Is offering too many products or features a bad thing?

My friend and I got into a very interesting conversation the other day about how companies tend to focus a large amount of energy creating products or versions of their products for particular market segments. Now, I’m not talking about the act of language localization. Instead, what I’m referring to is how companies actively pursue any of the following:

Read more

Obtaining an OID for a Certificate Issuing Policy (CAPolicy.inf)...

In the happy fairy land that is PKI there comes a time when an OID is needed. Such a time is when you want to specify a Certificate Issuing Policy within a CAPolicy.inf for Microsoft’s Certificates Services. However, how to obtain an OID tends to be a coveted mystery among the security gods.

So… in my quest to provide knowledge to the masses here are some methods to obtain an OID that may be placed within your CAPolicy.inf.

Method One:
If you already have a valid OID obtain a CPS arc from you OID overlord.

Read more

My thoughts on Microsoft’s System Center Opalis product

What is Opalis? Well for those that have been in a closet, Opalis was an automation platform that was snapped up by Microsoft late last year. Rebranded System Center Opalis, this platform is targeted to provide a vehicle that IT pros can use to automate tasks across various systems via a workflow without “necessarily” writing code. Based on Microsoft’s marketing materials the key selling points for Opalis are:

Read more

Cloud computing, gap analysis, and limited time trials…

There is a really great thing about cloud computing. It’s in the cloud. However, when I talk to a number of organizations they still want to treat cloud-based services as if they operate just like an on-premise solution. However, a solution that is deployed on-premise has some major differences from a solution that lives in the cloud. Namely, a solution that is on-premise is all yours to muck with. Therefore, the things (customizations) that you do with an on-premise solution are not always transferable to a cloud-based solution.

Read more

Will Windows File Classification Infrastructure (FCI) protect our data and bring about world peace?

Let’s face it. Managing data in the enterprise is a messy endeavor. I have yet to see an organization that has a 100% handle on where data should live, how it should be used, protected, consumed, etc. Part of the problem is that there is no centralized or built-in method within most information systems by which to classify data. Instead, most organizations rely on user based classification of data which often just results in documents being shoved within a labyrinth folder shares. Or, they hire a third-party or purchase their solution to as a panacea for their quandary.

Read more

How to create custom AD LDS attributes...

Recently, I was working with a client that had has an enterprise application that is outsourced to an Application Service Provider (ASP). Because this application is outsourced and using a completely separate authentication database from their internal Active Directory (AD) forest, they have been experiencing a number of account lockout problems because of password differences between AD and the external application. In addition, the external application also relied on user data that was stored in Active Directory.

Read more

Why does my Windows Server 2008 machine register all of its IP addresses into DNS?

Ran into this issue the other day and I figured that I would share. Basically, I was setting up a DirectAccess deployment and the customer wanted to stick the NLS instance on an existing Exchange Server 2007 CAS server. OK… no problem. Let’s add another IP address, create another Web site, and change the Web site bindings so that each site binds to a single IP address.

Read more

Understanding and using message classifications in Exchange Server 2010 - Part One

Message classification is a feature that is found within Exchange Server 2007 / 2010 and Outlook 2007 / 2010. By using the classification feature, a message that has been classified will contain specific metadata that describes the intended use or audience of the message. Additionally, when a message is classified, downstream applications like Outlook or OWA can use the classification metadata to display user-friendly information about the classification. Or, you can create transport rules that act upon messages depending on their classification and specific criteria.

Read more

Duplicate Message Detection bug in Exchange Server 2010 RU 1 and greater…

In case anyone encounters this, a customer of ours brought this to our attention. Basically, Exchange Server 2010 RU 1 or greater introduced a very odd Duplicate Message Detection bug. You encounter the bug when a delegate receives the same meeting request on behalf of the delegator and to themselves. Instead of two meeting requests for the delegate to respond to in their in-box, there is only the one sent to the delegate. Additionally, if the delegate has two different delegators and both delegators are invited to the same message.

Read more

RDC RemoteApp: How do users change their password?

***UPDATE***

Here is the source: http://poshcode.org/1910

*************

I recently ran into a very interesting scenario with RDC RemoteApp. Basically, we had a client that was using RDC RemoteApp to deploy a medical related application. For their deployment scenario they wanted to create and distribute RDP files to remote users who were not on the organization’s internal network. After semi-going live with their deployment they turned to us and asked, “What about password changes?”

Read more

Standardized Signatures in Exchange Server 2010: enforcing your company’s brand image

After last week’s really great “discussion” about Apple, I have decided to turn back to a more technical topic for tonight’s post. Email signatures… we all know that people try their hardest to make their personal signature as creative and zingy as possible. Don’t believe me, just look at some examples on this posting: http://www.sitepoint.com/blogs/2009/09/18/personalities-of-poor-email-signatures/

Read more

Why do I refuse to buy anything from Apple, because they are evil! - Part Two (Updated)

***Update***

I do not normally answer certain types of comments, but it seems that I have hit a nerve with the Apple fan boys.  Despite what everyone thinks... I'm not a fan boy for anything.  I just happen to work in the Microsoft space.  Therefore if I see something that needs to be called out (like Apple), I make the call.  Therefore a comment calling I shall go!

***Update***

Read more

Legal disclaimers in Exchange 2010: letting the lawyers insert themselves

Let's talk about how to manage disclaimers in Exchange 2010. Disclaimers (aka lawyer-speak) are normally used to denote some form of limit or scope for the rights and obligations for parties in a legally-recognized relationship.

Read more

Why do I refuse to buy anything from Apple, because they are evil!

I’m sure my Apple loving friends are going to give me a hard time about this post. But, I can’t just simply stand around anymore and watch everyone drink the poison laced Kool-Aid. Come on people, I surely cannot be the only person to see the “Evilness” that now embodies Apple. While I have tried my hardest to stop everyone I know from joining the Apple cult, my desperate pleas often fall on deaf ears. Granted, the people I care about typically already have iPhone earbuds shoved into their ears.

Read more

How to force an IP-HTTPS connection on a DirectAccess client…

Pop quiz hotshot, you’ve got a DirectAccess client on a NAT’ed home network and you want to force it to use IP-HTTPS. What do you do? What do you do?

Read more

Searching an entire Active Directory forest for certain objects…

Good evening everyone! After several weeks of dodging postings of an applied nature I figured that it might be time to do a PowerShell focused posting. I like PowerShell…

Read more

Using social networks to establish a publicly verifiable level of trust…

It’s no secret that I’m fed up with how aspects of trust and assurance are established out on the Internet. After all, I have railed against the racketeering operations public CAs operate and the ornate processes people or organizations go through to establish a level of trust/assurance with their identities. In other words, establishing trust on the Internet is broken and it really needs to be fixed.

Read more

Which browser is more secure IE8, Safari 4, Firefox 3.5, Chrome 4, or Opera 10?

About two weeks ago I saw a discussion thread on the GIAC Advisory Board that was entitled, “NSS report on browser security (is IE8 or FF more secure?)”. Intrigued, I flagged the discussion as something to read when I had time. Well… I got around to reading the thread and while the discussion wasn’t the flame war I had hoped, the source for the discussion was interesting enough that I decided to blog about it.

Read more

Microsoft yanks down its capacity planning tool for Exchange 2007, other servers

For those that didn’t know, System Center Capacity Planner (SCCP) is a capacity planning tool that Microsoft created to help organizations planning on deploying certain Microsoft server products. Based on the Microsoft Operations Framework (MOF) capacity planning principles, the tool's primary goal is to help IT professionals deploy infrastructure (hardware/software) by guiding them through the capacity planning phase, prior to deployment.

Read more

Introducing Windows Multipoint Server 2010

Everyday it seems like there are more and more schemes emerging from the woodwork which are designed to allow users to share computing resources. Needless say, it was pointed out to me that Microsoft has just released a new product called Windows MultiPoint Server 2010 which is based on Windows Server 2008 R2 and designed to allow a number of users to simultaneously share access to a single PC workstation. Currently targeted towards the education sector, purchase of this product is limited to schools and educational institutions for usage within classrooms, labs, and libraries.

Read more