that the current procedures do discourage some more casual attempts to cause harm, but when someone is determined its possible to circumvent the system.

While it’s important to look for metal items that could be used as weapons, TSA still can not consistently detect explosives on passengers or in carry-on luggage. Personally, I would be willing to bring less into the cabin of the plane and tolerate having it more closely screened, if it meant that I would have unlimited access to those items for the duration of the flight and would not have my movements unnecessarily restricted.

Granted this would mean making improvements in the baggage handling systems and require airlines to charge less for checked baggage in order to restore confidence in handing one’s bag over to an agent. However less carry-on luggage would allow for faster passenger screening – either by hand, machine or trained dog.

On Sunday, EWR was partly shut down due to someone entering through an exit into a secure area. I am surprised this doesn’t happen more often. Airports are busy often confusing places, filled with distracted people who want to be someplace else. What concerns me is that they never found the guy. Clearly airports need to take a sheet from the casino playbook when it comes to installing video surveillance systems. Hundreds of travelers could have avoided being rescreened and flights could have operated as usual if TSA could have simply tracked down the errant man.

Security works best when it’s unobtrusive and consistently applied. While random screening procedures do have their place, it’s not practical to make traveling more frustrating for the majority of the population by adding to the confusion with knee-jerk restrictions that don’t address the obvious issues. If nothing else, TSA does lend itself to some great tweets. Check out this travel blog post that calls out seven of them.

UberTwitter – Beta 6 Released

I was happy to discover that 2010 brought an updated release to my favorite Twitter client for the BlackBerry, UberTwitter. This release supports some of the new features of Twitter, including lists and the updated retweet function. In addition to the added functionality, the UI has been updated to make it easier to access your DM and @ replies. The application icon looks a little too close to the Facebook icon on the BlackBerry for my taste, but perhaps that was done on purpose.

I’ve been using the free version, which has some advertising, but decided to spent the nominal fee to upgrade to the paid version this year. Since I’ve been using Twitter more and more to communicate with other tech-minded folk and get news, I figure it’s the least I can do.

See you in the Twitterverse!

Don’t Forget – PacITPros Meeting on January 5th!

PacITPros will be starting out the new year with a presentation from Amit Malhotra of Bakbone Software. Amit will be presenting on the NetVault®: FASTRecover™, which provides disk-based, real-time data protection for Exchange, SQL Server and Windows File Servers.

Find out more and RSVP at the PacITPros website.

New Year, New Adventure

I was excited to wake up this morning to an email from the Microsoft MVP Program, congratulating me on earning an award for 2010 in the technology area of “Windows Desktop Experience.” I’m honored to have the chance to be part of this group and continue to contribute to the technology community.

After nearly 10 years of being part of the Pacific IT Professionals user group, I think this type of community might just be in my blood. I hope this award allows me to bring even more benefits to our growing group of IT professionals.

I’m looking forward to learning more about Microsoft and meeting other fellow MVPs at the upcoming summit in February. Here’s to 2010!

Authentication Roadblock for WSS 3.0 Access on the local Server

Ran into a fun little authentication issue with IIS 7 and SharePoint recently. I installed a SharePoint farm on one machine and set up my first site collection with a custom host header. Once the site was created I was unable to access it from the host server where I was working. I received an authentication prompt three times and the browser would report that the page load was “Done” but the result was a blank page. The problem did not occur when I set up the site using the host name and a port number.

A peek in the server event logs showed my account failing the authentication with the following:

Security Log Error: 4625
Keyword: Audit Failure
Failure Reason: An Error occurred during Logon.
Status: 0xc000006d

A little Internet searching and a look at one of my favorite troubleshooting resources, www.eventid.net, resulted in a link to Microsoft KB 896861, which explains an authentication issue with Integrated Authentication and versions of IIS over 5.1.

The fix that worked for me was to disable the loopback checking, a security feature designed to prevent reflection attacks. Make the following change to the registry and everything will be right in your SharePoint world.

In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Right-click Lsa, point to New, and then click DWORD Value.

Type DisableLoopbackCheck, and then press ENTER.

Right-click DisableLoopbackCheck, and then click Modify.

In the Value data box, type 1, and then click OK.

Quit Registry Editor, and then restart your computer.

Digital Readers and Twitter May Change Reading and Writing

Check out this interesting segment from NPR this morning, “How E-Books Will Change Reading and Writing“, regarding the introduction of digital readers and social media into the mainstream.

Lev Grossman (a Time magazine book reviewer) says the real challenge for writers is electronic-book readers like the Kindle. He says the increasingly popular devices force people to read books in a different way.

“They scroll and scroll and scroll. You don’t have this business of handling pages and turning them and savoring them.” Grossman says that particular function of the e-book leads to a certain kind of reading and writing: “Very forward moving, very fast narrative … and likewise you don’t tend to linger on the language. When you are seeing a word or a sentence on the screen, you tend to go through it, you extract the data, and you move on.”

I don’t agree with the idea that digital readers make people less willing to engage in written material for the long haul. Personally, I read more now and spend more time considering and highlighting segments of books using my Kindle, something I didn’t do with a printed book. It not all about “extracting the data and moving on,” it’s about consuming the data in a medium that makes it accessible during the time you have available.

The segment also discusses cell phone novels and writing via Twitter. While I agree that Twitter is certainly not the future of written novels, I do think it is a fast and reasonably reliable way to gather news and information that is relevant to one’s current activities. It might even mean I have more time to read that book.

Mostly Useless Server 2008 Personalization Trivia

When you first load a fresh install of Windows 7 or Server 2008 (original or R2) the desktop is empty of icons except for the Recycle Bin. Personally, I really like it that way. The search mechanism is so easy to use I have little need for icons cluttering up my desktop background.

However, some people like the look of the familiar. In Windows 7, you can use the “Personalization” control panel applet to add back the icons for Computer, Network and Documents. Windows 2008 has no such option in the control panel for restoring those icons by default. Instead you must type “desktop icons” into the search window and select the hidden control panel feature to “Show or hide common icons on the desktop.”

You can right click “Computer” in the start menu and there is an option for that component to show on the desktop, but the same feature is not available for “Network.” The other option is to install the “Desktop Experience” onto the server, which will add several of the customizing features that one might be wishing for. I also noticed that I have access to the Personalization control panel applet on a server that has Terminal Services (aka Remote Desktop Services) installed.

I suspect there are some registry keys that can reveal some of these interface tweaks. Or maybe this is just a Trivial Pursuit question in the making.

New Years Resolution: Get Certified!

Is your New Years’ resolution to finally sit down and take some Microsoft exams? I’m planning to work a bit harder toward my Exchange 2007 MCITP certification in the first half of 2010. Just because Exchange 2010 is released doesn’t mean that taking the time to learn an “older” technology isn’t useful. Especially if that is what you are faced with administering on a day to day basis.

If you haven’t visited the Microsoft Learning website recently, it’s worth a look. Microsoft has updated several of their charts and learning paths to make the changes between the MCSE program and the MCTS and MCITP programs a lot clearer. I’m a fan of the the “Certification by Technology” chart that lists out each major product line and the certification paths available.

There are also some downloadable charts detailing the upgrade paths from older certifications, complete with recommendations for online or live training and reading materials. Finally, the Learning Catalog has several free “clinics” covering topics such as “Exchange 2010 in the Enterprise” and “Exploring Microsoft Virtualization”. They are easy place to get started.

Here’s to a productive 2010!