A few weeks ago the Windows Server team released RSAT or the Remote Server Administration Tools for Windows Vista SP1. I had already been using the tried and true adminpak.msi in Vista, but it wasn't entirely fun to get working. Needless to say I was pretty excited when I read about the release and promptly installed it for my x64 Vista Ultimate machine. As is always the case in IT, other things came up which took priority so I wasn't able to play with it. Today that changed though and I was able to get going.

Or so I thought. I went to Administrative Tools and was surprised to see the options not listed there. Nor in the control panel. I knew I had installed it, but just to be safe I downloaded it again and tried to install it to which I received a message that the update didn't apply to my system. A Google search took care of the issue for me though. The site jeftek.com has an article posted which pointed to what I was seeing. It was installed but not activated in Windows Features. As soon as I activated it everything came up and it worked great.

Given Microsoft's stance on usability I am a little perplexed as to why it wouldn't "activate" itself upon installation. The associated KB article does explain the installation procedure Jef mentions, but why else would I install it if I didn't intend to activate it? This is just one of those frustrating things that never should've had to take place.

I've been using the x86 version of Server 2008 since RC0 came out in a virtual machine since the Cisco VPN client does not work with the x64 version of Windows anything and Cisco apparently couldn't care less. For the record, I did try their new AnyConnect software, but it was a bit of a joke. I couldn't figure out how to initiate a connection, and subsequently found out the VPN endpoint has to support it and I have no way of knowing whether the client in question does or not. So I've been using virtual machines to handle connectivity to their network.

Since I do a lot of work with Oracle I use the excellent PLEdit and Golden tools from Benthic Software. Oracle releases software that embeds into Visual Studio, but for anyone who has ever used SQL Server Management Studio, these tools are a joke at best. For reference, if I run a query in SQL Management Studio and then want to copy the results on to the clipboard and paste into Excel, this is a few step and couple second process. With Oracle's tools this isn't quite the case. I run the query (which takes a good deal of time...how is Oracle a "standard" again?) and when I go to copy the results into Excel it can literally take a good hour or two to get the results on to the clipboard. That is assuming it doesn't crash Visual Studio first which is more likely. How Oracle managed to break something like Visual Studio and simple copy/paste procedures is far beyond anything I can fathom, but they pulled it. This issue is confirmed across platforms (XP, Vista, and Server 2008) on different hardware.

The reason for this post though is related to window management in Server 2008 (the above was back history on what tools are open). It appears Visual Studio 2005 and Golden do not play nicely with each other on Server 2008 and dual monitors (VMWare rocks - multiple monitor virtual machines). When I move Golden from one screen to the other, Visual Studio seems to think it needs focus every 5 seconds or so which means I can't type anything significant into Golden before it loses focus and Visual Studio pops up. This occurs whether it is minimized or not. The real quirk is when I close Visual Studio, other applications start thinking they need focus. Once this problem occurs I have to completely restart the virtual machine before things will stop taking focus. There doesn't seem to be a pattern with it persay once it has started. Anything I am using gets ignored and something else tries to steal focus and will restore itself if minimized. Even Windows Explorer and Windows Update get minimized or lose focus after everything else is closed but those two.

Talk about aggrivating. This problem didn't exist in RC0 as best as I can tell, although I wasn't using Golden at the time so I can't guarantee that. Seriously though, how did something so critical, and something that has always worked since Windows 3.1 get broken? I don't understand that.

Update: It doesn't seem to matter if only one application is open even. I only had the Remote Desktops MMC open and it kept getting minimized every 5 or 6 seconds. So annoying..

In November of 2006, right after I started my new job at ISSG, I decided to build a new system. The one I had been running on (P4 3.0Ghz with HT, single core and 2GB DDR400) was just running too slow to handle the multi-tasking I was trying to do. I ordered new parts from NewEgg (is there anywhere else to order computer parts?) and they included 4GB Geil DDR2-800 and an AMD 5200+ for my first venture into the dual core/x64 world. Over the past year and three months though, this system has had many annoying issues that caused me to question a lot of things. First, the RAM died (yes, all 4GB was gone - intermittent errors) and once I finally replaced that (tip: NEVER buy Geil RAM - their support is sub-par and I've read a number of reviews recently with people having the same issues of bad sticks of RAM as I have) they seemed cleared up. Over time though, the situation with this system got worse. I have been running Vista Ultimate since it was released and the latest feature presented by the system included requiring a dual reboot for networking to work. If the system needed restarted, it would have to be done twice or else the network cards (dual NICs) simply wouldn't work no matter what. I knew it wasn't an issue with Vista specifically because it runs great for me on my laptop and others are work with have been running it fine for months now.

So I am jumping ship and headed back to the Intel world. I do want to point out that, while I don't think the issues were related to the AMD platform specifically, I never did feel like I got the kind of performance $2400 should've given. I took the PSU, dual XFX 7900GS cards (tip 2: XFX cards are incredible), 10K SATA drive, 500GB spare drive, and SATA DVD burner to a new Lian-Li case with a 3.0Ghz Core 2 Duo with 4MB cache, 8GB DDR2-800, and an Abit board (another phenomenal company) and now I have a blazing fast system. This is the kind of system I expected to get when I got the 5200+ system, but never obtained. Granted, the 5200+ is older and has less cache, but given that just over a year later I spend less on the Intel processor than I did on the AMD processor and the performance comparison isn't even close...that tells me something. Vista performance rating: 5.7.

For those of you who read this and are wondering why I didn't go with a quad core, everything I read (specifically from Jeff Atwood of Coding Horror fame), I figured a quad wouldn't buy me anything anytime soon so it wasn't worthwhile. And, while I don't have the cash to buy a quad now and test against this system, I feel it is safe to say I didn't make a wrong decision. For those of you who have installed Visual Studio 2005 before, think about installing it in roughly 12 minutes. In fact, I installed Windows last night, and while watching both football games today finished setting everything up. The longest part of the entire process was downloading the 1.2GB worth of updates for SQL 2005, Visual Studio 2005, and 9 other smaller/miscellaneous updates.

To sum up, the new hardware at the office is (as of tomorrow morning) going to be an Intel Core 2 Duo 3.0Ghz processor, 8GB DDR2-800, 10K 150GB WD SATA, and 500GB WD. Definitely a worthwhile decision.

For those of you wondering why I would have 8GB RAM...I often find myself needing 3-5 instances of Visual Studio 2005 and/or 2008 running. Oh and a virtual machine of Server 2008 RC1. I give that 3GB RAM and 5GB left over for anything else with everything running blazingly fast.

A few days ago I was given a 4 hour deadline to come up with a very simple bug tracking system for some internal application development. Trading emails and conversations just weren't cutting it so a central database storage unit was the obvious solution. Having only 4 hours severely limited my options though - robustness wasn't really an option among other things. They just needed a quick and dirty application.

Since the initial development I have modified it a few times - most noticeably with Active Directory integration for emailing a user when something is assigned to them. This application doesn't contain the option for commenting an entry and is a simple "here's the problem"/"it's been resolved" type of system.

I've uploaded a copy of the code to my website and you can access it here.

One day I would like to revisit this as there is a LOT that could be done with it. Especially if you bring WCF into the mix - a technology I am finally starting to get to work with. It is very powerful and exceptionally cool stuff. But for now, this should be a nice basis to get someone started with this type of system.

I have been using Vista almost exclusively for a year now and, while some things have really driven me crazy, most things have worked as expected. Last night I ran into an interesting issue though - something I have never seen before in any OS, even back to the Windows 95 era. Here is a screenshot:

 

 

I was meeting some friends last night to take them out to dinner for a wedding gift (they get married on Saturday) and while working on a project on my laptop I checked the time since they were supposed to show up at 7. About a half hour later I checked the time again and noticed what you see in the picture - it still said 6:19 PM. The first thought would be the taskbar was simply frozen but this was not the case. I was able to use ALT+TAB fine in addition to moving through the taskbar/start menu without any trouble at all. For those of you with Vista installed, you know that to get the clock I have in the image to show up, you have to click the clock in the taskbar. The popped up version showed the correct time and the clock in the taskbar did update itself (and has been working ever since) a few minutes after I got this screenshot.

In other Vista news, the system I am writing this on right now is the only box I have running the x86 version of Vista. As of late last week it has decided I no longer have access to view certain things with networking. UAC is disabled and I'm logged in as an Enterprise Admin (if you wonder why I'm not simply a Domain Admin, read here) and yet, as I type this, I see the little X across the networking icon in my taskbar as if I'm not connected to any networks. When I hover over the icon it says "Connection status: unknown. Server Execution Failed." When I right-click on Network and choose Properties I simply get Access Denied while looking at what I am connected to. I don't have the ability to do any file sharing into this system, but outgoing connections work great. *Sigh* - this all started after some updates last week. It kicked on the Windows Firewall and ever since has caused weird connectivity issues. But outgoing connections still work so for now I will deal with it.

About 6 months ago I started a small personal article related to n-tier application development. The initial intention was to give it to Scott Mitchell of the 4Guys website (amazing resource if you have any interested in ASP.NET) to post. I had talked to him about 6 months prior to that about writing an article related to a custom calendar control since the one on his site doesn't work in Firefox and he was interested. Unfortunately I never got the chance to write that article due to numerous time constraints and the idea was abandoned. Anyways, I started writing the n-tier article for him to post and when I ran the idea by him it turned out he had 40+ articles on the subject that were under development so my work would be repetitive. After discussing the benefits of n-tier to a couple of friends (non-programmers) and explaining to them what it does, I decided I'll push forward with this article series and post it here instead. It actually works out very well because my goal for dynamic stored procedure parameters has come to fruition and I wanted to post that here too. The problem with that is I know a lot of the people who read this aren't programmers (although they might be interested in picking it up) and I don't want to lose them. Plus, it's easy to relate to them since I've only been a hardcore programmer (in my mind) for 2.5 years or so, and have only truly delved into the .Net framework since I started at ISSG which was (gasp!) 7 months ago. So, still being in touch with the reality of a non-programmer looking in, I'm going to try making this something easy for anyone to follow the concepts of and if you're interested in trying it out, I'll help you out as best as I can!

By the way...the forthcoming article related to the last post about Generics will be a part of this. After showing the content to my bosses, they have decided to have me implement it in our core Entity framework that is home-grown for our business requirements. 7 months into the new position, hired as a junior programmer, and I'm making core infrastructure changes. Yep, today is a great day <s>!

Currently listening to Composure by August Burns Red

.Net Programming

OK, unless you have a decent understanding of .Net the first two pieces of that title won't mean anything to you. Basically, Generics are a way to 'generically represent' an object in a specific class in .Net and Reflection is something you can use to manipulate the Generic item without knowing anything about it ahead of time. I don't think it gets any more basic of a definition than that, but again, unless you have an idea about .Net I'm sure you're still lost. I sure was until a few months ago <s>.

Anyways, the reason for this post is to simply say that first I hope to post more details about the above in the near future to explain what I'm referring to. It's some extremely cool technology and I only just recently got to truly start using it the way it's meant to be. The other reason is to say, if you know what Generics and Reflection are/do, then something I am working on is a custom framework system that will take your generic object, loop through its various properties and grab the name/value of the property and subsequently create a SqlParameter based on the Type of the value (String, Integer, DateTime, etc).

Keep reading for more on this as I'm ready to preach this to the world (yes, I'm literally that excited)!

 

Currently listening to The Show Must GO On by Drop Dead, Gorgeous

It's been a little while since I last developed a public website that I was extremely excited about. Actually the last one was probably the suite of sites that I did development for with GO Concepts right before I left - The Shoppes At Montage and The Shops at Pembroke Gardens. Although I didn't know about n-tier architectures at the time (a drag because I definitely would've used that approach), I did get to work with custom templates in Visual Studio and a number of very cool technologies. If you browse the sites, you'll see extensive URL rewriting (compliments of these guys - their tool is incredible), and some AJAX here and there. The back-end administration area is where things really took off from an AJAX standpoint though (for me anyways). Unfortunately you can't see that..

Anyways, I am working with my friend Jenny and another partner on this whole collaboration for a website for my friend Brian Bennett who is writing a book and looking at moving into public speaking engagements, etc. His site is actually a trial for me/Jenny/her partner to see if we can get things off the ground. They are interested in potentially pursuing a web development company and I would be the back-end developer for them. We're using Brian's site to test all of this since none of us have worked on a project before. I'm pulling out all stops on his site from the technical perspective and will be keeping everyone here up to date on the progress. Extensive AJAX will be prominent (but not in an annoying, overbearing way - it'll be just the right amount), URL re-writing, and quite a few other little gems hopefully. I'm also considering writing my own base framework to mess around with too. It will use reflection to generate all the required parameters for stored procedures, etc. Is it re-inventing the wheel? Definitely. Is it necessary? Probably not. But I just want to see if I can do it for personal benefit so I'm going to give it a shot.

Stay subscribed and you'll get to follow all the details!

.Net Programming

Something I have grown very fond of as I dive further into the world of IT is the community behind pirating DVDs and software. Now, before someone tries to sue me or take my site down, let me clarify that. I don't support obtaining movies/music/software illegally. Especially as a software developer, I can fully rationalize wanting to protect your intellectual property. But it is definitely fun to watch a group like the AACS spend years on developing something that is going to be "unbreakable" with regards to encryption and DRM-related content, and then watch the hacker community respond in weeks with a cracked version. The latest addition to this story is the AACS supposedly fixed the issues revolving with which the hacker community was able to break into the content and were scheduled to release it in late May. But, it would seem that according to this article that is going to be rough since, prior to release of the new AACS specifications, the method has already been cracked.

The reason I stated above that I enjoy this is because these groups are generally doing this around the idea of a legitimate backup. If I spend $40 on an HD-DVD disc but want to watch the movie on a laptop on a plane, I'll be leary to bring the disc with me. Losing that becomes a $40 mistake very easily - and I'm amazingly good at losing things like that. Which is exactly why when I buy a CD the first thing I do is rip it to MP3s. I don't share these MP3s with anyone, but with having numerous computers I like to be able to listen to music wherever I am at. And carrying a book of 300+ CDs isn't going to work. At all. So, despite some interpretations of the DMCA, I rip CDs for legit purposes. I legitimately purchased it and only want an easy way to listen. [This is the part where I might end with 'So sue me' but I'm afraid of literal interpretations of that since the RIAA has started their rampage on our legal system..]

Anyways, despite the above little revelation, I just want to say Kudos to the community on providing this newly cracked AACS method. DRM should never get in the way of the consumer (although common sense also says don't sue your customers, but that logic clearly doesn't exist in the music realm), and the fact that a community comes together to prove this is absolutely great.

You guys rock!

First, the IE team decided to implement extra security, something Jeff Atwood of Coding Horror discusses here. That's all good and fine by me - I alternate between IE7 and FF2, but IE doesn't get in my way generally speaking.

Firefox is different though and, had I not found advice from the Purple Dropbear on this issue, I'd have been forced to use IE7 to configure my Snapgear at home.

For those who don't already know or understand ports on the Internet, the basics of this are everything listens on a "port". The way I describe ports in my Network+ class is you can think of them like channels on TV. Even though you only have the one cable (or two if you've got satellite with a DVR, but that's beside the point), you can "listen" to many different stations, albeit one at a time. This is how ports work - web servers listen on port 80 for traffic, and when they receive something they send the data out a specific port (as requested by the client) so you can view a web page. Luckily, many years ago IE, and Netscape (wow do those two next to each other bring back memories) made this very very easy for you - if you don't specify a port, they assume you mean the default of 80 and send you there. If you try the following two addresses, you'll go to the exact same page, yet the URLs look different. FYI Firefox users - the browser strips the ":80" off the address.

http://www.google.com/

http://www.google.com:80

So anyways, the reason for this rant relates to configuring my Snapgear. I have it configured to listen on a specific port for the web-based management system. I've been able to get to this with IE7 perfectly fine, but just recently starting using FF2 again for most everything. I typed the address in and get a very annoying message: This address is restricted: This address uses a network port which is normally used for purposes other than Web browsing. Firefox has cancelled the request for your protection."

OK, time to smack someone. As Scott Bellware explains in his post Wanted: Microsoft Windows "Really Really Pro" Edition, and Sam Gentile extends, why should we stop at just Windows? If I typed that address in my address bar, clearly I am fully aware of what I am doing and blocking me is just dumb. Anyways, for all of who may be looking to fix this little "inconvenience", use the following steps (stolen from the Purple Dropbear site):

1. Type about:config in your address bar.
2. Right-click a blank area and select New => String
3. In the first prompt type network.security.ports.banned.override
4. In the second prompt type 1-65535 to cover all ports.
5. Click OK and you're done - no restart necessary.

Networking | Rants

After much frustration with the new OS from Microsoft, I have finally found something that is going to be truly useful - specifically on this blog. Compliments for this nifty little tool go to Bertrand Le Roy on the ASP.NET website for finding this.

I'm sure everyone who reads this is familiar in some form with the PrtScr (Print Screen) button. For those of you who aren't, it will basically take a snapshot of whatever is on your screen so you can send it to someone, post it in a blog, or any number of other things. SnagIt was a cool program that worked pretty well - but it's not free. The inherit problem with the print screen functionality is - what if you're running a setup like I have (images here, here, and here) and you use the print screen functionality? It still takes a full snapshot of everything on every screen as one giant image. I'm running 1280x1024 on the two side monitors (19" Dell UltraSharp LCDs) and 1900x1280 on the main 24" Dell Widescreen UltraSharp LCD. So let's add this up... 1280 + 1900 + 1280 = 4460 pixels wide. Just saving an image that big is going to take a good chunk of space. Not to mention if I wanted to only grab a little part of the screen. Now I need a tool like Adobe's Photoshop to crop it and size it appropriately. When I was first learning about programming (VB6 class at Sinclair Community College a few years back), I learned about the Alt+PrtScr feature which would take only the active window - an improvement, but still a hassle.

As long as you have Home Premium, Business, Enterprise, or Ultimate installed you get the Snipping Tool. To access it, go to Start -> All Programs -> Accessories -> Snipping Tool.

Instead of going through the specifics on how to use it, just check out the Microsoft page specifically for this tool. It's about time I found something I truly liked about Vista.

Windows Vista

On April 16th, 2007, an incredibly senseless and selfish act occurred. I'm sure to all of my subscribers this is not news to you - it has now taken over the airwaves and has been earmarked as the worst school shooting to take place in our contry. Brandon Paddock posted a great article related to this whole scenario that I really recommend everyone reads. I won't reiterate it here, but it definitely represents how I feel about the situation.

Some of the things I've found interesting related to this though, are the needs for a scapegoat. Outside of the obvious fact that Cho Seung-Hui is taking the fall for this (rightfully so), it seems a lot of people want to hang this on the university and the police department who investigated the first shooting. Hanging this on the police or university officials is unjustified and a little frustrating to say the least. While I agree all students should have been notified that a shooting occurred, I personally can't think of any way a notification like that could have gone out to them on a multi-building campus. I've heard reports of people suggesting text messages, but I know while I was in class at Sinclair Community College, cell phones had to be off. This was because a few years back this became a very popular method of cheating on an exam - send/receive texts to other friends who can look up answers for you and help you pass an exam you forgot to study. While I don't currently go to college, I am positive rules like this still exist. So chances are pretty high most (if not all) students would have had their phones off during class (or muted) and wouldn't have gotten the message anyways. And calling every classroom wouldn't have worked either - I'm sure there are hundreds of classrooms and going through all of them would have taken far longer than this whole event did anyways.

Not to mention, they thought this was an isolated incident. I remember pulling up CNN and seeing an article about two people being shot on campus and the suggestions of a murder-suicide were rampant. Right away my heart went out to the victims involved, but I (as many others across the country) probably quickly looked at it as an open/shut case. Just as I was leaving for lunch I pulled up CNN again to check (I do this many times during the day, every day) and was shocked with what I read. No one could have predicted what happened with the evidence at hand, so trying to hang guilt on law enforcement is just absurd. Everyone wants some form of justice - something Cho will never see (depending on your beliefs of course - I won't go into this side of things though), just don't add to the guilt those officers are probably experiencing anyways. They know it was the wrong call, but they couldn't have known that at the time. I think they did an excellent job overall, and while it's 100% regrettable what happened, we can't burden them with this.

A very close friend of mine, Rauni McMillan wrote a little something about this incident, and I've included it below with her permission. If anyone takes this to post on their blogs or shares with friends, please make sure she gets the credit for it. The poem was actually written last year in response to the 1999 Columbine school shootings, but it is more than applicable here as well.


Also, even more disturbing is the article on CNN from Lou Dobbs. While there are times I don't agree with him, this article hits it dead on. It's very sad that it takes something so gruesome, brutal, and public to get our attention - but if it does, and we correct these things then those who lost their lives on April 16th won't have died in vain.

As Tony Bunce can vouch, source control is something that is a bit of a nemisis for me. When I first started working in .Net (and programming in general) a few years ago, the whole concept of source control was completely new to me. Having a background in systems administration, the concepts behind centralized storage wasn't new - but check-in/check-out was among many other features the different providers off. At the office we recently migrated (for better/worse) to Microsoft's Team Foundation Server. Prior to that, I had been using (despite what Tony might say..) SourceGear's Vault product. While it didn't integrate with Visual Studio (I think it did but at the time Visual Studio 2003 was *terrible* with source control so we managed things ourselves), it was very robust and feature-friendly. Team System seems to want to be that way, but isn't quite there yet. But that particular discussion is for another blog entry - this one is meant for the reasons behind source control in hopes of saving someone from pulling the same stunt I did.

Our largest client (multi-billion dollar international company) has a very interesting network. For security reasons I can't go into specifics here, but basically when we VPN in (they won't let us do IPSec) we lose all access to our local network. Despite the fact that my connection is routed through our local router, I can't even ping it's local IP address. An interesting side note is they've also managed to block us from our web-based email as well, despite numerous attempts on my part to subvert this little inconvenience, but that's neither here or there. Since I can't even ping my default gateway, talking to our source control system is impossible. So what we end up having to do is connect to the VPN, open Visual Studio and tell it to work temporarily unbound. Then, assuming we don't need to debug anything we'll make our changes, upload the new content, and disconnect from the VPN. At that point we can then close down Visual Studio (checking source control seems to be an instance thing by the way, not a "you opened a new project, can I talk to it's source control provider" thing), then re-open it, check all the files out and then check them back in thus saving our new changes. Now, if we had to debug that's a whole different story. For whatever reason debugging isn't possible locally - it flat doesn't work. So we have to upload the entire solution to one of their servers running Visual Studio, debug everything via RDP and when completed grab a copy of everything (thus overwriting the local copy onto our system) and do the whole disconnect/check-out/check-in dance again. That's just frustrating when you're working on a cable connection that has 512kb max upload speeds and the solution is 50MB in size. Not only all of that, but this particular client has a number of "network issues." Their network constantly goes down or has stability issues and more than once I've been routed through a connection to Brazil just to get in. So now I'm not only hampered by 512kb up, but I have to send the friggin thing to Brazil before it comes back up to Canda and their main offices. Either I've lost it, or that's just dumb. If you're a multi-billion dollar company, get a solid Internet connection. Seriously. That, or get people who know what they are doing (we are in a bid for this contract..).

Anyways, that was slightly off topic, but not too much. This past weekend we were scheduled to launch a major revision to one of their internal websites which we developed from scratch. The new version had an all new CSS design (this was a lesson in pain - I hate IE6 a lot), and an overall streamlined look/feel to it. And of course the new Microsoft AJAX libraries. The launch was scheduled for 1PM Sunday afternoon (they don't process this system over the weekend so a night deployment wasn't required). Early Friday morning my boss comes in to ask me how everything was progressing with testing for the launch. This is where things went down-hill. Fast. A couple of weeks back he had asked me to do some minor updates to this version (just little visual tweaks - hardly any code involved). Since it had been 2+ months since we had even talked about the project (the client was having internal conflicts with the deployment), I did the obvious thing and inside Visual Studio selected the option to Get Latest Version from source control. I knew he had been doing some changes to the underlying layers (part of the reason I had to do changes now) so it was just easier to get everything. Oops. Apparently, the last time I did the little source control dance described above, I hadn't checked in my latest revisions. There were a lot of those. And selecing Get Latest Version did exactly what it was supposed to do - it got the latest version from source control. Since I hadn't checked everything in the last time, it overwrote almost everything. When I did this about 2 1/2 weeks ago, I realized the error and cancelled the process. I used Vista's new Shadow Copies option and restored a couple of files not realizing the true impact I had had on the system. So Friday morning I go to run some tests and I get the wonderful Yellow Screen of Death that any ASP.NET developer is probably overly familiar with. Unless of course you're a programming god like Hanselman, Guthrie, Haack, or Mitchell. Since I'm not, I am used to seeing them. While going through the site though, I noticed a lot of the pages had a number of old items tied to them whether it be the extremely old MasterPage we used, or the regular tabstrip control (I replaced this with a JavaScript one), etc. After about an hour of trying to figure out what could've happened it suddenly hit me.

Not-so-long story short, always check your files in when using source control. And if you're not using source control right now, change that. There is a great free version out called Subversion. While it's not nearly as powerful as the aforementioned SourceGear Vault product, it's got a number of good features and a lot of community support. The stuff I did caused the delaying of this deployment for a week, an overnight stay at the office (finally left at 4:45AM when I hit an Oracle error), and (in my opinion) made me look bad in front of my employers since I've only been there for six months. Luckily I was told that something like this just makes me part of the group as everyone has had something like this happen before. That made me feel a little better, but still..

If you get tied up with a company that makes you VPN, won't let you talk to your home network, and makes you debug on a server, fight the policy as much as possible. It's the most annoying thing to deal with. Period.

.Net Programming | Networking | Rants

I am currently a Microsoft Certified Systems Administrator for Windows 2000 and have a lot of experience in the 2003 Server world as well. I just haven't upgraded my certification status to the 03 credentials yet - something my boss at the school has been on me for a little over a year now about. His policy (and rightly justified - I fully support it) is you can only teach the classes you currently hold a certification in. Since the courses we offer are for the full 2003 MCSA track, and I only hold the A+ and Network+ credentials (as far as the courses are concerned) that is all I'm allowed to teach. It's actually admirable - I remember taking some Cisco classes at Sinclair Community College by a professor who didn't have her certification yet (she was teaching a CCNA course). Did she know her stuff? Yep. But she was teaching a certification course for something she didn't have - kinda makes it harder to take her seriously, you know?

The structure with a 2000 network infrastucture went somewhat like this:

• Enterprise Admin - full control over every domain (tree) in the forest.
  • Domain Admin - full control over a specific domain in the forest, but not necessarily all domains in the forest.
    • End User - standard user

Basically, an Enterprise Administrator (actually a default group in a 2000/2003) can do anything in the entire forest of domains. If you have a single domain deployment (small offices, most lab environments) then being an Enterprise Administrator doesn't really gain you anything over being a Domain Administrator. But if you happen to be an Enterprise Administrator, your permissions still propogated like normal - whether it's a single domain or multiple domains, Enterprise Administrators are essentially Domain Administrators for every domain. Simple enough, right?

Wrong. At least, if you're using Windows Vista.

I fully support the approach to a more secure environment, something Vista supposedly brings to the table. But seriously, if you're an Enterprise Administrator then clearly I want you to have permission to do anything on your local system you wish. Now, before I get a blast of email saying this isn't the secure approach, standard users shouldn't be Enterprise Administrators, and so on...I would like to clarify that I came into this position with this setup already orchestrated. Even though I have since taken over IT operations here, since everyone employed needs to be able to have administrative access to their system, and everyone is competent in only doing things you're supposed to do (i.e. don't open unwanted email attachments, etc) it's a policy I'm not looking at changing. It's worked for them for a few years now so I don't need to bother fixing it as that is just going to make people mad. And, although I can mostly replicate the same features with Group Policy updates - I don't want to waste the time doing it. There is plenty of other stuff on the table now.

Anyways, being an Enterprise Administrator in a 2003 Active Directory domain apparently doesn't mean you have domain administrative rights with Vista and UAC installed. One of our employees, for whom I just setup Vista Business on her laptop, was having trouble getting MSN messenger installed. The UAC prompts were coming up, she would put in her username/password for the domain (which has Enterprise Admin rights) and be told she doesn't have permission to execute the installer. I went over to her desk, entered my username/password combination - the only difference on groups between her account and mine was I already had Domain Administrator rights (didn't set this up initially, not sure who did) and it worked. So, logically I login to Active Directory Users and Computers, update her account, reboot her system, and away she went - everything worked flawlessly.

Why in the world did Microsoft change something like this considering the extremely high impact this was going to have? I know it worked fine for her in XP since she had that OS previously and never once had an issue. It's only with Vista.

Time to add another item to the Vista rants collection..

Rants | Windows Vista

Here at ISSG I have been quite busy on the networking front. We have just added another county to our hosted services platform and have been researching the benefits of a high speed (and highly available) connection, as I have mentioned previously in another post. I am still angling for a Cisco 2821 router as I have a good amount of Cisco IOS experience (although NO certification - yes, this is still a sore point) and it is an Integrated Services router. Basically, not only does it give us the standard functions of any Cisco router (access lists, dynamic routing protocol support and peace of mind support on the hardware end since Cisco is known for their reliability), but it also includes Intrusion Detection software and the same options available on a Cisco Pix (although I'd imagine it's a subset of an actual Pix).

Apparently though, once of our contractors is also interested in this service - and he may be willing to build the data center to support it. Our office has the space, and if he's willing to invest the money in the hardware then it's a win-win situation. There's nothing better than free hardware!

There will (hopefully) be more posts related to this subject in the very near future. I know the contractor is interested in moving on this and I've already given it a green light so now we just need to tie together the loose ends and start deploying!

By the way, while writing this post I've been doing a bit of maintenance on my laptop clearing out programs that either aren't used or don't work (Dreamweaver 8). I really need to get more RAM in this box - it's a Core Duo system with 1GB RAM running Vista business and it's very sluggish. I'm known for typing pretty fast, but when I type and the system lags just putting characters on the screen I know there are issues. No one should be able to type faster than a Core Duo at 1.6Ghz can handle <g>. For anyone interested in upgrading to Vista who hasn't, 2GB RAM at a minimum is a must. Especially if, like me, you need to run things such as Outlook 2007, SQL Management Studio, and Visual Studio 2005 all at the same time.

Networking

Along with pretty much any programmer I have ever talked to, the version of Notepad included with any Windows OS is just plain terrible. A quick Google search of notepad replacements will attest to this fact - there are quite a few out there that are better substitutes. Personally, I like Notepad2 from Flo's Freeware. It has syntax highlighting, NO installer, and is just generally easy to use. Replacing Notepad in XP with Notepad2 was a bit of a complicated process - only a couple of steps, but you had to know/understand what you were doing. This is one of the first things I would do when setting up a new system - whether it be a server or a workstation.

So when I tried replacing it on Vista and just got access is denied errors (yes, UAC is off) I was a little irritated but figured I'd forego Notepad2 and hopefully not have too many problems. Lately it had been getting annoying though so I re-investigated the replacement process and came across Matt Berther's article Replacing Notepad in Windows Vista. I was excited about this as I wasn't the only one wondering how to do this. So I tried Matt's implementation - I took ownership of %systemroot%\notepad.exe and %systemroot%\system32\notepad.exe (not an easy task mind you - I hate the way Vista manages permissions now with the "preview" mode, then an edit option - let me do it when I want to, not by jumping through hurdles) and thought I was golden. I replaced notepad.exe with the renamed Notepad2.exe (to notepad.exe) and went to Start -> notepad. An interesting error popped up - MSVCR70.dll could not be loaded. Seeing as how I never needed this file before, I was a little confused and figured it was Vista doing something...special...again. A quick Google search helped me find the DLL (get it here), I dropped it in my system32 folder, and running the new notepad again was successful this time.

Vista is great for a lot of things but some things are definitely quirky/annoying. At least Notepad2 works now .

.Net Programming | Networking

It is now apparent to me that I am not supposed to pursue the Cisco track any further. As most of you knew, I was taking the exam today at 12:30. I studied hard for this thing. I wasn't going to take a third time and not pass it.

But that is exactly what happened.

Passing score: 849/1000
My Score: 847/1000

Yes, that is 2/10 of a percent away from passing it..

I'm about to submit a review request to Vue. This time the test delivery seemed fine for me, no apparent errors. But with it being that close, I want them to review it and make sure.

Certification Updates | Networking

In conjunction with the hosting initiative we are attempting to deploy at ISSG, I knew I would need to start working with DNS a little more. I have plenty of DNS experience with internal setups (Active Directory is built on it), and the different record types (A, CNAME, SOA, NS, MX, PTR, etc..) are a walk in the park for me. But making DNS work outside of a local environment has been a bit beyond me without the assistance of someone who already has public DNS servers. For instance, managing DNS entries is extremely easy with the HSphere system provided for my deXaweb hosting account (where this blog is hosted). I can enter just about any type of record (A, CNAME, MX, TXT) and then they will work.

But I wanted to go deeper than this. Running a WHOIS on the deXaweb.com domain returns ns1.dexaweb.com and ns2.dexaweb.com as the name servers that hold all the records. My thinking here was...if you are trying to find dexaweb.com's IP address, and you are told that you need to connect to ns1.dexaweb.com to resolve it, how do you get the record for ns1.dexaweb.com?? This had me confused for the longest time. Enter custom registered DNS servers.. :)

Since this whole process was designed to be for testing (i.e. needs to be breakable), I needed a new domain to play with. I couldn't use my digitalldesigns.net domain because if (when) I broke something, my email and this blog would go down. Yahoo is offering domains for $2.99 for the first year and $9.95 for every subsequent year - an amazing deal with no ties. So I went ahead and registered a new domain through them - wtfisdns.com. I was kind of surprised it wasn't taken already, but oh well. It's mine now!

Once the domain was registered I read through Yahoo's FAQ and guides on domains, and it appeared that registering custom DNS servers through them was the route to go. I emailed them the request to point ns1.wtfisdns.com to 71.65.98.115. Technically I would say putting my IP out there like that is probably bad, but any of you who are familiar with DNS (or have been through my classes) probably already know about nslookup so it's not like it'd be hard to find. About 24 hours later they responded to say my request had been completed and the entry registered. This is where things get a little shaky with definition but the best I can tell is that they essentially put a static record out on a root server and allowed that to propogate. I then needed to change the authoritative DNS servers on this domain to use ns1.wtfisdns.com and ns2.wtfisdns.com (ns2 points to another IP I have access to - it won't be hosting the domain though, so no redundancy (i.e. don't do this in production).

24 hours later my authoritative DNS servers had propogated and I was able to test. At first it wouldn't work and I was a bit confused. Running nslookup worked for looking up the ns1 record, but I couldn't get any of my custom queries to work with entries I had added to my DNS server at home. Then the lightbulb hit - DNS queries use UDP 53 to get from point A to point B. I turned on port forwarding on my SG300 for UDP 53 to my internal DNS server and instantly everything was working! I added a couple of custom records that pointed to 1.2.3.4 simply to test lookups and it worked 100% as I expected.

So while I don't know exactly what happens with registering a custom DNS server (outside of knowing that all I can do is request it with a registrar - I can't do it myself), I do know that this is the solution I was looking for. Now I can use wtfisdns.com to host websites with, use ns1.wtfisdns.com as a name server for multiple domains, and all the other capabilities associated with DNS from an environment I am more than comfortable with: Microsoft DNS.

Networking

So, as much as I hate mornings, this morning isn't all the bad. I'm a big hardcore rock fan and one of my favorite bands, From Autumn To Ashes, released a demo yesterday for their new CD. As soon as I left work I headed straight to Hot Topic to get it as it was only available in stores and only on the 13th. I managed to get the album ripped to MP3s (I haven't lost the CD yet, but that's coming...it's a legit backup process for those wondering ), but I didn't manage to get it transferred to my laptop this morning. Luckily though, yesterday I setup something for the first time that proves to me that VPNs are old and outdated which allowed me to transfer the demo album to my laptop from the office just by knowing the IP of my home system. I setup an IPSec tunnel. It's definitely the coolest thing I've successfully gotten working since my IIS stuff from last week, a project which has tragically ground to a halt for now.

For a little background, a VPN is a way to create a tunnel from one endpoint to another. Generally speaking this is from your house to your office or something similiar. It's a way for you to access network resources in exactly the same manner as if you were plugged into the network at the office, but all over a secure and encrypted tunnel over the internet. The problem with this is every time I wanted to connect to the network at the office from home (or from the office to my home system) I had to initiate the connection, put in the username/password, and wait for it to connect. Clearly there has to be a better way to do this: enter IPSec tunnels.

An IPSec tunnel is essentially a VPN on steroids and, depending on your equipment, can be much nicer to work with. Instead of initiating a connection from a local system to a remote network, you let the routers handle all the dirty work. You configure the routers at both endpoints to "listen" for the remote device (home listens to work and vice versa). As long as you configured it right, and you have two different subnets at each location (I've got a /28 at home just because - not too many places duplicate this <g>), everything should work as expected. Some of the configuration options include the IP of the remote endpoint, a shared secret/key, the remote subnet you want access to, and the local subnet to "share". The best part about this whole setup though, is with a /28 I've only got 14 available addresses. If DHCP is being weird and handing out new IPs instead of renewals with each VPN connection I'm going to run out quick. With IPSec everything is handled as if it's a local connection. The remote subnet can be pinged from my system without me ever grabbing an IP on the remote network. It literally acts as if it's simply a remote network I can access (much like visiting a website), except that the IPs I'm accessing are of the local variety - 10.35.163.192/28 to be exact (yes, that's a totally random subnet I came up with). Isn't the Internet grand ?

For reference, I am running a Cyberguard Snapgear SG300 at home. IPSec tunnels aren't something you can create with your standard Linksys or Netgear router (although I do have the Linksys router at my house simply acting as a wireless access point). Since I can't really go into specific configuration details on here, feel free to read more about IPSec by going here, here (PDF), and here.

Enjoy!

Networking

I scheduled my CCNA exam for March 30th. This will be the third time I am taking the exam - luckily it's free this time because Cisco found an error with my test and gave me a free voucher. The first time I took it I legitimately failed it, but was hung up on one question (a simulator) that I could've sworn I had gotten right. So before I took the exam again, I borrowed Larry's lab for two nights and went through as much simulation as I could with RIP, RIPv2, IGRP, EIGRP, and OSPF (night one) and STP, VTP, and switch trunking. I vowed to myself (a dumb mistake) that if I got that same question as the first time around I would ensure I got it right. When I took the exam a second time, and for question 3 got that same question that I was wondering about the first time around, and 17 minutes later it wasn't working (had to do with configuring EIGRP between routers - something I had done with real routers (5 of them, 3 2600's and 2 2500's) when I used Larry's lab more than once) I was convinced the exam had errors. Unfortunately that wasn't good enough and I failed the exam simply by running out of time with 4-5 questions remaining unread. And I still managed a 753 with a guarenteed 5-6 wrong (the missed questions and that simulator) so that tells me that I was definitely on track to pass it.

So this time I will :)

Then I start the upgrade process for my MCSA and then I start going to Indiana Weslyan's online degree program!

Certification Updates

The further I dive into this IIS Management project the more I see how far the rabbit hole goes. So far I have managed to get the user account created on the system (shown here), the folder structure created (blog post coming soon for this), and the site creation in IIS is almost there. It creates the site but it's marked as stopped which isn't a good thing. That's something I'll investigate when I get further into the IIS side. For now though, I had to stop that and investigate NTFS permissions. Even though starting out I'd imagine open access won't be available for our clients to access sites and FTP information, I'd imagine that time will come soon enough. So I might as well get everything prepared for that so we don't have to change anything except our router configuration to allow FTP access in. Unfortunately when you create a directory in .Net using the System.IO.Directory class, it creates it under the context of you as the user. This is fine for most aspects, but if we do that and start hosting quite a few sites and decide to open FTP up I'll have to go back and reconfigure all of those folders with the correct permissions so users can access their files. Clearly this isn't something I want to do as I have many other tasks that are far more fun than modifying NTFS by far <s>. So it's off to the MSDN documentation..

It's almost like I got lucky with this. In .Net 1.1 and earlier you would have to use unmanaged code to modify ACL's which would definitely be difficult to do. Not only is unmanaged code nasty to read/follow, it's easy to mess something up and hose whatever object you're working with. Granted, if I break a folder I created for this in the development process I can always either delete it or take ownership, but once this tool is production-ready that won't be an option. It has to work right without breaking anything. Luckily in .Net 2.0 they provide managed APIs to do the ugly stuff for me. I just write a little bit of code (seriously) and everything works as expected!

As usual, since I can easily envision reusing this, I have opted to add this functionality to my digitall.Common.Utilities project. I will be uploading the new version of this entire suite of utilities (wow that's fun to say) and providing a link to it at the bottom of this post for you to see. Since showing the properties takes up so much space in the post, and the format is always going to be the same, I have opted to just tell you the property names from now instead. They are:

• AccountName (string - this is the name of the account you are giving permissions to)
• Permissions (System.Security.AccessControl.FileSystemRights enumeration - basically it's Read/Write/Modify, etc)
• Path (string - the path you wish to modify permissions for)
• AccessControlType (System.Security.AccessControl.AccessControlType)

I have a public function Called AddACLEntry() that first does a simple validation check to ensure everything is set as expected before trying to do anything. It looks like this (with the validation routine as well):

    Public Function AddACLEntry() As Boolean

        If Me.Validation = True Then
            'Everything validated
            Me.UpdateACL()
        End If

    End Function

    Private Function Validation() As Boolean

        If Me.Path = String.Empty Then
            Throw New Exception("You must specify a path to modify permissions on.")
            Return False
        End If

        If Me.AccountName = String.Empty Then
            Throw New Exception("You must specify the account you wish to modify.")
            Return False
        End If

        Return True

    End Function

One thing to note out with the next block of code is that no checks exist for ensuring you have permission to do this. The logic for that would be pretty easy to add I would imagine, but it isn't something I needed to do here and I've got enough going on to keep me busy for awhile as is. Utilizing the System.Security.AccessControl namespace, and the System.IO namespace (both imported for code brevity), I first grab the DirectoryInfo of the path that was passed in (via System.IO.DirectoryInfo) and then grab it's security profile with the System.Security.AccessControl.DirectorySecurity class. I add in the rule I want based on the properties specified (account name, permissions, access control type) and then set the access control on the folder to the "new" directory security profile. Take a look:

    Private Function UpdateACL() As Boolean

        Dim l_info As New DirectoryInfo(Me.Path)
        Dim l_security As DirectorySecurity = l_info.GetAccessControl()

        l_security.AddAccessRule(New FileSystemAccessRule(Me.AccountName, Me.Permissions, Me.AccessControlType))

        l_info.SetAccessControl(l_security)

    End Function

It took me a few hours of Google and MSDN (their site has been running SO slow these past few days..) to come up with this, but it's actually quite easy to do as the above code shows. This took the folder I specified (which had already been created by another block of code elsewhere in the entire application) and added the appropriate permissions to the user account that had already been created by code earlier to it. Here is how the implementation looked:

    Private Function SetNtfsPermissions(ByVal pPath As String) As Boolean

        Dim l_permissionUpdater As New digitall.Common.Utilities.NtfsPermissionsManager

        With l_permissionUpdater
            .AccessControlType = Security.AccessControl.AccessControlType.Allow
            .AccountName = Me.MachineName & "\" & Me.Username
            .Path = pPath
            .Permissions = Security.AccessControl.FileSystemRights.Modify
            .AddACLEntry()
        End With

    End Function

I don't think it gets much easier than that! I hope this helps anyone who sees it and saves them the digging I had to go through <s>. A copy of this code is available here.

-ScottS

.Net Programming

One of the recent projects I have been assigned here at ISSG is setup and configuration of our new website hosting initiative. Coming from a systems background (and web hosting background) the owners of our company have decided we would like to host websites. This isn't the same type of