I personally don't mind Vista if I'm only required to admin my personal box, but there are still too many hotfixes that are difficult to deploy remotely in their crazy.msu format (psexec doesn't seem to like playing with.msu files), and those hotfixes are required to perform some basic remote management functionality that was fixed long ago in XP.
That's why I'm looking forward to Vista as an IT Admin. MS can market "migrate now and we'll give you updates electronically!" as much as they want, but they refuse to give out hotfixes via MS Update (regression testing, oh how I despise thee!), and I hate hate HATE having to figure out clunky solutions to deploy those updates to my unwilling "beta" testers at work just to fix the/renamecomputer parameter in netdom.exe on Vista (among other issues).
Short version. I wait for SP1 because of hotfixes. SP1 network deployment is easy, slipstreaming SP1 into new builds is easy, and SP1 includes all hotfixes so I don't have to ask permission to fix my system.
why bill a customer for your hours of google research when you can just phone MS and open a business-critical case and fix the issue in 1/10th of the time?
Drop activation. At the very least, go back to offering a corporate version which doesn't require activation. Activation makes it hard to manage lots of machines, image them, and I don't need my computer going into "reduced functionality" because of an error".
Any decent multi-function server should be able to add the KMS functionality to it to track and update all the workstation and server licenses with zero upkeep other than setting it up and adding or removing licensing when needed. And a MAK key can be reserved for all laptops, so you have to have a 2nd image for laptops with that key, big deal.
Improve imagine support and booting from external drives. For a model to copy, watch how easy it is for someone to copy their whole OSX install to an external USB drive using Carbon Copy Cloner, and then to immediately reboot and run the copy on the USB drive, or boot that USB drive on *any* Mac without needing to reconfigure anything or install drivers.
Oh please. There are so many imaging options with Vista it could easily get "more" confusing if they added another one (you can use a thumb drive as an answer file during unattended installs if you want, but that's a pretty pointless exercise). Their "microsoft deployment" (formerly BDD 2007) is almost too granular in its ability to create images preloaded with everything you want on a fresh image, plus the update to WDS (formerly RIS) lets you boot straight to an image library so you don't have to look like a first year helpdesk tech plugging in your silly thumb drive to reimage a machine.
And that, my friend, is why any new "collaborative" network authenticated software must pass the "security integrates with LDAP" or "integrated single sign-on available" test before I recommend/buy it. In 6 months, I reduced end user passwords from 6 to 3, and if anybody had bothered to ask me before buying some lame package, it would still be at 3 instead of back up to 4. I want it down to 2 within another year. (LDAP and ACD phone system)
As for synching passwords, that doesn't work so well when one password is on a 42 day reset, one is on a 90 day reset, and one is on a 60 day reset.
Yeah, I use that excuse with end users all the time. The majority of the time it works because users are dumb. The real reason is because I can control their IE settings via group policy and know perfectly well that they are set to a reasonably secure configuration, and can make changes to the IE policy on the fly without trekking around 100 desktops to manually confirm a setting change.
That being said, it's a rule (not a RULE) that you are only supposed to use IE at work. I don't enforce it, don't make users uninstall it if they argue the first time (just tell them I don't support their firefox errors if it doesn't also appear in IE), don't remotely uninstall it for them, don't get flak from my boss about it, and actually use it myself (along with Opera) when I need to troubleshoot browser issues.
If you want to save bandwidth on your corporate network, you better believe that I'm blocking social networking sites and streaming media sites. Digg and Slashdot would get a pass only because they have business value to the IT department attempting to stay up to date on their job (and use minimal bandwidth). I have yet to encounter anybody who has a legitimate business reason to use Myspace or Youtube while at work.
There's a whole internet out information out there. Go waste time on a static page and expand your horizons. You can get your crack from home.
And yes, I also block content filter bypass sites, proxy bypass sites, and the majority of remote access sites and programs (VNC, RDP, and LogMeIn are the only 3 I created exceptions for).
These comments make me realize just how much I deserve a raise.
Probably a good 3 policies from IT management, HR, and Executives combined. I implement the rest of them as I see fit and as time permits since I do all the desktop support, helpdesk, phones, systems admin, and network admin. Its not that hard to turn on a nice webmail scanner at the perimeter, start new users off as PC admins and slowly restrict access as they do stupid things, implement layered spam controls, filter HTTP content a variety of ways, use centrally admin'd AV and prevent users from changing the pre-defined settings on their desktop.
Heck, this is just from browsing at +5... I'd hate to read what the unmodded comments say.
That's a pretty inept thought to have. Why would a blockbuster game release only to a minor installed base and ignore a huge installed base? It would be like releasing bioshock to linux and not XP.
Games for WINDOWS, not games for VISTA.
Reading comprehension deteriorates as people refuse to RTFA, and we end up with people thinking that MS is conspiring to get them on their new OS with a label on a game. Do your part to stop stupid thoughts and increase critical thinking ability. Always RTFA.
Well, I have been in charge of IT (for a small company, granted) and I have to say, your post reflects a fundamental, dangerous, and regrettably common misunderstanding of what corporate IT is for. The purpose of IT is not IT; the purpose of IT is to enable users to get things done. And if users can get things done better on Macs, then by God, it's IT's job to support those Macs. And "support" does not mean willful ignorance -- the latter, unfortunately, being what a lot of shake'n'bake IT techs show any time the word "Apple" is mentioned in their presence. The purpose of IT is to support as many end users as possible with whatever tools provide that type of solution. So a good junior tech can support 50 users and gets paid accordingly for setting up PCs interactively, manually prepping network user accounts, manually installing software as-needed.
A mid-level tech knows everything can be controlled centrally and uses/finds tools that allow him to minimize the amount of time he has to spend with individual systems. He also starts to care about things like "workstation leasing programs" and having everything under warranty and an address book full of all his support contract phone numbers. He can support about 200 employees on his own after he has determined which tools to use for which situations and has spent about 6 months busting his butt to get the infrastructure to support his ability to run this type of support. He gets paid well for his technical knowledge and ability to stay ahead of the curve.
A senior tech cares about how effective his help desk software is, knows exactly which tools to use for which job by experience, has libraries of old scripts and tools on his DVD software toolkit, refuses to ever touch any workstation interactively for a support issue (other than his own), and never rolls out any update packages without having them go through exhaustive testing and then only on a phase by phase basis. Tracks EVERYTHING he does, and will not do something if it isn't covered under some type of authorization, documentation, and/or request log. Tries to do 90% or more of his work proactively to minimize the number of submitted help desk tickets. Can support up to 500 employees at multiple sites single-handedly, and gets paid extremely well for everything that goes into running such a tight shop.
That's how you work up the ladder in IT (desktop/LAN support side). So when you have spent 10+ years learning everything there is to know about how to maximize the number of people you can support simultaneously and someone comes to you and wants to install a Mac on the corporate network, you should just say the same thing I say:
"My job security and income level are derived from the overall market, and not this company. If you think I will trade this expertise (and income level) to support a Mac because you think it will help you do your job, you are bat and/or ape s**t crazy. Either fire me so I can go get another job for a real employer who won't make idiotic business decisions (and enjoy paying the 3 replacements you'll need to maintain my work load), or have HR put a flyer up in the local university's Mac lab for a part-time position paying $12/hr and get the college punk to deal with the Mac issues. Thanks."
hvac is a bad comparison. We don't have an existing infrastructure of pipes to deliver hot/cold air from a "plant" to a building. We DO have an existing infrastructure of wiring to deliver power. Its just a matter of changing the method of power generation from fossil fuels to solar, and then delivering them just like normal.
Locating solar PV systems at businesses and homes is only for "enthusiasts" and bleeding-edge proponents. Considering the infrastructure of powerlines in the US, it makes far more sense to just convince the electric companies that they can invest in solar over the next 20 years and turn a hefty profit in the process.
Expert solar technicians can centrally manage and maintain central solar power plants on a much grander scale than screwing around going business to business to fix a broken system, or needing to remote control ~2000 small sites instead of just controlling 10 major sites.
Obviously, securing 10 sites is easier than securing thousands, so when the power generated scales into the realm where remotes are condemned, you only have to hire a fraction of the techs that you would need for a decentralized platform. Plus they only have to worry about the generation to storage. Everything after that should run through the existing grid, requiring your basic electrician to fix, and wow... we've already got plenty of electricians who work for power companies.
Linux version available. I like it because it integrates with LDAP (not avail with free version), uses existing email system for notifications, and lets me use an external DB. I think the free version requires you to use either firebird or derby embedded DB, but if you're small it shouldn't really matter.
John Gruber doesn't know what he's talking about. The fact is - assuming we're throwing lotus out the window and speaking specifically about exchange - If you turn on IMAP for iphones, and the users throw away their treos and blackberries, then you'll get blindsided with "my phone isn't syncing right!" which your follow-up investigation will reveal it is syncing just fine, only their iCal isn't being updated with their Outlook calendar.
Oh goodie, I.T. can't wait to implement a CalDAV server just to support a single mobile phone that isn't even a company standard. And then try to figure out how to make it work with Exchange, which even though slashdotters don't like it, corporate users LOVE their proprietary calendaring system that Exchange provides. Pardon me while I giggle maniacally thinking about how you're going to win a fight against I.T. on that one as soon as I.T. starts busting out ROI charts of recent projects compared to this one. Users lose again, as usual. Hell, I could just say "we already spent $$$ on a calender system embedded with Exchange" and that would be the end of the discussion.
And we won't even get into the executives who THINK they want an iPhone for corporate purposes but don't realize how much they depend on direct push technology. They think that EVERY phone will automatically sync every time a new email pops into their mailbox, and that it should only cost them a minimum amount of data. They will end up either setting their iphone to sync every 2 minutes and spending a fortune on data, or set it to sync every 30 minutes and then complain about missing an important email.
Now, assuming all they want is "ability to view/send corporate email," and it doesn't have to be right in their face every time they get a new message, then they can use OWA on safari without I.T. having to setup jack and have their corporate email and calendaring system all right there. If that won't work for them and they need something that supports exchange, they should dig their win mobile devices and blackberries out of the trash because that's what those devices are made to do.
Viewed as too expensive/unnecessary by executives, adds no features, most smaller businesses can resolve their issues without installing monitoring software by overworking their admins instead.
If its a pop system, set accounts to leave messages on server for 4 days or however long they want mail displayed on their iphone and configure the same account on the native iphone mail client.
If its an exchange system, use OWA in safari.
And as someone who has never owned an apple product before in my life, not even an apple iie, I am DEFINITELY going to be getting an iphone asap. pda/phone/camera/ipod in one device with wifi and bluetooth. The stupid little earbud is never going to leave my ear.
The thing about administering and engineering networks and systems is that they always change and always require someone with experience if they have any bit of complexity at all. There is no cert that makes you a sysadmin or network engineer.
The reason you want to get a degree is because it maximizes the number of options you have in the future. Maybe in 10 years you get tired of blowing your weekends coming in to the corporate server room to mount server racks and dress-back cat5 cable. Maybe you want to be the guy saying "hey do this for me while I'm at the golf course this weekend". Unless you're extremely ambitious, you can't just make that hop without the degree.
Now some people will try to make this a bigger deal than it really is, because quite frankly experience trumps everything. Its very plausible that you can go get that degree after you've been in the work-force for 10 years, and then future employers aren't gonna give a squat that you JUST got your degree as long as you've got it and the experience.
The hard part is that in 10 years you might be married with kids and be stuck with responsibilities that make it much harder to get the most out of college (though it can be argued that the only thing worth getting out of college is the diploma itself). Really, if you can afford to go, you might as well do it earlier as opposed to later. Unless you have some crazy ADHD or are just too immature to pass your classes, the sooner the better.
3MB exe is better for them than 2GB beta, and they would surely just use the 100kb torrent if they didn't have some sort of tracking/security/legal issue that they think requires them using their own client. Alternatively, wait until somebody finishes the beta d/l, then creates a new torrent and seeds it on suprnova... bam, instant access to a raw torrent.
YOU only THINK that windows update is good and paranoid neurotics are bad because you turned on windows update and allowed MS to indoctrinate you with lengthy dissertations on the evils of paranoid neurotics and the benefits of windows update. this feature flashes the information on the page once every 30 frames, and was ironically installed by the windows automatic update feature.
Slashdot Mirror
I personally don't mind Vista if I'm only required to admin my personal box, but there are still too many hotfixes that are difficult to deploy remotely in their crazy .msu format (psexec doesn't seem to like playing with .msu files), and those hotfixes are required to perform some basic remote management functionality that was fixed long ago in XP.
/renamecomputer parameter in netdom.exe on Vista (among other issues).
That's why I'm looking forward to Vista as an IT Admin. MS can market "migrate now and we'll give you updates electronically!" as much as they want, but they refuse to give out hotfixes via MS Update (regression testing, oh how I despise thee!), and I hate hate HATE having to figure out clunky solutions to deploy those updates to my unwilling "beta" testers at work just to fix the
Short version. I wait for SP1 because of hotfixes. SP1 network deployment is easy, slipstreaming SP1 into new builds is easy, and SP1 includes all hotfixes so I don't have to ask permission to fix my system.
what he said.
why bill a customer for your hours of google research when you can just phone MS and open a business-critical case and fix the issue in 1/10th of the time?
Why do all game reviews seem like they were churned out of some politically correct primeval ooze?
I know I'm probably just tooting my own horn, but I really like my own COD4 review a lot better than this one.
http://sysadminstuff.spaces.live.com/blog/cns!61994A013C42F480!117.entry
Drop activation. At the very least, go back to offering a corporate version which doesn't require activation. Activation makes it hard to manage lots of machines, image them, and I don't need my computer going into "reduced functionality" because of an error".
/. indoctrination.
Any decent multi-function server should be able to add the KMS functionality to it to track and update all the workstation and server licenses with zero upkeep other than setting it up and adding or removing licensing when needed. And a MAK key can be reserved for all laptops, so you have to have a 2nd image for laptops with that key, big deal.
http://technet.microsoft.com/en-us/windowsvista/bb335280.aspx
Improve imagine support and booting from external drives. For a model to copy, watch how easy it is for someone to copy their whole OSX install to an external USB drive using Carbon Copy Cloner, and then to immediately reboot and run the copy on the USB drive, or boot that USB drive on *any* Mac without needing to reconfigure anything or install drivers.
Oh please. There are so many imaging options with Vista it could easily get "more" confusing if they added another one (you can use a thumb drive as an answer file during unattended installs if you want, but that's a pretty pointless exercise). Their "microsoft deployment" (formerly BDD 2007) is almost too granular in its ability to create images preloaded with everything you want on a fresh image, plus the update to WDS (formerly RIS) lets you boot straight to an image library so you don't have to look like a first year helpdesk tech plugging in your silly thumb drive to reimage a machine.
http://blogs.technet.com/msdeployment/
Add it to your RSS feeds so you can get some MS dogma to complement your
And that, my friend, is why any new "collaborative" network authenticated software must pass the "security integrates with LDAP" or "integrated single sign-on available" test before I recommend/buy it. In 6 months, I reduced end user passwords from 6 to 3, and if anybody had bothered to ask me before buying some lame package, it would still be at 3 instead of back up to 4. I want it down to 2 within another year. (LDAP and ACD phone system)
As for synching passwords, that doesn't work so well when one password is on a 42 day reset, one is on a 90 day reset, and one is on a 60 day reset.
Yeah, I use that excuse with end users all the time. The majority of the time it works because users are dumb. The real reason is because I can control their IE settings via group policy and know perfectly well that they are set to a reasonably secure configuration, and can make changes to the IE policy on the fly without trekking around 100 desktops to manually confirm a setting change.
That being said, it's a rule (not a RULE) that you are only supposed to use IE at work. I don't enforce it, don't make users uninstall it if they argue the first time (just tell them I don't support their firefox errors if it doesn't also appear in IE), don't remotely uninstall it for them, don't get flak from my boss about it, and actually use it myself (along with Opera) when I need to troubleshoot browser issues.
If you want to save bandwidth on your corporate network, you better believe that I'm blocking social networking sites and streaming media sites. Digg and Slashdot would get a pass only because they have business value to the IT department attempting to stay up to date on their job (and use minimal bandwidth). I have yet to encounter anybody who has a legitimate business reason to use Myspace or Youtube while at work.
There's a whole internet out information out there. Go waste time on a static page and expand your horizons. You can get your crack from home.
And yes, I also block content filter bypass sites, proxy bypass sites, and the majority of remote access sites and programs (VNC, RDP, and LogMeIn are the only 3 I created exceptions for).
These comments make me realize just how much I deserve a raise.
Probably a good 3 policies from IT management, HR, and Executives combined. I implement the rest of them as I see fit and as time permits since I do all the desktop support, helpdesk, phones, systems admin, and network admin. Its not that hard to turn on a nice webmail scanner at the perimeter, start new users off as PC admins and slowly restrict access as they do stupid things, implement layered spam controls, filter HTTP content a variety of ways, use centrally admin'd AV and prevent users from changing the pre-defined settings on their desktop.
Heck, this is just from browsing at +5... I'd hate to read what the unmodded comments say.
That's a pretty inept thought to have. Why would a blockbuster game release only to a minor installed base and ignore a huge installed base? It would be like releasing bioshock to linux and not XP.
Games for WINDOWS, not games for VISTA.
Reading comprehension deteriorates as people refuse to RTFA, and we end up with people thinking that MS is conspiring to get them on their new OS with a label on a game. Do your part to stop stupid thoughts and increase critical thinking ability. Always RTFA.
http://blogs.technet.com/mu/archive/2007/09/28/issues-installing-updates-after-repairing-xp.aspx
its cool. you can take the tinfoil hats off again... just don't let them out of your sight, you might need them again shortly.
A mid-level tech knows everything can be controlled centrally and uses/finds tools that allow him to minimize the amount of time he has to spend with individual systems. He also starts to care about things like "workstation leasing programs" and having everything under warranty and an address book full of all his support contract phone numbers. He can support about 200 employees on his own after he has determined which tools to use for which situations and has spent about 6 months busting his butt to get the infrastructure to support his ability to run this type of support. He gets paid well for his technical knowledge and ability to stay ahead of the curve.
A senior tech cares about how effective his help desk software is, knows exactly which tools to use for which job by experience, has libraries of old scripts and tools on his DVD software toolkit, refuses to ever touch any workstation interactively for a support issue (other than his own), and never rolls out any update packages without having them go through exhaustive testing and then only on a phase by phase basis. Tracks EVERYTHING he does, and will not do something if it isn't covered under some type of authorization, documentation, and/or request log. Tries to do 90% or more of his work proactively to minimize the number of submitted help desk tickets. Can support up to 500 employees at multiple sites single-handedly, and gets paid extremely well for everything that goes into running such a tight shop.
That's how you work up the ladder in IT (desktop/LAN support side). So when you have spent 10+ years learning everything there is to know about how to maximize the number of people you can support simultaneously and someone comes to you and wants to install a Mac on the corporate network, you should just say the same thing I say:
"My job security and income level are derived from the overall market, and not this company. If you think I will trade this expertise (and income level) to support a Mac because you think it will help you do your job, you are bat and/or ape s**t crazy. Either fire me so I can go get another job for a real employer who won't make idiotic business decisions (and enjoy paying the 3 replacements you'll need to maintain my work load), or have HR put a flyer up in the local university's Mac lab for a part-time position paying $12/hr and get the college punk to deal with the Mac issues. Thanks."
hvac is a bad comparison. We don't have an existing infrastructure of pipes to deliver hot/cold air from a "plant" to a building. We DO have an existing infrastructure of wiring to deliver power. Its just a matter of changing the method of power generation from fossil fuels to solar, and then delivering them just like normal.
Locating solar PV systems at businesses and homes is only for "enthusiasts" and bleeding-edge proponents. Considering the infrastructure of powerlines in the US, it makes far more sense to just convince the electric companies that they can invest in solar over the next 20 years and turn a hefty profit in the process.
Expert solar technicians can centrally manage and maintain central solar power plants on a much grander scale than screwing around going business to business to fix a broken system, or needing to remote control ~2000 small sites instead of just controlling 10 major sites.
Obviously, securing 10 sites is easier than securing thousands, so when the power generated scales into the realm where remotes are condemned, you only have to hire a fraction of the techs that you would need for a decentralized platform. Plus they only have to worry about the generation to storage. Everything after that should run through the existing grid, requiring your basic electrician to fix, and wow... we've already got plenty of electricians who work for power companies.
I thought hobby philosophers were the only kind left. I haven't seen a professional philosopher in about 1000 years.
Java based web app, http://www.ilient.com/freeware.htm
Linux version available. I like it because it integrates with LDAP (not avail with free version), uses existing email system for notifications, and lets me use an external DB. I think the free version requires you to use either firebird or derby embedded DB, but if you're small it shouldn't really matter.
John Gruber doesn't know what he's talking about. The fact is - assuming we're throwing lotus out the window and speaking specifically about exchange - If you turn on IMAP for iphones, and the users throw away their treos and blackberries, then you'll get blindsided with "my phone isn't syncing right!" which your follow-up investigation will reveal it is syncing just fine, only their iCal isn't being updated with their Outlook calendar.
Oh goodie, I.T. can't wait to implement a CalDAV server just to support a single mobile phone that isn't even a company standard. And then try to figure out how to make it work with Exchange, which even though slashdotters don't like it, corporate users LOVE their proprietary calendaring system that Exchange provides. Pardon me while I giggle maniacally thinking about how you're going to win a fight against I.T. on that one as soon as I.T. starts busting out ROI charts of recent projects compared to this one. Users lose again, as usual. Hell, I could just say "we already spent $$$ on a calender system embedded with Exchange" and that would be the end of the discussion.
And we won't even get into the executives who THINK they want an iPhone for corporate purposes but don't realize how much they depend on direct push technology. They think that EVERY phone will automatically sync every time a new email pops into their mailbox, and that it should only cost them a minimum amount of data. They will end up either setting their iphone to sync every 2 minutes and spending a fortune on data, or set it to sync every 30 minutes and then complain about missing an important email.
Now, assuming all they want is "ability to view/send corporate email," and it doesn't have to be right in their face every time they get a new message, then they can use OWA on safari without I.T. having to setup jack and have their corporate email and calendaring system all right there. If that won't work for them and they need something that supports exchange, they should dig their win mobile devices and blackberries out of the trash because that's what those devices are made to do.
Viewed as too expensive/unnecessary by executives, adds no features, most smaller businesses can resolve their issues without installing monitoring software by overworking their admins instead.
pc network admin is dying, says guy who works on as400 systems.
It doesn't need to support outlook.
If its a pop system, set accounts to leave messages on server for 4 days or however long they want mail displayed on their iphone and configure the same account on the native iphone mail client.
If its an exchange system, use OWA in safari.
And as someone who has never owned an apple product before in my life, not even an apple iie, I am DEFINITELY going to be getting an iphone asap. pda/phone/camera/ipod in one device with wifi and bluetooth. The stupid little earbud is never going to leave my ear.
BES still won't work with a native Exchange 2007 environment, but hey... they have more important things to do, like make lego robots!
$70/month, up to 50 hosts, root access.
details here.
One correction, he'd be chasing around APNIC in ozzie-ozzie land, not ARIN. :P
The thing about administering and engineering networks and systems is that they always change and always require someone with experience if they have any bit of complexity at all. There is no cert that makes you a sysadmin or network engineer.
The reason you want to get a degree is because it maximizes the number of options you have in the future. Maybe in 10 years you get tired of blowing your weekends coming in to the corporate server room to mount server racks and dress-back cat5 cable. Maybe you want to be the guy saying "hey do this for me while I'm at the golf course this weekend". Unless you're extremely ambitious, you can't just make that hop without the degree.
Now some people will try to make this a bigger deal than it really is, because quite frankly experience trumps everything. Its very plausible that you can go get that degree after you've been in the work-force for 10 years, and then future employers aren't gonna give a squat that you JUST got your degree as long as you've got it and the experience.
The hard part is that in 10 years you might be married with kids and be stuck with responsibilities that make it much harder to get the most out of college (though it can be argued that the only thing worth getting out of college is the diploma itself). Really, if you can afford to go, you might as well do it earlier as opposed to later. Unless you have some crazy ADHD or are just too immature to pass your classes, the sooner the better.
imo
3MB exe is better for them than 2GB beta, and they would surely just use the 100kb torrent if they didn't have some sort of tracking/security/legal issue that they think requires them using their own client. Alternatively, wait until somebody finishes the beta d/l, then creates a new torrent and seeds it on suprnova... bam, instant access to a raw torrent.
YOU only THINK that windows update is good and paranoid neurotics are bad because you turned on windows update and allowed MS to indoctrinate you with lengthy dissertations on the evils of paranoid neurotics and the benefits of windows update. this feature flashes the information on the page once every 30 frames, and was ironically installed by the windows automatic update feature.