UAC: When you halfass technology theft

Posted: 10:56 am
February 17, 2007
Microsoft, Security
2 Comments

Much has been said, and ridiculed, about the UAC feature in Microsoft Vista. Aside from 2 security MVPs and a handful of Microsoft employees I have not met anyone else that either likes this feature or is not asking to have it removed.

Susan and Dana are on the pro side. The entire world seems to be against them.

Some background: UAC comes out of the years and years of no easy process priviledge escalation control in Microsoft Windows. While working on a Workstation in an Administrator mode (default for XP and below) any process can without permission modify the registry, install drivers, change system configuration, etc. This lack of control is the main contributor to the spread of viruses, spyware and rootkits on the Windows platform and perhaps the main reason why Windows gets the “insecure” label so easilly.

So after Microsoft tried and failed to conquer the anti-spyware market, after they tried and failed to conquer the anti-virus market, they decided to actually fix the problem. (ok, truth is these efforts were being made in parallel but lying makes it sound better) So how does one fix the problem? By lifting the technology from the people that have already solved it! So they dug up their Linux guy from the basement, chained him to the steering wheel, drove him through the mobile car wash a few times and then sat him at the table to explain su and sudo.

Long story short, they stole sudo (superuser do) technology that allows a regular user to escalate to the superuser priviledge to execute a single command as the Administrator. They wrote a wrapper so that every time a process requested a restricted object (install a driver, manage users, etc) the little window will pop up with Windows needs your permission to continue. And as they were stuffing their Linux guy back into the box of manure he said something about su but they were already well on their way to kicking him down the stairs back into the basement.

The ONLY thing thats wrong with UAC

Microsoft half-assed this big time. UAC does not, and likely will not, piss off home users during their regular computer use. However, during provisioning and system troubleshooting UAC becomes a total nightmare. 

All the Microsoft OEM partners know this – which is why they ship boxes with UAC disabled. No why, oh why, do they do this? Because they know that the first thing you’ll do with your shiny new system is to make it your own – add users, add hardware, install software, etc. Be prepared to approve the UAC half a dozen times. OEM’s know this, and they don’t want the support overhead. Thats why they ship boxes without UAC.

The troubleshooters and computer techs? They have no choice but to shut the annoying thing off? Why? Because Microsoft half-assed it. There has to be a way to permanently escalate priviledges to the superuser status while troubleshooting the system; The unix su equivalent – For example – I am installing a video card, yes, I know I am going to be escalating the priviledges over and over and over again until I tweak it completely so STFU and let me work. But no, you have to click over and over and over again. Was it so hard to allow a checkmark to not ask for permission during the next 5 minutes, or never to ask for permission when performing this kind of task or to just accept all access during the entire session? Apparently, it was.

Disabling UAC

I’ve held onto publishing this for a while but since everyone wants to point at the users as the problem here and not a Microsoft shortsightedness, let’s give this a spin shall we? If you need superuser priviledges during a session to perform a hardware maintenance, software installation or troubleshooting you should not be subject to Vista’s inability to cope with this. To disable UAC follow these steps:

Start> msconfig >  Tools > Disable UAC > Launch

Reboot and you can actually perform a maintenance task without being nagged to death. Once you’re done go back and Enable UAC the exact same way, reboot and you’re back to normal.

Microsoft: Get your head out your ass and recognize the ITPRO should not sit around the box and approve escalation more than two times to perform a hardware or system maintenance task. By the same token, don’t think that just because someone is an ITPRO they need permanent priviledge escallation. Just provide a way to put the system into the maintenance mode – more than two prompts are too many, the second permission ought to be smart enough to ask whether this escalation should be assumed for a few minutes or remainder of the session.  

New Microsoft Certification Framework

Posted: 4:54 am
February 16, 2007
Microsoft
3 Comments

Got a chance to sit in on the Microsoft webcast outlining the changes they are making to the Certified Professional program.. I must say, way to go. Here is one of the slides from the webcast (click to enlarge) that literally explains what we’re looking for: Proven skills across multiple technologies vs. Validated comprehensive skill set in specific job role.

Expirationoftechnicalskills

Let’s face it, to survive not only do you need to be an expert at what you do you also need to be versatie. Gone are the days of a monkey in a bucket creating databases – you want 6 figures, you’ll have to earn them.

The best part?

Finally, Microsoft will be retiring certifications along with the product support as well as expiring technology specialist certifications every 3 years. That alone ought to kill paper MCSE’s.

Peer Throwback: Do you get it now?

Posted: 11:22 am
February 15, 2007
IT Business, Microsoft
4 Comments

So you’ve had the time to sleep over the questions, not the answers, provided in yesterday’s MAPS call. Chris and Tim blogged about it, there has been a little followup in the community..

So here is the 64,000 question (no, I’m not that old, I saw it on a documentary in a media class in college):

Do you now know why Microsoft has been urging everyone to consider the certified partner program and certifications in general?

While I can respect anyone’s angst at building a sustainable growing business and not wanting to deal with HR issues and management, you’d be a fool not to start writing a competitive summary statement after yesterday’s webcast. That Q&A ought to be printed on the wall of your office to remind you of who your competitors are. If your business is providing Microsoft solutions then you need to showcase how much you’re familiar with Microsoft solutions.

Logo DOES matter, I don’t care if your customers don’t care about it. You make them care about it – you tell them what it means and you tell them why the other guys don’t have one.

Look at this from a customers point of view folks; Would you do business with a pool cleaner that skimmed on his chemicals, rental company that skimmed on the maintenance intervals, airline that made you sit on broken seats? Come on! Why would you expect a customer to think any different?

And in the sea of negativity, he is a positive comment on MAPS from someone that considers it a business tool, coutesy of Fred:

This is where I see MAPS as a great program for partners. The value
of the software that Microsoft gives us for internal use is
unbelievable. But, the real value in the MAPS program is the
opportunity that Microsoft is giving us to gain exposure into other
applications that we, as IT consultants, may not have looked at for
our own business (Project, Visio, etc).

Yes, Microsoft reduced the XP/Vista licenses to upgrade only…but,
guess what, I would have gone out and bought the license anyway
simply because I *NEED* it to run my business. Getting included
licenses, of any type, helps to reduce my overhead and I appreciate
that Microsoft sees fit to help their partners out in this manner.

MAPS: The big picture question (and transcript)

Posted: 5:37 pm
February 14, 2007
IT Business
4 Comments

I’m sorry Amy.. I really am, but someone has to say it even if its not pretty.

The big picture question is why do my peers, and I use that term loosely, do not understand the concept of edge case? How many times does one have to hear “we base our decisions on the input and needs of the majority” before they realize that as the extreme exceptions to the spirit of the project, their needs will not be met. Why is that such a hard concept to grasp?

This was the most painful Q&A ever. Several questions on how to get a transcript of the Q&A text – For the love of god, you people are computer consultants and still haven’t mastered the art of copy and paste? Open up notepad. Highlight the entire Q&A session, press ctrl+c, alt tab to notepad, ctrl+v. Done.

The transcript is available here for download, unedited.

This is the first time I’ve heard Eric pick up the pitch in his voice, slow down his explanation and start to annunciate. Chris suggests that he needs to get double hazard pay for the explanations.

To be fair, there were a handful of legitimate questions. But the remainder of the transcript stands as the evidence (mind you that 50% of the audience were SBSCs) that our profession, at least as evidenced by the Q&A in this webcast, is so uninformed that they should not be anyones advisor, on any subject. How can we expect Microsoft to take us seriously when the majority of our peers does not know the basics of the technology they sell, benefits they receive, newsgroup addresses…. It feels like some of these people were in an online presentation for the very first time.

So why do the needs of higher profile partners seem ignored? Because the majority of the people out there ask the types of questions that you see in this webcast – like it or not, those are our peers. And that my friends is the problem.

What’s it like working with Vlad: The MAPS Quagmire

Posted: 12:25 am
February 14, 2007
Vladville
9 Comments

Earlier today my colleague and honorable friend Susanne Dansey responded to an email interview. Vijay asked her what it was like working with me.. to which Susanne responded with:

Working with Vlad is a unique experience. To tell you would open your eyes to a world which you may not be ready to experience. It is for the safety of you and others that I don’t tell you.

Now while I have to profusely thank Susanne for not divulging the graphic details of the things that get edited out of the SBS Show I feel that you, as my audience, do deserve to know what it’s like to actually work with me.

(this part is true) I have a very stressful yet incredible job. I spend hours each day trying to keep our networks alive, supporting our customer base, assisting our partners with deals and in my spare 30 seconds a day I try to look into the future, identify problems, opportunities and solutions. Because not a day goes by without dealing with people on virtually every continent nearly every hour of the day I get the tremendous amount of input that I have to consider seriously because I genuinely do not know if someone is just making fun of me or if they are absolutely serious. So I play along, work as hard as I can and try not to let my personal feelings and opinions interact with the professional duty I have to every single customer, partner and vendor my business interacts with.

So to blow off steam I blog, I run, I share what I know with my fellow man (or woman) and a part of that is the reality check that I cannot afford during work. Most people laugh at (with) me and I enjoy to entertain with my frequent reflections of how absolutely ridiculous some things are… yet we put up with them.

So to give you an example, here is the official Vladville question guide for tomorrows MAPS webcast. It is in response to the very real and legitimate FAQ managed by Schrag; You might be offended, proceed cautiously..

  • I’m a small business consulting shop, I work by myself but have 18 laptops. I need to be able to order two Action Packs, why can’t I do that?
  • I have 6 illegal immigrants from Korea working in my basement, they don’t speak English. Can I get Windows XP Korean N media and licensing through the Action Pack?
  • I have a severe multiple personality disorder; During morning hours I am a 6th grader with IQ of 35. During evening hours I’m a genius financial manager for a Fortune 500 company (on contract). I need Action Pack to suit both personalities – can you please provide a copy of Microsoft Encarta and a copy of Biztalk in the next MAPS license?
  • Followup to the above questions – do I need to have a CAL for each of my multiple personalities?
  • The recent changes in offering upgrade-only (Volume License) media for Windows XP and Windows Vista is seriously cutting into my ability to resell Microsoft Action Pack to small businesses that legitimately offer IT consulting services. My hair stylist, my limo service, my attorney and even my horse manure and bull semen distributors use Microsoft POS – and as customers complete transactions they interact with technology and look to us to deploy it for them. How will MAPS change to fit my business model?
  • One of my friends customers partners recently had a Microsoft Exchange Ranger team from Microsoft Consulting come in and complete an Exchange deployment. If Microsoft truly feels we should move up the solution deck should every Microsoft Partner Program registered member not get at least 5-10 hours of free Microsoft Consulting time per month? I am not an unreasonable man, how about 5-10 hours a subscription renewal?
  • Microsoft server software is too expensive, I cannot get my customers to buy Microsoft Small Business Server 2003 R2 at its  ridiculously inflated price of $550. My customers are not made of money like Microsoft thinks. In a completely unrelated topic, can you please explain to me why you are not providing Windows Vista Ultimate for free so I can support all of my customers (mentioned above) that spend $399 for a copy of Windows Vista Ultimate?
  • My Microsoft revenues over the past 6 years have been significant, almost into five figures. Can I have a Partner Advisory Seat on the MAPS team so I can offer my insight?
  • I have never heard of Microsoft Technet Virtual Labs, Microsoft Technical Demonstration Tookit, free virtual machine downloads, free evaluation downloads of most Microsoft services, etc. Why is Microsoft not giving me full versions of every piece of software ever made so I can install them all in 256MB RAM virtual machines and spend all my time playing instead of working?
  • Please provide full and detailed justification for inclusion of every piece of software provided in the Microsoft Action Pack. Please also provide full justification for not including every other piece of software that was not included in the Microsoft Action Pack. Please provide guidelines, bylaws, and a 10 year plan for the Action Pack – as a serious business that runs its infrastructure on $299 a year software gimmie I need to know the direction Microsoft is planning so I can properly strategically align my business processes with Microsoft’s, if at all depending on your response.
  • A midget, a partial transvestite and an unborn 5 month fetus are currently on my staff, I would like to know how my employee selection impacts my CAL needs. Since midget has special workstation demands does Microsoft feel it is right in trying to charge him for a full CAL? At which height does Microsoft consider the user to justify a full CAL use. Should the midget get shin implants will they be able to upgrade to the full version? In case of a partial transvestite, how does Microsoft define a user in terms of biological functionality. If the transvestite was born as a woman but had a partial surgery to transform her to him, will Microsoft require multiple CALs? To which degree must a sex be converted to require only a single CAL? Finally, in terms of the unborn 5 month fetus – Where does Microsoft stand on the issue of when life begins. Please explain in full detail.

That ladies and gentleman (and midgets and transvestites and unborn fetuses and illegal immigrants) is the mind of a mad man. Pleased to meet ya.

Microsoft Action Pack Webcast

Posted: 1:13 pm
February 13, 2007
Gaypile, Microsoft
1 Comment

Microsoft will be holding a webcast tomorrow so if you can take a moment to climb out of the pile it might be a good idea to attend and ask questions. David Schrag has a wiki set up for people to organize questions for tomorrow, check it out here and add your own.

The webcast in question is tomorrow, register here.

P.S. Wonder how many show up or even care at this point? I have not spoken to a single person since perhaps December that has anything good to say about MAPS. A small portion of those is actually dropping their subscription and purchasing Vista outright as it makes more sense to them. Others are considering the certified partner path. Whatever the answer, I hope Microsoft spends more time on enforcement and timebombing the action pack so that the illegal sales of it end… but I live in the real world so enough dreaming and back to work.

DST patch fun

Posted: 11:10 pm
February 12, 2007
Microsoft, System Admin
1 Comment

Susan talks about the DST issues on her latest podcast.

DST of course is the Daylight Savings Time and is observed by a number of countries in order to reduce energy utilization by messing with the clock and when people wake up. Basically, politicians controlling the clock. And since we’re lately bombing everything without cause having increased energy costs the US government decided to extend the DST period by 4 weeks, creating a major havoc in the way DST is calculated. Combine that with Microsoft’s patch quality assurance as of late and you have a making of a spectacular mess that we as system administrators now get to clean up.

So go listen to Susan and prep your workforce. The Exchange MVP circles have had a blast discussing the DST, among them the following hilarious comments.. So, how are the brightest Exchange experts dealing with the DST KB article #926666?

I am planning to drink heavily until April 1st.

Ok, as I drill into this here, I really think that the easiest answer is to just outlaw meetings from 3/11-4/1. 

No meetings allowed from march 11 to april 1. 

I’m going to resign on 3/10 and then get a new job on Apr 2.

I don’t care who you are, that right there is funny  Hope the humor helps you through the patch.

More on the Microsoft Retail Strategy

Posted: 12:15 am
February 9, 2007
IT Business, Microsoft
Comments Off on More on the Microsoft Retail Strategy

No, nothing more from the boards (as there is a lot more and as usual its degenerated beyond the disrespective banter) but straight from da man in Redmond.

First, the SBSC Webcast that started it all, Microsoft Retail Strategy.

Second, the followup asking for feedback.

Now as the SBSC team has done over and over — they are seeking feedback. So watch the webcast, see what it means to you and then hit the second link and tell them what you think. Be respectful, be specific, demand answers. What so often happens in these situations is that people get shell-shocked about the news and run into the gaypile to stop the future from occuring. This team has a track record of asking for feedback and delivering, so tell them what you need.

P.S. That last part, for what its worth is just one of the reasons the SBSC wins over Microsoft Certified Partner badge. The SBSC asks for feedback, my PAM tells me he doesn’t return phone calls for deals less than $10K in Microsoft licensing.

SBS Show Newsletter Launches!

Posted: 5:02 pm
February 8, 2007
Podcast, SBS Show
Comments Off on SBS Show Newsletter Launches!

I’m proud to announce that we’ve launched the first SBS Show newsletter. In the same spirit as the podcast, the newsletter is a non-commercial glue for the SBS community that we can share info thats relevant to us.

I’ve even spent some time to design the “fan club” concept that is similar to digg.com and the social way of voting for stories. Let’s be honest, we all find info every day that pretains to our business, but we’re all too busy to review every single thing. And we all can’t stay on top of a newsgroup thread with 500 posts – “so give me the skinny” becomes the way of life.

Please sign up for the SBS Show fan club, it’s free. Please download SBS Show Episode #25, with Erick Simpson, it’s awesome. And, thanks for all the support. Big thanks to Susanne Dansey and Dave Sobel, my cohosts, Susan Bradley my spiritual advisor, Tim Barrett the UG guy and our long lost friend, Chris Rue, may god bless his soul.

Vladfire 20: David Schrag

Posted: 12:38 am
February 8, 2007
Vladfire
5 Comments

Vladfire 20 with David Schrag. This is a must-see for all aspiring SMB consultants that want to establish and run a consulting practice. The road, the business and the future, enjoy:

Runtime: 10:05 minutes

Download a WMV (Microsoft Windows Movie) | (56 Mb)

Stream Quicktime (Fast, Streaming, Requires Quicktime) |  (13 Mb)

(yes, it’s Schrag.. ironic, since he actually spells it at the end of the interview)