In case you have noticed, I haven't been blogging that much lately.  No, I'm dropping off... instead there is a really good reason.  Changes are in the works, and I've been a bit busy putting those changes into place...

As of September 8^th, I'll be moving to the land of the rising sun (Tokyo - Japan).  That being said, I have been taking care of a number of personal items over the past few weeks, hence the low number of postings on my blog.  Anyhow, after completing the move, I've decided to change the format of blog around to spice things up.  The following is a summary of these changes:

Read more

For bloggers there is a constant push to post content.  In some cases, the content is new, original, and even sometimes funny.  However, there are also some cases that the push is either too demanding or for certain monetary reasons that a blogger might choose to turn to a set of dubious activities:

Read more

I ran into an interesting problem today.  Basically, a whole bunch of machine accounts got deleted from a domain.  Because the machine accounts where spread across numerous OUs, the sheer numbers delete accounts, and the duration between deletion and realization, doing some type of restore would have proved interesting.  So... the question was posed.  How can one remotely make a large number of machines re-join the domain once their accounts have been deleted from the directory?

Read more

I ran into an interesting problem the other day.  Basically, one of the admins at my client site needed to a Server Authentication certificate for an OCS pool he was bringing online.  Naturally, considering this is OCS, the certificate needed a bunch of Subject Alternative Names (SANs).  So, I told him to submit a CSR and I would get it approved.

However, there was just one problem.  When he submitted the request, the Windows CA barfed stating:

"Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: WebServer/MyCustomWebServer"

Read more

Hey now... I blogged about VMware's foray into the PowerShell realm last year.  Looks like earlier this week VMware finally "released" their Infrastructure Toolkit.  You can download the toolkit here: Link

Read more

Yup, I can agree with that statement...  After all, I consider FDE as a default pillar in any good information loss protection framework.

Yet for some reason, it seems that most IT shops have now become entranced within the data loss protection (DLP) hype.  Thus, DLP has now become everyone's favorite silver bullet.  And, a lot of DLP companies are preying on this fallacy by pushing their products as end-all solutions to IT shops desperately seeking to fulfill, regulatory compliance needs, an executives whim, or even possibly used to correct holes found after their latest security incident.

Read more

In my last post, I told the tale about my travels with UAC and Pre-Vista/2008 Ready Applications.  In tonight's post, as promised, I'm going to attempt to explain why UAC and Pre-Vista/2008 Ready Applications interact they way they do (in a semi fairytale format).  Hopefully... you all like it.  :>)

Read more

In tonight's post I provide a background story about UAC and Pre-Vista/2008 Ready Applications.  In my next post, I will then go over the technical reasons for why UAC and Pre-Vista/2008 Ready Applications interact the way they do.  Enjoy...

UAC has always been a pain in the butt for me.  However, un-like most people the source of my pain is a little different.  Thus, rather than griping about everyone's favorite UAC pop-up, I get annoyed when dealing with Pre-Vista/2008 Ready Applications.

***cough*** ipconfig **** anyone!

Read more

You had to see this one coming. After all, I wrote a book about it. However, I'm still amazed at the number of people that don’t know what PowerShell is. So, here is my pitch, hopefully people take notice: Those of us that have suffered through the Windows Script Host era, and glued together Windows command-line tools can now rejoice in something that is powerful.

Read more

NetworkWorld just recently launched their Google Subnet.  Hurray!  I'm not sure if any Microsoft Subnet lurkers have peered across the pasture or not.  But, if you did, ya might have noticed another Kopczynski blogging there.  No, I didn't take an alter ego.  Instead Garett happens to my brother.  Talk about a small world.  :>)

It should be interesting to read what he has to say about Google.  Garett can often take a very philosophical approach to things and his thoughts about subjects can be insightful.  I also can't predict if we will disagree about things as I'm sure he will be lurkering on my blog and I on his.  :>)

Some time ago, I posed and attempted to answer the question: How much space does Credential Roaming really take?  Based on the information that I provided in that post, you can get an idea for the amount of space all those wonderful credentials are now taking up in your Active Directory ntds.dit file.

With that in mind, a couple months ago I was posed with a challenge: How do you clean up credential roaming?  Basically, I had a client that had implemented credential roaming, were not use it, and the roaming aspect of credential roaming had gone a little haywire.  At the end of the day, credential roaming had ballooned their ntds.dit file by about 1GB and we now had to clean up the mess.  To complete this job we did the following tasks:

Read more

Over the past two months or so, I've had the privilege to participate in the PowerShell v2 CTP feedback program.  Last week, was the final week for the program and based on my experiences I wanted to give the PSH team some love (details following).

While working at CCO, I've had the chance to participate in a number of different Microsoft product testing and feedback programs.  That's part of what we do at CCO.  It seems like every couple of weeks or months we are downloading, installing, playing with or even deploying a next generation product from Microsoft.  Needless to say, my experiences with the different product groups have varied from being hands-off to very hands-on or someplace in between.

Read more

Hurray, Hyper-V has been released.  Yes, I'm sure every blogger and newsy person on the planet is posting something about Microsoft's release today (as they should).  But... how many of those posters have been testing Hyper-V since the fall of last year.  :>)

Anyhow, as a general rule, I don't talk about (beta and RC) products I'm currently testing.  That way I don't violate any NDAs.  However, now that Hyper-V has been released to the masses the veil of non-communications can finally be removed.

Read more

There has been something bugging me lately about PowerShell.  Actually, this something has probably always bugged me.  But, when I saw this series: "Hyper-V WMI Using PowerShell Scripts" on the Virtualization Team's blog.  I for some reason became annoyed.

Here is the thing.  In my opinion PowerShell has become stuck in a WMI Quagmire.  For some reason, the default approach has become to "PowerShell-ish" a script that uses WMI to complete a systems management task.  In other words, rather than creating a set of cmdlets, WMI becomes the vehicle to complete the tasks at hand.

Read more

A couple weeks ago, my friend Alex Lewis sent me some information about something called goosh.org.  This interesting use of Ajax is designed to have Google emulate a UNIX shell.  I'm not exactly sure how useful this is to a command line jockey.  Additionally, I don't think you will be managing your Google Apps with this anytime soon.  But, the interface does bring forth a very fascinating use case for everyone's favorite search engine.

Read more

Ok, considering that my last two posts have been about Vista, and, the comments I've been receiving on those posting haven't really been that thought inspiring, (in fact, I'd almost go as far to say that the posters are most likely Microsoft lurkers), I thought it might be appropriate to delve into a belief of mine that I hold very dear. But, before doing that let's level the playing field.

Read more

I had several comments to my last posting "Are you ready to deploy Vista 64-bit? " These comments indicated that Vista 64-bit was a champ. Considering that my last posting was not necessarily my opinion. I wanted to weigh in on the comments that I have received.

Read more

Recently, a friend of mine (name will be with held for certain reasons) went on a tirade over the pain and suffering he endured while attempting to deploy Vista 64-bit. He was very passionate in the account of his deployment effort and conclusion that Vista 64-bit was "currently" not a deployable version of Windows. So, because he felt so strongly about this conclusion and had suffered so greatly from his encounter, I offered to immortalize his tale provided he wrote up a summary.

Read more

I recently experienced a very interesting scenario related to the failure of an organization (a client of mine) in keeping some of their IT systems semi-up-to-date. The scenario (like many of my projects these days) is PKI related. At this client we (the team that I work with) are in the process of re-building their PKI which involves establishing a new trust hierarchy and issuing a number of certificates to their systems.

Read more

Every once in a while, I like to digress and talk about things that I think are cool. Well, actually I do that all the time, after all that is the point of blogging. But, in this case, the topic (or site) I would like to talk about is an item which really illustrates just how much of an equalizing democratic force the Internet can be. The site I'm referring to is called opencongress.org.

Read more

Yup, Stardock released Windows Blinds 6.0 some time ago. Needless to say, when I was asked to do a review of the 6.0 release, I was intrigued. After all, I spent many hours playing "Galactic Civilizations II" and had beta tested "Sins of a Solar Empire". So, I already had a warm spot in my heart for Stardock. Thus when presented with this opportunity to play with a product that can "improve" upon Vista's really uninspiring look it seemed like the right thing to do.

Read more

I won't keep you in suspense. I'll go ahead and name them right here, at the top of my post -- the six free security tools that all IT folks should know about and use. (But, you'll have to click through this nifty mult-page post to let me explain my choices.) And the winners are ... MetaSploit, Splunk, Google (don't laugh -- it's true!), KeePass, Helix and Netwox. Now read on to learn why ...

MetaSploit

Read more

In my day-to-day activities, I often need to verify the MD5 checksum of a file.  Typically, I'm checking the checksum after downloading something from the Internet.  Thus I want to verify that the downloaded file hasn't been modified per the posted checksum.  You'd be amazed at how often there is a difference.  Mostly, because the publisher was lazy and didn't post the right checksum or something got "touched" during transport.

Anyhow... Julie pointed the following post to be: http://mikedopp.com/archive/2008/05/16/windows-gui-based-md5-checker.aspx

Read more

It seems that everyone's favorite Kerberos Consortium (also known as the MIT Kerberos Consortium) has just released a new white paper titled: Why is Kerberos a credible security solution? I briefly read through it tonight, and I must say, it's a really good attempt at summarizing the benefits of Kerberos over other authentication technologies or methodologies.

Read more

Not sure how I missed this, not only on Friday night, but throughout the weekend. But, the PSH product team finally decided to release the CTP2 to the public. The release notes are kinda of long... but it looks like there are a number of changes from CTP1. Considering that I'm on the Feedback program, I will be playing with the CTP. If I think something is interesting, I will try to post my thoughts.

Sadly, while I'm happy that things are rolling forward... I now need to go back and make numerous updates to the chapters I have been working on. For example:

Updated Type Adapters

The member lookup algorithm of type adapters has been updated to include Base members. The members of the base object for adapted types are now directly accessible on the object, so you do not need to use the PSBASE property to access base members.

I'm guessing by that statement that I need to update my section that discussed how PSH interacted with Active Directory.

Ah! It's the weekend, which means the time has come for yet another post. My first topic deals with EV SSL Certs. A short definition about EV SSL Certs can be found on everyone's favorite site, WikiPedia:

"Extended Validation Certificates (EV) are a special type of X.509 certificate which require more extensive investigation of the requesting entity by the Certificate Authority before being issued."

Read more

For some time now, I've been using a nifty little application as one my many layers in a complex web of controls that are used to protect my system from unwanted or possibility malicious based issues.  :>)  Yet for some reason, only tonight did it dawn upon me, that I should share this nifty application with everyone else.

The application's name is called Sandboxie.

 

Read more

Ah... CTP2... I've been waiting for it since hearing that it was slowing but surely making its way into the public arena.  Well, per Jeffrey's posting early today, CTP2 will be formerly shown to the public at the Microsoft Management Summit (MMS).  While he posted some CTP2 related information from the ReadMe earlier this week.  The wording in his post from today, infers that Bruce and Jeffrey are going to be showing CTP2 "stuff" that is geared at making automation scripts more productive:

Read more

It isn't often that I get surprised.  But, when an MS person replied to my posting on Sunday and suggested that I contact another person at MS (Paul), I was intrigued.  So, I sent Paul and email, and to my surprise, he replied wanting to better understand the issue that I encountered.  Since then we have exchanged emails, several times, and hopefully he now has the info he needs to figure what is going on.

Read more

This might be a strange post.  But, I felt the need to vent about the many little things that seem to always eat up my time.  For example, the other day I was installing Exchange Server 2007 on a Windows Server 2008 machine.  And, for some reason the installation kept bombing.  Looking through the event logs, I kept getting some nifty LDAP errors:

Read more