DSC vs. GPO vs. SCCM vs. MDM

Microsoft Windows administrators now have a number of ways for managing their estates.

  • Group Policy (GPO)
    Allows very fine-grained control over every aspect of Windows. Primarily aimed at Windows desktops. Requires Active Directory (AD) and very careful configuration. Requires well trained specialist staff to get it right.
  • System Center Configuration Manager (SCCM)
    Allows central control over software delivery. Also requires AD. Configuration of delivery packages can be complex and very careful change control is required. Software delivery via SCCM can also be intrusive to users. Requires well trained specialist staff to get it right.
  • Desired State Configuration (DSC)
    Though extended by Microsoft this is actually part of a wider open standard “Open Management Infrastructure” and so applies to other platforms as well including Linux. Mainly aimed at server configurations. Falls into the DevOps camp as it defines server configurations in purely text format and so can be put under source control easily. DSC is typically dynamic and enforces the correct configuration (normally every 15 minutes) which greatly helps ensure secure configurations.
  • Mobile Device Management (MDM)
    Primarily aimed at mobile devices, this style of configuration is increasingly applicable to Windows Desktops with the advent of Windows 10. Microsoft InTune is leading the way with other MDM vendors following on. Not everything on the desktop can yet be controlled this way, even with W10 but many key settings and controls are already available. A much simpler method for enforcing desktop settings than the other methods, it allows fewer administrators and much less specialist knowledge.

The article from FoxDeploy covers the first three of those and lays out the purpose of each. Well worth a read.

What is missing is the 4th method which uses Mobile Device Management tooling. The leading contender for this is Microsoft InTune. However, InTune is really only focussed on Windows 10 (desktop and mobile), it has limited control in other Operating Systems.

Servers only ever exist in a given state. If they deviate or we make changes, we refactor and redeploy. DSC drives it all and the machine will be up and running on a new OS, with data migrated in a matter of minutes.

For all practical purposes, the first true large scale management tool we had for Windows systems in the modern era was Group Policy, or GPO as it is commonly truncated.

Comparatively, SCCM and MDT allow us to we import an image from a Windows install disk and then run dozens of individual steps which are customized based on the target machines platform, model, office location and other factors. The sky is the limit.

Curated from DSC vs. GPO vs. SCCM, the case for each. – FoxDeploy.com

A simple mail filer for Microsoft Outlook (VBA)

Like many people I receive an unmanageable amount of email each day. Many days I get through only around 1/3 of the email I receive.

However, the role I am in professionally requires me to retain a large proportion of correspondence. Some because it relates to ongoing projects, other because of security, audit or compliance reasons.

In addition, I work across many projects. It isn’t unusual for me to be involved in two dozen projects at any one time on top of my day-to-day management work.

So I have many folders – hundreds in fact – and filing email into the right folder has become a real drag. It can take an appreciable amount of time to hunt down the correct folder and Outlook does not provide any way to search/filter folder names in the UI.

Thankfully, I have access to VBA in Outlook. While the experience of using VBA macro’s to control Outlook is rarely pleasant, it does get the job done – mainly.

My requirements for the utility were as follows:

  • Must let me select multiple emails, if any have already been filed, show me the folder(s) so I can quickly file new email to the same folder as the rest of the conversation.
  • Must give me a list of all my folders with a simple way of filtering the list by typing a few letters.
  • Must also let me open a folder for viewing instead of filing or cancelling.

A couple of hours later, I was able to create a new utility. This has been published to Github and you can find it at:

https://github.com/TotallyInformation/outlook-filer

New Laptop: Lenovo ThinkPad Yoga

I have the pleasure of trying a new laptop right now as we consider them for work.

The Lenovo ThinkPad Yoga.

We have this configured with an Intel i5, 8GB RAM, 1TB HDD with 16GB SDD speed boost, the touch & pen screen.

It is a nice laptop with a screen that folds right over so you can use it as a slightly chunky tablet, the keyboard locks in this mode so you don’t accidentally press keys.

It is great to finally be able to afford a laptop with a proper, pressure sensitive pen interface, it is a joy to use with tools such as Microsoft OneNote.

The touch pad is also the best I’ve ever used. The pad itself is a proper mechanical button and once used, you will never want to go back to a trackpad that doesn’t provide such positive feedback and natural feel.

We have Windows 8.1 Pro on it and the usual ups and downs of that operating system apply. Personally, I find W8.1 less reliable than Windows 7 but I suspect that it comes down to the software you use. I can say categorically that the “Modern UI” apps are a disaster. In particular they do not fully close when you think you’ve closed them (check in the Task Manager) and I’ve often noticed a significant slow-down after having started and “closed” several Modern UI apps.

The laptop is certainly nice to use overall, it isn’t too heavy and can be used on one arm for 5-15 minutes without discomfort, longer than that becomes noticeable though. So not a complete tablet replacement. Great when sat however with it perched on a knee or supported with a table. No more scrappy paper notes for me! It is OneNote all the way.

The Good

  • Pen and touch with Windows 8.1 and Microsoft Office, a great combination.
  • Fairly thin considering the features available.
  • The fold-over screen is easy and natural to use.

The Indifferent

  • The Windows architecture doesn’t handle very high resolution screens well. I blame this on the development tools and Windows graphical UI libraries mainly. Too many applications do not correctly scale.
  • Only 2 USB ports. About average for a thin laptop but very limiting when there as so many devices needing USB.
  • After many years, Lenovo have finally changed their power connectors. Annoying though necessary, all those spare power supplies scattered around aren’t so useful now. Fortunately, you can buy a converter cable if you want to.
  • Some windows behave oddly, changing font sizes drastically for no apparent reason. Not sure if this is Windows or something to do with the laptop.

The Bad

  • The power button is in the wrong place, it gets clicked by mistake too often. It is on the right hand side of the base at the front. Right next to the volume buttons.
  • No drive LED indicator – really?! When using a PC this is essential if you want to know whether a pause in response is due to disk activity or something more serious.
  • Mini-HDMI interface. This is not good for a business laptop, we already have full and mini Display Link adaptors and now we need to have HDMI as well.
  • No native LAN interface. You have to give up one of the 2 USB ports and to get a USB-to-LAN cable if you want a wired connection. Again poor for a business laptop.
  • The usual pointless spamware is pre-installed. However, Lenovo are better than most, not installing too much and their own wares do seem to actually serve a purpose mainly (I probably kept 1/2 of their own tools and removed everything else). Driver and software updates seem regular.
  • Windows 8.1 Modern UI apps continue to be a very uncertain proposition with poor quality being rife and even the better quality apps seeming to regularly result in ongoing reduced performance on the PC. (Not Lenovo’s fault of course).

Conclusion

A worthy, flexible tool if you need or want both touch and pen interfaces. If not, save some money and go for a Lenovo X240. Possibly the most affordable convertible with pen and touch, at last such devices are in reach of mortals!

 

Microsoft 64-bit Application Support (lack-of)

Microsoft’s 64-bit support is still sorely fragmented as we find out with a brand new laptop trying to access Microsoft SharePoint.

The joys of working with Microsoft products!

So I have a brand-new, shiny 17″ HP laptop. 64-bit throughout. 6GB of RAM and comes pre-installed with 64-bit Windows.

You would think, then, that you would want to use 64-bit applications right? Wrong!!

I automatically use the 64-bit version of Internet Explorer to access some Microsoft specific sites (Outlook Web Access and SharePoint 2007). I install and use the 64-bit version of Microsoft Office. Does this work well with SharePoint (from Microsoft)? No!

For starters, you cannot upload an Excel spreadsheet to a SharePoint list like you should be able to. You get an error:

This feature requires Microsoft Internet Explorer version 5.0 or later, and Windows 95 or later.

Next you try to switch a list into a “Datasheet” view – which looks a bit like a spreadsheet. Inevitably, you get another error:

The list is displayed in Standard view. It cannot be displayed in Datasheet view for one or more of the following reasons: A datasheet component compatible with Windows SharePoint Services is not installed, your browser does not support ActiveX controls, or support for ActiveX controls is disabled.

To fix these errors, you then have to download and install “2007 Office System Driver: Data Connectivity Components“.

And you have to use the 32-bit version of Internet Explorer 9 (IE9).

Nearest Postcode Search in Microsoft Excel

I need to find a load of addresses by proximity to a postcode. I have the addresses in a Microsoft Access database.

  1. Download Paul Jenkins’s UK Postcode csv and import into Access as a table
  2. Create a query on your own table adding the following calculated field:
    <pre>PCregion: Trim( Left( [My Table]![Postcode], InStr( [My Table]![Postcode], ” ” ) ) )</pre>
  3. Create a second query that joins the above query to the imported postcode table. Join on the “PCregion” field created above. Also add in the latitude and longitude fields from the postcodes table

Well, I couldn’t be bothered to fight with Access so I exported the key tables and used Excel instead!

The principals are the same. Load the tables as tabs, load the Postcode data as a tab. Create a front sheet containing the reference Postcode (Create a Named Cell for this “STARTREGION”). Translate the reference Postcode to Latitude and Longitude by doing a VLOOKUP to the Postcode table, e.g.:

=VLOOKUP(TRIM(LEFT(RC2,SEARCH(" ",RC2 & " "))),UK_PostCodes!C1:C4,3,FALSE)

Where RC2 contains the reference Postcode and “UK_PostCodes!C1:C4” is the postcodes table (column 3 contains the Latitude and 4 the Longitude). Note that I’ve used R1C1 reference style as it is easier to mix fixed and relative references.

Now use the same formula in the main data tables so that you have Lat. and Long. columns added based on the Postcode on each line.

Finally add a “Distance” column to each data table with the following formula:

=ROUND(DEGREES(ACOS(SIN(RADIANS(STARTLAT))*SIN(RADIANS(RC28))+COS(RADIANS(STARTLAT))*COS(RADIANS(RC28))*COS(RADIANS(STARTLON-RC29))))*60*1.1515,0)

In this case, we’ve used the STARTREGION named cell and the Lat./Long. data is in columns 28 & 29 respectively.

The calculation and Postcode reference data came from HM2K’s website: How to search by nearest uk postcode in php.

Cygwin BASH function to open the latest version of a document

One handy function I’ve added to .bashrc (so it is always available) under Cygwin (the LINUX command environment for Windows) works out the current working version of a document. It assumes that you keep copies that have a version number or date in the file name that will sort correctly.

# Opens the latest version of a file using the Windows default application
# Assumes that you have a range of files that can be identified using some for of prefix
#   and that the last part of the file contains a version number or date that sorts in the correct order
#   e.g. myfile-lots-of-rubbish-20090720-01.doc &amp; myfile-lots-of-rubbish-20090723.01.doc
# Two arguments are required. The first is the PATH to search in. The 2nd is the shared file prefix (e.g. 'myfile-lots-of-rubbish-')
#   Put single quotes around the arguments to prevent them from being GLOBed by the shell.
# Only searches in the GIVEN path, not subfolders.
# Use with an ALIAS to have an easy way of opening a specific file from the shell
function cyOpenLatest {
    # We have to use find rather than ls because of shell expansion issues in the arguments (and problems with spaces in file/folder names)
    res=`find "$1" -iname "${2}*" -type f -prune -printf '%f\n' | sort -r | head -1`
    # Work out the file type from the .ext
    ext=`echo $res | sed "s/.*\.//"`
    # Add whatever you want to this list above the *)
    case $ext in
        doc*) TYPE="in Word" ;;
        xls*) TYPE="in Excel" ;;
        ppt*) TYPE="in PowerPoint" ;;
        vsd*) TYPE="in Visio" ;;
        *) TYPE="with Windows default application"
    esac
    if [ "$res" != "" ]; then
        echo "Opening [$res] $TYPE"
        cygstart "$res"
    fi
}

You can use it with an alias like this:

alias gic="cyOpenLatest '$HOME/Documents/Here is a folder with a space or two/' 'a-document-'"

If you name your documents sensibly such as “a-document-2009-07-20.doc” or “a-document-v01.01.doc”, then the latest version of the file will be opened in the default application

Technorati :
Diigo Tag Search :

Speeding up Cygwin

Yesterday I mentioned my success with Cygwin.

One issue I did have though was with the speed of startup. It was taking 15-20 seconds to start a BASH shell.

It turns out that this was a PATH issue. I went through my Windows PATH and cleared out the clutter. Now it takes just around 3-4 seconds for a full BASH login and less still for just running a script.

I now find myself using the BASH shell for all sorts of things and I’ve set up a number of alias’s to switch to folders I’m using a lot and to open common documents.

One handy function I’ve added to .bashrc (so it is always available) works out the current working version of a document. It assumes that you keep copies that have a version number or date in the file name that will sort correctly.

You can find the code on my development blog.

Here are a few more alias’s I use:

alias np='cygstart "/cygdrive/c/Program Files/Notepad++/notepad++.exe"'
alias c='cd /cygdrive/c/'
alias d='cd /cygdrive/d/'
alias work='cd "$HOME/Documents/Workdocs/"'
alias pers='cd "$HOME/Documents/Persdocs/"'
alias facebook='http://www.facebook.com'

Windows command prompt vs PowerShell vs Cygwin for remote backup scripts

I’ve been struggling with trying to get a new backup routine working for my Laptop.

I should point out that I have several complex requirements for backup so my needs are probably not average.

However, it really shouldn’t be this hard!

I need to use a combination of BZR (Bazaar) for document version control and RSYNC (for files that don’t need version control and for those folders that might contain files too big for version control systems – around 1/3 to 1/2 available memory).

All of the backups need to happen over a secure link since I am often outside of my home network – indeed quite often behind locked-down enterprise firewalls but that’s a story for another time. So I use SSH (Secure SHell) to manage the secure connection and transmission. Thankfully both BZR and RSYNC can both use SSH as a transport.

I don’t want to have to enter my remote system password loads of times though and this is where things started to get annoying. Using the Windows native versions of BZR, RSYNC and SSH I could not get a single shared password to work no matter what I tried.

I also had some problems trying to control the output from the various tools and use it to further control what happens next – for example getting an IP address and working out whether I am on a network and where that network is.

I tried to do this with a Windows command script first but even with the Windows 7 extensions it really is far to hard to get anything useful done and when I found myself turning to more and more utilities to help I thought “enough is enough”.

At that point I happened to be reading an article on Windows PowerShell, the .NET scripting host so I thought I’d give it another go (having tried it before). I soon found that, although powerful for controlling the WMI interface, it is desperately convoluted and annoying for general use.

So, realising that most of the tools I wanted to use have their roots in the UNIX world, it would make sense to try out the latest version of Cygwin. This has really come on a long way since it’s early days and is far more mature. It is also very much lighter in weight than the Microsoft provided UNIX services for Windows or whatever they are currently calling it. The Microsoft provided tools load perhaps a dozen services into memory permanently though they are rarely required. Cygwin only uses memory when it needs to.

After converting my backup script from Windows batch to a BASH script under Cygwin, I soon had everything working as I wanted it – including the seemingly intractable problem of the shared passwords, now using KEYCHAIN to manage the SSH-AGENT and keys. So now I only need to supply a password once, it is held reasonably securely in memory and used by SSH as and when required. I only need to enter it once per reboot.

The full script not only backs things up, it also auto-commits changes to BZR and changes network settings to match my current location and proxy server requirements. The later is not yet converted from batch as I don’t need it just at the moment.

Let me know if you are interested in a copy of the script and I’ll upload it somewhere.

Running Komodo Edit Open Source Code Editor Under Windows 7

The open source version of Komodo’s code editor and development environment Komodo Edit is a great tool for development. I use it for PHP, HTML, JavaScript and more.

However, I haven’t done any serious coding for a while so I haven’t needed to run it under Windows 7 even though I had it installed. When I did, I was disapointed to find it behaving very poorly. It wouldn’t resize properly without messing up the screen. I tried with some of the compatibility settings that Windows 7 gives you but that made no difference. I also tried an upgrade to the latest version.

A quick search didn’t reveal anything about Windows 7 specifically but I did spot a discussion about problems under Vista that were related to file permissions. Sure enough, making Komodo Edit run as Administrator fixed the issues.

I’ve had a few file permission issues under Windows 7, I’m fairly sure it is down to me messing around. However, it is clear that Windows Vista and Windows 7 are both rather sensitive to permissions issues which is worth bearing in mind.

Looking at %USERPROFILE%\AppData\Roaming\ActiveState\KomodoEdit, I could see that SYSTEM, my user and Administrators all had full access but that Administrator was the owner of some of the files. I can only summise that this is the issue.

As this needs rebuilding with Windows 7 RC, I haven’t the time to test further but certainly running as Administrator does the trick.

By the way, Komodo Edit is available for Mac and Linux as well as Windows. It has a big brother “Komodo IDE” with additional features if you need them. Both are highly configurable, support many languages and are based on the Mozilla code (like Firefox and Thunderbird) & can easily be extended with JavaScript.


Technorati : , , ,
Diigo Tag Search : , , ,