Sunday, July 20, 2014

5 Stupid IT Questions - Part 2 - The Electric Boogaloo

It's that time again.  Enjoy...


Question 1 - "I have about 50 to 60 desktops and laptops, and about 10 servers in my AD environment at work.  I don't have a patch management product yet, I currently patch my Windows machines manually or using scripts.  Is there a good reason *not* to use WSUS?"

Answer:  First off, you need to start drinking. Your doctor would agree with me.  I think.  Well, anyhow, if your environment is built on versions of Windows which can be supported by WSUS, then the answer is NO: there isn't a "good" reason to *not* use a free product that at least gets you closer to the goal line.  How's that for a double-double-double negative statement?  I should've been a politician.

Are there better products?  Sure.  For free?  Maybe.  Is WSUS "good enough" for most shops like yours?  Probably.

Question 2 - "My significant-other spends a lot of time reading, studying, and playing in a lab to stay current with his/her career.  Is there anything I can do for him/her?"

Answer: Yes!  Feed them.  Scratch their back.  Rub their feet. Make them laugh.  And most important, feed them some more. They need to be sure to return the favor though.  My wife is amazing, but I have to remember to rub her feet too (she deserves it).

Question 3 - "I have scheduled tasks running on computers which run under the local SYSTEM account, but when they try to execute commands or access resources from remote UNC shares, they are denied access.  What am I doing wrong?"

Answer:  Two things... the first problem is that you're not sending me cash to help me pay my bills.  Just kidding.  Second, you didn't grant sufficient permissions to the share and/or the underlying NTFS folder path.  Remember, the local SYSTEM account runs as a proxy for the computer itself (when operating in a domain context).  So, when it knocks on the door of a remote shared resource, that resource sees the domain computer account in the peep hole.  (you thought I was going to say glory hole, didn't you?  sick puppy you are).

For example, if one computer is "DT1234" and is running a task that requests a connection to server "FS0005", then that server will see "DT1234$" (they append the dollar sign to indicate you paid a lot of money for that license.  ha ha . kidding again).  Actually, if the domain is "constoso.com", then the server sees user "CONTOSO\DT1234$" (NetBIOS name + computer sAMAccountName) knocking at the door.

By default, domain-joined computer accounts are not members of the AD domain "everyone" or "domain users" security groups.  They're not even members of any group (by default) besides "Domain Computers".  Therefore, you need to grant rights on resources to that domain security group, and your domain-joined computers should be able to knock at the door and get some free food.

TIP: a simple way to test local SYSTEM access to remote shares, is to use the "psexec.exe" utility (Microsoft/Sysinternals) with the "/s" option to launch CMD.exe.  Then within the command console, running in the local SYSTEM context, try to connect or query remote resources to see what happens.

Question 4 - "I'm building a custom app/script that helps manage things within System Center Configuration Manager 2012 R2.  It needs to read and write information as well, but it looks like I can do that by ADO and SQL commands, or by WMI and WBEM commands. Which should I use?"

Answer:  (long, long inhale.... get ready, here it comes...)  Okay.  Both.  No, wait.  Neither.  No, wait, that's wrong.  Both.  Sort of.  Hold on.  This may seem a little complicated. And even if it wasn't complicated, I'm a professional, and complicating things is what I get paid to do.  That's not true either.  Just a minute. Okay. So drink up, strap in, or strap on, or buckle up, whatever...

You know how they say "never say never"?  Well, NEVER, yes, that's right, I just said "NEVER", ever write to a System Center Configuration Manager database directly.  All "write" (aka update/insert/delete) operations should be done through WMI/WBEM statements. I'll get to the "why" in a minute.

First things first:  While you absolutely can request information from the database using WMI/WBEM queries, I recommend that you do your read operations directly from the SQL Server database, rather than via WMI/WBEM.  The reason is that they're going to perform faster than WMI/WBEM requests (assuming you know how to form proper T-SQL statements).  More importantly: WMI/WBEM query statements are way more limited than T-SQL as far as what kinds of operations you can perform.  For example COALESCE, TRY_CONVERT and CASE statements, to name a few. And I won't even get into things like DATEDIFF, CAST or SUBSTRING.

Next, the reason you shouldn't push anything into the database directly is that SCCM relies on a delicate, complicated and, let's be honest, confusing-as-hell sequential process for handling change requests.  That is, updates, additions, deletions, and so on.  Each request is queued, prioritized, processed and logged.  The "processed" part involves even more sequential handling with triggers and more logging, and if you go around back, break open the window and climb in the back room, the alarm will go off and the SWAT team will repel down from helicopters and kill you.  Okay, not really.  But it will very likely break your SCCM site entirely.

When you submit requests properly using WMI/WBEM requests, they are like well-trained school kids lining up to go to the cafeteria.  They get their lunches, sit down, eat and smile the whole time.  When you shove them in directly via ADO/ADO.NET, shit will just break. Trust me. If you don't trust me, go ahead and setup a lab environment and kick those tires.  When the air blows out, don't come crying to me.

Finally, or thirdly? -  if you plan on making the same types of requests for information (read operations, that is) and they involve SQL "JOIN" statements, I recommend you create some VIEWs and apply indexing.  SQL will outperform application processing like Stephen Colbert having a debate with your dead cat.  If you've been strapping together messy "SELECT blah FROM whatever LEFT OUTER JOIN something  ON this = that..." and so on, in your script code, STOP!  Do that within the database (or create another database on the same server to pull data for abstraction and aggregation work, etc.).  So, to summarize all that blabber...

READ == Direct from the Database (SQL + ADO or ADO.NET)
WRITE ==  Through the WMI/WBEM interface

If you're thinking which is "faster": COM scripting or .NET scripting (e.g. VBScript vs. PowerShell), it depends on what you're doing, but for most things it's break-even.  The biggest factor will be where the bulk of logic handling and processing is being done:  in the database/WMI request itself, or on the information obtained therefrom.  I can already sense the .NET nerds flipping out right now. Spitting coffee through their nostrils.  Exclaiming "WTF?!!", knocking over their stacks of stale donuts and breaking pencils.   Oh well.

Question 5 - "My company is looking for a good service request ticketing system product. What products would you recommend?"

Answer: None of them.  Or all of them. The problem is that every organization that's existed for more than a few years, has evolved their own internal processes for handling requests.  Staffing varies.  Methods vary.  Resources vary.  The retail products you will try on will almost certainly be like a "one-size fits-all" suit.  Lot's of Velcro straps and adjuster things to help you pull in the tight spots to fit better.  But it's going to feel like that too.

Most off-the-shelf products will expect you to make some concessions with regards to "how" you do things.  That's not always bad, though.  Read up on ITIL, and even if you hate ITIL, it's good to have something to base your processes upon.  That or a suitcase full of drugs and a fast getaway car.  I have no idea what that's about though.

If your environment has implemented ITIL with gold medal effort, you may do really well with almost any off-the-shelf product.  However, I haven't seen an ITIL gold-medal shop in my lifetime.  I've heard stories of them, but I've never seen one.  Kind of like unicorns and leprechauns.

I see two options:  Build your own with whatever tools you have, or buy one and suck it up.  Just be warned:  The bigger your organization (staff and customer numbers), the more work it's going to be, for either direction you choose.  Be cautious of vendors offering "customization" services too.  That's their bread-and-butter.  Am I a bit pessimistic?  Yes.  It's a lot like shopping for document management solutions, or vacation homes.  I wish I could afford a vacation home.  Heck, I wish I could afford to take a vacation.


Th-th-that's all for now, folks.  Have a good week!

Thursday, July 10, 2014

It's Time for 5 Stupid IT Questions

You got IT questions? I got stupid answers.  Pull up a chair, sit down, and destroy your precious little mind reading my stupid ramblings for a bit.  What else do you have to do?  Silly Earthling.

(Note:  This is going to be an ongoing series, I think.  It depends on feedback from folks like you)



Question 1 - "In VMware Workstation and VMware Player, it has an option to preallocate the virtual hard drives.  What does this do and why should I consider it?"

Answer: It carves out physical storage space (on whatever drive/disk/volume you have it pointed at) to store the disk .VMDK file before using it the first time.  Like most things in life, there's a trade-off...

On the good side, preallocating space avoids the need to incrementally allocate more space as needed.  The incremental growth usually happens while the VM guest is running, causing some delays and pauses at times.

On the bad side, preallocating space takes up designated storage space which may not be fully-used on the inside (guest VM referencing).  For example, if you specify a 60 GB disk, it will grab 60 (plus a little chump-change space for overhead) right away.  In the end, you may only end up filling 40 GB within the guest machine, leaving 20 (or thereabouts) unused but still occupied on the physical disk.

If space isn't a concern, preallocate it to squeeze a little more performance from your virtual toyland.

Question 2 - "If I want to roll out a new Group Policy ADMX template during production hours, what negative impact would that have?"

Answer: "Would" or "Could"?  The answer depends on several factors.  But starting at step 1:  deploying an ADMX template into an AD environment involves updating the SYSVOL on the first domain controller.  From there it replicates (because domain controllers like to replicate, as nasty as that sounds).

The factors that come into play after step 1 are like a Rubik's cube.  Site link configurations, replication schedules, the size of the ADMX files, the WAN links, the network configuration, the KCC mess in the background, the amount of drugs your engineers consume, the prevailing winds, the high tide, the... whatever.  Hopefully you get the idea.  I would recommend that (after you've tested them in a separate environment of course) that you deploy them during off-peak hours.  If that isn't possible, blame it on the last person to have quit.

Question 3 - "Will shifting my SCCM environment over to a user-demand, Application Catalog scheme fix all my problems with overseeing software deployments?"

Answer:  It depends.  In general, the answer is "no", it won't fix "all" of those "problems".  Can it lessen your workload?  At best: usually.  At worst:  it will replace one set of problems with another.

Will it eliminate some problems on the whole?  Sometimes.

It depends on how diverse your applications are and how diverse the target platforms are in your SCCM site.  If you support 4,000 products, but they are well-defined in terms of assigning one product+version for each business role, then you will be better off.  If you have a lot of alternatives for the same role/purpose, start drinking and get your Liver in good shape.

The surprise "gotchas" I've seen, or heard about, with handing over the role of installing applications to end users via a catalog shopping-cart concept, have been basically from two general areas.  Each of which breaks down into two more areas:

1. Setting up the catalog
2. Cleaning up messes

The first area (setting up the catalog), involves not only building the catalog, but assigning roles and permissions, but that's the easy part.  Then comes the spaghetti-like enigma of validating product licensing and usage terms, as well as planning out the potential conflicts.  Those are the nasty things like "Product A and Product B cannot exist on the same client or they break things." or "Product A only works with .NET 4.0 while Product B only works with .NET 4.5" and so on.

The second area (cleaning up messes) involves hand-holding users that mistakenly install things and run into problems with them.  Even if you teach them how to remove those mistakes, there are going to be the breaks that require rolling up your sleeves and taking time away from other work.

The secondary issues are delegation reliability, and platform resiliency.  Big words.  I like big words.

The former (delegation) involves how well your delegated staff hold up with handling rights and assignments, as well as tech support issues that arise.  The latter (resiliency) involves how mature your environment is with regards to platform standards and methods for repairing breaks in the assembly line.  How many versions of Windows you support, how many device types, models, vendors, component versions (JRE, .NET).  Good stuff for beer talk.

Question 4 - "Is it more important to have a college degree or a certification when entering the IT field?"

Answer:  My kids' friends and their friends hit me with this question a lot.  Usually after some introductory phrase like "Excuse me, old man?  Can I axe yuze a question about getting a computer job?".

From an entry perspective (first-time job seeker), it depends on what kind of IT job you're aiming for.  If you're looking for a fairly low to intermediate job, such as anything from Tier1/desktop support, to even Systems Admin or Systems Engineer, it helps to have a degree, but it really helps to have a lot of (current/recent/relevant) certifications.

Many entry level IT jobs only require A+, Network+ and Security+ certifications, unless you start getting into VMware or Cisco type stuff (and so on).  Even then, having a Microsoft MCSA/MCSE will help a lot.

If the job your aiming for is "senior research scientist" or "database architect", well, start filling out those college enrollment applications.  It won't hurt to have your CCNA or MCSE/MCwhatever, but most high-level, expert type fields within IT expect more educational background.  And don't forget those Analysts and Project Managers, who may need a mix of schooling and certs like PMP, ITIL, etc.  Just poke around the job postings online and you'll see what I mean. (Not that I've been looking of course, cough-cough.  That's just what I've been told).

Question 5 - "What is the toughest part of getting technology to work well?"

Answer:   People.  It's just human nature to try to pound nails using a wrench.

(Thank you for reading!  Stay tuned for more IT stupidity coming soon...)

Thursday, June 26, 2014

Random SCCM Database Thoughts

I ran these on a SCCM 2007 environment, but most of them should work in 2012 R2 as well.

Crack open your SSMS console, swallow your entire Espresso, crack your knuckles, inhale deep and slow, and let it out deep and slow.  Then scream something stupid and look serious.  Now, let's get started...

List the computers in a particular AD Site, and identify their makes, models, and BIOS serial numbers...

  • Join v_R_System with v_GS_Computer_System and v_GS_System_Enclosure on ResourceID (using LEFT joins to avoid dropping those which don't report inventory yet).  Then group by the AD_Site_Name0 field.
  • Step 1, filter on the following view-joins to see the general scope of data...

SELECT DISTINCT
   dbo.v_R_System.ResourceID, dbo.v_R_System.AD_Site_Name0, 
   dbo.v_R_System.Name0, dbo.v_GS_COMPUTER_SYSTEM.Manufacturer0, 
   dbo.v_GS_COMPUTER_SYSTEM.Model0, 
   dbo.v_GS_COMPUTER_SYSTEM.SystemType0, 
   dbo.v_GS_SYSTEM_ENCLOSURE.SerialNumber0
FROM dbo.v_R_System LEFT OUTER JOIN
   dbo.v_GS_COMPUTER_SYSTEM ON dbo.v_R_System.ResourceID =

      dbo.v_GS_COMPUTER_SYSTEM.ResourceID LEFT OUTER JOIN
   dbo.v_GS_SYSTEM_ENCLOSURE ON dbo.v_R_System.ResourceID =
      dbo.v_GS_SYSTEM_ENCLOSURE.ResourceID

  • Step 2, hone it down...

      SELECT DISTINCT
         dbo.v_R_System.ResourceID, dbo.v_R_System.AD_Site_Name0, 
         dbo.v_R_System.Name0, dbo.v_GS_COMPUTER_SYSTEM.Manufacturer0, 
         dbo.v_GS_COMPUTER_SYSTEM.Model0, 
         dbo.v_GS_COMPUTER_SYSTEM.SystemType0, 
         dbo.v_GS_SYSTEM_ENCLOSURE.SerialNumber0
      FROM dbo.v_R_System LEFT OUTER JOIN
         dbo.v_GS_COMPUTER_SYSTEM ON dbo.v_R_System.ResourceID =
            dbo.v_GS_COMPUTER_SYSTEM.ResourceID LEFT OUTER JOIN
         dbo.v_GS_SYSTEM_ENCLOSURE ON dbo.v_R_System.ResourceID =
            dbo.v_GS_SYSTEM_ENCLOSURE.ResourceID
      WHERE dbo.v_R_System.AD_Site_Name0 = 'DOUBLE_HEADED_DONG_FACTORY'

      Find all clients which are assigned to a particular IPv4 gateway...
      • Step 1, just for fun, filter and browse the results of round 1, using v_Network_Data_Serialized
      SELECT DISTINCT 
         DNSHostName0, ResourceID, IPSubnet0, MACAddress0, 
         IPAddress0, DHCPEnabled0, DHCPServer0, DNSDomain0, DefaultIPGateway0
      FROM dbo.v_Network_DATA_Serialized
      WHERE (IPSubnet0 IS NOT NULL)
         AND (DHCPEnabled0 = 1)
         AND (IPAddress0 NOT LIKE 'f%')

      • Step 2, go in for the kill.  Find all that are using gateway 192.168.2.11...
      SELECT DISTINCT 
         DNSHostName0, ResourceID, IPSubnet0, MACAddress0, 
         IPAddress0, DHCPEnabled0, DHCPServer0, DNSDomain0, 
         DefaultIPGateway0
      FROM dbo.v_Network_DATA_Serialized
      WHERE 
      (IPSubnet0 IS NOT NULL) 
         AND (DHCPEnabled0 = 1) 
         AND (DefaultIPDGateway0='192.168.2.11')
      ORDER BY DNSHostName0


      List the unique AD Site Names for all computers in a given Collection...
      • Join v_R_System with a sub-query on the desired Collection "ABC12345".
      SELECT DISTINCT AD_Site_Name0 dbo.v_R_System
      WHERE dbo.v_R_System.ResourceID IN
         (SELECT ResourceID FROM dbo.v_CM_RES_COLL_ABC12345)

      List all of the Distribution Point Servers in site "ABC"...
      • Filter on View named v_SystemResourceList...
      SELECT SiteCode,ServerName
      FROM dbo.v_SystemResourceList
      WHERE SiteCode='ABC' AND RoleName='SMS Distribution Point'

      ORDER BY ServerName

      List distinct Site Server Role type/names in the database, along with counts of servers for each role (keep in mind that servers can provide multiple roles, so don't sum the totals and think that's an accurate count of total site servers)
      • Filter on View named v_SystemResourceList...
      SELECT DISTINCT RoleName, COUNT(*) AS ServerCount
      FROM dbo.v_SystemResourceList
      GROUP BY RoleName

      ORDER BY RoleName

      List User Account status values and counts for each.
      • Start with a basic SQL query to identify the unique values for column User_Account_Control0 from view named v_R_User
      SELECT DISTINCT User_Account_Control0, COUNT(*) AS UserCount
      FROM dbo.v_R_User
      GROUP BY User_Account_Control0

      • Then add a dash of SQL "CASE" statement with some Oregano and Basil (for other values to match up, check out Rajnish's blog post here)...
      SELECT DISTINCT 
      User_Account_Control0, 
      COUNT(*) AS UserCount, 
      CASE User_Account_Control0 
      WHEN 512 THEN 'Enabled' 
      WHEN 514 THEN 'Disabled' 
      WHEN 544 THEN 'Enabled Must Change Password' 
      WHEN 66048 THEN 'Enabled Password Never Expires' 
      ELSE 'You can code the others...' 
      END AS UAC_Name 
      FROM dbo.v_R_User 
      GROUP BY User_Account_Control0

      List computers a particular AD user has logged onto within the past 30 days...

      • Find logins for user "doofus" on domain "contoso".  Join v_R_System with v_GS_SYSTEM_CONSOLE_USER on ResourceID and filter on the SystemConsoleUser0 column.  Then add a DateDiff() filter to restrict on logons within the last 30 days...

      SELECT 
         dbo.v_R_System.Name0 AS ComputerName, 
         dbo.v_GS_SYSTEM_CONSOLE_USER.ResourceID,
         dbo.v_GS_SYSTEM_CONSOLE_USER.LastConsoleUse0 AS LastLogon,
         dbo.v_GS_SYSTEM_CONSOLE_USER.NumberOfConsoleLogons0 AS NumberLogons,
         dbo.v_GS_SYSTEM_CONSOLE_USER.SystemConsoleUser0 AS UserID,
         dbo.v_GS_SYSTEM_CONSOLE_USER.TotalUserConsoleMinutes0 AS LogonTotalTime
      FROM dbo.v_GS_SYSTEM_CONSOLE_USER INNER JOIN
         dbo.v_R_System ON dbo.v_GS_SYSTEM_CONSOLE_USER.ResourceID =
            dbo.v_R_System.ResourceID
      WHERE 
         (dbo.v_GS_SYSTEM_CONSOLE_USER.SystemConsoleUser0 = 'contoso\doofus')
         AND
         (DATEDIFF(dd, dbo.v_GS_SYSTEM_CONSOLE_USER.LastConsoleUse0, GETDATE()) < 30)

      Need to identify Advertisements pointed at Direct-membership Collections?
      • Join v_Advertisement to v_Package, and v_Collection, and sub-query against v_CollectionRuleDirect using CollectionID as the filtering column...
      SELECT 
         dbo.v_Advertisement.AdvertisementID, 
         dbo.v_Advertisement.AdvertisementName, 
         dbo.v_Advertisement.PackageID, 
         dbo.v_Package.Name, 
         dbo.v_Advertisement.CollectionID,
         dbo.v_Collection.Name AS CollectionName
      FROM dbo.v_Advertisement INNER JOIN
         dbo.v_Collection ON dbo.v_Advertisement.CollectionID =

            dbo.v_Collection.CollectionID INNER JOIN 
         dbo.v_Package ON dbo.v_Advertisement.PackageID =
            dbo.v_Package.PackageID
      WHERE (dbo.v_Collection.CollectionID IN
         (SELECT DISTINCT CollectionID FROM dbo.v_CollectionRuleDirect)) 

      ORDER BY 
         dbo.v_Advertisement.AdvertisementName

                    Need to computers with every version of Internet Explorer?
                    • Well, you might expect to query v_GS_Installed_Software_Categorized or the ARP tables, but remember that IE10 and 11 came out as KB updates for some platforms.  So best to query v_GS_Software_Product.  Note the some entries (ProductName0 LIKE 'Internet Explorer%') OR (ProductName0 LIKE 'Windows%Internet Explorer%') will produce the version within the product name, while others will only show "Internet Explorer" and the version in the ProductVersion0 column.  Drink plenty of coffee and enjoy that.  Don't forget to filter out the double counted items (yes. they are hiding there).  Don't be surprised if you need to crack open your dusty T-SQL book and brush up on the CASE statement.  I'll let you have fun with this one, and I'll post my take on it later.
                    If I get more coffee in me and feel motivated, I may post more.  Let me know if these are helpful?

                    Wednesday, June 25, 2014

                    Software Vendor Product Names 2.0 R2 Update 2, Release 1.1

                    What would your vendor name the next cool app that calculates bodily waste based on a hypothetical wrist-attached food consumption detection device (Bluetooth connected, of course)?


                    Microsoft:
                    Microsoft Active System Center Excrement Analysis Server, Ultimate Extras Premium Enterprise DataCenter Edition 2015 R2

                    Apple:
                    iPoo

                    Google:
                    FooCake

                    Ubuntu:
                    Bouncing Bowelbuster or Fancy Fudgeflinger

                    Oracle:
                    jPoo

                    Mmmm.  I can almost smell the improvements.

                    Thursday, June 19, 2014

                    What They Don't Teach You in School

                    Math, English, foreign languages, Biology, Comparative Religions, World History, bah!  Even the programming/geek/nerd stuff.... bah!

                    These are the most important pieces of education a young person could ever absorb before entering the cut-throat job market today.  So, please, for your career's sake:  Put down the bong and pay attention!



                    1. Office Camouflage

                    Never look like you need something to do.  Carry papers in one hand, preferrably with a pen, and a coffee cup in the other.  Undo your tie and roll your sleeves up.  Even if you're just going to throw some trash away, make it look like you're on a mission.  A mission to advise the CEO that the CFO and CIO are both TFU and the only person who they can trust is  Y.O.U.  Look busy!

                    2. Shoes and Stalls

                    Every day you get to work, make a mental note of what shoes the other managers are wearing that day.   This only applies to members of the same sex (or whichever sex/gender inhabits the same restrooms you frequent). Knowing what shoes the CEO/CFO/COO/CIO/CTO/CSO/CIEIEIO wears can mean the difference between being fired and being promoted.

                    Think of the typical restroom situation where you're chatting with a coworker; you're shaking uncontrollably at the urinal, while he/they picks lunch leftovers from their teeth only an inch from the encrusted mirror.  You get ready to say something really apolitical about someone high-up, but you pause to sneak a glance at the shoes of the guy, just beneath the stall partition panel, who's moaning and grunting in the nearby stall.  You make a strategic correction.

                    Instead of "Man, that department manager is a real asshole.  Did you see how he tore the head off that cat in the staff meeting?!", you recall those shoes as being the CFO's, and then you remember that the department manager is his son.  So instead, you say something like "Man, that department manager is awesome.  The way he used his bottle-opener on that cat was genius!  His dad must be SO proud of him.".  Next day you show up and there's a calendar invite to a private meeting on the CFO's yacht, dinner included, dress appropriately.  See?  It's just that easy.  And you thought "hard work" (whatever that is) really matters.

                    3. Big Words

                    If you can read a beer bottle, a Hunger Games chapter, medicine bottles, cereal box labels, a verse from the Bible (or other religious text of your choosing), you have all it takes to read another exciting book:  The Dictionary.

                    Learn a new word, at least once a month.  Instead of reacting to surprising news with tired, old, phrases like "wow!", try something more ear-catching like "Gadzooks!" or "Jumping Jehoshaphat!".  It shows you might be what they call "Educated" or something.  And we all know those suit-wearing folk LOVE them some good ole educated folk to hang out and chew the fat with.  I mean, "have a intelligible conversation and discourse with".

                    4. Statistical Stuff

                    Learn something about the sport and sports teams/leagues/players that you know excite the upper management.  Then you can combine it with the tips above, and then practice in the restroom, while urinating on the wall, noticing the CEO's shoes in stall number 3, who happens to be a Texas Rangers' fan, and say something clever, like "Wow!  Did you know that Nolan Ryan could throw a baseball through the armor-plating of an Army tank while blind-folded and drunk on Drano?!  Amazing!"

                    Wait for the reaction.  If you say something clever enough about their favorite sports thing, or NASCAR thing, they'll jump right out of the stall with their pants down, toilet paper hanging from their butt cheeks and give you a hug like a long-lost relative coming back from the dead.

                    5. Strategic Posing

                    Do not EVER look relaxed at your desk.  Stare intently at the screen as if you're watching a live broadcast of a hamster, slowly unhinging it's jaws to swallow a cow in one piece.  The look must be serious.  It must be practiced to perfection.  Nobody who does *real* work does it without some effort and nothing shows effort like that classic Clint Eastwood, tight-jawed, seven day constipated grimace of serious ass-kickery that just oozes the feeling of "I'm busy curing Cancer, and world hunger, so back off bitch!"

                    Helpful tips include frowning, squinting, pursing of the lips, rubbing your chin and nodding slowly up and down.  For extra points, combine them in pairs or all together at once.  Then slowly rise from your broken desk chair and back away without blinking, or looking away even once.  Say something quiet, but just loud enough so the nearby idiots can hear it, like "yes.  yes.   yesss!  that will change EVERYTHING." and then go to the restroom to practice steps 1 through 4.

                    Conclusion

                    So there you have it.  All the basic skills you need to master in order to excel in a tech job in America. After all, the real jobs are going overseas anyway, so you might as well enjoy the ride while the ship sinks.

                    Don't ever say I didn't try to help you get ahead.

                    Sunday, June 15, 2014

                    IT Kool Aid Flavors: Vendor or Reality

                    There are two general realms, or flavors, that exist in most of the IT world.  The vendor flavor, and the reality flavor.

                    Case in point:

                    According to one reseller, the world is running, or eagerly in the process of pursuing, a "pure" Windows Server 2012 R2 and Windows 8.1 / Update 1 environment.

                    Other sprinkle-toppings may include flavor crystals like all the 2013 products (but don't forget SQL Server 2014), and of course, the ubiquitous "cloud" world and Office 365/Azure.  And don't forget, if you bundle you get a free kid's toy.  Is this for a boy or a girl?  Do you want to super-size that as well?

                    And, please don't get me started on how to properly pronounce Azure.

                    Anybody still using XP?  Vendor says: Pfffft!  I think not (p-shaaaa!).

                    Not so fast.

                    The uncounted, 70-90% of the computer-swilling world doesn't have the luxury of IT project plans, operational efficiency directives and SLA's to worry about. They're busy trying to make things, sell things, build things, fix things, provide services, and all that mumbo-jumbo. The kind of stuff that a lot of larger shops don't seem to have as much "direct / hands-on" exposure to anymore.

                    Nowadays, many larger shops have grown into detached sector/division/department/project/task-group/tiger-team environments, where they fit into a mesh of bean-counter menageries that eventually lead to something that tickles shareholders and keeps the paychecks flowing.

                    I have no intention of offending or insulting anyone by this (well, okay, maybe some resellers and sales-folks), but the truth can be summed up in a very simple example:

                    Kathy's landscaping shop has a few apps they bought with personal funds to help with designing backyard ponds, estimate water coverage, soil depths, and seasonal impacts on gardening.  They bought them when they bought their prized Dell or HP desktop they still use with Windows XP.  And guess what:  IT STILL WORKS.  In their view, shiny new touch-screen tiles and cloud things are not as exciting as kicking the shit out of the revenue numbers compared with the nearby Lowe's or Home Depot.

                    Their IT support center?  1-800-ASK-DELL or 1-800-WHATS-YOUR-KIDS-FRIENDS-NUMBER-AGAIN?

                    Sure, there are distinct, and tangible values to the new features provided by Windows 8 and so on, but for many (okay, dare I say: most) small businesses, and home users as well, the deciding factor is "why do I need to buy another new computer if the one I have still works?"  For many small "mom-and-pop" shops, the apps they depend on aren't tops on the lists of bigger companies.  They tend to be very industry-specific, and extremely function-specific as well.  Things that perform one task, maybe two, but do them well, and are also either cheap, or free.

                    Ask any software repackager who deals with more than a hundred titles, and they'll probably have no trouble recalling a list of those "oddball" apps that are tough to wrestle into a package, but for whatever reason, HAVE to be made available or the planets will spin out of orbit and gravity will dissolve.  Floral arrangement apps may seem stupid, but tell that to a small, family-owned Florist.

                    The consumer isn't broken. The rationale isn't broken either.  And neither are the products. What's broken is the sales pitch.

                    Remember the Daffy Duck salesman episode?  Hey Bud, you need a house to go with this door knob.

                    PS.  In case you're wondering, the photo depicts (for me, anyways), from left to right: me, a vendor, and a small-business owner.

                    Wednesday, June 11, 2014

                    Asset Inventory 101 - Myths and Realities

                    This post is the result of trying to explain IT inventory to multiple people, multiple times, and them still not "getting it".  Rather than wear myself out, which I will probably still do anyway, I plan on pointing them here to read my thoughts on it, and I can then go back to babbling incoherently to myself.  I promised to post a "tech-oriented" article soon, but this is borderline, so nanny-nanny-boo-boo, I'm counting it as tech-oriented.

                    If you ask me about Inventory, I will ask if you read this article.  If you say "no", I will tell you to read this article and walk away, probably while laughing.  If you say "yes", I will say "go back and read it again", and laugh even louder.

                    What is Inventory?

                    Definition...

                    (noun):  A complete list of the things in a place".

                    (verb):  the act or process of making a complete list of the things that are in a place : the act or process of making an inventory". - Merriam-Webster's Dictionary

                    Go back and read that again.  Got it memorized? Okay, let's look at the noun side...

                    Inventory Science 101

                    What is "inventory" really?  Basically, it's supposed to be about tracking and reporting what you own, or what you have, and where it's located.  But there's usually a lot more to it than that.  Who's using it.  What it's used for.  Who bought it.  Who pays for it.  How it is configured.  What it's related to, or associated with.

                    There's also the Manufacturer. Model. Part Number.  Serial Number.  Contract number(s). Department/Division/Sector/Group/Team/Project names and numbers. And let's not forget the abstracts like category, type, family, class, species, and all that.

                    The goal of inventory, and inventory tracking efforts is, or should be, to confirm existence, disposition and ownership of assets.  The real goal being a financial implication of course.  What do you own?  Where is it?  Who is using it?  What is it used for?  Who's paying for it?  When does it "expire"?

                    The most common method for gathering and tracking inventory is what is commonly referred to as "input-output differential".  Capture what comes in (purchase order, or birth certificate), what goes out (inventory record audit, or death certificate) and finding the gaps.  The gaps are where the fun really begins.

                    What happened to it?  Lost? Stolen?  Transgender operation?  Was it really the property of the organization, or was it loaned to them for temporary use?  Was it a demo from a vendor?  The list goes on and on.

                    Just as a Census tries to verify you're still among the living, breathing creatures, who are paying taxes and adding to landfills... so are the aims of products like Microsoft System Center Configuration Manager, Solarwinds, Tivoli, Kaseya, LabTech, and (cough-cough) several products I've developed in the past as well.

                    So, in addition to what came in the door, and what is known to have departed, there is now a third status of "what's it doing now?"  Things that can be poked at to verify where and what an asset is, include Active Directory, network monitoring systems, PING, and so on.  An "Asset Manager" job title can often involve a lot of legwork.

                    What Constitutes "Things" and "Places"?

                    If we use YOU as a metaphor, then a human being is an inventory asset or item.  The place would be (or could be), your home address.  It could also be your employer's address, or your car (VIN or license plate).

                    Now, think of all the "things" that pertain to labeling YOU as an entity.  Your birth certificate.  Driver's license.  Voter registration.  Tax bills.  Credit cards.  Bank accounts.  On and on.

                    Do any of those things GUARANTEE your existence?  No.  Do they confirm you are still among the "living" (I'll leave that for you to decide on the definition)?  No.  They are simply artifacts that help SUPPORT the assertion that you exist.

                    Metaphorically Speaking:  Computers

                    Now that we've strolled off into metaphor-land, let's bring it back to the meat-and-potatoes: Computer assets.  Desktops, laptops, tablets, smartphones, appliances, routers, hubs, switches, printers, power supplies, storage units, MODEM's, peripherals of all kinds, you name it.

                    What is the birth date of a computer?  The date it was purchased?  The vendor warranty start date?  The OS installation date?  The technician-installation date?  If you base it on the OS install date, and you reinstall the operating system, what happens to the birth date then?  Does it fall back to something else?

                    If you purchase it, and it takes a while to get from the warehouse, to the workbench, to the truck, to the technician to being delivered and setup, which event date are you picking as the "start" or "birth" date of that asset?  Have you consulted your Finance folks about this?  Your attorneys?  You should.

                    When you record the purchase and deployment of this asset, what then?  Do you track it during the rest of its life?  Do you track the retirement and disposal of it too?  Some places do.  Some don't.  Some are required by law to track some, or all of this.  Which are you required to track?

                    Just because you "Can", does that mean you "Should"?

                    If you are an IT person working for someone else (i.e. not self-employed), and you haven't sat down (or consulted with) someone in a legal and/or financial role in your organization, I strongly recommend you do so before embarking on any effort to track and report inventory of any kind.  I cannot stress that enough.

                    Even if you are self-employed, talk to an accountant or legal advisor about whether you need to track thigns, and what to track.

                    Some questions to ask:

                    • What are the tax implications?  
                    • What are the support contract and cost implications?  
                    • What are the regulatory compliance implications?  
                    • What are the IT support implications?  
                    Did you notice I put IT last in the list?

                    From my experiences, most businesses track more than they need to, and ignore things they shouldn't ignore as well.

                    Ah, Yes:  Software

                    Just when the folks feel good about their grasp of tangible hardware inventory, we open the gates and let the starving lions and alligators into the arena:  software licensing.

                    Definition:  Software = "the programs that run on a computer and perform certain functions" - Merriam-Webster's Dictionary

                    What does that mean?  What is a program?  Is that Microsoft Word?  Is that the Snipping Tool or Narrator feature?  Is that .NET Framework 4.5?  Is that Java Runtime?  Is that a DLL or COM file?  Is it a locally stored App-V or ThinApp reference?  Is that a shortcut to a MED-V or remote VDI resource (desktop or application)?  Is that a URL to a web application?  What is it?

                    What does that mean?

                    If you query a computer for what software it has installed, where do you begin?  Does it all exist in the Control "Add or Remove Programs" list?  Usually.  But not always.  How about crawling through that icky Registry?  More stuff, sure, but is it easy to parse and understand?  Hmm.  How about crawling the good old file system and parsing through EVERY SINGLE FILE that is known to have an executable capability?

                    The answer is yes.

                    Configuration Manager, and products similar to it, often dissect a computer from many angles.

                    This includes files, folders, the Registry, and my personal favorite: WMI.  Slithering through the various CIM repository stacks can yield all sorts of juicy bits of data about hardware and software.

                    But... Is this really what you're after?

                    So you have a product installed.  Now what?  Does that constitute a 'license'?  What is a license?  What kind of license is it?  Per-machine?  Per-user?  Per-CPU?  Per-network?  Per-domain or site?  Per-company?  Open Source?  What?  And what about FlexLM type licensing, where the node doesn't matter as much as the total, concurrent usage limit?

                    If you have the option to use floating/network licensing for groups of similar products, I always recommend that option if you can afford it.

                    Software Licensing Audits

                    If you've ever witnessed a license audit from an external investigation, it's not fun.  They tend to come in one of two flavors:  Vendor and BSA.  If the vendor audits you, that's good.  They want to keep your business, so they will try to negotiate terms to help avoid losing your business, if possible.  If the BSA, or another third-party entity, comes knocking, swallow whatever pills you have left and take a deep breath.  It may very well be an unpleasant experience, as they are paid by levied penalties and have no need to retain your business.

                    So, while you can get sloppy about hardware inventory, I would not recommend you take the same light-hearted approach to software inventory.  I've seen "settlements" applied that nearly ended a business due to the costs, but thankfully, in none of those situations was I aware or implicated of the neglect prior to the doors getting kicked down.  Don't be one of those businesses.

                    Okay, so that covers a bit of hardware and software.

                    Simple as multivariate Calculus and molecular bonding, and clear as mud.

                    Are you starting to drink yet?  You will.

                    Summary

                    If anyone says there is, or should be, "one inventory source" to answer all of these questions, they are brain damaged or stupid.  The desire is noble.  The reality is clear: a singular source of "authoritative" inventory data is impossible.  It has to be derived and reconciled from multiple angles.

                    Think about that every time you're walking through CostCo, Sam's Club or BJ's and you see a clerk scanning shelves to do "spot check inventory".  If there was one system to track and verify all of it, that wouldn't be required.

                    Every time I sit in a meeting where some vendor comes in to pitch some magical product to report all of their inventory without any outside help, I look at my shoes, smile and think about my next alcoholic beverage, saying to myself "here we go again..."




                    Business Management Time: Budget Reduction Ideas

                    Most of us have heard it before:  "Budgets are going to be tight this year/quarter", blah blah.  If you're lucky, they follow up with details on where those cuts will be applied.  However, in most cases it's left to guess, and that ends up draining a few bottles of liquor, some bottles of Xanax and a couple of boxes of tissues.

                    Rather than leave management to roll the dice, I thought I'd offer my personal spin on how budget cuts can be applied in ways that mitigate staffing and position reductions, while improving both employee morale and the "bottom line".  Mmmm-kay?  Let's look.

                    1. Restroom Optimization

                    Remove one toilet or urinal from every restroom in every facility.  That will cut back on water consumption, toilet paper, and encourage employees to hold it in until they leave work.  That will keep them at their desks for a longer portion of their work day.

                    2. Premium Services

                    Install credit/debit card swipe locks on every restroom door.  Require employees to pay to use your expensive, and well-kept facilities.  After all: your company buys only the absolute highest quality toilet tissues, cut from the choicest trees in the farthest reaches of the Amazon rainforest.  Why not pass that value and respect along to your staff as well?

                    3. Parking

                    Encourage your staff to focus on exercise by reducing the usable area of parking lots and parking spaces around your facilities.  That will allow you to re-purpose the land for more business-oriented uses.  The remaining spots should require a decal or badge in order to park, and those should require an annual fee to be paid by the employee.  Colleges have been doing this for decades.  They're smart people, aren't they?  So why not follow their lead?

                    4. Entertainment

                    Nothing builds team spirit and morale quite like social events.  Some that you could consider might include "spin-the-layoff-wheel", or "race for a restroom".  The former would encourage your staff by allowing the highest score person to name another employee to lay-off or terminate (don't forget those folks in states like Virginia, where they have the convenient "work-at-will" laws).  The latter would allow the fastest runner to use the restroom free of charge for one whole day!  How awesome would that be!  I'm sure you can think of others to consider.  Just be sure to focus on "what's good for the company" when planning such activities.

                    5. Double-Roles

                    Employees often complain they're not challenged with interesting work.  So, why not challenge them with randomly-selected secondary job titles?  So, those "system engineer" folks can also add "custodial engineer" or "landscape services" to their resume.  The career-building potential would be incredible.

                    Thursday, June 5, 2014

                    Dave's ill-informed, under-educated, dumbass "Top 5" Rules for IT operational success

                    Dave's ill-informed, under-educated, dumbass "Top 5" Rules for IT operational success.

                    1. Clear Direction

                    Can you state the reason, rationale and impact of any task or project in ONE SENTENCE?

                    Yes - Proceed
                    No - You are doomed to horrific failure

                    2. Chain of Command

                    Do you receive ALL of your tasking from your direct line manager?

                    Yes - Proceed
                    No - You are doomed to horrific gang-raping failure

                    3. Personal Cohesion

                    Do the people in your group, team, or project get along well on a personal and personality level?

                    Yes - Proceed
                    No - You might succeed, but you will eventually fail in a horrific way

                    4. Personal Interest

                    Is it fairly normal for the people on your teams to work additional hours because they LIKE doing what they do, as opposed to doing it in order to avoid getting reamed in the next status meeting for falling behind?

                    Yes - Proceed
                    No - You are doomed to tragic, catastrophic failures of Biblical proportions.

                    5. Vendor Agnosticism

                    Do most of the decisions regarding strategic operations (hardware, software, internal and external services, staffing, etc.) tend to be knee-jerk towards one vendor per category, or are they up for grabs during each review?

                    Yes - There is hope for your organization
                    No - Forget it and start putting in applications at another place as soon as possible


                    Sunday, May 25, 2014

                    The Smell of Integrity is About All That is Left in America

                    Remember the history books that told those wonderous tales of how hard our grandparents worked to build railroads, highways, dams, national parks, monuments, and all that cool stuff that's now beginning to crumble?  Yeah.  That was a generation that put the place they lived in above their own personal whiny-assed complaints.  Those days are just about dead and gone.

                    During a recent discussion, the same thing came up, which elicits the same response from me each time.  It's almost Pavlovian in how it runs the same course like tossing fries out your car window and watching the birds lose their minds attacking the scraps.

                    It goes something like this:

                    Person A says, "There's a drought in the West and flooding in the East!"

                    Me: "We could solve that."

                    Person A: "How?"

                    Me:  "The same way your great grandparents would have done:  build a pipeline, putting people to work, fueling the upstream industrial systems like manufacturing, engineering, logistics, banking, food, housing, you name it."

                    Person A: "That's impossible."

                    Me:  "If it was oil it would have been done already."

                    We will send battalions of young men and women into hot, dry shitholes, to spill blood for the sake of oil, yet we dare not consider spilling a drop of sweat to save our own land from drought, crop destruction, fires, flooding, and all that it cascades into beyond that.  Americans are too preoccupied with what the Kardashians are wearing or screwing, and what team traded what contract slave to another team, and what band is putting out a new recording.  And we wonder why people in poor, war-torn places don't like us very much.

                    Everything now is done for the good of the banks, the corporations, the shareholders.  Fuck the people.  They're disposable commodities that feed the machinery that keeps the cash flowing between places like China, India, Guatemala and the great vacuum bag of consumption called the US of A.

                    It's like this:  I always try to think of how I would stand in front of my grandfather and explain some issue I'm having a lot of stress over.  Things like petty office politics, irritating people in traffic, annoying TV shows and the latest social network craze.  He would look at like Samuel L. Jackson looked at Brad in Pulp Fiction.  Without saying a word, I'd know he would want to smack the living sissy-ass pettiness off my face.  (He never raised a hand at anyone as far as I know.  But he had a way of making you feel like you deserved to smack yourself for being stupid).

                    Even our knee-jerk behavior is becoming predictable.  When the ACRA bill was release, and the "news" pundits started their chainsaw jaw-jacking spewage of bullshit editorialized reviews, nobody, and I mean NOBODY, bothered to read the bill itself.  It was (and still is) posted online.  After a week or two of suffering through rednecks arguing with vegans about how it would fix or destroy the American economy, I decided to go download the PDF from the source, and READ IT.  Yes, actually READ IT.  O-M-F-G.  How shocking that someone would bother to read something anymore unless it blabbers on about vampires, zombies or some other stupid worn-out crap.

                    Someone moaned about that saying "but, it's like 1900 pages or something!"

                    If that was the latest installment of a Harry Potter or Hunger Games series, people would have snapped it up like raw turkeys at the Florida Alligator Farm (a pretty neat demonstration, by the way).

                    Instead, most (99.9999%) of "Merkans" tuned into their favorite spoon-feeding, bullshit-manufacturing TV, web or radio outlet to have the ugly details chewed and spit into their brains like momma birds feeding their young.  Never mind that momma removed 90% of the facts and twisted the rest to suit their sponsor's agenda.  They got a Cliff Notes version of it and ran like leaving a gas station without paying.  Turn the key, and start blabbering the same misinformed BS that they just had connected to their brains on the way to work.  RTFM is dead.

                    Sorry for the sideline diatribe.  Back to the roll-up-yer-sleeves-and-do-some-work-beyoches discussion...

                    We could be putting our efforts into building the next generation of cross-country (heck, cross-continent) transportation, energy generation, resource allocation management, high-speed Internet connectivity, bridge and tunnel repair/upgrades, and whatever.  You know: Like our ancestors did FOR US.  We could be doing for our kids.  Yet we spend all our time putting some sports team flag or sticker on our shitty trucks and SUV's which are made from 90% foreign parts and consume foreign-supplied oil products, on our way to WalMart and CostCo to buy foreign-made crap, and some fattening food to keep our guts ever-expanding like a Hardees commercial.  I know I sound like an old man (confession, I am), but it's true.  We're now the lazy shitheads our parents hoped we'd never become.

                    Now it looks like China and the rest of the emerging economic powers will gradually buy us out from under our own noses.  Farms first, then transportation, then shipping terminals, and then all of it.  Sold to the highest bidder, because the shareholders can live anywhere and don't care which team has which players because they can simply buy and trade them around from their yacht.  Meanwhile, nobody notices because we're busy teaching our kids to claim "We're Number One!!!" in between TV shows.

                    Good luck China!  I hope you get your money's worth out us.

                    Daily pessimism delivery completed.  Enjoy!