Thomas Lee's collection of random interesting items, views on things, mainly IT related, as well as the occasional rant
Saturday, April 30, 2005
FireFox Passes 50 Million Downloads
Patch Management Best Practices E-book
Sunday, April 24, 2005
I'm going to TechEd US!
Friday, April 22, 2005
Windows Server R2 Beta 2 Gets A Lot Closer
For me, R2 is one of the best secrets around - hardly anyone seems to have heard of it. Thus far this calender ear, I've had very, very few delegates who've even heard of R2, let alone had seen it, or had much awareness of what it was and would do. I'm downloading B2 now, and hope to have a small new forest built with it by the end of the weekend!
Friday, April 15, 2005
Windows Installer 3.1 is available
Thursday, April 14, 2005
VMware Workstation 5.0 ships
I've had the various beta and release candidate drops running here for some time with fantastic stability, and great performance. All in all, a nice product and a big improvement over 4.5.
Monday, April 11, 2005
Mounting ISO files virtually
MS released a cool tool to beta testers years ago called VCD (Virtual CD), which allows you to mount the ISO into your real system. I always thought it was a beta-only release - thanks to a pointer from fellow MVP Duncan McAlynn's blog, it looks likle MS have released it on the download site.
This is one of those "must have" tools in every admins tool box.
The download is an self extracting .exe and contains three files. There's a short readme.txt file, plus a front end (VCdControlTool.exe) and a driver (VcdRom.sys). Naturally, you need the appropriate rights to load drivers in order to use VCD.
Visual Studio Hosted Labs
Sunday, April 10, 2005
Mistakes in Articles
I've had a strong mail from Jason Leznek, a Product Manager for WSUS at Microsoft who is "concerned over the inaccuracies" in the article. He also demands that the mistakes get put right as quickly as possible. Since magazine articles are written a long time in advance (the WUS article that appeared mid-March was completed in early December '04), getting the errors corrected in the print edition is going to take some time. In the meanwhile, I'm happy to post these corrections both here in my blog and in the WSUS newsgroups.
There were three relatively trivial errors contained in the article:
1. The article suggested that SQL suport was not included in WSUS. SQL is supported and I've seen two SQL patches already. But since installing one of them (MS03-031) my ISA Server firewall service no longer starts up automatically. Exchange is also meant to be supported in WSUS, but I've see no Exchange patches yet and the Windows Server 2003 SP1 update has also not been seen yet. While I still can't understand why MS won't suport ALL main stream MS products with this first release (aside from sheer inertia), but that's the way it is.
2. The article incorrectly stated that the WSUS was not supported on the Windows Server 2003 Web edition. Web Edition is supported, although there are some minor restrictions for its use. See http://www.wsuswiki.com/WSUSRestritionsWith2k3Web for more details on using the Web edition for WSUS.
3. MS also are unhappy at my view that WSUS is not AD integrated. Jason points out that the Automatic Update client can get WSUS configuration from a Group Policy setting, for those computers that are members of an AD domain. So he's right, byut up to a point. The WSUS server itself, however, is unaware of the AD. This means WSUS target groups are not obtained from AD, for example - the WSUS administator has to create them manually. Additionally, the WSUS server does not get it's list of machines from the Active Directory - WSUS only knows about those machines that have made a connection. This means that in a larger domain environment it's more difficult to determine which machines have never contacted the WSUS server and are therefore potentially unpatched - and initial client remediaion remains a deployment issue for larger organisations. So while the AD client is AD aware, the server isn't - I can't really say that WSUS is AD-integrated the way that, for example, ISA Server or Exchange is.
Having made these mistakes, the real question is whether I still feel that WSUS is a good product? Basically yes, although my enthusiasm is certainly not quite as high as it was earlier. WSUS is not as easy to use as I'd have liked, and client remdiation still seems to be an issue (although the clientdiag.exe shipped with the RC does indeed help to resolve most of the easy issues). One example of usability issues I've seen us an AU client (which happens to be my mail server that is otherwise running just fine) which has registered with the WSUS server but has never picked up updates from WSUS. There's no error messages in WSUS, and the client diagnostic tool fails. I certainly feel some empathy for admins who want this to be a simple, simple, simple product. Maybe that's a point though - patching is not simple. But even so, WSUS is not as simple a product as I'd have liked. Another example of lack of ease of use of WSUS concerns the April updates, released yesterday - which I've just finished installing on my test network. In all the communication material I've seen from MS in the past 24 hours, each update is titled with the MSRC ID, e.g MS05-19, MS05-20, etc. However the titles of the updates issued to WSUS only use KB numbers, with the MSRC ids burried in the update's detail pages (which is slow to bring up). While you can open each patch individually, and work out the MSRC number, this is harder than it should be. Some more joined up thinking and communication about these updates sure would be useful, or the abilitiy to add columns to the UI.
So should you go for WSUS? For smaller, all MS environments, it's appropriate, especially since WSUS is a free tool and it's miles better than SUS which it replaces. For larger larger either all or mostly-all Microsoft environents, SMS is propbably a better bet - it delivers a lot more functionality (albeit at a price) and the remediation approaches are well understood in the community. And for more heterogenous environements, you may need to either run multiple products (using WSUS for your Windows systems or look at some of the 3rd party tools on the market since support for non-MS products and services is not included in WSUS and there are no formal released plans, thus far, for this to happen (at least that I'm aware of!). And if you do decide to take WSUS, be prepared for some up front work to get it up and running.
And finally - an apology for the mistakes made in the article. I'll try to get the next article proofread and edited better.
Monday, April 04, 2005
Interesting Blog Comments
I've got no real idea what this comment is on about, although I think it's referring to a comment in an earlier posting regarding the WSUS RC. I subsequently made some updates to the blog entry as I was about to head off (and have tonight clarified things a bit more). But as the complaint is not clear, I can't tell. For the record, I made an error in a blog entry - and that was put right last week.
As to be expected, there has been a tremendous amount of updating of the WSUS Wiki, based on the RC. I'm sure comments have been modified in the light of both the RC and (for my part at least) a better understanding of what the WSUS team is doing with their product. I sincerely hope that the wiki will be accurate and correctly focused and that when errors are made they are corrected quicly and appropriately.
I don't mind getting critical comments here. When I get it wrong, I try to make it right and fix the issue. But it does really rather annoy me when I get comments and mails (like this one) from users who feel they can remain anonymous. Microsoft employees really should know better.
So if you have a point to make, or want to correct an error or make any sort of comment, then be honest and use your name. Better yet, email me privately at tfl@psp.co.uk and I'll be very happy to fix any errors made here.
I never really could understand why folks turn off blog comments - till now.