KMS with Windows 7

A number of posts ago I wrote about my fun with KMS. Well it is time to start rolling out Windows 7 and there are some lessons to be learned. Here are just a few of the gotchas:

• If you are using 2003 Server or 2008 Server R1 you need to install an update. This update takes KMS to version 1.2 (1.0 was Vista, 1.1 was Server 2008 R1). This update is required for KMS to be aware of Windows 7 and 2008 R2.
• You need to get the Server 2008 R2 volume license key. Haven’t purchased a single license of Server 2008 R2? Doesn’t matter. Log on to the Microsoft Volume Licensing web site and magically you will have a row in your product key listing that is for Server 2008 R2. Take this product key and call “slmgr -ipk <newkey>” on the KMS server and then call “slmgr -ato” to activate it with Microsoft. Finally call “slmgr -dli” to ensure that everything is ready to go.
• Remember that server and client counts are mutually exclusive so you must have 5+ servers to start the server side and 25+ clients to start up the client side. Thinking that getting your server number to 5+ and your first Windows 7 system will use KMS is wrong. The sad thing is that calling “slmgr -ato” on the Windows 7 system will give you a really poorly thought out error message that the KMS server is unavailable. It isn’t that it is unavailable, it is that it hasn’t had the threshold for the client hit yet. Come on Microsoft, get someone that can come up with better error messages as that is a joke.

Wow…

There is no word other than WOW for what I heard at a meeting of technology directors yesterday. As the world around us turns to removing “normal” users from running as admin one school district decides to take the path less traveled and have their teachers running as admin (if you are reading this blog you already know my stance on this). This is so comical that I had to post on it. I spoke with my techs this morning and asked them how they would like to work in that environment and the look of death went across their faces. Has no one in this district seen that Microsoft has disabled the local administrator account in Vista/7? Do they have any idea why? The bottom line here is that this is a perfect example of a non technical person making a very technical decision that will have a severe impact and it won’t be a positive one. I am sure that the truly technical staff members at this district are shaking their heads and crossing their fingers that when it hits the fan they don’t get hit from the fall out. Yes there will be fall out.

Here is security 101: User running as admin goes to an infected web site that does a drive by download onto the workstation with ZERO interaction by the user. Because this user is GOD on the computer the virus runs in that context and as such owns the world. Please don’t send me a comment stating that antivirus/spyware software will save them as that simply isn’t true. Any security expert worth 2 cents will tell you that once you own a local workstation that is joined to a domain, domain ownership is just a hop and a skip away. If I was back in school this network would be owned (and some young hacker at one of their schools will show them the way). Question is: with everyone holding the keys to the castle where will the blame fall?

The bottom line here is that the real world has learned a long time ago that you cannot rely upon end users to make the right decisions. This is like saying that everyone at the Pentagon should have access to the big red button. Come on.

Very interesting that just after I made this post I received an invite to this webinar:

http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=78

 

Good news for free SSL…

If you are tired of paying big bucks to get a SSL signed by a trusted root certificate authority there is good news out there. Here is a link to more information: http://www.istartedsomething.com/20091010/microsoft-free-root-certificate-authority-windows/

This ties in with a previous post regarding self-signed certificates and Exchange 2007. Now you can get a free SSL and not get the certificate errors in IE.

Why iTunes will have to change to survive…

Let me start this post out by saying that I own an iPod touch and I love it. I can’t pull myself to buy a Zune (even though everyone that gets their hands on one says its a better media device than the iPod) simply because I have a number of apps that are must have (including the Kindle app). So why would I create a post titled this? The answer is simple: Apple must move to a model that allows on demand streaming of content. I want to be able to access my content on demand when a strong enough pipe is available and be able to upload content to my device in case it won’t be available. The Internet is King and anything that plays in this old school model will eventually die on the vine. For anyone that thinks Apple is a futuristic innovator, please post a comment and tell me why this isn’t possible yet via iTunes?  If you have any programming skills you know that this is a joke to develop. User logs in, said user account is tied to a listing of content, stream that content from the web if it isn’t on the device. I have to say that I don’t like the idea of a Zune Pass type model as I usually purchase a number of songs and listen to them until I know the words by heart. For anyone like me we don’t want to pay $15 per month to access the same songs over and over again. I am sure you are saying that I might just as well install the content on the iPod and move on but there are many cases where I want access to my content from a device other than my iPod. For example, I am at a party at a friends house, why can’t I fire up a web app, access my content and go? I shouldn’t need one of my “select” devices to listen to content I have already purchased.

Exchange 2007 self signed certificate

If you are using Exchange 2007 and didn’t get a 3rd party certificate you will start seeing certificate errors on your clients one year after your install stating that the certificate has expired. The solution is simple in that you can create a new self signed certificate (for another year). The process to renew the certificate is as follows:

Start the Exchange Management Console and type in the following cmdlet to get the current certificate: get-exchangecertificate -domain “myserver.mydomain.com” | fl

This will return a number of pieces of information about the certificate including the thumb print. Right click and select the Mark option to mark text to copy, high light the thumb print value and hit the Enter key to copy it. To create a new certificate using the existing one to “clone” enter the following cmdlet: get-exchangecertificate -thumbprint “thethumbprintreturnedinthepreviouscommand”  | new-exchangecertificate

This will prompt you to overwrite any existing certificate so enter Y to do so. The command will return the thumb print of the new certificate. Check out the new certificate by entering the command  get-exchangecertificate -thumbprint “newthumbprint” | fl

Once you are sure all is well go ahead and delete the old certification using the command: remove-exchangecertificate -thumbprint “oldcertificatethumbprint”

One thing to note is that in some cases IIS will be running and will be using the old certificate. In this case you need to set IIS to use this new certificate by calling this command: enable-exchangecertificate -thumbprint “certificatethumbprint” -services IIS

The confusion of Microsoft…

I have a wonderful Skydrive (http://skydrive.live.com) account that I use religiously. The problem with this is that I want to store files to this directly from Office 2007 applications (click the Save button and one option is Skydrive). So you can imagine my excitement when I caught wind that the latest release of Windows Live had the ability to save Offices files right from the menu. I installed Windows Live and then the excitement disappeared. The location this is saving to is Office Live Workspace. This is not Skydrive but some other storage location. Why not have a single storage location for all my files? The confusion gets worse in that when I log into my Skydrive account and click on a Office document I am now greeted by the wonderful Technical Preview of Office Web Applications. This is great but what about the documents I saved directly out of Office 207 to Office Live Workspace. Hopefully Microsoft has a strategy here that takes this confusion away so I can help family/friends/co-workers use this awesome technology without the confusion. Right now users save one copy to their local system, then upload it to Skydrive thus creating sync issues. When they are in the “cloud” the system should be smart enough to know that it needs to be synced when connectivity is available. Hint to Microsoft: The KISS method: Keep It Simple Stupid.

Didn’t believe me regarding Twitter…

If you thought my last post that talked about how Twitter is turning to the ad market was unfounded, read this: http://www.betanews.com/article/You-saw-this-coming-Revised-Twitter-terms-of-service-enables-ads/1252687628

Open mind…

Did a presentation yesterday to a local company (can’t say the name of the company as many of you will know them as a national branded company) on a wide array of technology topics. What amazed me with this company is the wide array of staff they had at the meeting and the extremely varied level of open mindedness. One thing I took away from the meeting, I know the person I never ever want to be marked as. You know this person immediately as they project themselves as: “I know everything and this meeting is a complete waste of my time”.  For those that know me personally they will attest that I’m a confident person but their is a major difference between confidence and being a rude, narrow minded individual. I approach every person and meeting with the hope of taking something away from the encounter. How can a company keep someone like this on their payroll? The amazing thing is that this person was high up in their marketing arm! A close minded marketing person, WOW! What group was the most open minded? Technology (pat yourself on the back if you are a technology person and are open minded). One of my statements was simple: Don’t focus so hard on a single technology that you lose focus on the ever changing landscape that is technology. The system in particular was Twitter. For a company that can generate a following on a site such as Twitter I say kudos to them. My issue with it is that this is what percentage of your customers? When the group was questioned as to how many actively used Twitter beyond what they were doing as a company: ONE. Do you really think there is a market out there that has blanket coverage on Twitter? Many people have just found email and you as a company are going to move forward and leave them in the dust? Companies need to build relationships and advance technology to support customers that want to move, but not lose customers that are on the back end of the technology spectrum. My analogy: the pond is full of lilly pads and you as a company need to stand on the lilly pads that support you and once one starts to sink move a foot to another one. Another comment that went in one ear and out the other was how Twitter is becoming a search engine of sorts. I don’t think I need to tell you the response. Sorry but the facts are the facts. You have a business that charges what for their service? You have the search market that is estimated at $1 billion for each percentage point of the market. Boy, I wonder what a company like Twitter is changing their home page to be more like Google for? Time to wake up!

On a positive note this companies technical staff were excellent! Kudos!

Apple announced updated iPod, snore…

Has anyone else had enough of Apple and their joke for press conferences! If any other company did a press conference for completely non-innovative things like this they would be laughed out of the market but not Apple. Can anyone say follow like sheep Apple fanboys. On another note I heard Leo call Snow Leopard by its real name: Snow Job. Another non-innovative joke of an upgrade. The comment was that the upgrade was so cheap. Well it had better be because there is nothing there (even Microsoft knows enough to make enough visual changes to make the customer feel good about the price and pain they just paid to upgrade). This upgrade should have been better than cheap, it should have been free! Don’t take my word for it, drop the cash, perform the painfully long upgrade process (oh didn’t Apple make some smart comment in the past about upgrade times in Windows) and then get really ticked when you realize you have just been had.

Why Apple’s dominance in the phone market will be short lived…

Why will Apple’s dominance in the phone market be short lived? Two words: closed system. There really doesn’t need to be anymore said. The world will no longer put up with a closed system like what is provided by Apple. Think Apple isn’t a closed system? Try to load OS X on a non-Apple system or try to take your content from iTunes over to Zune (easily). Better yet, who controls the applications you can install on your iPhone? What will allow Apple to hold on for a while will be innovation. I will also inject that this will be short lived as Apple doesn’t hold the purse strings to new and innovative ideas, companies that are agile and creative do and this bleeding edge spirit leaves a company over time.It is really interesting to hear some major media players target Apple as the evil empire now instead of their long time evil player Microsoft.