About Jonathan

Windows Server infrastructure administrator at Newcastle University since 1999. Microsoft MVP for Cloud and Datacenter Management (& previously for PowerShell). Member of the Microsoft Technical Community Council. Co-founder of the NEBytes user group. @jonoble on Twitter.

Security questions for online authentication – lying is the best policy!

Posted on 2 October, 2008 by Jonathan

When you sign up for practically anything online these days that has a password, you’ll be asked to provide answers for additional security questions, whether it’s for an additional level of authentication (for online banking), or just as a way of allowing you to authenticate to change a password that you’ve forgotten.

The trouble with these is that it’s relatively easy these days to find the answers to the most common security questions for another individual. In a world of social networks and Google, you can probably find out someone’s mother’s maiden name, where they were born and what their first school was fairly easily; perhaps they have a blog where you can find out the name of their pets, or other information that’s sometimes used.

The news that someone had gained access to Sarah Palin’s Yahoo account last month reminded me of this earlier post by Microsoft UK’s Steve Lamb, who tried to change his mother’s maiden name with his bank to avoid this very issue.

For a while, I’ve been using a legend, with a fake mother’s maiden name, first school, pets, etc, which only I know. This is of course something else that I need to remember, but if you’re going to take security seriously, you’re going to have to make a bit of an effort with it. Of course if you were going to get really serious about this, you’d have to use a different legend for each authentication system – it’s up to you how far you want to go – but I’d definitely recommend using a few little white lies to keep your online accounts safe.

The Ultimate Steal returns

Posted on 8 September, 2008 by Jonathan

In addition to last year’s offering, Microsoft now give you the option to buy Visio and a Windows upgrade to Vista Ultimate.

The Ultimate Steal

By visiting www.theultimatesteal.co.uk, and confirming your identity as a student or member of staff with your university email address, you can purchase and download Microsoft Office 2007 Ultimate Edition for only Â£38.95 – saving over 90%!

The offer is available from now until the end of June 2009.

Google join the browser race

Posted on 3 September, 2008 by Jonathan

Following on the heels of last week’s release of Internet Explorer 8 Beta 2, Google has launched a beta of its own browser, called Chrome, for Windows. So far it looks like a very good first entry into the market and while there are issues with some types of multimedia content (the Silverlight site says it’s not compatible) and some sites don’t work because they don’t recognise the user agent string, it’s definitely worth a look.

google.com/chrome

Addendum: Check out the comments regarding the unusual install location. The way it’s installed means you can just move the Chrome folder and you’ve got a portable app! 🙂

SQL Server 2008 arrives

Posted on 8 August, 2008 by Jonathan

At the moment WIT run a collection of SQL 2000 and 2005 servers that host around a hundred databases of varying size and importance to the institution. The lion’s share of those databases are currently on the older SQL Server 2000, so several months ago, with the end of mainstream support for that product approaching, we started making plans for migration.

We’ve been keeping a close eye on the development of the latest version, SQL Server 2008, since it was announced, and trialing pre-release versions. SQL Server 2008 offers a number of advantages over previous versions and the migration path from SQL 2000 to 2005 or 2008 is much the same, so we’ve opted to take those databases that are currently on SQL 2000 straight to 2008, rather than moving them twice.

SQL Server 2008

Last week, we were fortunate to have Microsoft’s Andrew Fryer spending a day with us, discussing our migration plans. Since none of our databases do anything especially odd (not that some of them aren’t complex), SQL Server 2008’s comprehensive Upgrade Advisor was able to tell us that we didn’t need to make any changes to the databases before moving them to the new version.

There are some things that Upgrade Advisor suggests for after the migration, such as re-writing DTS packages using the SSIS technology that replaced DTS in SQL Server 2005, but existing DTS packages will work in SQL Server 2008, so our advice is that the time to migrate from DTS to SSIS is when you need to alter a package.

This week SQL Server 2008 has been released to manufacture, so we’ll be moving forward with building production and test systems with the finished code. We’ve planned a setup which provides higher availability and better disaster recovery than we’ve previously implemented, and we’re looking forward to taking advantage of some of the new features (I’m especially looking forward to working with the SQL Server PowerShell functionality!).

The “Mojave Experiment” – dispelling Vista misconceptions

Posted on 29 July, 2008 by Jonathan

Microsoft has launched a new site for The “Mojave Experiment”, where they demonstrated the next version of Windows, “codename Mojave” to a set of people and asked them to rate what they’d seen in comparison to their preconceived ideas of Vista. Then it’s revealed that what was demonstrated was Vista all along.

The Mojave Experiment

Introduction to Windows PowerShell

Posted on 4 July, 2008 by Jonathan

I gave a demo of PowerShell at our OU Admins Christmas Event last December, and I’ve mentioned it a couple of times on mailing lists, but for everyone who missed those or wasn’t convinced, here’s my Introduction to Windows PowerShell…

PowerShell is a command shell and language focusing on Windows system administration. It can be used interactively to get immediate results, or you can write complex scripts and do batch processing. Although it is still not used as much as it should be, PowerShell isn’t a brand new product; it’s been around for a couple of years and version 2 is currently available in its 2nd Community Technical Preview.

Now that PowerShell is part of Microsoft’s Common Engineering Criteria (meaning that product teams pretty-much have to incorporate PowerShell into their new releases), and being incorporated as a feature in Windows Server 2008, you’ll see PowerShell usage sky-rocket! (It’s worth also saying that Microsoft aren’t the only ones adding PowerShell support to their products – VMWare, IBM, Citrix and others see the potential of managing their products this way.)

The thing that sets PowerShell apart from other shells is that it uses pipelines of objects, not of text. It is build on the .NET Framework, but you don’t need to have a developer’s appreciation of .NET to work with PowerShell. In fact one of the best ways of getting started with PowerShell is to just run it each time you were about to run cmd.exe – many of the things you’d want to do there work in PowerShell. If you’ve been a *nix admin in the past, you’ll find that some of the commands you’re familiar with work in PowerShell too.

For example, the PowerShell cmdlet (pronounced “command-let”) to list the contents of a folder, Get-ChildItem, has aliases built in, so that you can use either dir or ls in its place. The interesting thing with PowerShell is that it has providers which let you access other repositories (referred to as PSDrives) in the same way as the file system, so you can do this:

cd HKLM:\software dir

…and see the contents of a registry hive! (Note that if you want to do a recursive directory listing, the parameters are different to the dir in cmd.exe, so you’ll want to check the help to see what you can do with the cmdlets)

Give it a go and I’m sure you’ll soon find your way around. To get started, Get-Command gives you a list of the available cmdlets; Get-Help [cmdlet] tells you what they do; Get-Member lists the properties and methods of an object; Get-PSDrive lists the PSDrives that are available to you. Knowing those cmdlets is enough to get you quite a distance.

The TechNet Script Center has a load of great resources for IT Pros at and there’s a fantastic community building around PowerShell, with a UK User Group (run by Richard Siddaway who is a PowerShell MVP – details on his blog), numerous PowerShell bloggers, and community sites. There are also a bunch of PowerShell books, most of which are pretty good, but if you’re just looking for one I’d recommend Lee Holmes’ PowerShell Cookbook.

If you don’t find that there’s support built in to products or PowerShell itself for what you want to do, there may be a 3rd party snap-in that could help. I’m making used of the free Active Directory cmdlets from Quest Software, the free Group Policy management cmdlets from SDM Software and the PowerShell Community Extensions – a large suite of additional cmdlets, providers, functions and more.

I’ll leave you with a quick PowerShell example. This is a cut down version of something that we used yesterday to enumerate the members of all the AD groups in a particular OU and save the listing for each group in a separate file named after the group:

Get-QADGroup -SearchRoot "OU=Groups,OU=ISS,DC=campus,DC=ncl,DC=ac,DC=uk" | %{$name = $_.name; Get-QADGroupMember $name | Out-File "$name.txt"}

It has probably wrapped in your browser, but that’s just with one line of PowerShell and frankly a good chunk of it is specifying the OU that we’re looking in! If you want to run that, you’ll just need to change the OU and have the Quest AD cmdlets installed. I won’t explain how it works here – I just wanted to show how much you can do with so little PowerShell. How much effort/code would it take to achieve that task another way?!

This summer all of our student user accounts will be provisioned entirely with PowerShell scripts. Keep an eye on this blog for future posts about PowerShell tools, resources and code samples.

EduCoMS Community Site

Posted on 4 July, 2008 by Jonathan

EduServ, UCISA and Microsoft have recently launched a new community website for IT professionals using Microsoft technologies in higher and further education.

The site has a collection of forums, wikis and document libraries which are somewhat sparse at the moment, but will be more useful the more members of the community start to contribute. In an attempt to persuade people to build the site up at the beginning, they’re offering book tokens to people posting content.

You don’t need to sign up in order to browse the site, so I’d recommend you at least take a look at www.educoms.net and see if you think you’d want to get involved.

Infrastructure Systems Group Blog

Windows and Linux Infrastructure at Newcastle University

Author Archives: Jonathan