Wednesday, July 25, 2007
Below you'll see the newest Canadian innovation modeled by my mother-in-law, Evelyn. I'll be patenting this: Take a baseball cap, one of those plastic beer cups (blue is best), duct tape it on the ball cap and liberally spread "tanglefoot" over the beer cup. The color of the cup attracts the blackflies, they land, get trapped in the tanglefoot and Bob's your uncle.
Friday, July 20, 2007
The basic problem is that customers who have signed up for SA are seeing that they aren't getting upgrades during the term of their SA agreement. So, it's obvious in those cases that it would have been better to not subscribe to SA and just acquire the upgrades once they were released. He specifically mentions that customers who subscribed to SA and expected to get Vista or Office 2007 got screwed.
According to the author, Forrester says 25% who subscribed to SA won't renew. That's big. Both from a revenue perspective and from a problem-to-solve perspective. The author's basic view is that product slips are costing SA customers more than non-SA customers because they are paying for the SA "service" and end up having to purchase the software anyway when it slips and becomes generally available after their SA contract expires.
Product managers and business owners at Microsoft aren't paying enough attention to "providing value for SA subscribers" and they should be...
Monday, July 16, 2007
Check it out:
Here's a live version by Mad Dog Mcrea...
This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is a critical security update for supported editions of Windows 2000 and an important security update for supported editions of Windows Server 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section.
This security update addresses the vulnerability by validating the number of convertible attributes in the client LDAP request. For more information about the vulnerability, see the next section, Vulnerability Information.
If you have not subscribed to Microsoft's security bulletins via e-mail or RSS you really should do that...
Microsoft, Active Directory
Friday, July 13, 2007
- Customer has >1,000 Unix servers
- Adding or deleting users takes weeks because the /etc/passwd file on each host must be edited
- Reporting for SOX and other regulatory concerns is nearly impossible
- Lots of security concerns - was the person deleted? When?
- Customer pays $5 million for an identity management suite/framework from one of the big vendors
- After connecting 10 - yes, you are reading that right - 10 Unix hosts to their metadirectory the suite becomes so bogged down that it is no longer viable
Customer is now interested in simplifying their identity management architecture by consolidating those Unix hosts and identities into Active Directory.
What a surprise. And, to tell the truth, this isn't the first time I have seen this.
I guess it is too late to send them my Tenets of Identity Management white paper because there are at least a few of them that they "broke"...Technorati Tags:
Thursday, July 12, 2007
Most companies mismanage administrative passwords by keeping them in unsecured locations and not controlling access to them. 57% of companies store their administrative passwords manually, and 18% store them in an Excel spreadsheet; 82% of IT professionals store them mentally.
In my opinion you can equate "store them mentally" as the administrator uses the same password for multiple systems.
I really think that managing administrative, root or "power" passwords (a.k.a. identities) is truly lacking. Who is using one? For what? How is it audited? What did they actually type while they were a superuser? Who authorized that person to have that access?
I bet many companies can't answer those questions...
Wednesday, July 11, 2007
- start telling them what to do or how to do it
- "meeting" them to death
- integrating them to death
- distracting them from their day job
I haven't even had a call with them yet...and if I can keep it that way I will...
You guys keep up the good work.Technorati Tags:
Quest Software, Microsoft
Monday, July 09, 2007
- Best in Class companies have a factor of 1.9X fewer total directories (16) than the Industry Average (31)
- Best in Class companies are 2.4X more likely to have consolidated to a single directory (19%) than the Industry Average (8%)
- Best in Class companies are 1.9X more likely than the Industry Average to synchronize directories completely … or through consolidation, not at
Here's the statistic that I like the most:
- Best in Class companies reported an average of 16 separate directories, compared to 31 for the Industry Average
That's a 50% reduction in the number of directories between the average and best in class companies. Can you imagine how much easier the identity management problem is at the company with 50% less directories to manage?
For those companies who choose to consolidate around a single directory, consolidation around Active Directory (AD) is consistent with the dominance of Windows in server operating systems. In the 2007 Aberdeen Report (May 2007), approximately 90% of all companies reported that Microsoft was the leading server operating system. At the same time, Linux and leading flavors of Unix from IBM, HP and Sun also have a significant footprint. Even in an AD-centric environment, the material presence of Unix and Linux in companies of all sizes requires companies to develop explicit strategies for integration of non-Windows systems as well.
Their conclusion - which I, of course, agree with...
Companies that effectively address these issues and streamline management of their identity directories position themselves to reap the operational and security benefits of more effective user provisioning and de-provisioning.
Interesting sidenote - This paper was authored by Derek Brink. I knew Derek when he was at RSA and we were both involved in the PKI Forum. It's great to see him over at Aberdeen. He's a wealth of knowledge.
identity management, Active Directory, Microsoft
Thursday, July 05, 2007
Webcast: Active Directory Management Made Easy with PowerShell
When: Thursday, July 12, 2007 - 10 a.m. PDT/1 p.m. EDT
In this session, we will talk about using Windows PowerShell to manage Active Directory. We'll cover different approaches ranging from ADSI to AD cmdlets, and demo the features that are backwards-compatible with Windows 2000/2003 and the ones unique to Windows Server 2008 (e.g. Server Core and Read Only Domain Controller).
In the first half of the session, we will also highlight how you can customize and extend provisioning with Quest ActiveRoles Server through PowerShell. In the second half of the session, we’ll demo how you can use PowerGUI to build custom administrative consoles for PowerShell enabled systems, such as Active Directory, IIS, Exchange and Operations Manager.
Quest Software, PowerShell, Microsoft
Wednesday, July 04, 2007
|4th of July Fireworks - Lake Union|
Monday, July 02, 2007
The MBS group has gone through a series of VPs over the last while. MBS was initially headed by Doug Burgum.
Burgum announced in September 2005 that he would step down the following November as the head of the MBS group, which had been steadily losing money.
In the summer of 2006 the MBS group was transitioned to the larger Microsoft Business Division that encompasses Microsoft Office, SharePoint Server and Microsoft unified communications products. The move was made to help align Microsoft's business applications group with the rest of the company.
Finally, in September 2006, Satya Nadella was named to the top spot in the MBS division—a job he held for all of six months until he was transferred over to head the newly created Search and Ad Platform group.
Microsoft then named Tami Reller, corporate vice president of MBS at the time, as the interim leader of the business applications division. The plan was that Reller would work with Jeff Raikes, president of the Microsoft Business Division, to find a new leader for the MBS group.
It is rumored, however, that Reller was bucking to maintain the top spot in the MBS group, and that she has been passed over in favor of Tatarinov.
Kirill is a dyed-in-the-wool systems management guy that came from BMC so this is a bit of a surprise. I'm not sure if it means he's being rewarded or being handed a boat anchor - I guess time will tell.
In the meantime, I'm hoping the change at the top of the WEMD group will lead to some windows being opened and some fresh air to be let in and some hot air to be let out...