mirco's.net

Latest Updates: management RSS

• 

  Tick, Tick, Tick, … Boom!

  Mirco 8:05 on Wednesday, 3. December 2008 | View Comments Permalink | Reply
  Tags: administrator (3), blaster, breach, changemanagement (2), clean, cleaning, consultant, coordination, customer (2), infection, management, microsoft (10), operations manager (2), opsmgr (2), patch, patches, scom (4), security (2), server (5), symantec, update, updates (2), virus (2), windows (5), worm (2), wsus (2)

  I still don’t know why I gave into my manager wanting me to postpone my scheduled vacation by a week, so he has some billable hours to report in December.

  So here I was, stumbling into the office after a terrible drive through heavy traffic and a 20km detour because of a roadblock caused by a serious accident. As expected most of my customers administrators where either still not in office or in a meeting. I start the computer and fire up Outlook and the Operations Manager Console, and… Uh-Oh, this can’t be good.

  I was looking at about 1000 critical alerts, all less than 36 hours old and of the same type.

  It turned out that a new Windows worm has appeared over the weekend, infecting computers without a previously released patch and/or old versions of Antivirus Software.

  To say I was surprised of this sort of fallout would be … a huge lie, since I kept telling every responsible stakeholder for months this could be happening anytime at the way they are handling update and patch distribution.

  And it continued to play out just as I had expected it would. Someone found the single patch that would prevent an infection, and everyone with an Administrator account jumped at any server they could get a hold on to install exactly this single patch manually, instead of installing the other 28 – 79 missing patches along the way.

  It also reminded some of them that I had published a process on how to identify and classify servers for automatic update distribution. After all this document was available to everyone for the last few months and presented to management for consideration.

  Two days later most of the monitored servers are responding again, which doesn’t imply they are no longer infected, just patched. But as far as I can tell we are only monitoring about 60% of all servers after all.

  Since there is no active WSUS on the network, all patches had to be downloaded from Microsoft to the servers which took hours. The worm was putting so much additional traffic on the network that the proxy servers collapsed several times. User where constantly complaining about service and accessibility.

  The last company I witnessed this kind of chaos after a virus out brake was during the Blaster era (2001). It took them less than a month after this incident to implement strict policies and processes to prevent this from happening again. And as far as I know it never has since.

  Knowing there are still companies like my current customer out there, that don’t have a clue about processes, security and management only fill me with the assurance that there is still a great potential for future business, if only they would listen to their consultants.

  That’s why the pay us, right?

   

  Reply Click here to cancel reply.

  Name (required)

  Email (required)

  Web Site

   
• 

  Relying on the Unknown

  Mirco 9:41 on Tuesday, 2. September 2008 | View Comments Permalink | Reply
  Tags: activedirectory, assignment, business (2), change, changemanagement (2), chaos, company, Consulting (2), customer (2), delegation, department, dns, domain (2), failure (3), it, management, merge (2), merger, problem

  When merging different companies, one of the most crucial building blocks of future success is a fully merged and centralized IT Management. Why? Because every attempt I witnessed to try something else created chaos. And that’s something you really don’t want within your IT department.

  A small example. One of my customers bought some small companies and integrated them into their Active Directory, leaving every local administrator with a domain administrator account, because that’s what they had before the migration. Sounds fair for the administrators, but a few weeks later some of the mail servers stopped sending email.

  Someone made some small changes to the DNS service, which was Active Directory integrated, so this reduced the potential causes to the Domain Admin group members… all 120 of them. At first this doesn’t look like a huge number, but if you consider that every local administrator and at some sites even local support personnel had domain administrator privileges, it is much to great a risk to be left unchanged.

  Another small example, at another company. While rolling out a new directory structure and migrating every company site into it, all local administrators where reduced from local Domain Administrators to being Domain Users with delegated privileges. Some of them fought fiercely to regain their old “power” and the CIO was forced by some executives to reinstate them.

  The funny thing was one of them sent an email with a question, that most of the central hotline staff could answer, about a problem he had at his site only minutes after the CIO requested to rejoin this particular administrator. The request was cancelled, after we forwarded this email to the CIO.

  The main problem when merging IT departments is, that in most cases you don’t know anything about the people and their skills. Even if, in this case, they have been running the local IT at some sites for years this doesn’t mean they know what they are doing.

  We all know communication is a crucial part of business success and since IT is a crucial part of today’s businesses it’s even more important to know what is going on in your network, on your servers and who is making changes to what.

  That’s why change management was created.

  Sending an email with a problem to a distribution list of 40 administrators doesn’t necessary solve a problem. It will more likely produce another: The problem assignment.

  This approach has two possible paths of solution.

  1. Everyone thinks somebody else is already on it and ignores the email
  2. Two or more Admins will try to solve the same problem at the same time

  In most cases none of these paths will solve the original problem, because every change of one admin will lead to inconclusive result for the other, thus resulting in more changes.

  Taking some time to think, define and plan how your IT environment should work and how this plan can be realised is the first an one of the more difficult steps, but it in the end it will be worth the effort.

   
• 

  The Now! habit in IT

  Mirco 18:58 on Wednesday, 7. May 2008 | View Comments Permalink | Reply
  Tags: 2007 (3), communication server 2007, communicator, failure (3), habit, installation (2), management, microsoft (10), now!, ocs, office (2), planning

  Yesterday, 15:30 at the office of my current customer.

  IM: “Could install the Communication Server today?”

  What?

  OK, we had made the required preparations on the Active Directory, but haven’t done any planing on how or where to place the servers. All I knew for certain at this point was that we had to install the enterprise version of Office Communication Server 2007 due to the amount of users.

  So we ended up with four people installing the server on a virtual machine. After we ran the Schema, Forest and Domain prep tools we started installing the server, the database on a separate machine and started the service.

  Everything seemed OK so far.

  When we tried to test a client we could log on. The Eventlog indicated that the server name couldn’t be resolved by the DNS.

  That’s why I love proper planning.

  I remembered we had to add some SRV records to the DNS. So we looked through the installation manual and added some _sipinternaltls _tcp SRV records to each domain in the forest.

  Next problem: The certificate could not be verified.

  We couldn’t find any problem with the certificate, and tried some different options in the creation wizard. But still couldn’t log on.

  After checking through all the logs on the client and the servers, we came to the conclusion this had to be a database problem, and since it already was 21:00 we called it quits for the day.

  Today:

  According to the error on the database server the service use of the OCS couldn’t perform write operations, but it had all the necessary permissions. After searching he net we found a KB article on the Microsoft website indicating we should install a patch, available through the support hotline (there wasn’t even a download on the premiere support site).

  Well the patch worked fine on the OCS but failed on the SQL server, because it had more than one database instance.

  So we moved the database to another server with a single instance.

  And it finally worked… after 24h.

  All of this trouble because management all of a sudden decided it had to start mass rollout of the Office Communicator next week.

   
• 

  CoreConfigurator for easier Windows Server Core configurations

  Mirco 15:33 on Tuesday, 1. April 2008 | View Comments Permalink | Reply
  Tags: 2008 (2), administration (4), core, management, microsoft (10), server (5), system (2), tools, windows server 2008

  CoreConfigurator is a basic GUI configuration utility for Windows Server Core 2008 configuration and management.

  It will ease some of the common administration tasks on a Core Server installation.

  

  You can download this tool here >> Microsoft Israel Blogs

   
• 

  Let's Face(book) it

  Mirco 8:00 on Monday, 12. November 2007 | View Comments Permalink | Reply
  Tags: administration (4), antisocial, content, control, extremism, facebook (3), management, network (3), racial, social (3), spam

  dubios”…
  Born with no soul
  Lack of control
  Cut from the mold of the anti-social
  Plug them in and turn them on
  Process the data
  …”

  >> Papa Roach – Dead Cell (Infest / 2000)

  I’m not sure if they in reality were talking about Facebook.

  The more and more the site (and the hype) develops the more I get the feeling it’s going terribly wrong. Being member of two networks and several group I noticed two things which really start getting me pissed.

  One is that the corporate use is not used at all. My company has Networks in several social communities and the Facebook network is the least active although biggest by number. This could be caused by the members (yeah, I know: user generated content) and be limited to my company, but I don’t really see a point in using Facebook as a corporate platform, especially with all the tracking and profile related advertising.

  Second. There simply is no control of the content in the other networks.

  Well, you could think if someone spams the discussion boards with cracked computer game CD keys and advertises websites selling these keys, the threads would be removed and the account disabled. At least I did.

  If you report the threads, they are deleted some days after, but the account stays active and just posts some more advertisements.

  On the other hand you have some, lets call them… Bob, flooding the boards with any kind of religious, extremist, racial, antisemite, younameit content and you can do nothing about it other than report it to Facebook and wait for nothing to happen or abandon the group or network.

  Usually I’m not a quitter, but at the current state the Facebook system is in they can keep it!

  Like the song said, take a stupid idea, create a hype, drag the people in and sell off to the highest bidder.