Redux of some “Favorite” Tweets

I’m a big fan of Twitter for keeping up with interesting tech news and information.  Since signing up in 2007, I’ve used Twitter to connect to a variety of people interested in a wide array of topics. As 2010 draws to a close, check out some of these tech tweets from the past year that caught my eye on my Twitter feed, either from those I follow directly or some of their retweets. The links might be worth another look!

• MS_Virt - Missed this webcast? Watch it on-demand now: TechNet Webcast: Hyper-V for the VMware Administrator... http://bit.ly/cxDXJo (March 2010)
• old_bubba - Really good article on what Microsoft doesn't do with your data and Google DOES: http://bit.ly/cVhtxG (July 2010)
• SFGate - The end of the (land) line http://sfg.ly/cScq9Z (July 2010)
• rhalbheer - A very good paper you should read: Data Governance in the Cloud http://bit.ly/aS7iEE (Sept 2010)
• EmilyF - Risks with integrating iPhone in the enterprise via @deloitte http://bit.ly/9u77jR (Sept 2010)
• adfskitteh - RT @MassWomen: How to Use Twitter to Network at Conferences. http://bit.ly/aatGaZ (Sept 2010)
• henet - Spend at least 2 minutes and 9 seconds with IPv6 today: HE Webcast 32 - 6in4, 6to4, & Teredo: a brief comparison http://j.mp/webcast32 (Nov 2010)
• mitchjoel - Well, this explains why the majority of us suck at work: http://bit.ly/gDoQ1S (Dec 2010)

If you are looking to follow me on Twitter, my handle is jkc137. Happy Tweeting!

New SharePoint 2010 Books to Consider

Do you have SharePoint 2011 on your project horizon?  If so, don't forget to check out the following books when gathering your resources.

First, check out this recent post about a collaboration of knowledge from Microsoft MVPs on the MVP Award Blog - Over 20 SharePoint MVPs Contribute to SharePoint 2010 Book. You can find "Real World SharePoint 2010" at Amazon and other retailers.

If SharePoint Foundations is more your focus, look for CA Callahan's upcoming book "Mastering Microsoft SharePoint Foundation 2010" due out in mid-February. Callahan is also a Microsoft MVP and I've had the honor of getting a sneak peak at some of the content and am looking forward to adding this volume to my SharePoint references once it's available.  Also,if you are looking for some of Callahan's up to the moment tips and tricks, check out her blog.

(Curious about what makes a Microsoft MVP? Check out this post by Eric Ligman that sums up how to become, find or nominate an MVP.)

Happy Holidays!

Like most of you, I'll be spending the holidays with my family and friends - and giving my hands a break from the keyboard.  

Best wishes for a great holiday season with your family and friends.  Stay warm!

She’s Geeky unConference – Early Bird Registration Ends 12/22

Are you a woman in an STEM (science, technology, engineering or math) field and looking to connect with other like-minded women?  If so, you probably don’t want to miss the She’s Geeky unConference, especially if there is one planned for a location near you.

Starting off 2011 in San Francisco on January 28-30th, She’s Geeky will be held in the Mission, right near downtown. Score!  I enjoyed the conference in Mountain View last year, but this makes it even better.

The early bird registration sale ends on Wednesday, so even if you register for all 3 days it’s a great price.

Google Calendar and the “Unsupported” Browser

A couple weeks ago, I started experiencing a curious problem with Google Calendar on my netbook.  I’m running IE 8 (8.0.7601.16562 to be exact) and every time I loaded up my calendar I got a message alerting me about using and unsupported browser.

“Sorry, you are trying to use Google Calendar with a browser that isn’t currently supported…”

Since I’m also using IE8 at work (version 8.0.7600.16385) without any calendar issues, I did what many sysadmins do when stuff doesn’t work on their own computers – I ignored it for a while, hoping it would just resolve itself.

However, today I did a little looking around and found the issue, which ironically is caused by the Google ChromeFrame Add-In.  I turned that off and the calendar now loads without any error messages.  The version of the add-in I had installed was ChromeFrame 8.0.552.224.

Upcoming Tech Events in 2011

Looking to fill your calendar with some free or low cost tech events in early 2011?  Consider some of these:

• TechNet Events Presents: Virtualization 101 - Microsoft Evangelists will talk about the creation of the hypervisor and demonstrate usage scenaros ranging from the home user up to multinational corporations. Discussions will also include how virtualization has given rise to "the Cloud".  The event is free and will be in San Francisco on 2/2/11, but check the list for dates in Los Angeles, Irvine, Denver, Portland and others locations on the west coast.
• Data Connectors Tech-Security Conferences - Just like the one-day event I attended a few weeks ago, Data Connectors will be all over the west coast in early 2011.   In particular, find it in San Jose, CA on 2/10/11.
• She's Geeky unConference - For all those women who embrace their geekiness, save the date for "She's Geeky Bay Area #4" running January 28-30th. 
• Register by 1/21 and snag a free Expo Only pass to the SPTechCon (The SharePoint Technology Conference) in San Francisco February 7-9th.  The full event doesn't fall into the "low cost" category, but if SharePoint is your thing, you might want consider more than just the expo.
• RSA 2011 - Another one of my favorites, the "Expo Plus" pass at RSA gets you into the expo hall, the keynotes and one conference session of your choice. RSA will be at the Moscone Center in San Francisco, February 14-18th. 

Plan your time well and you won't have to be in the office for much of the first quarter! 

Inside MDOP: AGPM 4.0

In case you missed the PacITPros meeting on December 7th, you missed out on some interesting vendor and technical presentations.  In addition to a presentation from BlueCat Networks and Hurricane Electric, I did a short demo of one of the MDOP tools - the Advanced Group Policy Manager 4.0.

This tool hooks right into the existing Group Policy Manager snap-in you know and love in your MMC and with the use of a designated archive server, extends the functionality to include better search features and change management.  No matter the size of your organization or the number of IT staff you share group policy tasks with, you can benefit from this tool.  Even if you are the only person who does anything with group policies, this tool will make your life easier.

First, the change control features take away much of the pain of keeping track of what was changed when and potentially by who.  Policies that are controlled by the system must be checked in and out for adjustments, which automatically creates a history record capturing the state of a policy at any given time.  These records can easily be reviewed for corporate compliance and policies can even be rolled back to previous states.

With new roles created within the tool, non-admininstrators (even regular domain users) can be granted the ability to review or edit policies... leaving the actual deployment and linking of the GPOs to system administrators.

The abililty to search and filter your view of policies is much improved.  You can search by name, state (checked in, checked out), even by variables such being updated "last month" or "last week". 

Finally, you can easily import and export policies, even across forests.  No more manual recreation of the perfect policy just because you want to use it in your test lab environment or in another forest.

Finally, keep in mind that APGM 4.0 adds support for Windows Server 2008 R2 and Windows 7, as well as runs on Windows Server 2008 and Vista.  If you are supporting an environment with older versions of Windows Server, consider version 2.5 or 3.0 of the tool.  Not of all of the features are included, but if you are looking specifically for the change management aspects, those older versions may work for you until you upgrade your servers.

Out of the six tools in the Microsoft Desktop Optimization Pack, APGM isn't one I'd overlook. 

Take Aways from the Data Connectors Tech-Security Conference

Last week, I attended a free one-day conference hosted by Data Connectors.  Sometimes free conferences aren't worth the time it takes to get there, but I was really happy with this one.  While all the presentations were vendor sponsored, the majority were product neutral and really shared some decent content.  In addition to the vendor presentations, there was a decent sized expo area with other security vendors to peruse.

Here are some of the stats and tidbits I left with. As some of the themes overlapped throughout the presentations, so I'm not going to attribute each bullet point to a specific presenter.  However the presentations were sponsored by the following companies: WatchGuard, Axway, Sourcefire, Top Layer Security, JCS & Associates, Kaspersky Lab, Cyber-Ark, FaceTime and Arora / McAfee.  You can learn more about the presentations specifics and download some of the slide decks here on the event agenda page.

End Users

• End users in the workplace expect to have access to the web and popular web applications, however 25% of companies need to update their policies related to web use. Instead of addressing the policy issues, companies simply block access to web applications entirely.
• End users need more education about threats like email scams, pop-ups offering anti-virus solutions, links sent via social media sites, tiny URLs, etc. End users are your biggest threat - often due to error or accidents.
• The average employee spends 3 hours a day doing non-work items on their computer.

General Company Security and Policies

• Consider reviewing and improving on your file transfer management practices. How do people share data within your organization and externally? Is it secure and managed?
• Most companies feel secure, but aren't really. Check out http://www.idtheftcenter.org/ for a list of companies that have experienced data breaches. Many companies simply rely on their vendors to declare that they are secure and protected.
• Consider using different vendors to protect your data at different levels. Different vendors use different mechanisms to detect and deter threats.
• As an administrator, you have to review logs on computers, firewalls, servers, etc. This way you are familiar with what is "normal" and can easily recognize potential breaches.
• Consider data encryption as means to enable your company to meet regulation compliance. Encryption technology has evolved and it doesn't have to be as painful as it has been in the past.
• You should patch all your computer regularly - don't forget that your printers, routers and switchers are computers too.

Browsers and the Internet

• The top Internet search terms that are likely to lead you to site with malware on it are "screensavers" (51.9% chance of an exploit), "lyrics" (26.3%) and "free" (21.3%).
• In 2009, the Firefox browser had the greatest number of patches and overall, vulnerabilities in applications exceeded operating system vulnerabilities.
• The web browser is the #1 used application, but the patch cycle for browser add-ins is slower than for other applications and operating systems.
• Drive-by downloads are still the #1 way to exploit computers.

Sometimes I leave conferences scared by the massive list of items that I feel I need to address, however, I left this conference with not only some tasks in mind, but some great leads on how to go about completing those projects.  Check out the Data Connectors events list to see if there is a similar conference coming up in your area in 2011.  They have well over two dozen other planned dates across the US, including Los Angeles in January and San Jose in February.

All I Want For Christmas is my Credit Card

December started out with a call from my credit card company, reporting a suspected some fraudulent use of my Visa card.  After reviewing some recent charges, there was one that I did not recognize and my card was cancelled.  I have to hand it to CapitalOne – they really are on the ball when it comes to figuring out what charges are legit and which ones are not.  It’s a little bit creepy to be honest. Ah, the age of data mining.

As I was jotting down the list businesses I’ll have to contact to updated my information once my new card arrives, I starting thinking about credit card numbers.  With all the talk about the end of the IPv4 address space, I can’t help but wonder about how many possible credit card numbers are left to distribute, especially with the use of temporary cards, like Visa or AMEX gift cards and the like.

I did a quick little search and found some slightly dated information estimating that even if credit cards only had 10 digits instead of the average 16, there would still be enough numbers to give everyone currently alive on the planet a number, with extras for people being born over the next 25-30 years.  Still that doesn’t seem like all that many to me – I know that my Visa card has been reissued at least 3 times now since I’ve had it, so I might have already used my fair share.

Without spending a lot of time pondering this issue, I guess between the various credit card issuing companies and bank numbers used to create card numbers, it’s possible to have some overlap in the customer identifying portion of the card number without causing a problem. Plus, credit card technology is always evolving.  There is always news about the use of chip cards and there are companies like this one, developing totally new ways of keeping cards secure and easy to use.  A flexible, electronic card with a rewritable magnetic strip? Cool.

Meanwhile, I guess I’ll enjoy this unexpected hiatus in my holiday shopping.The economic recovery will have to manage without me for a few more days.

The How and Why of an ImageRight Test Environment

Over the last few days, I've coordinated setting up a new test environment for ImageRight, now that we've upgraded to version 5.  Our previous test environment was still running version 4, which made it all but useless for current workflow development.  However, workflow development isn't the only reason to set up an alternate ImageRight system - there are some other cool uses.

ImageRight has an interesting back-end architecture.  While it's highly dependant on Active Directory for authentication (if you use the integrated log on method), the information about what other servers the application server and the client software should interact with is completely controlled with database entries and XML setup files.  Because of this you can have different ImageRight application servers, databases and image stores all on the same network with no conflicts or sharing of information.  Yet, you don't need to provide a separate Active Directory infrastructure or network subnet.

While our ultimate goal was to provide a test/dev platform for our workflow designer, we also used this exercise as an opportunity to run a "mini" disaster recovery test so I could update our recovery documentation related to this system.

To set up a test environment, you'll need at least one server to hold all your ImageRight bits and pieces - the application server service, the database and the images themselves.  For testing, we don't have enough storage available to restore our complete set of images, so we only copied a subset.  Our database was a complete restoration, so test users will see a message about the system being unable to locate documents that weren't copied over. 

I recommend referring to both the "ImageRight Version 5 Installation Guide" and the "Create a Test Environment" documents available on the Vertafore website for ImageRight clients.  The installation guide will give you all the perquisites need to run ImageRight and the document on test environments has details of what XML files need to be edited to ensure that your test server is properly isolated from your production environment.  Once you've restored your database, image stores and install share (aka "Imagewrt$), its quick and easy to tweak the XML files and get ImageRight up and running.

For our disaster recovery preparations, I updated our overall information about ImageRight, our step-by-step guide for recovery and burned a copy of our install share to a DVD so it can be included in our off-site DR kit.  While you can download a copy of the official ImageRight ISO, I prefer to keep a copy of our expanded "Imagewrt$" share instead - especially since we've added hotfixes to the version we are running, which could differ from the current ISO available online from Vertafore.

Because setting up the test enviroment was so easy, I could also see a use where some companies may want to use alternate ImageRight environments for extra sensitive documents, like payroll or HR.  I can't speak for the additional licensing costs of having a second ImageRight setup specificially for production, but it's certainly technicially possible if using different permissions on drawers and documents doesn't meet the business requirements for some departments.

Will Computers Ever Become a Key Kitchen Tool?

With the holidays fast approaching, I can't help but be paying a little more attention to what's been going on in my kitchen, where mostly low-tech options reign.  I enjoy cooking and with that comes my very basic way of organizing recipes - in binders, sorted by category.  It's simple and it works for me. 

I have a couple cookbooks on my Kindle and while I'm really happy with the Kindle for regular reading, it just hasn't made its way into the kitchen as a viable way to store and access recipes.  I don't want to get it messy during food preparation and I want to be able to move it around and view it from various places while I'm working on a meal.  A recipe card or magazine clipping in a small plastic sleeve always seems to work for me - I can tape it to a cabinet, slide it around on the counter and can wipe it off if I get greasy prints on it.  Plus, the screen saver never kicks on.

Still, the desire to bring computing to the kitchen has never been far from the minds of people who work with technology.  Starting in 1969, Honeywell introduced the first "kitchen computer", the H316 pedestal model, offered by Nieman Marcus.

The need to take a two week programming course and the ability to be able to read the binary display was probably a few of the reasons there is no record of one ever being sold. 

Still, ideas for computing in the kitchen still rise to the surface.  Check out this article in the San Francisco Chronicle today, covering the ideas of a smart countertop, where cameras and a computer work together to identify food items and suggest recipe ideas that use the ingredients available.

Maybe this will entice my husband to don an apron and practice his knife skills.  Or not.

OfficeScan 10.5 - Installed, with some Oddities

I finally upgraded our office antivirus software to the lastest and greatest version from TrendMicro.  This has been on my list since spring time, and well, you know how those things go.  Because the server that was hosting our exisiting version is aging rapidly, I opted to install the new version on a new, virtual installation of a Windows 2008.

The installation went smoothly and lined up well with the installation guide instructions.  Once that was running, I was easily able to move workstations and servers to the new service using the console from the OfficeScan 8 installation.   Our OfficeScan 8 deployment had the built-in firewall feature enabled, which I opted to disable for OfficeScan 10.  Because of this, the client machines were briefly disconnected from the network during the reconfiguration and this information lead me to wait until after hours to move any of our servers that were being protected to avoid loosing connectivity during the work day.

Keep in mind that OfficeScan 10.5 does not support any legacy versions of Windows, so a Windows 2000 Server that is still being used here had to retain its OfficeScan 8 installation, which I configured for "roaming" via some registry changes.  This allows it to get updates from the Internet instead of the local OfficeScan 8 server.  Once that was done, I was able to stop the OfficeScan 8 service.

Some other little quirky things:

• You can't use the remote install (push) feature from the server console on computers running any type of Home Edition of Windows.  I also has a problem installing on a Windows 7 machine, so I opted for doing the web-based manual installation. Check out this esupport document from Trend that explains the reason - Remote install on Windows 7 fails even with Admin Account.
• I wanted to run the Vulnerabilty Scanner to search my network via IP address range for any unprotected computers.  However the documentation stated that scanning by range only supports a class B address range, where my office is using a class C range.  I couldn't believe that could actually be true, but after letting the scanner run a bit with my range specified and no results, I guess it is.

Overall, it was relatively quick and painless process.  I wish there had been some improvements to the web management console, like the ability to create customized views.  The "grouping" features seems a bit limited as well.

Next, I'll probably see that the client installation gets packaged up as an MSI, so we can have that set to automatically deploy using group policy.

IPv6: Yes, My Head is in the Sand

There has been a fair amount of chatter about the depleting IPv4 address space how the adoption of IPv6 is looming. If you haven't seen it, check out the post at Howfunky.com on "The Ostrich Effect". Of particular interest is how a lot of network and system  administrators are ignoring IPv6 all together, and I admit I’m one of them.  My head is firmly entrenched in the sand. While it might not be the best approach, I’ll explain why I am where I am.

First, I’m not going to tell you that I don’t think IPv6 will stick. It will. Also, I find it pretty interesting and would love to be able to meet it head on when the time comes to make the transition.  But here’s the issue – I don’t see the pressing need right this moment for the infrastructure I work with and I have other projects that need my time and attention first.  IPv6 just isn’t an emergency.

For the enterprise that I manage, our public facing Internet presence is very small.  I have two /28 ranges assigned and I’m barely using half of those addresses as it is.  I predict that I won’t need any additional addresses anytime soon.  Internally, we are privately addressed and we have several legacy applications that will never be rewritten or patched to support IPv6.

Of course, I know that some of our newer servers and workstations are automatically establishing IPv6 addresses for themselves and we should be utilizing that by embracing the dual stack technology that’s built into our newer Windows machines.  If nothing else, I should have a better handle on what going on automatically when those machines connect to our network.

I also know that at some point we’ll need external IPv6 addresses on the ‘net, so others who are using the protocol can access our mail and web servers.  I’m sort of hoping that our ISP will contact me one day and say “Here! These IPv6 addresses are for you and this is what you do with them!"

Wishful thinking I know.  But right now, that’s all I can afford.

The Post-Mortem of a Domain Death

The past few days have been busy as we've been performing the tasks to remove our failed domain controller and domain from our Windows 2003 Active Directory forest.  Now that everything is working normally and I can check off that long-standing IT project of "remove child domain" from my task list, I'd like to share a few things we've learned.

• NTDSUTIL will prompt you several times when it comes to removing the last DC in a domain using the steps in KB 216498. It will even hint that since you are removing the DC in the domain, that you are also removing the domain itself.  But you are not.  You must take additional steps in NTDSUTIL to remove the orphaned domain, see KB 230306 to finish up.
• How do you know you have an orphaned domain? Check AD Domains and Trusts.  If you still see a domain in your tree that you can't view the properties of, you aren't done yet.  Also, if your workstations still show the domain as a logon option in the GINA, get back to work.
• You might remember to clean up your DNS, but don't forget to also clean up WINS.  WINS resolution can haunt you and keep your workstations and applications busy looking for something that isn't there anymore.
• Watch your Group Policy links.  If you've cross-linked policies from the child domain to your forest root or other domains, workstations will indicate USERENV errors referencing the missing domain.  Policies from other domains won't show up in your "Group Policy Objects" container the GPMC.  You'll need to expand all your other OUs in the GPMC to find any policy links that report an error. 
• If you are using a version of Exchange that has the infamous Recipient Update Service, remove the service entry that handles the missing domain.  You'll see repeated MSExchangeAL Events 8213, 8250, 8260 and 8026 on your mail server otherwise.

I've used NTDSUTIL in the lab and in production several times to remove failed domain controllers, but removing an orphaned domain happens far less frequently.  While the majority of our Microsoft applications handled the existence of references to the orphaned domain with grace until we completed the clean up, one of our third party applications, ImageRight, was far more sensitive about it. 

We found that a combination of the WINS resolution and the orphaned trust relationship distracted the application enough that it was slow to operate, sometimes refused to load at all, and hung on particular actions.  If you happen to be an ImageRight customer who uses the Active Directory integration features, keep in mind that it likes all the AD ducks to be in a row.

While we had a little a bit of pain getting to this point, I'm really happy that our AD forest is neater and cleaner because of it.  It'll make it much easier to tackle other upgrade projects on the horizon for Active Directory and Exchange.

Don’t Miss Out on gogoNET Live! Videos

On Wednesday, I had the pleasure of doing the post-presentation interviews for the speakers at the gogoNET Live! IPv6 Conference. These short little chats should be posted at www.gogonetlive.com in the next few days and will give you a taste of what each presentation included and some tips for implementing IPv6.  Hopefully I’ll have some time in the next few weeks to listen to some of the full presentations (soon to be available as well), so here are few that will be on my list.

• Bob Hiden, Check Point Fellow and Co-inventor of IPv6 - his presentation on why IPv6 was invented will give anyone a good overview of why IPv6 is a necessary move for anyone who uses or supports activities on the Internet.
• Elise Gerich, Vice President of IANA and John Curran, President and CEO of ARIN – both spoke about the various aspects of the anatomy of IPv4 address depletion.  I’ve always been fascinated by the DNS and IP address infrastructures that make the internet work and you can’t get any closer to the source that with these industry executives.
• Silvia Hagan, CEO of Sunny Connection – Silvia’s presentation was on how to convince your boss to make the move to IPv6. She’s also the author of the O’Reilly book on IPv6, so trust her ideas are good ones.
• Jeremy Duncan, the Senior Director of IPv6 Network Services at Command Information – Jeremy focused on how to set up and get the most out of your test/lab network.  We all will have to start somewhere when it comes to learning about IPv6 and some good tips on getting your lab of the ground will go a long way.
• Joe Klein, the Cyber Security Principal Architect at QinetiQ – IPv6 has many security features built right in.  Be sure to check out what Joe has to say about the features, changes and possibilities once IPv6 is well established. 

Special Note: As of this writing, the videos are not yet posted.  Make a note to check in a www.gogonetlive.com next week to see when they are available.

Virtualized Domain Controllers? I’ll pass, thanks.

There are a lot of good arguments for virtualizing DCs. You should have several of them for redundancy, but depending on the number of employees and general work load, DCs tend to be underutilized and it can be hard to warrant having a whole physical server for each one. But after loosing a second domain controller after doing essentially some basic VM maintenance, I’m not sold.

You may remember a previous post of mine from the summer of 2009 about NTDS Error 2103, when the DCs in a small child domain were virtualized.  I had agreed to virtualize both DCs from that domain as the domain was not supporting any user accounts and had less than a half dozen servers as members.  One did not convert well and we decided to just leave the remaining DC as the sole one standing for that domain after vetting out the risks.  There are several “rules” to follow when virtualizing DCs, particularly not restoring snapshots of them and not putting yourself in the situation where your VM host machine need to authenticate to DCs that can’t start up until your host authenticates.

Fast forward about 16 months, to now.  Our system administrator who handles the majority of our ESX management was migrating many of our VMs to our newly installed SAN.  He reported that he shut down the DC normally, moved the VM and then started it back up a few hours later after all the server files had been copied over. The few servers that use that DC were working properly and everything looked good. 

But alas, a few weeks later, the server reported a USN rollback condition. Replication and netlogon services stopped.  I checked the logs to see if I could figure out the cause, but only saw things that added to the confusion.  The DC was mysteriously missing logs from between the time of the VM relocation and the time of the NTDS error.  And the forest domain controllers had logs indicating it had been silent for nearly 2 weeks. At this point, I can only speculate what went bad.

We slapped a bandage on the server by restarting netlogon so those few servers could authenticate, but without replication happening properly, the server will simply choke up again. And after the tombstone lifetime passes, the forest domain will consider it a lost cause.  It’s essentially a zombie.

So begins our finally steps to decommission that child domain. I have no interest in restoring that domain from backup, since removing that domain has been an operations project that has been bumped for a long time. Now our hand has been forced and the plan is simple.  Change a couple service accounts, move 2 servers to join the forest root domain and then NTDSUTIL that DC into nothingness.

As for our two forest root domain controllers?  I’ll throw my body in front of their metal cases for a long time to come.

Upcoming Tech Events

In case you are lacking in some tech related places to be, here are a few good options for the upcoming week.

November 2nd - You should vote, of course.  But when you are finished that, swing by the Pacific IT Professionals meeting in San Francisco.  There will be a presentation from NetApp on storage solutions, followed by two Microsoft specific topics -  BPOS (Business Productivity Online Suite) and MDOP (Microsoft Desktop Optimization Pack).  I'll be doing the MDOP presentation, so if you aren't sure what applications come inside that pack and what they do, this will be a great chance for you to get an overview.

November 3-4th - The gogoNet LIVE! IPv6 Conference in San Jose. I hear the pre-conference workshops are booked up, but it's not to late to attend the 2 days of sessions on planning and transitioning to IPv6.  I'll be helping out with some of the conference logistics on the 3rd and am hoping to slip into a few of the presentations as well.
 
Today and the next couple Thursdays - Callahan, a Microsoft MVP and book author on SharePoint, is offering up several free webinar presentations on SharePoint Foundation.  Today's session is already started, but you might want to check out what she has to offer in the coming weeks. If I was migrating my current SharePoint WSS 3.0 installation to Foundations, I'd start my planning with anything Callahan has to offer.

DNS Transitioning within AT&T

It took several months of emails, phone calls and coordination, but I finally managed to get our office Internet connection switched from the "legacy" (aka "PacBell") frame relay to the newer AT&T fiber optic network.  This also included an upgrade in our connection speed, which is always a win.  Our IP address ranges were ported from the legacy account to the new service, so we had very little downtime during the cut over - it was a fantastic migration experience.

 After letting our new service settle in for a few weeks and since email responses from AT&T reps are often spotty or non-existent, I called up the customer service number to request that the legacy account be cancelled so we are no longer billed.  The representative I spoke to happily emailed me a "Letter of Authorization to Disconnect" that I would need to verify, sign and return.  Seemed pretty easy to me.

 As I reviewed the letter, I noticed a familiar account number referencing the Internet access, different than the billing account number.  It was the same account number that I used to request changes to our external DNS registrations. Bells went off in my head. Certainly those DNS entries would be ported to the new service with the IP address ranges themselves, right?  Right?

 To confirm, I started off with the tech support email for my new service.  They promptly replied, saying I needed to contact the DNS team and provided additional contact information.  I called the DNS team and explained my situation.  The representative confirmed, that no, they don't have any of our DNS records in their systems.  Our DNS records are with the legacy PBI group.  I'd have to submit a request to add the DNS records with the new group so that they had them in their name servers prior to the disconnect of the legacy service.  He was also nice enough to explain their system for requesting changes, which involved knowing a magic "CCI Number" for my account.  This CCI number which was totally new and different than anything else I knew about and which I promptly wrote down as an addition to my runbook.  (I swear, I learn something new about telecommunications every time I get off the phone with AT&T.)

Then I gathered up all the known external DNS records I had documented and sent an email to the legacy DNS group asking for a copy of my zone record so I could be sure I didn't miss anything.  Based on what I have on hand, it'll be a great time to do some housecleaning with our external zone records.   I will also need to update our domain registrars with the new name servers as well.

If all goes well, this will be sorted out in a few days and I'll be free of my old circuits and billing by the end of November.  If not, I'm sure I'll have another story to tell.

Blog Highlights for October

October is just flying by, but I thought I’d take a moment to toss out a some other great blogs and recent posts that have caught my eye in the last few weeks.  (Many are by some of my fellow Microsoft MVPs, too!)

For those of you in the Exchange camp, check out BlankMan’s Blog, by Nicolas Blank, an Microsoft Exchange MVP. He’s recently posted a link to the Exchange 2010 Architecture Poster and a overview about Exchange 2010 SP1. 

Thinking about IPv6? Don’t miss out on some recent posts on www.howfunky.com, the blog by Microsoft MVP, Ed Horley.  Are you an ostrich or not when it comes to IPv6? You might want to find out.

Maybe you are on the certification path, if so, don’t miss out on some of the posts on the Born to Learn blog, geared to keep you up to date with the latest in Microsoft certification.  Born to Learn recently highlighted MVP Justin Rodino, who will be presenting a session on Windows 7 at the upcoming Certified Career Conference on November 18th.

Finally, since I’ve spent a lot of time in airports this month, I’m finding the TSA Blog to be particularly interesting. Learn about upcoming technologies, changes in protocols and tips on packing so you can breeze through security. Maybe I’ll cross paths with you at the airport.

What's in Your Runbook?

At least once a year, the time comes to re-address the documentation around the IT department regarding disaster recovery. One of the things I've been working on improving over the last two years is our network runbook. We keep a copy of this binder in two places - in our document management system (which can be exported to a CD) and in hard copy, because when systems are down the last thing you want to be unable to access is the documentation about how to make things work again. 

Here's a rundown of what I have in mine so far, it's in 10 sections:

1. Runbook Summary - A list of all servers with their IP address, main purpose, a list of notable applications running on each and which are virtual or not. I also include a list of which servers are running which operating system, a list of key databases on servers and finally copies of some of our important passwords.
2. Enterprise AD - A listing of all corporate domains and which servers perform what roles. I include all IP information for each server, the partitions and volumes on each and where the AD database is stored. Functional levels for the domain and forest are also documented.
3. Primary Servers and Functions - This is similar to the Enterprise AD section, but it's for all non-domain controllers. I list out server information for file services, database servers and their applications and backup servers. I document shares, partition and volume information (including the size), important services that should be running and where to find copies of installation media.
4. ImageRight - Our document management system deserves it's own section. In addition to the items similar to the servers in the previous section, I also include some basic recovery steps, dependencies and the boot sequence of the servers and services. Any other information for regular maintenance or activities on this system are also included here.
5. Email / Exchange - This is another key system that deserves it's own section in my office. I include all server details (like above) and also completely list out every configuration setting in Exchange 2003. This will be less of an issue with Exchange 2007 or 2010 where more of the configuration information is stored in Active Directory. However, it makes me feel better to have it written down. I also include documentation related to our third-party spam firewall and other servers related to email support.
6. Backup Details - A listing of each backup server, what jobs it manages and what data each of those jobs capture.
7. Telecommunications - Details about the servers and key services. I also include information regarding our auto attendants, menu trees and software keys.
8. Networking - Maps and diagrams for VLANs, static IP address assignments, external IP addresses
9. Contacts & Support - Internal and external support numbers. Also include circuit numbers and other important identifying information.
10. Disaster Recovery - Information about the location of our disaster recovery kit, hot line and website. A list of the contents of our disaster kit and knowledge base articles related to some of our DR tasks and hard copies of all our disaster recovery steps.

This binder is always in flux - I'm always adding and changing information and making notes, as well as trying to keep up with changes that other team members are making to the systems they work with most.  It will never be "done" but I'm hoping that whenever I have to reach for it, that it will always be good enough.

October is National Cyber Security Month

Personally, I think every month should be a month people pay attention to security online, but regardless, here are some resources and blog posts to help you think about being more secure as you navigate the world online.

First, Microsoft has a whole site dedicated to online safety, don't miss out on some tips for creating more secure passwords and using public computers.  There are even some great brochures and sheets you can print out and share at the office or with clients.

Also, check out this post by Microsoft's Worldwide Chief Security Officer, Robert Halbheer, on "Is the online world more dangerous?" He provides a link to another great handout that addresses some myths regarding online safety.

Finally, one of the most common ways that people are exposed to online security risks is by clicking on spam.  Check out a short post on managing spam by another sysadmin that works in the trenches, The UberGeekGirl.

When it comes down to it, managing your security and safety online is not all that different from managing it everywhere else.  You already keep track of your keys and your wallet, you lock your car and your house when you leave, and you don't leave your credit information around for people to grab.  Just do the same online - keep track of your passwords, don't stay logged onto web services on public computers, don't click on links that look suspicious in emails or on social networking sites and look to do business with online companies that use secure websites for transactions. 

Keep safe everyone, no matter where you are.

ImageRight Hotfixes = Happiness!

My last post about ImageRight covered two defects that we were experiencing that will not show up in the release of version 5.3.  However, since they were critical to actually viewing and interacting with images in the system, last week we received the hotfix that address both of those items.

The fix updated five DLL files on the client side and was provided to us as a self-extracting executable file that needed to be ran on each desktop.  I'm not a fan of sending executable files to my end users to click on via email, since that encourages some email habits I'd prefer to avoid.  Thus, we (meaning my rockin' programming co-worker) repackaged the hotfix as a MSI file that I could easily deploy via Group Policy.  I tested the fix on my desktop and we rolled it out to the rest of the staff the following morning for installation at the next desktop reboot. 

One little caveat that would have been nice to know ahead of time... Once a user has the fix installed, ANY .tif document they add to the system will cause a "red X" error on a non-fixed ImageRight client.

I discovered this after installing the fix on my machine and then adding in some expense reports for processing.  I then had to go over and install the hotfix on an accounting computer so my tasks could be processed.  Going forward, that user would create documents than everyone else in the office wouldn't be able to view until they had the hotfix.  So it's imperative that this particular fix be rolled out en mass, so users don't see even more errors.

Overall, kudos to the ImageRight Support team and the developers for working hard to make sure that ImageRight continues to work for us.

System Center Essentials and the Reappearing Declined Updates

I've been slowly spending time with System Center Essentials and one of the things that turned out to be the most time consuming task when first installing SCE is approving and declining the seemingly endless number of updates.  I've grouped out my servers and workstations by the operating system they are running, as well as a few other specialty groups for specific applications like SQL, Exchange, etc, that often have specific updates.  Then I went through and approved updates for each group and declined all the updates that were expired, superceded or didn't apply to my environment for one reason or another.  (Yes, you can manually tweak which types of updates you download, but there still always seems to be something I don't want in the list.)

All was good.  Then a few weeks later, all the updates that I declined had magically returned to my "unapproved" list.  How frustrating. 

On the Microsoft TechNet Forums I found a post from June 2010 that mentioned how the "Update cancelled or renewed subscriptions maintenance task" was likely buggy and the culprit for this problem.  Disabling this task would prevent declined updates from accidentally get tossed back into the "unapproved" list when each maintenance cycle came around.

To find the setting, open your SCE Console and select the "Updates" view.  On the right side of the Update Overview page, you'll find a task list that includes and option to "Configure Windows Server Update Services Maintenance".  Within these settings, you'll want to uncheck the option to "Update cancelled or renewed subscriptions" which is supposed to "decline all updates for inactive subscriptions and change the status of all updates for subscriptions that have been renewed within the previous 30 days." 

If you are interested in more details about what that option is supposed to do and what you might be missing out on by deselecting it, check out this blog post on the System Center Essentials Team Blog.

Coming Soon! - Chat with MVPs, Learn about IPv6 and Hang with PacITPros

October is starting out with a bang.  Here are a few upcoming events that you might want on your calendar.  Please visiting their listed sites for more information or to register.

October 5th - PacITPros Monthly Meeting - This month they welcome Chad Scott, Solution Architect with Infoblox who will be going over their DNS/DCHP/IPAM solution plus their newest solution of NetMRI from the recent acquisition of Netcordia.  Also featured will be Kenny Spade, Academic Developer Evangelist with Microsoft presenting on Windows Phone 7. This will be a sneak peak prior to the official launch date, so you will get to see the handset and OS in action.

Meeting location is at the Microsoft Office, 835 Market Street, Suite 700, San Francisco, CA 94103. Please RSVP at the www.pacitpros.org website.

October 14th - Chat About Microsoft Office and Windows with the MVP Experts, 10-11am PST -Would you like to learn more about the cool new features in Office 2010 and Windows 7 and what has changed since previous versions? Do you use Microsoft Office but would like to learn tips and tricks to be more productive at home, school or at work? Perhaps you are a new user who has questions on how to get started with Windows 7 or using the Office ribbon? Or would like to learn how to protect your computer from malware and viruses. Or perhaps you are just stuck and need answers. 

The Microsoft Most Valuable Professionals (MVPs) are here to help! The MVPs are the same people you see in the technical community as authors, trainers, user groups leaders and answerers in the Microsoft forums. For the first time ever we have brought these experts together as a collective group to answer your questions live.

MVPs will be on hand to take questions about Microsoft Office 2010 or Office 2007 products such as Word, Excel, PowerPoint, Outlook, Access, Project, OneNote and more. As well as the Windows 7 and earlier versions such as Windows Vista. In addition to Microsoft Office, the chat will cover Windows related topics such as upgrading, setup and installation, securing your PC, Internet Explorer, personalizing your computer desktop or having fun with Windows Live Essentials to share photos, make movies and more. All levels of experience are welcome from beginners and students to intermediate power users.

Please join this informative Q&A style chat and bring on your basic and your tough questions!

November 2-4th - The gogoNET LIVE! and CAv6TF IPv6 Conference - With IPv4 addresses predicted to be depleted within 18 months we all need to start becoming familiar with IPv6. The California IPv6 Task Force is pleased to present the gogoNET LIVE! IPv6 conference at San Jose State University to:

- Get the knowledge you need from experienced IPv6 professionals
- Learn IPv6 theory in workshops
- Make useful technical contacts in the IPv6 world

 This is the only local West Coast IPv6 event for the remainder of 2010 and it is right here in the Bay Area so take advantage of this opportunity to increase your knowledge on all things related to IPv6.  gogoNET LIVE! is a live version of the gogoNET social network that has close to 30,000 IPv6 professionals as members.

Be prepared, don’t fall behind – this is your chance to get on the cutting edge of IPv6 deployment. Visit http://gogonetlive.com for details and to register.

Getting Started with BitLocker on the QuickStart Blog

This month, I was asked to write a guest post for the folks at QuickStart Intelligence training center. I was excited that they remembered me fondly from their Windows training event this past April and was happy to help them out.

If you are looking to use BitLocker with a USB flash drive as your key storage, head over to their blog and check out what I've shared in Getting Started with BitLocker.

TechNet Events Presents: Deploying Windows 7

This week's "TechNet Events Presents" event in downtown San Francisco was on deploying Windows 7.  I've attended sessions, blogged and presented on some of these topics in the past year and it's still a hot topic.  There is clearly still a need to talk about the benefits and challenges of moving to Windows 7 and the tools available to overcome those challenges.

With the job market and the economy in its current questionable state, many businesses are truly doing as much as they can with less.  Sometimes that means delaying projects - if Windows XP is still doing it's job, the deployment of Windows 7 might be waiting in the wings.

If you are just beginning to think about rolling out Windows 7 you'll want to know about some of the tools like ACT and MDT.  Also, don't forget about App-V, MED-V or XP Mode which may help you keep some legacy applications in play while taking advantage of the new features in Windows 7.

Here are some links to tools and resources you might like to check out:

• Application Compatibilty Toolkit (ACT)
• Microsoft Deployment Toolkit (MDT)
• Microsoft Desktop Optimization Pack (MDOP) - Includes App-V, MED-V and other tools for SA customers.
• Springboard Series on TechNet - The portal for Windows Client OSes! Find videos, documentation and other great tips.
• Chris Henley's Blog - Chris was the presenter at this TechNet Events Presents event.  He blogs about all things Microsoft and he also posts his slide presentations from the events.  Chris also co-authored a great guide for Windows Server 2008 R2 Administration.

The Springboard Series Tour takes on Europe!

Just wanted to share some information I regarding the Springboard Series Tour, scheduled to begin in late October in Europe.  If you happen to be in any of the cities listed below, don't miss out.

Microsoft Windows, Office and MDOP Deployment Workshops 

www.springboardseriestour.com

• Amsterdam - 25 Oct
• Stockholm – 27 Oct
• Helsinki – 29 Oct
• Reading – 1 Nov
• Rome – 3 Nov
• Vienna – 4 Nov

The Microsoft Get On the Bus Tour is taking a winter hiatus to bring you a new tour – the Springboard Series Tour: Microsoft Windows, Office and MDOP Deployment Workshops!  Amsterdam marks our first stop on a 6-city European tour, en route to TechEd Europe, in Berlin, Germany. Are you looking to plan, pilot or deploy Windows and Office? Our workshops will cover the Office 2010, key deployment strategies for Windows 7, the Microsoft Desktop Optimization Pack, as well as show you the value of getting trained and certified in these key products. 

Learn why Windows 7 has received rave reviews from IT organizations and is setting records as the fastest selling operating system in history, and find out why so many IT Pros are ready to deploy Office 2010. Give us five hours, and you will have a clear understanding of the tools, tips and tricks you need now to jumpstart the successful deployment and management of your Windows desktop environment today. Come join members of the Windows and Office US Product Teams, as well as local Microsoft Technology Evangelists for technical training, professional networking, and real world guidance. Don’t miss your chance to attend a workshop in the 2010 Springboard Series Tour, register today at www.springboardseriestour.com.

Get your Tour updates first! Follow us on Twitter, @MSSpringboard

Goodbye Live Communications Server 2005

If you happen to be a regular reader of Techbunny.com, you probably know that while I'm a big user of Microsoft products, I'm still happy to remove a MS product when something from a 3rd party will meet my needs. 

In this case, it was Live Communications Server 2005 that took the hit.  We have very few users that regularly "instant message" within the office and with our recent Shoretel upgrade, the conference bridge included basic IM services that could be integrated within our VoIP desktop software.  This would reduce the need for us to manage another server VM and free up those resources for other purposes.

I was concerned that removing LCS would be a chore, but it turns out it was quite easy with less than a dozen steps.  Find them here in TechNet.  I also love the great post-removal report that was generated, as I was able to add that to my change control documentation.

While the upcoming version of Microsoft Unified Communications looks like it will have some great collaboration features, sometimes it's easier to just go with something you might already have handy through a third-party, especially if you don't need a lot of bells and whistles.

BlackBerry BES Small Business Edition – Where to Go Next

We hadn’t planned for 16 users. Several years ago when given the task to provide BlackBerry and other mobile device support, it was only planned for executive and IT users.  I cycled through several products over the years, including ones that supported Palm devices, but spent the last couple years managing a single BlackBerry BES SBE server.  This version has a 15 user license limit, which was a non-issue up until recently. However, the broader adoption of mobile devices smart phones has lead to our office being more willing to supply those devices to other staffers and recently I’ve gotten the request that has put me over the mark for our existing server.

BlackBerry offers two options for those in my situation – A) Upgrade to the full BES edition (Enterprise) or B) Switch to BES Express.  (There is also a hosted service available, but I'm only considering in-house services at this time.) Some pros and cons are as follows:

BES Enterprise Edition

• PROS: Easier upgrade path from SBE, no need to wipe and reactivate devices. 

• CONS: There is a cost of about $2600 depending on where you get your server license; only supports devices with enterprise data plans.

BES Express

• PROS: Free; supports up to 75 users when installed on the mail server, supports more users when installed on separate server; supports devices with enterprise or personal data plans.

• CONS: No migration or upgrade path from SBE or PRO editions of BES, but can be run in conjunction with an existing server; devices will need to be wiped and reconfigured for the new server.

For my scenario, I can’t justify the additional expense of a server OS to run Express separately to support extra users, even if my goal is to eventually migrate my SBE users over time.  Keeping two Blackberry servers is simply overkill for 16 users.  Wiping devices is painful for end users and a headache I don’t plan to go looking for.

While there are upgrade costs associated with going to the Enterprise version, its a one time change that will likely be cheaper in the long run once the costs of my time and the extra management that comes with an additional server is taken into consideration.  Guess it's time for me to place that software order...

ImageRight 5.2 Growing Pains – 2 Bugs, Almost 2 Fixes

As I’ve mentioned in other posts, the recent upgrade to ImageRight 5.2 was highly successful, though we did find several bugs and oddities.  Most have been resolved with calls to ImageRight support and some, while interesting, just aren’t critical.  But I’ve got two tickets open that have been escalated to official defects and are worth noting.

Bug 1: Annotation Wrapping and Resize I’ve mentioned the annotation wrapping issue before and this stems from the new 5.x feature where you can control the ability to wrap and resize annotations on a per-annotation basis.  This is no doubt a great feature that adds a lot of flexibility to annotations and stamps.

In our 4.x environment, we have several long annotations that were resized and wrapped to fit specific areas of a page.  In 5.2 version, those 4.x “legacy” annotations are no longer wrapped, often spanning off the printable page area.  This stems from the fact that the older stamps do not have the “wrap” and “resize” flags activated, something that is controllable whenever you created an annotation in 5.2.  Upgrading from 4.x to 5.2 should have automatically defaulted the existing annotations to have those flags, as that is the native behavior of annotations in the older versions.

This will be corrected in the next revision of 5.3, but a hotfix is also expect to be available soon.  It's important to note that if a page has an affected annotation and a "new" 5.2 annotation is added to that page, all legacy annotations will be "frozen" and not corrected when the fix is applied.

Bug 2: The Red X – Desktop Can’t Display a Page Image When you see this red X in the viewing window instead of the page you selected from your file, you know you have a problem.  The big error message thrown by ImageRight Desktop that can close the application also makes it clear something is amiss.
Turns out some documents can have a DPI issue related to when annotations are placed on a page.  As I understand it, some third party import processes can put in images at a different DPI than expected and when annotations are added it makes the 5.2 software unable to load them in the viewer.  We’ve had some odd DPI issues in the past that were caused by our small Canon desktop scanners and I suspect these are the same images that are unable to be loaded by the viewer now.  We've been able to recreate the issue using the desktop scanners, so this issue is not only a legacy problem, but an ongoing one.

It’s possible to export the page to PDF and view it that way, so there is a temporary work around for viewing the page, but the user can’t annotate the file without printing that PDF copy back in.  This may be acceptable in some cases, but the document would then have a disconnect with the annotation history that might not be acceptable.

The fix for this issue is expected in version 5.3.29.1350, but a hotfix is also planned for release.

Round Up: September Events and Windows Resources

As the summer draws to a close, here are a few thing that have caught my eye.  Check them out and see for yourself.

First up, a comprehensive article on Redmondmag.com by Greg Shields on "Avoiding Active Directory Disasters", particularly with Windows 2000 and 2003 versions of AD.  It might just be time to do a little end of summer health check for an important component of your network.

PacITPros will be holding their monthly meeting tonight starting at 6pm.  It's not to late to RSVP and get in on the action.  Compellent will be presenting on their data storage solutions and there will also be a presentation on the latest and greatest with Microsoft's OCS.

On 9/30, don't miss out on the Springboard Series Virtual Roundtable on migrating from IE6 to IE8 on Windows 7, starting at 9am.  This virtual, interactive discussion will cover migration strategies, standards, and support for organizations moving from Internet Explorer 6 to Internet Explorer 8.

Finally, check in with the folks at TechNet on 9/22 when they host an in-person event on Deploying Windows 7 at the Microsoft downtown office in San Francisco.  Learn more or register at TechNet Events Presents: Deploying Windows 7. This event will also be held in Irvine, CA on 9/20 and in Los Angeles on 9/21.

Network Clean Up: Don’t Forget About Your LAN

“The network is slow.” 

Probably the worst complaint a Systems Administration team at any small to mid-sized office can get.  The end users often can’t pinpoint what “slow” is or when it happens, it’s seemingly random, or they report it after the fact when there is nothing to actively troubleshoot.

I am not a networking “guru” by stretch of the imagination. Like many small offices, our NetOps team consists of several people who may have some areas they enjoy or “specialize” in, but are mostly jack-of-all trades, ready to jump in and sort things out whenever things need attention.  I enjoy the variety, but sometimes the ongoing project list leaves you in a situation where certain areas of your “kingdom” are left until they cry out in pain.

The LAN in my office was one of those lost souls.  Sure, I’ve got my Network+ training, I used to have a valid CCNA certification, I know the difference between a hub and a switch and I can find enough of the settings in my HP and Cisco switches to assign IP addresses for management access and use some basic features.  And then my skill set drops off there – because small networks are often “set it and forget it”.   

We think about collecting SNMP logs and monitoring traffic and all that cool stuff and then reality sets in: I wish I had the time to spend installing and learning enough about those tools so they can be really useful when someone comes knocking with a “slowness” complaint.  But I don’t.  So finally I brought in someone who actually looks at networks every day. Someone who knows the settings on network gear and can look at how they work together.  Yes, I can pull out some crossover cables and make packets move from point A to point B, but I wanted some advice from someone who really understood how it all worked.

It was eye-opening.  My switches that linked the users workstations to our servers were all connected, but they were naturally oversubscribed without taking advantage of trunking any of the ports together to pass traffic to core switch over larger pipe. Spanning tree was configured incorrectly and not at turned on all on some switches.

The end result was that while my Layer 3 setup looked fine to me, the Layer 2 traffic was actually taking an extra hop through a switch that was accidentally acting as the spanning tree root, adding unnecessary delay.  After correcting that issue and ordering up some gig modules to add trunking up to our core switch, upload/download speeds of files to servers appears to be coming close the maximum available from the desktops.

Next up - increasing the speed of our internet connect by switching from frame relay to fiber from our ISP and subscribing to a bigger pipe on that end.

Recap of the ImageRight Connection Tour in Las Vegas

I had a great time catching up with some of the ImageRight staff and some other ImageRight administrators in Las Vegas last week.  While nothing beats the bigger ImageRight conference that happens every odd year, this was a nice chance to chat about a product with others who enjoy some of the same benefits and experience some of the same pains as I do.

Below are some features and changes you can look forward to in v5. While I don’t do the workflow design and administration for our system, I’m happy to bring back some new workflow features to share.

• Deadlines can be added to manual steps to help prevent tasks from stagnating in task lists if someone is out of the office.
• “Split and Rendezvous” allows a single task the capability to break into sub-tasks that then don’t move forward until they all come together as completed.
• "Authorized user checking" can help prevent tasks from being assigned to a user who can’t view a document.

Another great session was the “Tips and Tricks” for what’s new the “New Architecture” (versions 4.x and 5.x).

• Attributes can be added at the document level, as well as at all other levels.  These attributes can also be used for reporting purposes.
• The “thumbnail workpad” was replaced by a combination of the ability to launch additional viewers in new windows and to collect and reorder pages from multiple documents using the “send to” feature.
• Redaction adds the ability to blackout information in a file that applies to all view of the document, even printing or copying without annotations, based on user rights.
• Electronic signatures can be used to digitally sign versions of documents.
• The new Outlook interface and the web desktop will bring new ways of easily accessing ImageRight without needing the full desktop program available.

Hopefully we’ll be able to make use of some of these new features in the coming months to help our office make ImageRight an even more useful part of our company’s day to day operations.