Best Practice Ezine #105 – Vista Brings Opportunities

Best Practice Ezine #105 – Vista Brings Opportunities

This week I encourage you to think about this – ‘What opportunities will Vista bring for me?  I ask this question because the imminent birth of Vista reminds me of when Window 95 was launched and how I got my big break in computing.  I am not, repeat not, recruiting employees myself, nor am in anyway involved with hiring staff.  Even if you are not contemplating a career move, I hope that my advice on Vista migration and security will help you in your present job.  But firstly, I have good news for those wishing to turn off Vista’s nagging UAC.

Topics for Vista Opportunities

UAC (User Account Control) Update – New way to turn it off

Last week I challenged readers to research Vista’s new features and give each a dollar value.  One matter arising was the UAC.  Many of us find it annoying when the UAC box asks us to confirm all administrative changes.  Craig kindly wrote in explaining a new way to disable the irritating UAC in Vista RC1.

Stage 1)  Display Vista’s Administrative Tools.  right-click the Task Bar, Properties, Start Menu, Customize, Advanced, scroll to the bottom and find System Administration Tools, place the radio button next to ‘Display on the All Programs menu’. Turn Off UAC

Stage 2)  From the Administrative Tools, find the Local Security Policy, then the Security Options folder.

Stage 3)  Locate the family of settings beginning with ‘User Account Control’

User Account Control: Behavior of the elevation prompt for administrators…..
Set to: Elevate without prompting

User Account Control: Admin Approval mode for the Built-in Administrator Account.
Set to: Disable. See more on disabling the UAC in Windows Server 2012

What opportunities will Vista bring for you?

My two threads to this week’s article are, what can Vista do for your company?  And what can Vista do for your career?   As Vista is new, ‘old timers’ no longer have the edge.  Anyone who learns Vista suddenly becomes the new expert.  Two areas where computer specialists will always be in demand are security and migration.

Migration Strategies

The problem with migration projects is that you always have to start from scratch.  Your last migration was so long ago that you have probably forgotten how you did it, and even if by some miracle you have the procedure documented, the technology has moved on (even if the principles remain the same).

When a new system like Vista arrives, it has new features to make migration even easier, but nobody tells you that it takes about a week on a test network to perfect and document these improved techniques.  Busy people just employ a migration expert.  Alternatively, that migration expert could be you.

Guy’s strategic advice is avoid upgrades.  Instead always install the new operating system from scratch and absorb the pain of transferring user specific files and settings.  The secret is to beg steal or borrow a test machine or two and practice in the privacy of your computer room.  Resist showing off by starting with a live machine, only to lose the managing director’s files.  Or worse, the managing director’s secretary’s files.

Once you have build the new Vista machine, it’s time to migrate users’ settings from XP to Vista.  For this task, investigate the improved User State Migration Tool (USMT) and new the PC Migration Assistant.

For a big roll-out of Vista, look out for new technologies like WDS (Windows Deployment Service).  WDS is like a son of RIS. The key new feature in WDS is that it supports Windows Imaging format (WIM).  It is also possible to include applications such as office in the Vista image. The concept behind WDS is that you start with a new ‘virgin’ machine with no operating system.  When you boot this machine, its PXE network card finds the DHCP server, from there it contacts the WDS (RIS) server and downloads Vista. The killer advantages over Ghost are that you can control the machines with Group Policy from day one.

Career wise, any half-decent techie can set up as migration consultant and make a nice living.  The good news is that there will always be migrations, by the time the laggards migrate to Vista it will be 2010 and time for the pioneers to migrate to the next system.  Begin by migrating a few small businesses and graduate to larger, more lucrative roll-outs.

Three tips to finish this migration section. 

  1. Migration projects always over-run on both time and budget by 25%.  Therefore, ask for extra time and money at the outset.
  2. Lay down a marker and ask for a good selection of test machines.
  3. Keep a roll-back option for as long as possible into the project.

Guy Recommends: Tools4ever’s UMRAUMRA The User Management Resource Administrator

Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.

It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.

Improved Vista Security

While I like migrations and they suit my personality, I will never be at home with security projects.  It seems I am not alone, half of the IT community fears security, the other half is bored by it.  Consequently, if you want to establish a niche as a security expert there will be numerous opportunities for well paid jobs.  Alternatively, if you just want to get the most from Vista, here is a list of topics that I suggest you investigate.

If you played last week’s game of valuing Vista’s features, then you may have give assigned a relatively large value to ‘Vista’s security’.  This week I want to expand the nebulous heading ‘Vista Security’ and introduce sub-headings, for example:  Service Hardening, NX and NAP.  There is also UAC and BitLocker drive encryption, which I have covered on my website.

From reading Microsoft’s White Paper Microsoft ‘Windows Vista Security Advancements’, it was clear that Microsoft has redesigned Vista from scratch, making security a priority for each component.  The buzzword for this new way of looking at security is SDL (Security Development Lifecycle).  While this is a good idea, backed up with tools like PREfix and PREfast, I guess even Microsoft would agree that SDL is something they should have started a long time ago.  When I looked at Vista in the flesh what surprised me the most was, not that it was different from XP, but that despite the under-the-covers changes, Vista had a similar look and feel to XP. 

As ever my goal is to just to get you started, this is not exhaustive list of Vista security items, that Microsoft White paper ran to 25 pages.  An example of Microsoft’s holistic approach to security is the link between Service Hardening and Firewalls; for example Services can be individually identified and confined to using only the ports they need for their day jobs.

Another example of a unified approach to security is the concept of NX (no eXecute).  Where Vista code only needs to read or store data, NX hardware and software combine to stop Services and other software from executing code in these areas. The effect will be to prevent viruses attacking using buffer overrun tricks. Although NX is possible with 32-bit processors, a 64-bit processor uses NX protection by default.

NAP (Network Access Protection).  The idea behind NAP is to allow only ‘Healthy’ machines access to the network.  In a nutshell, this is a system designed to stop rogue laptops joining your network, because of the risk of them infecting your machines with viruses.  Don’t confuse NAP with NAT (Network Access Translation) or network quarantine.  NAP is a client server technology to identify machines that you want on your network.

A Security View from an Old-Timer

Microsoft’s Security is often compared unfavourably with Unix.  Even if Vista (and Longhorn) reached Unix levels of security, they won’t be perceived to be secure for some time yet.  My friend ‘Barking’ Eddie has an interesting take on parallels between the development of Unix security and Microsoft security.

Eddie believes that 30 years ago Unix had just as many security flaws as early Microsoft projects such as NT, the biggest difference, according to is Eddie, is that Unix hushed up any security bugs, whereas each Microsoft flaw is aired in public.  In fact Eddie tells the sob story about how he is the only Unix programmer who was ever sacked.  In a nutshell, Eddie job was to fix security and other bugs in early Unix systems.  Eddie’s immediate boss could then say, ‘Problem – there is no problem.’  It worked well until Eddie’s boss’s boss asked, What actual does Eddie do?  What are we paying him for?’  Because the cover up worked so well, it seemed that Eddie never did anything, consequently, his boss’s boss sacked him.  I could never separate the truth from Eddie’s bluster, but I do remember his anger at becoming surplus to requirements.  Fortunately, the saga has a happy ending as Eddie formed his own security company and is doing very well. 

Another of Eddie’s hobby-horses is that Microsoft never learnt from Unix’s errors, for example they have been slow to tackle things like stack overflow and buffer under-run, which Unix cured very early on. 

With computer security there is an element of always fighting the last battle. As a gross over simplification, Vista will cure all security ills, but only for about 6 months, then the hackers and ‘bad boys’ will find new handles to attack.  The only consolation is that if you stick with XP then you will be even more vulnerable to their dastardly tricks.

Guy Recommends: The Free IP Address Tracker (IPAT) IP Tracker

Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets.  IPAT cracks this problem of allocating IP addresses in networks in two ways:

For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. 

For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker

Summary of Vista Brings Opportunities

I would like to finish by giving inspiration to those who see Vista as chance for a career change.

When Windows 95 was launched, my then boss gave me an opportunity, he made me part of his team which learned the new product inside out.  This gave me my big break in computing.  The launch of Vista reminds me that there will be lots of opportunities for those stuck in a rut to become expert in Vista and thus obtain a higher paid more rewarding job.  Just to say that I am not recruiting, merely making the observation that now is a classic time to have fun, learn a new product and get a better job.  See more in my Windows Vista Section

Will and Guy Humour

Last week I linked to the wrong page, this week you really will get to Will and Guy’s Religious Jokes


See more interesting Microsoft Vista articles

Vista  • E 148 Vista 64-bit  • Vista Config  •Free Event Log Consolidator

E 108 Vista Gadgets  • E 105 Vista Opportunites  • E 104 Vista Worth?  • E 103 Vista New

E 75 Vista Improvements • Free IP Tracker  •Free Netflow Traffic Analyzer  • Ezines