Musings of an IT Cynic

State of the Internet

2009-12-02T16:05:00.005-06:00

I think the current top 10 downloads from CNET's download.com says it all.

Hyper-V Server R2

2009-11-14T09:34:00.005-06:00

I'm currently attending a conference with a lot of people who own the same kind of companies that I do. It's a fun experience to get to talk to other people who do what I do and face the same things as I do every day.

While the conference is marketing centric, you can't stop IT guys from talking about technology. One conversation that has come up a lot is in regards to virtualization. I'm currently working on two separate virtualization projects for clients. We had to choose a horse, so to speak, between Microsoft and VMWare when it came to the different platforms.

Needless to say, I chose to hitch my cart to the Hyper-V horse in this race. We've seen Microsoft enter markets as the underdog in the past and become the dominant player within a few years. I feel that the virtualization market is going to play out the same way.

You can really tell that they're out to win by the features that they are offering for free. In the past, any kind of clustering required Windows Server Enterprise. If you're using the Hyper-V role on top of Windows Server 2008, you still need Enterprise or better in order to take advantage of the clustering capabilities.

However Microsoft also has a free product called Hyper-V Server 2008 R2. Included for free are some features that are not available with Windows Server Standard running the Hyper-V role, including Cluster Shared Volumes.

Using this free technology, we are able to create highly-available clusters for our clients. With so much running on any one physical machine now, the hardware becomes much more valuable. Using Cluster Shared Volumes (CSV) along with shared storage like iSCSI or Fibre Channel, you can protect your critical systems making sure that even with the total failure of a complete server, you can keep on running.

Our "bread and butter" is small businesses, many of whom are too small to really need this level of virtualization. But I really enjoy working with my larger clients and getting to play with this kind of technology. That's not to say that we don't get to use Hyper-V with our smaller clients. We have many SBS 2008 servers running Hyper-V child machines, and even a few SBS 2008 systems running AS the child machine.

Whether you're using VMWare, Hyper-V or any other technology, virtualization is an amazing technology and I can foresee a day where everything we work on is a virtual machine in some form.

Wake on WLAN

2009-11-10T21:53:00.005-06:00

We recently deployed 31 brand spakin' new Dell Latitude E5500 laptops to a school here in town. One of the things I noticed in the BIOS settings was the option to Wake on WLAN instead of the usual Wake on LAN. Intel refers to this WoWLAN. But I can't for the life of me get it to work. If anybody searching the web for it and stumbles upon this article (sorry that I'm not offering a solution this time), please come back and post a solution in the comments if you find one.

We would like to be able to do some offline management of these laptops, and wake them up to do so in the cart on the weekend.

We have it set in the BIOS, and under the power management options in Device Manager. What I guess I can't get my head around is how a magic packet reaches a wireless card, especially one with a secured profile, while the system is off. The wireless card is a BCM4310 based Dell Wireless 1395 WLAN Mini-Card.

Any ideas? Is this Intel only?

MoCA Adapters

2009-04-10T14:56:00.004-05:00

As a geek, I tend to have a lot of gadgets. This includes a nice cable distribution panel in my basement that makes the cable and satellite guys turn green when they think I need them to do anything on it.

I live in a newer house, but for some reason, Ethernet is not a standard feature of houses like cable outlets and phone jacks.

For the few years I've lived here, I've always wanted to be able to stream HD video to a Windows Media Center Extender up in my bedroom because I record a lot of shows on the Media Center. I use my Media Center to pull ATSC HD off the air. Anything on satellite is recorded on the Dish Network DVR.

A very handy feature of the Dish DVRs is the ability to modulate the second video output to a cable channel for viewing on a separate TV. Basically I can turn the TV in my bedroom to channel 63 (or whatever) and get the full DVR interface. However I was always out of luck when it came to the Media Center.

For a long time, the only extender that could play back HD content was the XBox 360, and I bought a second one just for this purpose. I quickly found out that 802.11g was not fast enough nor reliable enough to do this in my house (AP is in the basement, bedroom is on the second floor). There wasn't any good way to get high speed WIRED network up there.

I have been reading about Ethernet over Coax (aka MoCA) adapters for a few years, and they always seemed like they were about to release. I decided to stop waiting and picked up a couple of Actiontec HME2200 boxes off of Amazon.com.

WHY AREN'T THESE THINGS ON THE SHELF AT EVERY ELECTRONICS STORE?!?!?

I couldn't believe how EASY the install was. It took about a minute per end. Here's a basic layout.

Typical cable uses about the first 1000MHz of the frequencies available on a cable. However most RG6 or Quad Shield is rated to 2350MHz. This leaves quite a bit of bandwidth available for other things. The MoCA adapters put the Ethernet signal onto the unused bandwidth at one end, and pull it off at the other. It's basically a diplexer.

Now if I had an actual satellite tuner in my room (which I don't), I wouldn't be able to use this since it uses the additional bandwidth for that signal.

This has got to be one of the easiest and most useful network devices I have ever used. Powerline is basically worthless, but you can get it at any Best Buy. I'm looking forward to seeing these devices become more available and cheaper in the future.

FixMAPI

2009-04-06T16:34:00.003-05:00

Clearly, keeping up on this blog hasn't been at the top of my to-do list. We've made some big changes at Artech, and business is booming at the moment, so I've been busier than ever.

This blog was originally going to be a collection of articles that I could spit out at my own pace, and then use in a newsletter format on a periodic basis to send to our clients. However most of my clients wouldn't really care to read any of this, so it's basically turned into a collection of fixes for which I couldn't find anything on Google when trying to fix an error myself.

A recent example of this came up when I migrated a client from GroupWise 6.5 to Exchange 2007 with Outlook 2007 on the client side. The vast majority of people could no longer use any mailto links or the "Send to" function of Explorer when choosing Mail Recipient. The only solutions people tended to talk about was to verify that you had Outlook selected as the default email program under Internet Explorer.

So if you are being prompted to "Choose Profile", and then nothing happens when trying to use any of these functions, check out the version of your mapi32.dll. There's a program that's been pushed out since IE5 called fixmapi.exe in your system32 directory, which makes a backup of the current MAPI DLL, and restores the correct version. Be careful, because this will break older versions of Outlook.

Hopefully this will help other people when looking for a solution to this issue.

Almost Three Months???

2008-12-16T17:02:00.003-06:00

I was guessing it was more like two months since my last post. My bad.

I'm working on a few posts that I will hopefully have time to finish in the next few weeks. The biggest one I need to finish (it's been done for months - just need to get a screen shot and make some minor edits) is using AuthAnvil to secure Citrix Web Interface for Presentation Server. We wrote a custom plugin that just adds a passcode field to the login screen. Very handy.

Not really ready to talk about the other ones, but I have experience in a lot of areas. Feel free to shoot me an email or comment if you have anything you'd like to see. Just about anything in the SMB IT market is fair game.

Home Wi-Fi Security

2008-09-23T08:09:00.004-05:00

I remember when just about every household wireless router made it difficult to add security to the connection. It wasn't part of the setup wizard, or the setup wizard didn't do a good enough job explaining why it was important.

I think we have definitely crossed a bridge in this area. Some routers (e.g. 2Wire) enable it out of the gate and put the key on the bottom of the unit (a practice we have started doing whenever we install them in a household now). Others require it as part of the setup wizard. Whatever the reason, people are finally doing it. I opened up my list of wireless networks while sitting on my couch and here's what I saw:

There were three more networks, all secured, below these that are visible. I'm glad the message finally got through. Let's just pray the ISM Band isn't toxic or something with this much Wi-Fi going around. =)

New Hyper-V Server Standalone

2008-09-16T09:24:00.003-05:00

Microsoft has announced a new product called Microsoft Hyper-V Server. It's a free, standalone version of Hyper-V server with limited features. Based on what I have read, it's a core-install of Server 2008, meaning you will need to use external tools, or a command shell to configure and maintain it, and all it will run is Hyper-V.

If one of your guest OSes is going to be Windows Server 2008, and you need to license it, you're probably better off just buying a license for Windows Server 2008 Standard. If you run Hyper-V on Standard, you are allowed to extend that license to a single guest OS. This is probably what most small businesses will do, and run it on a full install of Server 2008 so all of the tools to manage it are in the same spot.

I can definitely see how this standalone product will come in handy for a few niche projects. It's always better to have the option for something like this, especially since VMWare has a couple of free virtualization server options.

Custom NTBackup Script

2008-09-15T20:03:00.006-05:00

Here is the script I referenced in the previous post. You can download this script from here, or use the one below along with sendemail, which you can download from here.

Disclaimer: Use this script at your own risk. You assume all responsibility for your data if you choose to use this script to protect any systems. It is assumed that you can understand and modify this script to fit your environment.

@echo off

:: ARTECH-NIGHTLY
:: 19 JULY 2008
::
:: COPYRIGHT (C) 2008 ARTECH SOLUTIONS, INC.
:: Author: Alexander Romp - alex@artechsolutions.com
::
:: THIS SCRIPT IS LICENSED TO THE CLIENT FOR USE
:: AND MAY ONLY BE MODIFIED TO CHANGE VARIABLES AS
:: NEEDED. IT MAY NOT BE MODIFIED IN ANY OTHER WAY OR
:: COPIED EXCEPT BY ARTECH SOLUTIONS, INC.

set semail=administrator@customerdomain.com
set demail=BackupReports@yourdomain.com
set subject=Customer (%computername%) Nightly Backup
set destfile=X:\Nightly-Backup.bkf
set selsetname=Nightly-Backup.bks
set smtpserver=emailserver:25

:: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
:: No Modification Below Here Should Be Required
:: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
for /f "Tokens=1" %%i in ('time /t') do set tm=-%%i

set tm=%tm::=-%
set dtt=%dt%%tm%

if "%1" == "/full" goto full
if "%1" == "/incremental" goto incremental
if "%1" == "/emailtest" goto backdone

echo.
echo Please sepcify backup type with /full or /incremental
echo or /emailtest to test sending the last backup file.
echo.
goto EOF

:full

%windir%\system32\ntbackup.exe backup "@%userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\%selsetname%" /n "%computername% %dtt%" /d "%computername% %dtt%" /v:no /r:no /rs:no /m normal /j "%dtt%" /l:s /F "%destfile%" /UM

goto backdone

:incremental

%windir%\system32\ntbackup.exe backup "@%userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\%selsetname%" /a /d "%computername% %dtt%" /v:no /r:no /rs:no /m incremental /j "%dtt%" /l:s /F "%destfile%" /UM

goto backdone

:backdone

cd "%userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\"

for /f "tokens=1 delims=" %%M in ('dir *.log /B /O-D') do (
if "%%~xM"==".log" (
type "%%~fM" > %computername%-Backup.log
goto next1
)
)

:next1

sendemail -s %smtpserver% -f %semail% -t %demail% -u "%subject%" -a "%userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\%computername%-Backup.log" -m "Logfile Attatched"

del /q "%userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\%computername%-Backup.log"

:EOF

Backup Solutions for Small Businesses

2008-09-15T19:17:00.003-05:00

I think it's probably fair to say that the days of tape are in the past. At least when it comes to the majority of small businesses. I think the only client of ours that still "requires" the use of tape is an advertising agency that frequently has to pull very old files off of tape. And even that is somewhat debatable.

Most of our day-to-day file protection is done using shadow copy now. To me, that is probably one of the best features that was introduced with Server 2003. Most of our clients are using SBS 2003, which includes a front-end for using NTBackup complete with reporting and easy scheduling. However, one huge thing that is missing from this is the ability to recognize portable hard drives as valid backup destinations. It will recognize tape drives, and any drive that shows itself as removable, like the Dell RD1000 drive (which is just a 2.5" SATA drive in a housing that acts like a tape cartridge).

That is why I was glad to hear about the changes to backup in the new SBS 2008. It is specifically geared towards using portable hard drives to protect your data (however it no longer supports tapes). The drives are setup using a configuration wizard which labels the drive and "commandeers" them for use exclusively by the backup system. The system accesses the drives using low-level API and optimizes them for speed, and therefore they are not accessible by drive letter or visible to Windows Explorer.

The system is smart enough to know the difference between multiple drives and performs an ongoing differential backup and keeps the disks so that any of them can be used for full disaster recovery. This greatly simplifies the issues we have had in the past with sites that required cumulative incremental backups due to the size of their backups.

Until all of our clients are on SBS 2008, our current backup script is pretty handy. We had cobbled pieces of it together from various other samples over the years, and I finally put it together into a single script a couple of months ago. You simply define what you want to backup and save the selection set as a BKS file in the usual spot. The script requires one of three parameters. You launch it with either /full, /incremental or /emailtest. The first two should be self-explanatory. The third tests the scripts ability to figure out which of the log files from NTBackup is the most recent, converts it to ASCII (side note: even though NTBackup log files can be opened with Notepad, they are actually binary files) and then sends it to the specified email server and recipient.

Our script calls sendemail.exe by Brandon Zehm to use as the email engine. If you are interested in seeing it for yourself, I will put it up in a separate post, or you can download it here.

Creating a Secondary OWA Instance

2008-09-12T18:17:00.008-05:00

(continued from previous post: AuthAnvil on OWA 2007)

So I set out on the task of creating a secondary OWA instance in IIS for the purpose of securing using AuthAnvil. First, I bound a second IP address to the server under TCP/IP properties. Then I created a new website named "AA-Secured" and set it to only listen on the new IP address. Then I set it to use the same SSL certificate that the original site used (e.g. webmail.domain.com).

So far, so good. I'm no PowerShell guru, but I'm impressed with how versatile it is. I have used it to perform many of the regular Exchange tasks with ease. I'm a command shell junkie at heart, but I never learned how to do "real" programming beyond some horribly complicated CMD files and some very simple VB.

One of the commandlets is called "New-OwaVirtualDirectory". So I executed the command:

New-OwaVirtualDirectory -owaversion:exchange2007 -websitename "AA-Secured"

I watched the new OWA virtual directory show up in IIS manager while PowerShell plugged away. However after a little bit, it returned an error:

New-OwaVirtualDirectory : An error occurred while creating the IIS virtual directory 'IIS://server.domain.local/W3SVC/448843799/ROOT/owa' on 'SERVER'.
At line:1 char:24
+ New-OwaVirtualDirectory <<<< -owaversion:exchange2007 -websitename "AA-Secured"

Yes, I know I don't need to specify the version when executing this command - this is just one of the many ways I tried to get it to work.

In researching this issue, it seems that everybody's solution was to uninstall CAS (client access server - component of Exchange 2007), reinstall IIS and then reinstall CAS. Why would I want to do that? The original OWA listener works just fine.

If part of your job involves supporting and troubleshooting of Exchange environments, I really hope you follow the MS Exchange Team's blog. It's full of a lot of useful information. The part that specifically interested me was this article, titled "Supportability for multiple OWA/ Exchange Web Sites on Client Access Servers in Exchange Server 2007 and Exchange Server 2007 Service Pack 1" (quite the long title). However it was exactly what I was looking for.

If you are using Forms-Based Authentication for your /OWA and/or legacy (/Exchange and /ExchWeb) virtual directories, Microsoft supports a single Web site per Client Access Server. Further, the /OWA and legacy virtual directories must be in the same Application Pool (AppPool).
If you do not use Forms-Based Authentication, you can use as many Exchange Server-related Web sites as needed for your organization.
However, Microsoft recommends that you use a Microsoft ISA Server 2006 server to handle Forms-Based Authentication for your various Web sites, in this circumstance.
If Forms-Based Authentication must be used on the Exchange Server 2007 computer *and legacy virtual directories are not used*, you can use multiple Application Pools (AppPools) for each Web site.
Note: Lack of legacy virtual directories will prevent proxy to Exchange Server 2003 mailbox servers and prevent Entourage clients from synchronizing with the Exchange Server using the Exchange service.

Here was my reaction to these points:

Crap... We need forms-based authentication.
Who cares? We need forms-based auth and there's no way we're moving the firewall over to the ISA box (which we use for web proxy).
BINGO!

At this particular site, we only have a single Exchange server, which is 2007, and there's nobody using Entourage. So I used the following command to remove any legacy OWA directories:

Remove-OwaVirtualDirectory "exchange (default web site)"
Remove-OwaVirtualDirectory "public (default web site)"
Remove-OwaVirtualDirectory "exchweb (default web site)"

(I should mention that we didn't even have a public store at this site, much less users who use public folders via OWA, however I wanted to include it since most sites probably would have to remove that directory too)

After removing those other OWA virtual directories from the main site, I was able to execute the command successfully. Here's what IIS Manager and Exchange Manager looked like after all was said and done.

After making the new OWA virtual directory on the second site, we tested it to make sure it was fine on its own. Once we were confident everything was working, we locked it down with AuthAnvil's Web Logon agent, and modified the firewall so external users could only hit the new IP.

AuthAnvil on OWA 2007

2008-09-12T08:39:00.003-05:00

If you're not familiar with AuthAnvil, you should check it out. It's a great two-factor solution designed for the SMB market. It's easy to install, and the support is great.

They're getting ready to release the 1.6 version of their agents (edit: It was released yesterday). I've been running 1.5 for a while and we use it to secure our desktop machines as well as OWA.

Did I mention that we use Exchange 2007? Exchange 2007 requires a 64-bit server OS. However there's one little problem. There isn't a 64-bit version of the ISAPI available for AuthAnvil yet (I think that's coming out in 1.6).

I've had many conversations with Dana Epp, the owner of Scorpion Software, makers of AuthAnvil. I told him that I wanted to experiment with securing OWA 2007 using their Web Logon Agent. He was kind enough to send me the 64-bit version of the ISAPI DLL and some instructions. I ran into some roadblocks along the way, but was able to get past all of them. We have been running AuthAnvil with our OWA server with no issues for over two months now.

With this in mind, I was confident telling a client of mine that we would have no problem installing it onto their Exchange 2007 OWA server. However their environment was a little bigger than ours. One of the features of AA's web logon agent is the whitelist. You can setup individual IP addresses that don't require two-factor logins. This is handy if you have internal users using OWA and you don't want to buy tokens for them. However this environment has 12 class-C networks spread out across Central Iowa. Many of the internal users use OWA for their email. That means we would have roughly 3000 IP addresses to whitelist.

So my solution was to create a secondary OWA in IIS on a different IP. Internal users would continue to hit the old, unsecured version. However external users would be directed to the new listener in IIS, which would be secured with AuthAnvil. I've had to create secondary OWA listeners in older versions of Exchange. How hard could it be with this shiny new version?

Famous last words...

(to be continued)

Hyper-V Stuck at 53%

2008-09-11T16:24:00.005-05:00

Just a weird little issue. Seems that the KB article has been out since March but HP is yet to fix the problem.

If you install any updates to Hyper-V on certain HP servers running their NIC management software, after you reboot you will be stuck on "Stage 3 of 3" at 53%. Luckily there were a few good hits for this on Google and we easily fixed it.

The fix involves booting from the CD and using Repair (which is much improved in Server 2008 - I'm impressed), then renaming a file.

I'm sure the Microsoft KB article would have appeared in my results, however it has 54% instead of 53% (I did find some older references online that had 54% in them).

Here's the article in case anybody else runs into this:
http://support.microsoft.com/kb/950792

I'm really digging Hyper-V. Yes, I still like ESX too, so I don't want to hear anything from VMWare fanboys.

Windows Search 4.0

2008-09-10T09:28:00.007-05:00

Why does Microsoft like to sneak products into patches?

A recent example of this would be the inclusion of Windows Search 4.0 which was installed if you approved an update patch. The patch was just supposed to update it if it was installed. Not install the full version for everybody.

Personally, I'm a fan of Windows Search. However it seems to *really* slow down machines if they're more than a year old. It landed on a couple of our managed networks and the users really started to complain. At first I thought the complaints would die down once the indexing process completed. However it's been a week and a half and the complaints keep coming.

This is another one of those times that I absolutely LOVE using Kaseya. With just a few clicks, I created a script that tests for the existence of the uninstall file (which is only there if the product is installed), and then runs it in silent mode. I tested it on a machine that I was logged into remotely to make sure the user didn't see anything. Everything worked like a charm.

The command in case anybody needs it is:

C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe /quiet /norestart

Or for you Kaseya Script people:

Script Name: Remove Windows Search 4.0
Script Description:

IF Test File
Parameter 1 : C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe
Exists :
THEN
Execute File
Parameter 1 : C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe
Parameter 2 : /quiet /norestart
Parameter 3 : 3
OS Type : 0
ELSE

This just ran in the background. I watched as the search taskbar disappeared followed by the tray icon. I then checked the Add/Remove programs list to make sure that it was indeed gone.

Sysinternals Rocks

2008-08-08T15:32:00.005-05:00

I just wanted to say that Windows Sysinternals is probably the single most valuable set of tools I have ever used. Here are my top picks:

Autoruns - Since discovering this tool, I haven't touched HiJackThis. If you're checking a system for spyware, this is probably the single best tool to check all of the entry points for possible malicious programs.

Process Monitor - This is the "marriage" of two of their older tools, FileMon and RegMon. I can use this program to troubleshoot problems with missing files or registry keys, or to see what a suspicious application is accessing on the system.

Process Explorer - This program is like Task Manager on crack. In addition to listing the open applications, as well as process trees, I can see which application has a particular DLL loaded. When using this for spyware removal, you can suspend processes that you can't kill (lsass.exe or winlogon.exe) that can house active malware so you can clean them up without the program adding itself back in.

TCPMon - This is like netstat, but a lot nicer of an interface to run, and you can see it in real time (even reloading netstat every second can miss some things).

Also check out BgInfo, PSTools, RootKitRevealer, and just about every other application on their site.

Just yesterday, I was checking some antivirus logs at a client site and we noticed several machines had old infections of soundmix.exe. The AV program could not remove it since it was currently active and couldn't just be killed. So we took a look at one of the machines and the first program I ran was AutoRuns. I saw that the program had hooked itself into exefile so it was launched every time you ran an executable. However it would come back on its own even if you removed it and killed the process.

So I ran Process Monitor (procmon) to see what exactly the application was doing. I noticed that it was polling the root of the C: drive for a file named stop.txt every second. Out of sheer curiousity, I ran the command "echo. > c:\stop.txt" just to put a file out there to see what it would do. Within a second, I saw the process terminate and the threads exit in procmon, and it removed its own entry points. This had to be the single easiest cleanup I have ever done. It did all of the work for me.

Because this was in a large, distributed network, some of these viruses had been in place for quite a while. We are being brought in to mop up after years of just getting by. Part of this process involved deploying modern Anti Virus clients to all of the machines. We use Kaseya to maintain this network. Rather than waiting to finish deploying all of the AV clients, I just wrote a Kaseya script to place the stop.txt file in the root of the system drive, and then removed the files.

By pushing this script out to every machine on the network with Kaseya, we were able to make sure that it was removed on a broad scale in a matter of minutes. Since the script tested for the existence of the file before performing any of the steps, there was no reason to not just run the script on every machine in the organization, which can be done with about two clicks once the script is written.

It is these types of tools, and management platforms like Kaseya that have enabled (yes, those in the IT consulting space might see the pun there) small consulting businesses like ours to maintain much larger user bases without increasing staff. The ratio of users to consultants is able to increase without losing our ability to take care of the clients.

My next project on this network is to get about 175 machines across 12 locations onto the newly created domain (they're in workgroups now) while preserving the user profile. Should be fun!

Small Biz Thoughts by Karl Palachuk: Pricing: Don't Settle for 1%

2008-07-07T09:18:00.001-05:00

Small Biz Thoughts by Karl Palachuk: Pricing: Don't Settle for 1%

Karl has some of the best insight into the SMB consulting arena. Occasionally I will find something that he has written that perfectly expresses how I feel about a topic. This is one of those times.

Thanks again Karl!

Selecting a Mobile Device

2008-07-06T20:42:00.002-05:00

One of the questions I am routinely asked in my line of work has to do with selecting a mobile device. Most of the time, people don't know quite what they need. They just need "a BlackBerry or something".

We can debate all day how much somebody actually needs something like this (my advice: RUN AWAY!). But in the end it comes down to what they want to do with it.

Some people actually need/want the full PIM (Email / Contacts / Tasks / Appointments / Notes / etc) sync ability that comes with something like a BlackBerry, Treo or Windows Mobile device. However, some people just want a qwerty-style keyboard so they can compose text messages a lot easier.

For the purposes of this post, I'm going to focus on those people in the former category (the latter group can proceed to their preferred cell phone store - there are TONS of them).

Most people expect me to just tell them in 3 words or less what they would need. It would be simpler for me too if the answer could be condensed into something like, "an iPhone", "a BlackBerry", or "Verizon XV6800". In reality the answer is a lot more complicated.

My response to them usually has to do with a few factors:

If they have a preference of device (RIM / Palm / WinMo)
What they use for email (Exchange / Hotmail / GMail / POP)
What they need to sync (Email Only / Full PIM)
Are there any special applications they need (ACT / GoldMine)

If they're running an Exchange Server that's at least version 2003, the simplest thing is to have them get something running Windows Mobile 2005 or later. Aside from the small issue of setting up SSL properly on their server, installation is a breeze. You get a mostly familiar interface, a whole slew of applications, and real-time push synchronization - just like what BlackBerry made famous.

For those people who just really want a BlackBerry (and I'm one of them), you have a couple of options. If you only need to sync email wirelessly (and can wait until you're by your PC to sync everything else), you can configure your email settings right on the handheld. It is very easy to setup and can talk directly to Outlook WebAccess, GMail, or just about any other email service (coming soon for Hotmail).

If you need full PIM sync in real time wirelessly, RIM (BlackBerry) has made it very cheap to install a small BES (BlackBerry Enterprise Server) which can run on your SBS or Exchange server without much hassle. Just make sure the person installing it knows what they're doing, or you can wind up in trouble fast. It's free for the first person and $99/seat after that. Compared to my first 5-user BES license which ran close to $1500, that's a steal. Go beyond 10 users and you'll want to look at a full BES Enterprise install though.

Inaugural Post

2008-07-06T18:51:00.001-05:00

It's very likely that this blog will be a constant work in progress. But rest assured it will only contain stuff that matters (to me, that is). Okay, probably not even to me, but then again, this is the Internet.

I wanted a place to talk about technology, trends, and also the occasional rant.

But let's start with something so low, I can only move up from there.

Here's a hilarious video (courtesy Chris Pirillo's Twitter via Greg Hughes' blog) called The Web Site is Down (definitely NSFW). It hits a little too close to home. I think I really lost it at about the 7 minute mark. Check it out.