Vol. 17, #18 - April 30, 2012 - Issue #877

Logon Legalese

  1. Editor's Corner
    • From the Mailbag 
    • Logon Legalese
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Conferences, Expos and Other Events
    • Upcoming Microsoft Webcasts
    • Upcoming O'Reilly Webcasts
    • VMware Webcasts
    • Cisco Events
    • Oracle Events
  4. Tech Briefing
    • Group Policy Preferences: Top 5 Item-Level Targeting Options
    • Provisioning your Private Cloud in VMM 2012?Getting Started 101
    • Why write a script when a few commands will do? 
    • 5 Tips on using Bcc in Outlook Email
    • Get the most out of Windows Speech Recognition 
  5. Windows Server News
    • Four tips to avoid cloud bottlenecks and latency
    • Using VDI as a software test environment
    • How to recognize and prevent a hypervisor attack to protect data
  6. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • Powerful, Affordable, Easy-to-Use Virtualization Management Software - SolarWinds Virtualization Manager   

 

Powerful, Affordable, Easy-to-Use Virtualization Management Software

SolarWinds Award Winning Virtualization Manager delivers VMwareŽ capacity planning, VM sprawl control, performance monitoring, configuration management, and chargeback automation, and makes it easy to take control of your virtualized environment. Download a free and fully-functional 30-day trial and, in less than 1 hour pinpoint under or over provisioned VMs and performance bottlenecks. Learn which app servers will fit in your current environment, when you?ll need more resources and which departments are using which resources.

Download a free trial of SolarWinds Virtualization Manager

 

Editor's Corner

Save this newsletter so you can refer back to itand find helpful tips, tools and other resources that can help you when you face some planning decision, management task or troubleshooting headache!

From the Mailbag

Time to catch up on all the mail we've received lately from you, our readers down there in the trenches. We'll start with the feedback we received from the April 10, 2012 issue Certified or Certifiable, which generated some strong opinions. Mark, an MIS Manager for an International Company in the Regional Theme park business, shared the following thoughts:

I do not look for Certs when hiring someone. I am more interested in, what have you done with computers, do you just check your e-mail and play Mafia Wars on Facebook, or are you the 'go to' guy for your group of friends, when it comes to setting up a 25 person LAN Party at your friend's house. I hired the latter, because getting everyone connected and ports opened on the router shows a good understanding of basic network trouble shooting and knowledge of how it all connects is more valuable the a paper tiger with a bunch of letters after his / her name.

Our environment is a bit unique 150 Admin PC's and 180 Windows Based Point of Sale Systems, Digital Audio System, distributed over IP about a dozen VLANS on aprox75 Cisco Switches. IP Printing, 15 Servers (some VM's mostly hardware based). Frankly it would be a waste of time hiring someone with a MS Cert or other Cert. They would be bored doing Glorified Help Desk Work. I have had several seasonal team members that were in college for Info Sys., who went on to 50k per year jobs with Gov. Contractors in DC. after making 10 bucks an hour here.

I got on the NT 4.0 Cert Track in 1999 and realized it was a waste, when M$ announced they were expiring all those certs when Win 2000 came out. Knowledge does not go away when the new OS comes out, I always thought MS should have adopted the Novell attitude, sure your Netware 3.1 Cert has not expired but in 2000 how many shops were still running that OS. Yes it left a bad taste in my mouth..... And I said never again.

Jeff, a Security Admin based in Maryland, USA, talked about the "myth of the industry" as follows:

I think there is more than a little arrogance among the experienced. Let's say you have 20 years' experience with Microsoft Windows server. That won't help you learn 2400 new Power shell commands will it? Someone who got certified, learned the commands and executed automation on these commands in a repeatable process is probably a lot more valuable than someone who has to revise legacy scripts for the next VB release.

I am definitely in the camp that certifications matter and that those that discount them don't want to read and test poorly. New versions have hundreds of new commands. Pick up a book on Cisco IOS and all the commands. How many does a certified technician know well alone someone just hacking at it with experience? The classes broaden your knowledge as to what is in the product. It is not everything you need to know, but it gives you a better knowledge base to work from. It is another myth of the industry. Paying someone for what they deserve is another story. There is a lot of ungrateful management out there.

Another reader named Jeff said it seemed like we were shilling for certification companies:

I have found that most certifications are a waste. Memorizing answers to test questions does NOT make you an expert. The tests also don't follow the flow of what's in the field when you're working on something. I've even found those with degrees are failures in the field. I've found that most people, probably 75%, that are "certified" are not any more competent than those that have worked in the field for years and are self-taught. You're [sic] little commentary, to me, seemed like an advertisement for one of the certification companies.

Full disclosure: I have no shares or interest in any certification companies, and I haven't pursued any certifications myself since NT 4.0 because I haven't had a business need for doing so (plus exams stress me out).  A reader named Wayne also made the connection between workplace requirements and certifications:

This is one area that I tend to get a bit cautious on. Yes, certification can be a wonderful thing ? but it can't be the end all, be all. In my 25 years of IT work, I've seen, interviewed, and worked with 'certified' individuals. Quite the number of them have been paper or boot camp folks. They can read a book, or they attend a two week camp where the focus is to get them certified. They haven't the experience to go with that certification. If you place a strong emphasis on certifications, be prepared for those that test really well ? but can't work with the technology. I've always said that I'd take a strong customer service-based person, over a technology-oriented person. Most often, I can train someone to be a good technician, but I can't train for customer service. I've tried!

Disclosure: I've taken all the MS courses, plus others. Where I work hasn't placed a strong emphasis on certifications so I've not taken the tests to get certified.

An IT manager named Scott points out what he sees as flaws in certifications and suggests an alternative for organizations looking to hire qualified individuals:

I've never been a fan of certifications. Due to these reasons:

  1. High fraud in the certification process
  2. Poor testing methods used by all certifications (MS certs are a joke!)
  3. Lack of real world experience of most people I've interviewed with certifications

In my career as an IT manager I've found that simple pre-employment testing and experience records has shown to be much more effective than a simple piece of over-priced paper with a statement of knowledge.

Tracy, who is Cisco Select Certified with 25 years of experience, indicated that certifications can have value when you're starting out building your career:

While working in the corporate world, certifications were certainly a "must" to get my resume' noticed. Now that I am a self-employed computer consultant, my certifications, all over 10 years old, have gathered dust. I find that my clients are not wowed by certifications, they just want their problems solved efficiently and effectively. I have worked with many certified IT folks over the years and I have learned that the most valuable IT skills, common sense and integrity, lack certifications of their own. I was reminded of this last year when I picked up a new client whose multi-site, state-of-the-art network was grossly neglected and poorly implemented by a Microsoft and Cisco certified "professional" whose resume' would put mine to shame. Certifications alone do not make an IT person a professional. A person with little or no IT experience can obtain one with good study and test-taking skills. Ironically, I feel that my college degree is far more significant than any of my certifications. It shows commitment. It's a bachelor's degree in none other than Computer Science. They still offer those y'know. And they don't expire.

Pete Warchol of Siemens Healthcare who indicates he has 96 certifications (!) pointed us to an article he wrote a couple of years ago that contrasts professional certification with getting a college education:

Great article and I wrote a certification article some time ago, that you may find of interest. CMG MeasureIT October 2010: The Value of Professional Certifications. - Contrasting Professional Certification With a College Education:
http://www.wservernews.com/go/1335429504343

A reader named David points out the limitations of certifications from a single vendor:

I have to comment about the certification article written by Jason Miller. Whilst many people who gain IT certifications really do gain from the process of getting to the standard required for certification there are also a number of people who learn sufficient to pass the certification examination but who may never have sufficient experience to be able to use the information in practice. There is also the potential that one vendor will specify a solution which works with their particular set of parameters but will not work, or are not appropriate, with another vendors solution. I had experience of this some years ago when the solution defined by a well-known organization was supposedly the 'only' way to solve a particular network question when in practice there were other ways.

Experience is what individuals get when they employ the knowledge they have gained, however they have gained it. Certificates don't, of themselves, prove any experience.

Finally, another reader who didn't include his name shares a story that reminds me you always need to "look out for number one" when you're working for others:

While I appreciate the guest editors insights in relation to Industry Certified versus non-Certified personnel. The unfortunate reality is (as the guest Editor points out) that it all depends upon where you are in the IT world. Some organizations understand and value them. Others could care less. I came up when IT Industry Certification was just starting. I would go to job interviews and tell the interviewer that I was Comp/TIA A+ Certified and they would have no idea what I was talking about. Of course these were usually HR people with no background or understanding of IT. But then I would get past them to the actual IT Manager I would be working for and half the time they didn't understand what the industry Certifications were or what value they had.

Fortunately we are past this for the most part. It is now virtually impossible to get a job in IT without at minimum being A+ Certified. Even L1 Helpdesk jobs are requiring that people be A+ Certified. But there are still a lot of issues with IT Managers that don't value the experience of their personnel and the Industry Certifications that they hold. I'll use myself as an example. I completed VMware VCP 4.0 Certification in March of 2011. Not that I had to. I was thrown into supporting a Legacy VMware 3.5 environment that was initially set up as the pilot project for the company. I was required to support everything (Servers, Disk Arrays, Virtual Desktops) and this was nowhere to be found in the job description I applied to) even though I was only supposed to be there for Deskside Support.

In June of 2011 the business unit I was working at was sold and I was let go. Mind you this was while both the companies that were doing the selling and the buying had open job requests for Virtualization Engineers. But because both companies IT Managers just considered me a Deskside Support person instead of what my real job was a Server/Virtualization Engineer they would not consider me for those open opportunities. Which is their loss. I now work at a competing company as a Virtualization Engineer.

We've also received some feedback concerning the April 16, 2012 issue Backup Blues Redux but we'll save that for next time. Finally, sometimes we get so much great feedback from readers that we're sad we can't include all of it in our Mailbag column. So to address this issue, I've started a new series of articles on WindowsNetworking.com called Trench Tales that shares some of this additional feedback and tries to draw some practical lessons from it. The first article in this series follows up on the January 9, 2012 issue Hardware Hell and can be found here:
http://www.wservernews.com/go/1335429652136

Logon Legalese

High security environments like some government offices and the military have often mandated in the past that users be presented with some sort of legal banner when they log on to their computers. For example, they might want the user to see a warning message like "This computer is for authorized use only--we're watching you." when they log on.

But before we examine the ways and pros/cons of doing this, what kind of sign should you have on your front door to prevent VELOCIRAPTORS FROM ENTERING YOUR HOUSE?
http://www.wservernews.com/go/1335429698041

Using Group Policy

One commonly used way of doing this is by configuring the "Interactive logon: Do not require CTRL+ALT+DEL" Group Policy setting. When this policy is configured, users who press CTRL+ALT+DEL to log on to their computers are presented with a dialog box that can be customized with legal information, a disclaimer, a EULA, or any other text the organization requires. This policy setting is described in detail here:
http://www.wservernews.com/go/1335429720590

Pre-logon banners

But what if the organization's security policy mandates that the user be presented with a banner or disclaimer before they press CTRL+ALT+DEL? In Windows XP, you could use the .NET Framework to create a custom GINA (Graphical Identification And Authentication library) to display a custom logon screen for the user. This thread from the Windows Desktop Development Forums links to some MSDN Magazine articles that explain how to do this:
http://www.wservernews.com/go/1335429756853

Unfortunately such customized GINA modules don't work after you upgrade your Windows XP computer to Windows Vista or Windows 7 because the GINA functionality in earlier versions of Windows has been replaced by the new Credential Security Service Provider (CredSSP) model in Windows Vista and later:
http://www.wservernews.com/go/1335429768070

As a result of this change, the best way of displaying pre-logon banners in Windows 7 is to customize the default background Windows displays before the user presses CTRL+ALT+DEL. The following thread in the Windows 7 IT Pro Forums explains how to do this:
http://www.wservernews.com/go/1335429779887

You can also do this prior to deployment by customizing the Oobe.xml configuration file as described here:
http://www.wservernews.com/go/1335429791732

However, there are a couple of issues with this approach:

Pros and cons of logon banners

Let's step back for a moment though and ask whether mandating logon banners (before or after pressing CTRL+ALT+DEL) really makes sense or not. For example, if you actually talk with people who work in such high security environments, you'll probably find that nobody reads logon banners anyways. Furthermore, it's hard to think of valid reasons why pre-logon banners could even be necessary. One scenario I've heard about is in military environments where computers having different security classification levels need to present users with distinctive identification markings so the user can know prior to even touching them whether they are authorized to use them or not. Finally, displaying a warning banner either before or after pressing CTRL+ALT+DEL is unlikely to deter malicious users from trying to access sensitive systems.

So if it's ignored by the good guys and doesn't scare away the bad guys, what's really the point of a non-military organization mandating logon banners on computers? Like many security policies conceived by upper management, the reasoning behind them is often that "it seemed like a good idea" to institute and enforce such a policy even though the result may be at best a headache for IT to support and at worst represent some custom code running as LocalSystem, written either in-house or by a software vendor, that may increase the risk of elevation of privilege attacks against the systems. Of course, this hasn't stopped vendors from developing their own solutions for this problem--see the Admin Tools section of this issue for some examples.

What's your take on this matter? Do computers in your organization display logon banners either before or after pressing CTRL+ALT+DEL? Are such banners really needed? And have you used any other methods for displaying them other than the ways described above? Let us know at [email protected]

Tip of the Week

By default Windows will search the Windows Update website for device drivers if it can't find the drivers it needs within the local driver store. This behavior can be disabled using Group Policy by configuring the following policy setting:

Computer Configuration\Administrative Templates\System\Device Installation\Specify search order for device driver source locations

Simply enable the above policy setting and the select Do Not Search Windows Update in the Select Search Order control.

But what if you want to prevent Windows from searching online for device drivers during the process of deploying Windows to a destination computer? In that case, you can add a task sequence step that runs the Apply_LGPO_Delta utility created by Aaron Margosis, which can be used to automate custom changes to the local policy of the Windows installation being deployed to the destination computer. You can find Aaron's utility here:
http://www.wservernews.com/go/1335430036843

Recommended for Learning

Some entry-level certification guides for those seeking the Network+ certification:

All In One CompTIA Network+ Exam Guide, Fifth Edition from McGraw-Hill is the latest edition of Mike Meyer's classic. Great book, well-written, lots of illustrations and photos, easy to learn from. Excellent introductory chapter on IPv6 basics but he should have updated references to Windows Vista though so they read Windows 7 instead.
http://www.wservernews.com/go/1335430146157

CompTIA Network+ Certification Study Guide, Fifth Edition from McGraw-Hill is a bit drier than Mike Meyer's book but still good. It's filled with lots of step by step examples and questions to test your understanding.
http://www.wservernews.com/go/1335430157343

CompTIA Network+ Certification Practice Exams from McGraw-Hill contains a ton of questions (with answers!) to help you assess your understanding and knowledge prior to taking exam N10-005.
http://www.wservernews.com/go/1335430168907

Quote of the Week

"Ten years ago, I walked the Appalachian Trail - over 2,000 miles - from Georgia to Maine... I walked the trail to raise money for the Sunshine Home, a residential family for children and adults with physical disabilities... My journey along the AT completely changed my life. I realized I could walk anywhere and achieve my wildest dreams" --Jeff Alt from an interview in FitnessRX For Men magazine.

That last phrase of Jeff's really struck me when I read it. I tried repeating it to myself by saying "I can achieve my wildest dreams" and thought "Yes, why not?"

We can achieve our wildest dreams, but sometimes we get so crushed from the struggles of life that we stop dreaming. Try repeating Jeff's phrase to yourself each day and see what happens. Repeat, visualize, and feel the truth of it. You're capable of more than you know.

Save this newsletter so you can refer back to it later for tips, tools and other resources you might need to do your job or troubleshoot some problem you're dealing with.

Forward this newsletter to a friend or colleague who might find the tips and tools in it helpful for performing their job.

Send us feedback if you have questions, comments or suggestions concerning anything in this newsletter: [email protected]

Cheers!
Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Download a free, fully functioning 30-day trial of Patch Manager from SolarWinds and get visibility into patch compliance with an extensive collection of simple, built-in reports.
http://www.wservernews.com/go/1335433432085

mPowerTools - an AD Admin essential. 200+ reports, bulk import/export, scheduling, GPO/File Share Reports. Eliminate scripting. Only $1499.
http://www.wservernews.com/go/1335433473943

Free open source software that let you change the wallpaper of the Windows 7 logon screen:
http://www.wservernews.com/go/1335430305861

Logon Editor is an advanced login screen editor for Windows 7:
http://www.wservernews.com/go/1335430332823

Automate custom changes to the local policy of a Windows installation:
http://www.wservernews.com/go/1335430344011

 

Webinars & Seminars

Conferences, Expos and Other Events

June 11-14, 2012 - Microsoft TechEd North America 2012 in Orlando, USA:
http://www.wservernews.com/go/1335430456040

June 26-29, 2012 - Microsoft TechEd Europe 2012 in Amsterdam, Netherlands:
http://www.wservernews.com/go/1335430499752

July 8-12, 2012 - Microsoft Worldwide Partner Conference in Toronto, Canada:
http://www.wservernews.com/go/1335430513580

August 27-30, 2012 - VMworld 2012 in San Francisco, USA:
http://www.wservernews.com/go/1335430529263

October 9-11, 2012 - VMworld 2012 in Barcelona, Spain:
http://www.wservernews.com/go/1335430552671

Nov 12-15, 2012 - Microsoft SharePoint Conference 2012 in Las Vegas, USA.
http://www.wservernews.com/go/1335430542133

Upcoming Microsoft Events and Webcasts

Sign up for these and other Microsoft events and webcasts at:
http://www.wservernews.com/go/1335430589643

Upcoming O'Reilly Webcasts

Sign up these and other O'Reilly webcasts at:
http://www.wservernews.com/go/1335430612966

VMware Webcasts

Sign up for VMware webcasts at: 
http://www.wservernews.com/go/1335430632750

Cisco Events

Browse the Cisco Corporate Events Calendar to find Cisco at events, trade shows and conferences around the world:
http://www.wservernews.com/go/1335430651447

Oracle Events

Browse the Oracle Events page to find in-person events and live webcasts for your location:
http://www.wservernews.com/go/1335430669561


Would you like to list your IT event, webcast, or seminar in this section? Contact Michael Vella, the WSN Account Manager at [email protected]

 

Tech Briefing

Group Policy Preferences: Top 5 Item-Level Targeting Options

If you're not using Group Policy Preferences in your environment yet, you probably should be. Derek Melber shows us why:
http://www.wservernews.com/go/1335430920390

Provisioning your Private Cloud in VMM 2012?Getting Started 101

Learn more about the new self-service capabilities of System Center Virtual Machine Manager 2012 in this blog post:
http://www.wservernews.com/go/1335430949165

Why write a script when a few commands will do?

I.T. Proctology discusses the difference in this blog post:
http://www.wservernews.com/go/1335430961293

5 Tips on using Bcc in Outlook Email

Not everyone knows how to use Bcc appropriately and misusing it can be disastrous. This post on the Outlook Blog walks you through the basics:
http://www.wservernews.com/go/1335430973489

Get the most out of Windows Speech Recognition

This post from awhile back on how to get a list of speech commands for a Windows Vista application is still applicable to Windows 7:
http://www.wservernews.com/go/1335430986243

 

Windows Server News

Four tips to avoid cloud bottlenecks and latency

Cloud-enabling the wrong virtual machine could have some serious consequences. Make one of these mistakes and you could sabotage your cloud efficiency.
http://www.wservernews.com/go/1335436786514

Using VDI as a software test environment

VDI isn't just for desktop delivery. Virtual desktops can also serve as a software test environment, where you can do OS and app testing quickly and easily. Learn more in this expert tip.
http://www.wservernews.com/go/1335437051071

How to recognize and prevent a hypervisor attack to protect data

A hypervisor attack can hand hackers the keys to your virtual kingdom. But, with the proper precautions and tools, you can minimize the risk. Find out how in this exclusive article.
http://www.wservernews.com/go/1335437149777

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

A compilation of amazing clips:
http://www.wservernews.com/go/1335431465858

An animated short film set in a post-apocalyptic universe:
http://www.wservernews.com/go/1335431493114

Swedish magicians + 7 new iPads = One of the best presentations you will ever see
http://www.wservernews.com/go/1335431504783

Mechanical sculptor Rob Higgs designed this amazing corkscrew contraption which takes opening and serving wine bottles to a whole new level:
http://www.wservernews.com/go/1335431516681

A cat, a fox, and a bald eagle get along just splendidly on a porch in Unalaska, Alaska:
http://www.wservernews.com/go/1335431528318

Hedy Lamarr was called the "most beautiful woman in the world" in her day. But what most don't know is that she had the brains to match her beauty and that she invented "spread spectrum communications" and "frequency hopping", the technology behind Wi-Fi:
http://www.wservernews.com/go/1335431544847

 

WServerNews - Product of the Week

Powerful, Affordable, Easy-to-Use Virtualization Management Software

SolarWinds Award Winning Virtualization Manager delivers VMwareŽ capacity planning, VM sprawl control, performance monitoring, configuration management, and chargeback automation, and makes it easy to take control of your virtualized environment. Download a free and fully-functional 30-day trial and, in less than 1 hour pinpoint under or over provisioned VMs and performance bottlenecks. Learn which app servers will fit in your current environment, when you?ll need more resources and which departments are using which resources.

Download a free trial of SolarWinds Virtualization Manager

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.