Saturday, April 30, 2005

FireFox Passes 50 Million Downloads

When I rebuilt my laptop after a hardware refresh, I added the TickerFox extension - a download counter odometer extension. This extensions adds a counter of the number of downlaods to date of FireFox. I noticed this afternoon, the counter has hit 50 million. And in the time it took me to write this entry, another 2 thousand downloads occured (sorry for such slow typing). WOW!

Patch Management Best Practices E-book

For those wanting to know more about the best practices in patch management, Ecora has a free electronic book Patch Management Best Practices E-book which you can download. Written by Anne Stanton and Susan Bradley this is a great read for anyone tasked with making patch managemenet happen in their organisation.

Sunday, April 24, 2005

I'm going to TechEd US!

I got a nice email last week that said "The MCT Community has spoken, and your session, MSF and MOF: What Is It, and Why Should an MCT Care?? has been selected as a breakout session in the MCT track at TechEd 2005. In addition, you have been selected to represent the community as an MCT Ambassador at the TechEd Track Cabanas. Now all I have to do is find a hotel!

Friday, April 22, 2005

Windows Server R2 Beta 2 Gets A Lot Closer

As reported by Mary Jo, in an eWeek article titled Microsoft Delivers Windows Server R2 Beta 2, the release of R2 comes a little closer.

For me, R2 is one of the best secrets around - hardly anyone seems to have heard of it. Thus far this calender ear, I've had very, very few delegates who've even heard of R2, let alone had seen it, or had much awareness of what it was and would do. I'm downloading B2 now, and hope to have a small new forest built with it by the end of the weekend!

Thursday, April 14, 2005

VMware Workstation 5.0 ships

VMware have now shipped VMware Workstation 5.0. For more details on what's in this new version: see the VMware Workstation 5.0 home page.

I've had the various beta and release candidate drops running here for some time with fantastic stability, and great performance. All in all, a nice product and a big improvement over 4.5.

Monday, April 11, 2005

Mounting ISO files virtually

Like many MSDN customers, I have a large on-line collection of ISO images of most MS products, for installation onto my test networks. They work great for Virtual Machines - you can just mount the ISO as easily as putting a real CD/DVD into a physical drive.

MS released a cool tool to beta testers years ago called VCD (Virtual CD), which allows you to mount the ISO into your real system. I always thought it was a beta-only release - thanks to a pointer from fellow MVP Duncan McAlynn's blog, it looks likle MS have released it on the download site.

This is one of those "must have" tools in every admins tool box.

The download is an self extracting .exe and contains three files. There's a short readme.txt file, plus a front end (VCdControlTool.exe) and a driver (VcdRom.sys). Naturally, you need the appropriate rights to load drivers in order to use VCD.

Visual Studio Hosted Labs

Microsoft has opened the Visual Studio Hosted Experience where you can do free hands on labs with the latest VS/Yukon technology. Cool!

Sunday, April 10, 2005

Mistakes in Articles

I hate it when I read a magazine article that contains mistakes. And I hate it even more when it's my article that is in error. Sadly, although we try, writers do occasionally get it wrong. That happened recently to me - the March edition of Service Management Magazine contains an article about Beta 2 of WUS (Windows Update Service) with 3 minor errors. I wrote the article back in early December, just after WUS B2 was released before I'd really had a chance to really play with it in anger. Since then,the product has been renamed Windows Server Update Service (WSUS) and an improved release candidate for WSUS has been released (and I've filed a bunch of bug reports {grin}). The product has moved on a great deal - and for the better.

I've had a strong mail from Jason Leznek, a Product Manager for WSUS at Microsoft who is "concerned over the inaccuracies" in the article. He also demands that the mistakes get put right as quickly as possible. Since magazine articles are written a long time in advance (the WUS article that appeared mid-March was completed in early December '04), getting the errors corrected in the print edition is going to take some time. In the meanwhile, I'm happy to post these corrections both here in my blog and in the WSUS newsgroups.

There were three relatively trivial errors contained in the article:

1. The article suggested that SQL suport was not included in WSUS. SQL is supported and I've seen two SQL patches already. But since installing one of them (MS03-031) my ISA Server firewall service no longer starts up automatically. Exchange is also meant to be supported in WSUS, but I've see no Exchange patches yet and the Windows Server 2003 SP1 update has also not been seen yet. While I still can't understand why MS won't suport ALL main stream MS products with this first release (aside from sheer inertia), but that's the way it is.

2. The article incorrectly stated that the WSUS was not supported on the Windows Server 2003 Web edition. Web Edition is supported, although there are some minor restrictions for its use. See http://www.wsuswiki.com/WSUSRestritionsWith2k3Web for more details on using the Web edition for WSUS.

3. MS also are unhappy at my view that WSUS is not AD integrated. Jason points out that the Automatic Update client can get WSUS configuration from a Group Policy setting, for those computers that are members of an AD domain. So he's right, byut up to a point. The WSUS server itself, however, is unaware of the AD. This means WSUS target groups are not obtained from AD, for example - the WSUS administator has to create them manually. Additionally, the WSUS server does not get it's list of machines from the Active Directory - WSUS only knows about those machines that have made a connection. This means that in a larger domain environment it's more difficult to determine which machines have never contacted the WSUS server and are therefore potentially unpatched - and initial client remediaion remains a deployment issue for larger organisations. So while the AD client is AD aware, the server isn't - I can't really say that WSUS is AD-integrated the way that, for example, ISA Server or Exchange is.

Having made these mistakes, the real question is whether I still feel that WSUS is a good product? Basically yes, although my enthusiasm is certainly not quite as high as it was earlier. WSUS is not as easy to use as I'd have liked, and client remdiation still seems to be an issue (although the clientdiag.exe shipped with the RC does indeed help to resolve most of the easy issues). One example of usability issues I've seen us an AU client (which happens to be my mail server that is otherwise running just fine) which has registered with the WSUS server but has never picked up updates from WSUS. There's no error messages in WSUS, and the client diagnostic tool fails. I certainly feel some empathy for admins who want this to be a simple, simple, simple product. Maybe that's a point though - patching is not simple. But even so, WSUS is not as simple a product as I'd have liked. Another example of lack of ease of use of WSUS concerns the April updates, released yesterday - which I've just finished installing on my test network. In all the communication material I've seen from MS in the past 24 hours, each update is titled with the MSRC ID, e.g MS05-19, MS05-20, etc. However the titles of the updates issued to WSUS only use KB numbers, with the MSRC ids burried in the update's detail pages (which is slow to bring up). While you can open each patch individually, and work out the MSRC number, this is harder than it should be. Some more joined up thinking and communication about these updates sure would be useful, or the abilitiy to add columns to the UI.

So should you go for WSUS? For smaller, all MS environments, it's appropriate, especially since WSUS is a free tool and it's miles better than SUS which it replaces. For larger larger either all or mostly-all Microsoft environents, SMS is propbably a better bet - it delivers a lot more functionality (albeit at a price) and the remediation approaches are well understood in the community. And for more heterogenous environements, you may need to either run multiple products (using WSUS for your Windows systems or look at some of the 3rd party tools on the market since support for non-MS products and services is not included in WSUS and there are no formal released plans, thus far, for this to happen (at least that I'm aware of!). And if you do decide to take WSUS, be prepared for some up front work to get it up and running.

And finally - an apology for the mistakes made in the article. I'll try to get the next article proofread and edited better.

Monday, April 04, 2005

Interesting Blog Comments

I'm just back from a few days away and I got a rather rude shock in my mail - a copy of a somewhat snide comment posted to this blog. I noted last Thursday that the WSUS Wiki had moved to a new site and had some new content. Someone posted a complaint about critical comments being removed, and wondereing if the WSUS Wiki would be be handled the same way.

I've got no real idea what this comment is on about, although I think it's referring to a comment in an earlier posting regarding the WSUS RC. I subsequently made some updates to the blog entry as I was about to head off (and have tonight clarified things a bit more). But as the complaint is not clear, I can't tell. For the record, I made an error in a blog entry - and that was put right last week.

As to be expected, there has been a tremendous amount of updating of the WSUS Wiki, based on the RC. I'm sure comments have been modified in the light of both the RC and (for my part at least) a better understanding of what the WSUS team is doing with their product. I sincerely hope that the wiki will be accurate and correctly focused and that when errors are made they are corrected quicly and appropriately.

I don't mind getting critical comments here. When I get it wrong, I try to make it right and fix the issue. But it does really rather annoy me when I get comments and mails (like this one) from users who feel they can remain anonymous. Microsoft employees really should know better.

So if you have a point to make, or want to correct an error or make any sort of comment, then be honest and use your name. Better yet, email me privately at tfl@psp.co.uk and I'll be very happy to fix any errors made here.

I never really could understand why folks turn off blog comments - till now.