Saturday, July 28, 2007

Office Communications Server 2007 resources #8

Following is a small set of resources (will be updated continously)

Blogs
Communicator Team
Communications Server Team

Product and Tools
Office Communicator 2007 Trial
Office Communicator 2007 release notes
Office Live Meeting download
Office Communications Server 2007 Trial
Office Communications Server 2007 release notes
Office Communications Server 2007 Speech Server Trial
OCS 2007 resource kit (Requires Visual C++ from here)
Microsoft Office Live Meeting 2007 Release Notes

Documentation
Webcasts, Virtual labs and Podcasts (Nice set of virtual labs and some good Podcasts already in place)
Full OCS 2007, OC 2007 and LiveMeeting documentation as download or online
OCS Documentation downloads
Office Communications Server 2007 Technical Library
OCS 2007 on support.microsoft.com (KB articles etc. and includes RSS feed to new KB articles)

OCS 2007 has RTM'ed !!

I received the following mail today stating -

Dear TAP Participant,

This is the update that all you (and of course all of us here at UC) have been waiting for: Microsoft Office Communications Server (OCS) 2007, Microsoft Office Communicator (MOC) 2007, Live Meeting (LM) console (2007), Outlook Add-Ins, Voice devices including “Tanjay,” “Catalina,” “Anacapa” and Microsoft® RoundTable™ have reached the Release to Manufacturing (RTM) milestone!

We have been looking forward to this release and we have a lot of OCS customer projects just waiting for the final bits. As TAP participants we will have access to the bits right away, but the problem is vacation (I still have one week left, so I will probably have to ditch a few nights of sleep to install it in our environment).

Anyway, now the bits are final I will be back with a lot of more OCS content in the following months!

Thursday, July 26, 2007

PowerShell, $input vs. process

So, what is the difference between a script (Add-TimeStampA.ps1) with this content -
$input | % { "$(get-date -f HH:mm:ss) $(out-string -inp $_)"}


versus this (Add-TimeStampB.ps1)? -
process {"$(get-date -f HH:mm:ss) $(out-string -inp $_)"}

The best way to show it is to try it. First a simple demo -

PS> "hi" | .\Add-TimestampA.ps1
10:08:05 hi
PS> "hi" | .\Add-TimestampB.ps1
10:08:06 hi

The same.
Let's try a loop -

PS> "a","b","c" | .\Add-TimestampA.ps1
10:09:01 a
10:09:01 b
10:09:01 c
PS> "a","b","c" | .\Add-TimestampB.ps1
10:09:03 a
10:09:03 b
10:09:03 c

Still the same.
Let's try it with a loop that takes some time!

PS> "a","b","c" | % { start-sleep -s 3; $_ } | .\Add-TimestampA.ps1
10:10:11 a
10:10:11 b
10:10:11 c
PS> "a","b","c" | % { start-sleep -s 3; $_ } | .\Add-TimestampB.ps1
10:10:21 a
10:10:24 b
10:10:27 c


Did you notice the difference? With Add-TimeStampA all input comes at once and the timestamp is applied at the same time. With Add-TimeStampB, the output is stamped as it is generated.

The explanation is this: The version with $input, stalls the pipeline and waits for all input from the previous command before continuing (just like Sort-Object). The version with process, handles the input as it comes dripping down the pipeline.

You could also see it this way: $input turns the script into a blocking function whereas process makes the script behave like a filter (use get-help about_function for more).

Tuesday, July 24, 2007

Microsoft SharedView Beta

Microsoft has a new remote control / application sharing product in the pipeline called SharedView. I read about this in Flaphead back in May but at the time the download link did not work. Now it does - get it here.

SharedView seems to be a mix between Groove and gotomypc (and its siblings). SharedView always connects outbound to some servers. I assume they are Microsoft servers (see the note below) - but the IP addreses cannot be reversed looked up. And Google did not know of them.

PS> netstat -ao select-string 6556


TCP 192.168.14.4:57983 204.176.46.34:https ESTABLISHED 6556
TCP 192.168.14.4:58074 204.176.46.34:https ESTABLISHED 6556
TCP 192.168.14.4:58305 204.176.46.34:8000 ESTABLISHED 6556
UDP 127.0.0.1:49211 *:* 6556


(6556 is the PID of SharedView). It also has a connection to 195.215.37.46:80, 207.68.178.56:80 and 204.176.46.35:443 during startup. The UDP port cannot be used on my PC owing to Firewall restrictions and a Wireshark trace showed no UDP packages on this port.


Anyway, as it always connects outbound, you can use it in most places. Connecting to port 8000 may be a problem, I have not tested whether it can work without.

So where is this useful? Family assistance, peer-to-peer, help desk - especially when the users are outside the corporate network, consulting - can help customers or work on their computers without having a VPN connection. This is both security risk and a security advantage: The risk is having external persons using internal computers, the advantage is that SharedView limits the external person much more than any VPN connection.

SharedView does not redirect client drives - it only allows for remote clipboard access. This can be disabled in the options window. SharedView have a handout feature for transferring files, but you cannot directly access files. And to get control, the other end must grant you control.

Other highlights -
  • You have to log on with our Passport ID to use it.
  • 15 persons can be in a session
  • Cursors are tagged with user name
  • If you start the sharing session from Word, that application will be shared automatically. Even smarter is the fact, that tracked changes are turned on and if another user is granted control and changes the documents, those changes are tracked as being done by that user - cool!

Downsides -

  • Shows ads
  • Not officially supported on Vista - but works for me
  • Not supported on x64 - come on Microsoft, you can do better!
  • No Office Communicator integration (Messenger integration is there)


The note below
When browsing to https://204.176.46.35/ IE gives a warning that the certificate does not match - but you cannot view the certificate. Continuing by clicking the red shield returns a 403 error - and again you cannot view the certificate. A shame. With Wireshark I could capture the TLSv1 Server Hello package and see the certificate CN which reads:
id-at-commonName=*.sharedview.com,
id-at-organizationalUnitName=Microsoft.com,
id-at-organizationName=Microsoft.com,
id-at-localityName=Redmond,
id-at-stateOrProvinceName=WA,
id-at-countryName=US

So I guess it is a real Microsoft server.

Surface Computing: Business Demo 2.0

Surface computing is cool. Found a video I haven't seen before of a T-Mobile shop example.

Try to do a search of 'surface computing' on YouTube.com. There are several videos out there. Including some parodies, I'm going to watch shortly over a cup of coffee.

Fun Dept: Behind the technology video

See this funny video. Found the link in Thomas Lee's Under The Stairs blog entry.

Monday, July 23, 2007

Live Messenger "Look at my summer pictures" worm!

I have used a lot of time educating my grandma (who is >80 years old) on how to use the Internet, Live Messenger and her Webcam (Which she called me last summer to request "Can I also get one of those camera thingies that your children have").

Luckily she listened to me, because today she called me that she was getting strange messages from her family members on Live Messenger (Soon 24 great-grandchildren in total).

So if you receive a message from one of you Live Messenger contacts saying "look at my summer pictures http_//paulina2k8.tripod.com/summer2008.zip" then DON´T click the link.

If one of your friends downloaded the file, it will also try to do file transfers of files called "images052.zip", "photo9.zip", "album29.zip" and others to your computer (And to all of your buddies if you are stu... enough to transfer and open the file). In this case it actually also wrote "Hey, acceptera mina bilder" and other messages in Swedish from her daughter based in Sweden (We are from Denmark).

There are no hits on Live Search and only a few on Google so it´s appears to be a fairly new variant.

I actually recently wrote a security whitepaper on Office Communications Server 2007 security explaining and showing the dangers in using Public IM and VoIP clients generally and especially in businesses (Honestly anywhere if you are not well educated IT Pro ... or my grandma ;-) and this again shows that IM is a fantastic tool but not without associated security issues.

Well this was just a short warning ... the hot chocolate and buns are waiting for me.

I will be back with more content when OCS 2007 has been officially RTM'ed !

CrapWare/BloatWare in downloads as well

Now that Dell lets you avoid bloatware a.k.a crapware, let us start a movement for having extra 'goodies' removed from downloads as well.

E.g. The other day, I updated Java and luckily remembered to use the advanced installation options, so I could uncheck the Google Toolbar. Come on, Sun! Why should I want a toolbar sneaked in, just because I need a Java update??

I actually find that it is OK (besides the wasted download bandwidth) to give me the option. I can understand that Adobe will be me the option of trying some of their other software, but Google Toolbar is totally unrelated to Java runtime. In any case - optional software must be unchecked by default!

So let me start a list of bloatware included in downloads -
  • Java runtime - bloated with Google Toolbar and Google Desktop
  • Adobe Reader - first it attempts to sneak in Adobe Photoshop Album Starter Edition. Next it will give me Google Toolbar.
  • Adobe Flash Player - Google Toolbar
  • Windows Live Messenger - bloated with Windows Live Toolbar, changes IE home page
  • DivX for Windows - bloated with Yahoo! Toolbar (added 2008-06-11)

Finding Virtual Servers in a domain

John Howard wrote an article of how to do it from vbscript. I couldn't resist doing it with PowerShell -

Get-VirtualServerFromAD.ps1 -



param([switch]$nameOnly)

$ds=[system.directoryservices.directorysearcher] "(&(objectCategory=serviceConnectionPoint)(cn=MS Virtual Server))"
$servers=$ds.findall()
if ($nameOnly) {
$servers | % { $_.path.split("=,")[3] }
}
else {
$servers
}



Could it be much easier?

Update: the software ate the vertical bars etc.

Wednesday, July 18, 2007

PowerShell and the lack of providers

To quote myself and many others: PowerShell is great.

But as additions are popping up all over the place, I think we are heading in the wrong direction.

PowerShell is designed after the Verb-Noun model. E.g. New-Item. If more or less everything was available with a provider - e.g. in a file system like name space - only very few commands are needed. If there were a name space for processes, New-Item could be used to start a process, Remove-Item to stop one etc.

As we are short of provides, the Verb-Noun model gets - let's called it - stretched and names like Get-ADObject (PowerShell Community Extension) and Start-ElevatedProcess (my own script) starts to appear. I call this the Verb-ClassNoun model. Another example: I have created scripts like New-VirtualMachine when I would have preferred to use New-Item on a Virtual Server name space.

Reducing the number of Verb-Noun combinations is important as it makes it easier to learn and use PowerShell.

This situation is much like what happened in DCL (OpenVMS). It started out pretty clean, but as existing command could not easily be overlaid/extended, newer commands got worse and worse. We should prevent that from happening in PowerShell.

So what can we do about it - and is it so big a problem after all?

Let me answer the latter, first: Well, as provides starts to appear, we will change behavior and un-learn Verb-ClassNoun commands. But having to learn a new command to un-learn it later is hardly efficient. Even worse perhaps, will be the need for backwards support for Verb-ClassNoun commands or risk that existing scripts would break when changing to a provider.

So what can we do about it? The obvious is just to go ahead and get those providers created. Luckily, a lot of skilled people are doing that - but that is not a simple thing to do. So how about a generic-scriptable provider, so all the scripters can create providers without having to code?

Can anyone out there create a generic provider that can be implemented in script?

VRMCplus

Microsoft has released an alternative to the Virtual Server Administration Web. VMRCplus is a new VM client display and management tool. Read more here and here. Download it from here.

Things to note -
  • Alternate credentials as not supported. Use runas (even without trusts)
  • This is great if you do not wish to install the web site or IIS on your Virtual Servers (did anyone say Windows Server Core?)
  • The tools is as-is e.g. unsupported

Give it a spin!

Tuesday, July 17, 2007

Vista .. Where is all my Space Gone?

Just experienced the same as Paul did. Found it with diruse /m /*, but Poul's article let me to the quite useful treesize free graphical utility. On Vista it is better than diruse as diruse includes the same files several times owing to all the folder linking/junctioning.

Nice going from 8-gig-free-with-vista-nag-pop-up to 27-gig-no-nag...

Windows Vista - 6 Month Vulnerability Report

Read this entry by Jeff Jones. He also has an interesting link to an article called Exactly how biased am I?.

Wednesday, July 04, 2007

PowerShell Start-ElevatedProcess

Read this blog entry by Aaron Margosis.

This is how the JS stuff can be done in PowerShell - note how simple it is :)

Start-ElevatedProcess.ps1 -
param($program)
$sa=new-object -com shell.application
$sa.ShellExecute($program,"$args","","runas")

Example
Start-ElevatedProcess cmd /k ifmember /list

Define your own alias if you want e.g. -
New-Alias elevate Start-ElevatedProcess