October 24, 2009
Reflecting on our Windows 7 birthday party
So this week my buddy Charlie and I threw a Windows 7 party for the IT pro community in Vancouver, BC at the Microsoft office.
The office could only handle 80 people, and we simply had to turn people away. Sorry to those who weren't allowed to come. Many people came early, and hung out in the hallway even before they were allowed in.
With almost a 100 people in that hallway just out of the elevator, that hall was WARM. I felt bad for some of the people as you could tell they were overheating. But we weren't ready to let them in as we set up the rooms with different Windows 7 systems.
When we did open the doors it was a mad rush for everyone to get in where it was cooler and they could grab a cold one and cool down. Thankfully everyone was patient and polite. Thanks to everyone for that!
Once they got in, there were several different rooms that they could go hang out in. In one room, Charlie had brought a HP Media Touchsmart so people could experience the new multi touch functionality of Windows 7. Kerry Brown, a fellow MVP with experience in Windows shell, stayed in the room teaching people all the new shell features like Libraries, Jump Lists etc, and I am told schooled some admins on the nitty gritty of Power Shell. Good job Kerry! Thanks for helping out!!!
It was interesting as everytime I looked in that room, people were surrounded around the device playing with the TouchPack games and with Virtual Earth. It was interesting to hear my buddy Alan comment that his experience on his iPhone with multitouch, especially with Google Earth, was far superior to what he was seeing there. Maybe that is something Microsoft can take away from that. Of course, big difference on a 24 inch monitor and a small iPhone screen. But the point is well taken.
We had the biggest crowds when we did demos in the main presentation room. When I was presenting on DirectAccess security I had my good friend Roger Benes (a Microsoft FTE) demonstrate how Microsoft used DirectAccess themselves. Using the Microsoft guest wireless he connected seamlessly to Microsoft's corpnet, which allowed us to demonstrate the policy control and easy of use of the technology. I am told a lot of people enjoyed that session, with several taking that experience back to their own office to discuss deployment. Thats always good to hear.
Charlie impressed the crowd showing how to migrate from Windows XP and Vista to Windows 7. He demonstrated Windows Easy Transfer and Anytime Upgrades and took the time to explain the gotchas in the experience. He even had me demonstrate XP mode on my laptop so people could see how they could maintain application compatibility with a legacy Windows XP virtualized on Windows 7.
Of course, I had a lot of fun hanging out in the far back room. I got to demonstrate some of the security stuff built into Windows 7 like BitLocker, AppLocker and BitLocker to Go. I was even asked about Parental Controls which I couldn't show on my laptop since its domain joined, but was able to show on a demo box Roger had brought for people to play with.
Some of the more interesting things I helped facilitate was asking my buddy Alan to bring his Macbook in. He is a great photographer who works with Linux and OSX a fair bit, on top of using Windows. Actually, all the photos you see in this post were taken by him. Thanks for sharing them Alan!
Anyways, I convinced him to let us use his Macbook to install Windows 7. He reluctantly agreed, as you can see from the picture below when he was looking at the Snow Leopard and Windows 7 media together. :-)
We had a fair number of people crowd around his Macbook as he went through the process of installing Bootcamp and deploying Windows 7. Interestingly enough, it flawlessly converted that Apple hardware into a powerful Windows 7 system in about 20 minutes.
Charlie and I were REALLY busy. We had presented on different sessions in different rooms throughout the night. Actually, I very rarely even saw him except for a few times when he called me in to help out with a demo. Sorry we couldn't party more together Charlie. And my apologies to those that were looking forward to our traditional "Frick and Frack" show where we banter back and forth.
Many of you may not know that outside of computers, I am an avid indie filmmaker. Actually, that is giving me too much credit. I am an amateur cinematographer at best, who had high hopes that I would get a chance to film everyone's impressions throughout the party. Unfortunately, I was so busy presenting, I had almost NO TIME to get any film recorded. *sigh* Alan did get a snap of a rare moment when I actually caught someone on film.
Of course I can't complain too much. I had a great time getting to show all the neat features in Windows 7, and answering the tonnes of questions that people had.
Of course, when the night finally wound down, it was nice to close out the party and watch the Vancouver skyline change. When we were done, we had the opportunity to hang with our IT friends in Vancouver and bring in the birth of Windows 7.
I have several people I would like to thank for making the evening possible. Charlie and I couldn't have done it without the support of people like Graham from VanTUG, Jas from VanSBS and Roger from Microsoft. Speaking of Microsoft, I have to give a shout out to Sim, Sasha and Ljupco in the MVP team who helped us get through all the red tape to throw the party at Microsoft's office. And many thanks to Brent, Alan and Kerry for helping us out throughout the event. My thanks to all of you.
I hope everyone had a good time. And if anything, Charlie and I hope you learned something that will help you deploy and use Windows 7 in your organizations. Happy birthday Windows 7. Welcome to a new world without walls!
P.S. All the pictures you see here were taken by Alan and used with his permission. You can check out some of his other amazing work at bailwardphotography.com.
October 20, 2009
Time to party! Windows 7 is here!
It's only a few days away. The official launch of Windows 7 is here!
And of course, that means its time to party!!! You may have heard about the Windows 7 House Parties that are being thrown all around the world. Basically thousands of small groups of people are getting together to see what Windows 7 can do.
Personally, I thought we needed to do more. So fellow MVP and friend Charlie Russel and I decided we would throw our own party. But focused on IT pros and not the consumer angle. We plan to have a lot of fun, showing the cool features of Windows 7 for IT pros like BitLocker, AppLocker and DirectAccess. We plan to bring a bunch of laptops and show new shell extensions, Powershell, new multitouch features and basically sit around and enjoy hours of Q&A for those that haven't tried it yet. We are even planning on installing Windows 7 on a guest's Macbook to show how well it does using Bootcamp on Apple hardware and even on small netbooks.
I also wanted to send a message out to the Vancouver IT community to clear up some misconceptions. This is a party hosted by Charlie and myself. This is NOT a Microsoft event. Microsoft was gracious enough to let us use their facility and even sprung for some of the cost for pizza. However, they never planned this out. Nor did the local VanTUG and VanSBS groups.
Our party is an INVITATION ONLY event. Because we are limited in our own budget and constrained in where we could have the party... we only have enough room for 75 people. So we could only allow a certain number of our friends to come. Charlie and I decided the best way to handle this would be to simply invite who we wanted, and then open it to our friends at the local user groups on a first come, first served basis. This is why there is a cap on the registration on the event, and why it booked up so quickly.
I am hearing through the grapeline that there is a LOT of descent in the Vancouver IT community who feel that Microsoft, VanTUG and VanSBS did a poor job organizing this. >LET ME BE CLEAR. This is a personal party that Charlie and I organized. If you were lucky enough to get an invitation and registered, great. But if you didn't, don't take it out on Microsoft, the local usergroups or their leaders. It's not their fault!!!
We are using our own money and time to throw this party. Please be considerate and respect that we couldn't invite all of you. I am happy to see there is so much excitement about Windows 7 and that you wanted to party with us. And I am sorry if you feel it isn't fair that you didn't get invited. Please feel free to share your own Windows 7 experience, and host your own party. We may be the only IT pro party during the Windows 7 launch, but nothing says you can't have your own!
So party on. Welcome to a new world. Welcome to Windows 7!
October 13, 2009
RunAs Radio podcasts you might want to listen to
Hey guys. I noticed Twitter is a buzz with a few podcast interviews I did on RunAs Radio lately. I thought I will post the links for those of you who don't follow such tweets.
There were two interviews I did last month:
The first interview was discussion on free tools available for network monitoring and diagnostics. The second was some in depth discussion on using DirectAccess with Windows 7 and Windows Server 2008 R2. I do hope you find both interviews fun and useful.
October 08, 2009
Coding Tip: Why you should always use well known SIDs over usernames for security groups
So have you ever tried to restrict access to your applications in a way so that you can maintain least privilege?
I do. All the time. And recently it blew up in my face, and I want to share my experience so others can learn from my failure.
Let me show you a faulty line of code:
Seems rather harmless doesn't it? Can you spot the defect? Come on... its sitting right in the subject of this post.
Checking to see if the current user is in the "Administrators" group is a good idea. And using WindowsPrincipal is an appropriate way to do it. But you have to remember that not EVERYONE speaks English. In our particular case, we found a customer installed our product using English, but had a user with a French language pack. Guess what... the above code didn't work for them. Why? Because the local administrators group is actually "Administrateurs".
The fix is rather trivial:
By using the well known SID for the Administrators group, we ensure the check regardless of the name or language used.
Lesson learned the hard way for me. We have an entire new class of defect we are auditing for, which we have found in several places in our code. it always fails securely, NOT letting them do anything, but that's not the point. It is still a defect. Other accounts we weren't considering were "Network Service" (its an ugly name on a German target) and "Guest". Just to name a few.
Hope you can learn from my mistake on that one. That's a silly but common error you may or may not be considering in your own code.