DSC vs. GPO vs. SCCM vs. MDM

Microsoft Windows administrators now have a number of ways for managing their estates.

  • Group Policy (GPO)
    Allows very fine-grained control over every aspect of Windows. Primarily aimed at Windows desktops. Requires Active Directory (AD) and very careful configuration. Requires well trained specialist staff to get it right.
  • System Center Configuration Manager (SCCM)
    Allows central control over software delivery. Also requires AD. Configuration of delivery packages can be complex and very careful change control is required. Software delivery via SCCM can also be intrusive to users. Requires well trained specialist staff to get it right.
  • Desired State Configuration (DSC)
    Though extended by Microsoft this is actually part of a wider open standard “Open Management Infrastructure” and so applies to other platforms as well including Linux. Mainly aimed at server configurations. Falls into the DevOps camp as it defines server configurations in purely text format and so can be put under source control easily. DSC is typically dynamic and enforces the correct configuration (normally every 15 minutes) which greatly helps ensure secure configurations.
  • Mobile Device Management (MDM)
    Primarily aimed at mobile devices, this style of configuration is increasingly applicable to Windows Desktops with the advent of Windows 10. Microsoft InTune is leading the way with other MDM vendors following on. Not everything on the desktop can yet be controlled this way, even with W10 but many key settings and controls are already available. A much simpler method for enforcing desktop settings than the other methods, it allows fewer administrators and much less specialist knowledge.

The article from FoxDeploy covers the first three of those and lays out the purpose of each. Well worth a read.

What is missing is the 4th method which uses Mobile Device Management tooling. The leading contender for this is Microsoft InTune. However, InTune is really only focussed on Windows 10 (desktop and mobile), it has limited control in other Operating Systems.

Servers only ever exist in a given state. If they deviate or we make changes, we refactor and redeploy. DSC drives it all and the machine will be up and running on a new OS, with data migrated in a matter of minutes.

For all practical purposes, the first true large scale management tool we had for Windows systems in the modern era was Group Policy, or GPO as it is commonly truncated.

Comparatively, SCCM and MDT allow us to we import an image from a Windows install disk and then run dozens of individual steps which are customized based on the target machines platform, model, office location and other factors. The sky is the limit.

Curated from DSC vs. GPO vs. SCCM, the case for each. – FoxDeploy.com

A simple mail filer for Microsoft Outlook (VBA)

Like many people I receive an unmanageable amount of email each day. Many days I get through only around 1/3 of the email I receive.

However, the role I am in professionally requires me to retain a large proportion of correspondence. Some because it relates to ongoing projects, other because of security, audit or compliance reasons.

In addition, I work across many projects. It isn’t unusual for me to be involved in two dozen projects at any one time on top of my day-to-day management work.

So I have many folders – hundreds in fact – and filing email into the right folder has become a real drag. It can take an appreciable amount of time to hunt down the correct folder and Outlook does not provide any way to search/filter folder names in the UI.

Thankfully, I have access to VBA in Outlook. While the experience of using VBA macro’s to control Outlook is rarely pleasant, it does get the job done – mainly.

My requirements for the utility were as follows:

  • Must let me select multiple emails, if any have already been filed, show me the folder(s) so I can quickly file new email to the same folder as the rest of the conversation.
  • Must give me a list of all my folders with a simple way of filtering the list by typing a few letters.
  • Must also let me open a folder for viewing instead of filing or cancelling.

A couple of hours later, I was able to create a new utility. This has been published to Github and you can find it at:

https://github.com/TotallyInformation/outlook-filer

New Laptop: Lenovo ThinkPad Yoga

I have the pleasure of trying a new laptop right now as we consider them for work.

The Lenovo ThinkPad Yoga.

We have this configured with an Intel i5, 8GB RAM, 1TB HDD with 16GB SDD speed boost, the touch & pen screen.

It is a nice laptop with a screen that folds right over so you can use it as a slightly chunky tablet, the keyboard locks in this mode so you don’t accidentally press keys.

It is great to finally be able to afford a laptop with a proper, pressure sensitive pen interface, it is a joy to use with tools such as Microsoft OneNote.

The touch pad is also the best I’ve ever used. The pad itself is a proper mechanical button and once used, you will never want to go back to a trackpad that doesn’t provide such positive feedback and natural feel.

We have Windows 8.1 Pro on it and the usual ups and downs of that operating system apply. Personally, I find W8.1 less reliable than Windows 7 but I suspect that it comes down to the software you use. I can say categorically that the “Modern UI” apps are a disaster. In particular they do not fully close when you think you’ve closed them (check in the Task Manager) and I’ve often noticed a significant slow-down after having started and “closed” several Modern UI apps.

The laptop is certainly nice to use overall, it isn’t too heavy and can be used on one arm for 5-15 minutes without discomfort, longer than that becomes noticeable though. So not a complete tablet replacement. Great when sat however with it perched on a knee or supported with a table. No more scrappy paper notes for me! It is OneNote all the way.

The Good

  • Pen and touch with Windows 8.1 and Microsoft Office, a great combination.
  • Fairly thin considering the features available.
  • The fold-over screen is easy and natural to use.

The Indifferent

  • The Windows architecture doesn’t handle very high resolution screens well. I blame this on the development tools and Windows graphical UI libraries mainly. Too many applications do not correctly scale.
  • Only 2 USB ports. About average for a thin laptop but very limiting when there as so many devices needing USB.
  • After many years, Lenovo have finally changed their power connectors. Annoying though necessary, all those spare power supplies scattered around aren’t so useful now. Fortunately, you can buy a converter cable if you want to.
  • Some windows behave oddly, changing font sizes drastically for no apparent reason. Not sure if this is Windows or something to do with the laptop.

The Bad

  • The power button is in the wrong place, it gets clicked by mistake too often. It is on the right hand side of the base at the front. Right next to the volume buttons.
  • No drive LED indicator – really?! When using a PC this is essential if you want to know whether a pause in response is due to disk activity or something more serious.
  • Mini-HDMI interface. This is not good for a business laptop, we already have full and mini Display Link adaptors and now we need to have HDMI as well.
  • No native LAN interface. You have to give up one of the 2 USB ports and to get a USB-to-LAN cable if you want a wired connection. Again poor for a business laptop.
  • The usual pointless spamware is pre-installed. However, Lenovo are better than most, not installing too much and their own wares do seem to actually serve a purpose mainly (I probably kept 1/2 of their own tools and removed everything else). Driver and software updates seem regular.
  • Windows 8.1 Modern UI apps continue to be a very uncertain proposition with poor quality being rife and even the better quality apps seeming to regularly result in ongoing reduced performance on the PC. (Not Lenovo’s fault of course).

Conclusion

A worthy, flexible tool if you need or want both touch and pen interfaces. If not, save some money and go for a Lenovo X240. Possibly the most affordable convertible with pen and touch, at last such devices are in reach of mortals!

 

Microsoft 64-bit Application Support (lack-of)

Microsoft’s 64-bit support is still sorely fragmented as we find out with a brand new laptop trying to access Microsoft SharePoint.

The joys of working with Microsoft products!

So I have a brand-new, shiny 17″ HP laptop. 64-bit throughout. 6GB of RAM and comes pre-installed with 64-bit Windows.

You would think, then, that you would want to use 64-bit applications right? Wrong!!

I automatically use the 64-bit version of Internet Explorer to access some Microsoft specific sites (Outlook Web Access and SharePoint 2007). I install and use the 64-bit version of Microsoft Office. Does this work well with SharePoint (from Microsoft)? No!

For starters, you cannot upload an Excel spreadsheet to a SharePoint list like you should be able to. You get an error:

This feature requires Microsoft Internet Explorer version 5.0 or later, and Windows 95 or later.

Next you try to switch a list into a “Datasheet” view – which looks a bit like a spreadsheet. Inevitably, you get another error:

The list is displayed in Standard view. It cannot be displayed in Datasheet view for one or more of the following reasons: A datasheet component compatible with Windows SharePoint Services is not installed, your browser does not support ActiveX controls, or support for ActiveX controls is disabled.

To fix these errors, you then have to download and install “2007 Office System Driver: Data Connectivity Components“.

And you have to use the 32-bit version of Internet Explorer 9 (IE9).

SSH Error: “ssh_exchange_identification: Connection closed by remote host”

Fixing up an SSH login error after moving to a new ISP. “ssh_exchange_identification: Connection closed by remote host” is caused by the lack of a reverse DNS entry.

At home, we’ve just switched from a slow (2mbps) ADSL connection to a wonderfully fast 40mbps connection provided by the excellent Origin Broadband using the South Yorkshire fibre network provided by Digital Region.

I did have a small problem though that has taken some searching to resolve so I’ll detail it here in case others find it useful. Continue reading “SSH Error: “ssh_exchange_identification: Connection closed by remote host””

Apple iOS 5, What does it change for me?

There are some really nice looking changes on the way for Apple mobile users lucky enough to have a device that can be upgraded to iOS 5. I thought I’d throw together a quick look at how this will change things on a practical level for me as I use an iPhone and an iPad for work and personal use.

Update: 2011-10-13. I’ve added some more details.
Continue reading “Apple iOS 5, What does it change for me?”

Nearest Postcode Search in Microsoft Excel

I need to find a load of addresses by proximity to a postcode. I have the addresses in a Microsoft Access database.

  1. Download Paul Jenkins’s UK Postcode csv and import into Access as a table
  2. Create a query on your own table adding the following calculated field:
    <pre>PCregion: Trim( Left( [My Table]![Postcode], InStr( [My Table]![Postcode], ” ” ) ) )</pre>
  3. Create a second query that joins the above query to the imported postcode table. Join on the “PCregion” field created above. Also add in the latitude and longitude fields from the postcodes table

Well, I couldn’t be bothered to fight with Access so I exported the key tables and used Excel instead!

The principals are the same. Load the tables as tabs, load the Postcode data as a tab. Create a front sheet containing the reference Postcode (Create a Named Cell for this “STARTREGION”). Translate the reference Postcode to Latitude and Longitude by doing a VLOOKUP to the Postcode table, e.g.:

=VLOOKUP(TRIM(LEFT(RC2,SEARCH(" ",RC2 & " "))),UK_PostCodes!C1:C4,3,FALSE)

Where RC2 contains the reference Postcode and “UK_PostCodes!C1:C4” is the postcodes table (column 3 contains the Latitude and 4 the Longitude). Note that I’ve used R1C1 reference style as it is easier to mix fixed and relative references.

Now use the same formula in the main data tables so that you have Lat. and Long. columns added based on the Postcode on each line.

Finally add a “Distance” column to each data table with the following formula:

=ROUND(DEGREES(ACOS(SIN(RADIANS(STARTLAT))*SIN(RADIANS(RC28))+COS(RADIANS(STARTLAT))*COS(RADIANS(RC28))*COS(RADIANS(STARTLON-RC29))))*60*1.1515,0)

In this case, we’ve used the STARTREGION named cell and the Lat./Long. data is in columns 28 & 29 respectively.

The calculation and Postcode reference data came from HM2K’s website: How to search by nearest uk postcode in php.

Flashing the BIOS from Linux (OpenSUSE 11.0)

I’ve been a bit quiet here recently because I’ve mainly been working with my business laptop currently running Windows 7. You can see more about this on my other blog – Much Ado about IT.

However, the power supply on that died recently so I’m back to my trusty desktop which runs OpenSUSE 11.0 24×7.

I managed to get hold of an upgraded CPU for this a while back but I’ve not really had an incentive to upgrade till now. The new CPU supports hardware virtualisation but I need to enable this in the BIOS. Of course, this machine (based on an ASUS A8N-SLI Deluxe motherboard) has an old BIOS that doesn’t allow me to turn on these features so I needed to upgrade to the latest (v1805).

But, I only run Windows under VirtualBox on this computer and I don’t have a floppy drive so updating a BIOS is no trivial matter!

After some Googling, here is the answer:

  1. Install the coreboot-utils package
  2. As root, at a command prompt, run “flashrom” to check that your chipset is supported for writing
  3. Extract the .bin file from the archive containing the updated BIOS image
  4. Make a backup of the existing BIOS with “flashrom -r backup-bios.bin”
  5. For the paranoid, try writing that backup back to the BIOS with “flashrom -wv backup-bios.bin” to ensure there are no errors. Reboot at this point for the really paranoid
  6. Now flash the new BIOS with a similar command to step 5
  7. Reboot and check that the new BIOS is OK

If you get an error from flashrom saying that the new BIOS is the wrong size, you may have had a problem unpacking the bin file from the archive as I did. Unpack the whole archive to a folder.

If flashrom doesn’t work for you, there are lots of other ways – I like using GRUB to boot from a floppy disk .img file – very “Linuxy”.