Sure... Windows XP has been working great on your MacBook, but you have been holding off on upgrading to Windows Vista because you were afraid of driver problems. Wait no more! The developers at Apple have just released a version of Boot Camp that is now compatible with the Windows Vista (32-bit). Weighing in at a mere 138 MB, it should have everything you need to get up and running on Vista (including Apple Remote support within Windows Media Player).
http://www.apple.com/macosx/bootcamp/
Boot Camp 1.2 beta includes:
Are you one of those geeks that likes checking out the capabilities of your router? Do you run the various Internet Speed Tests available just for fun? If so, head over to the new Microsoft Internet Connectivity Evaluation Tool. You will only be able to run the test on a computer with Windows XP or Windows Vista (it uses an ActiveX Control).
Tests include:
One primary function of most home Internet routers is Network Address Translation (NAT). Routers providing NAT support assign private IP addresses on the local network. NAT maps these private addresses on the inside network to a public IP address on the outside network so that computers behind the Internet router can communicate with the rest of the Internet. Since Network Address Translators can work in different ways, this test uses Microsoft servers to identify your router's NAT type. Some protocols work better through routers that act as cone-type NATs than routers that act as symmetric-type NATs.
Internet routers sometimes lose information that is being transferred across the Internet when they experience congestion (full router queues). This loss of information is known as packet loss. Internet protocols like the Transport Control Protocol (TCP) can use packet loss as a congestion indicator. Explicit Congestion Notification (ECN) is a mechanism that provides routers with an alternate method of communicating network congestion. This notification effectively reduces TCP retransmissions and increases throughput. This test attempts to download a short Web document, first with ECN enabled and then again with ECN disabled. If both downloads succeed, the test passes, which indicates that your Internet router successfully allows packets through with ECN options set.
Window scaling is a Transport Control Protocol (TCP) option introduced for addressing performance problems. Some Internet routers cause TCP data transfers that use window scaling to fail, particularly when there's a mismatch between the scales chosen by two computers transferring the data. This test downloads a series of Web documents of increasing length until either an incomplete download is encountered or all downloads succeed. Success indicates that your router allows Windows Vista to negotiate the best data transfer rate and help improve download speeds.
Many applications need to open ports (allow incoming traffic) through an Internet router, particularly when both communicating endpoints are behind different NATs. Modern routers allow hosts to create such open ports using Universal Plug and Play (UPnP). This test ensures that the router has UPnP enabled, can support a reasonable number of open ports, and can maintain these settings.
This test creates 80 concurrent TCP connections to external Web servers and keeps them alive over the period of two minutes by attempting continuous data download using HTTP. Passing this test indicates that your router robustly supports multiple computers or programs accessing the Internet simultaneously.
It's so pretty...
The XBOX 360 Elite is black now, with HDMI output, a 120GB hard drive, a black wireless controller, and a black XBOX Live headset. I don't see it up on Amazon yet, but Paul Thurrot has some pictures after the jump.
While some previous details on Service Pack 1 for Exchange 2007 have been previously disclosed, and then later covered by both Eileen Brown's Blog and the Exchange Team Blog, I see courtesy of the MSGoodies Blog that the official release notes for Beta 1 of the Exchange 2007 SP 1 have just hit the interweb. (Did I hit my quota of links in that last sentence?)
You can read the full Exchange 2007 SP1 Beta1 release notes here.
Judging by the extensive list of new features, the Exchange Team has been BUSY. The new features include:
Client Features
Exchange ActiveSync
Unified Messaging has been improved in Exchange Server 2007 SP1 Beta 1. To use most of these features, you must correctly deploy Microsoft Office Communications Server 2007 in your environment. Specifically, to use these features, you must meet the following requirements:
To correctly plan and deploy Exchange Server 2007 SP1 and Office Communications Server 2007 in your Unified Messaging environment, you must follow the planning and deployment steps that are provided in the Microsoft Office Communications Server 2007 Public Beta Enterprise Voice Planning and Deployment Guide. The Microsoft Office Communications Server 2007 Public Beta Enterprise Voice Planning and Deployment Guide will be available at the same time as the Office Communications Server 2007 Public Beta. The guide will be published to the Microsoft Download Center. For more information about known issues that you should consider when you deploy Exchange Server 2007 SP1 Beta 1 with Office Communications Server 2007 (Beta 3 Refresh), see "Known Issues" later in this document.
The following is a summary of the Unified Messaging features that are available in an integrated Exchange Server 2007 SP1 Beta 1 and Office Communications Server 2007 Public Beta environment:
The following features are available in Exchange Server 2007 SP1 Beta 1 without integrating your Unified Messaging environment with Office Communications Server 2007 (Beta 3 Refresh).
While many companies wait until Service Pack 1 to qualify and roll out any new Technologies, at Microsoft we put our technologies into production use at a very early stage. I have personally been running Windows Vista for the last 1 1/2 years, and my email has been coming through Exchange 2007 with Unified messaging for around 9 months. In doing so, we find bugs and usage scenarios that may not have otherwise been identified and addressed by the Product Teams.
One application that we use extensively within Microsoft to monitor our Servers (roughly 7,950 production servers, 2,700 pre-production servers, and another 50 development, staging, and test servers) is System Center Operations Manager 2007 (formerly Microsoft Operations Manager). Operations Manager 2007 RTM'd last Friday, and was officially announced at the Microsoft Management Summit.
To familiarize yourself with SCOM 2007, the following links will come in handy:
But back to my original thought... Microsoft has been running SCOM in production for quite a while now, and the "How Microsoft Does IT" team has put up a great White Paper, PowerPoint deck, and Webcast on the lessons learned from our internal implementation.
Some of the most exciting products that will come out of Microsoft over the next year (in my opinion) are in the Management space. While Microsoft Operations Manager (MOM) and SMS (Systems Management Server) have been out for a few years, they have primarly targeted large Enterprise environments. A new product, System Center Essentials will be released in the next few months, and will bring the power of MOM and SMS to the Small and Medium Business space. What can be better than being able to monitor your computers/servers, deploy software, track trends, and identify problems before they become critical issues?
Just came across the following training/overview System Center Essentials 2007 Webcasts on TechNet. Check them out to get an idea of what is coming in SCE (pronounced "skee") :)
Importing Third-party Updates
Presenter: Casey McKinnon, MicrosoftThis video provides an overview on how to import third-party updates using System Center Essentials 2007.
Using the Updates Space
Presenter: Casey McKinnon, MicrosoftThis video provides an overview on configuring update management settings, viewing synchronization status, deploying updates, and viewing deployment status reports.
Deploying Office 2007 with System Center Essentials 2007
Presenter: Scott Bleasdell, MicrosoftThis video shows how to quickly create a software deployment package for Office 2007 and approve the package for deployment to Windows client computers using System Center Essentials 2007.
Getting Started with System Center Essentials 2007
Presenter: Scott Bleasdell, MicrosoftThis video provides a high-level overview of all of the major features of System Center Essentials 2007.
http://encarta.msn.com/dictionary_1861620314/immutable.html
im·mu·ta·ble [ i mytəb'l ] adjective Definition: unchanging or unchangeable: not changing or not able to be changed
im·mu·ta·ble [ i mytəb'l ]
adjective
Definition:
unchanging or unchangeable: not changing or not able to be changed
I intent to write some security relating postings in the near future on my blog, and before I do so, it is critical that you have an understanding of some of the basics of Computer/Network/User security.
Going forward, you should be able to see all of my Security Related postings here:
http://blogs.technet.com/seanearp/archive/tags/security/default.aspx
and I would in particular recommend that you read the post on passwords here: Windows Server Longhorn Per User Password Policy
As part of the foundational reading, it is critical that you read the two following TechNet articles on the Immutable Laws of Security. One thing that you will find is that these laws are technology and time agnostic. They apply across platforms and across new releases of Operating Systems (even ours). The lists would be valuable printed and pasted to your cubicle wall, and for a discussion on each of the laws, click on the "10 Immutable Laws" links. To that end, I give you:
It's always frustrating when an update to one program from a company breaks compatibility with another program from the same company. In the case of Microsoft, the Windows 2003 SP1 Admin tools (adminpak.msi) do not work on Windows Vista.
The list of known issues (and some workarounds) are being tracked in KB 930056: http://support.microsoft.com/default.aspx/kb/930056. The primary workaround involves re-registering all of the .dlls involved with the Admin tools, and the solution is documented in the above KB.
I know from talking to a number of Microsoft Partners that this is extremely frustrating, and I have been monitoring the internal discussion aliases for a resolution. In reading through the changes in the March 2007 Windows Vista Application Compatibility Update, I noticed the following today:
The March 2007 Windows Vista Application Compatibility Update is a package of software updates that address common application compatibility issues in Windows Vista. When you try to install and run certain legacy games or applications in Windows Vista, you may experience one or more of the following symptoms: •The game, the application, or the firmware may not be installed correctly. •The game, the application, or the firmware may cause system instability. •The primary functions of the game, the application, or the firmware may not work correctly. This update is cumulative and supersedes update 929427. In addition to the fixes that are contained in update 929427, this update improves support in Windows Vista for the following games, applications, and firmware: Microsoft Windows Server 2003 Service Pack 1 (SP1) Administration Tools Pack
The March 2007 Windows Vista Application Compatibility Update is a package of software updates that address common application compatibility issues in Windows Vista. When you try to install and run certain legacy games or applications in Windows Vista, you may experience one or more of the following symptoms:
•The game, the application, or the firmware may not be installed correctly.
•The game, the application, or the firmware may cause system instability.
•The primary functions of the game, the application, or the firmware may not work correctly.
This update is cumulative and supersedes update 929427. In addition to the fixes that are contained in update 929427, this update improves support in Windows Vista for the following games, applications, and firmware:
Microsoft Windows Server 2003 Service Pack 1 (SP1) Administration Tools Pack
Does this resolve some or all of the problems running the 2003 Administrative tools on a Windows Vista administrative workstation? I certainly hope so! I have pinged the Vista team to find out if I can get any clarification on the changes made, and as soon as I hear back, I will update this posting. I don't currently have a 2003 domain setup at home to test the tools, but will try to test the functionality after applying the update when I get back to work on Monday.
Note: This update is listed as "Optional", so it will not be automatically pushed out through Windows Update. You can manually run Windows Update and choose to install the compatibility update, or it can also be downloaded from the following site (which also lists the other compatibly fixes present in this update: http://support.microsoft.com/kb/932246
I also see that this update is being tracked over on the 4sysops site, and I would imagine that admins will start posting their experiences in the comments after loading the update: http://4sysops.com/archives/vista-compatibility-update-for-the-adminpak/
It turns out that Window Home Server installs into (and works fine on) Virtual Server 2005 R2 SP1. (Virtual Server is free, and available from the previous link). I did run into a couple of gotchas while installing, so thought that I would provide you a walkthrough with screenshots and workarounds.
FOR THE RECORD: The following is my own experience with the installation. I don't know whether or not Windows Home Server will be supported in a virtual environment upon release, or even if it will be available in Retail.
The first thing you need to do is request to join the Beta program, which you can do here: http://connect.microsoft.com/windowshomeserver. I don't know if you will get in or not, but the team has done an incredible job of enrolling several thousand applicants to date. If you are willing to provide feedback to the development team, have two or more PCs, a broadband connection and router, and a spare PC or Server that can be dedicated to running Windows Home Server (the required specifications are VERY minimal), then you are their target demographic and should be able to get in.
Once you have downloaded Windows Home Server, you can install into Virtual Server from the ISO directly, or you can burn it to a DVD and install from physical media. I will skip the steps for those tasks, although if there is a huge demand, I'll put up a separate tutorial later. The TechNet site for Virtual Server has all the documentation that you will need to get Virtual Server up and running here: http://www.microsoft.com/technet/prodtechnol/virtualserver/default.mspx
The first thing you want to do is create a new Virtual Machine within Virtual Server (again, this is rather basic... refer to the TechNet site if you need the steps). You will have the option of choosing the size of the Hard Drive, as well as the bus (IDE or SCSI). To make that decision, you will want to visit Ben Armstrong's post here: http://blogs.msdn.com/virtual_pc_guy/archive/2006/02/06/525487.aspx. The IDE option is more compatible, but limits the number of attached hard drives to 4, and the hard drive capacity to 127GB per device. With Virtual Server, I don't want to be artificially limited as to the number of drives or capacities, so I chose SCSI. You will want the primary hard drive (which in this case is virtual) to be as large as possible due to the way that WHS allocates space. Memory, however, is much less limited. I set memory to 512 MB (which works fine for Windows Home Server), set the CD-ROM drive to "Physical" (you can point to your ISO if you want), and the NIC to point to a spare NIC in my server. I inserted the Windows Home Server installation DVD and booted up. The first problem I encountered was the following:
Windows Home Server does not have the driver for the emulated SCSI in Virtual Server. <sigh...> Back to the drawing board. Fortunately, the programmers on the Virtual Server Team anticipated that their SCSI card would not necessarily have drivers built in, and included them. To work around this problem, go into the properties of the Virtual Machine and click on "Floppy Drive". Under "Known floppy disks", you'll want to choose the included floppy called "SCSI Shunt Driver.vfd. (If you had selected and IDE Virtual Hard Drive initially, you can skip this step...
Reboot the virtual machine, and go into the BIOS (hit delete), as you will need to change the boot order. By default, Virtual Server boots to the floppy drive, and the virtual floppy you just selected is not bootable. Change the CD-ROM drive to be first in the boot order.
Hit F10 to save and exit, and reboot. This time when you get the "Hard Drive capable of hosting Windows Home Server could not be found" message, hit "yes", navigate to the A: drive, open the "Windows 2003" folder, and select the "msvmscsi" file. Hit "open", and "yes" to the message asking if you want to make the driver available to setup. At this point, installation will continue as expected:
Now navigate through the install wizard, and let installation complete.
At this point, you may wonder why I am using Virtual Server instead of Virtual PC (for which I have written several posts, including this one: http://blogs.technet.com/seanearp/archive/2007/02/20/virtual-pc-2007-released.aspx). Although I would still recommend you visit that post for the performance tips (most of which work with both Virtual PC and Virtual Server), Virtual PC is not ideal for Windows Home Server. First of all, we want to be able to add multiple hard drives to increase the pool of storage on Windows Home Server, and Virtual PC is limited to 4 virtual IDE drives. As you saw in my last Windows Home Server post, I had 6 physical drives hooked up.
As with Virtual PC, Virtual Server does not allow you to directly attach physical drives. I know... I just tried it. Although you may stumble across the option to create a "Linked Physical Disk", you cannot actually boot a Virtual Machine if it has a linked disk attached. This option is present for converting an existing physical disk to a Virtual Hard Disk, and the instructions for doing so are present here: Copying a physical disk to a virtual hard disk
Let Windows Home server go through the entire process of installing. Once you reach the desktop, your first step should be to install the Virtual Machine additions. This will have a DRAMATIC effect on the speed of the virtual machine.
After installing the Virtual Machine Additions and Rebooting, your virtual Windows Home Server should be much more responsive. As we cannot link directly to a physical disk, you will need to workaround this by creating a Virtual Hard Drive (with a capacity slightly under the available space on your extra physical drive), and saving it on that additional physical disk. Attach the virtual hard drive to your virtual machine, and boot up.
Within the Windows Home Server console, you will have the the 2nd hard drive show up. You can now add it to the storage pool and use the space. Rinse, wash, and repeat for any other physical hard drives you want to add.
My conclusion? Although WHS works fine in Virtual Server, if you have multiple PHYSICAL disks that you want to add to the mix, this is not currently a simple or pleasant process. Grab that old PIII that you have in the back of your closet and use it for your Windows Home Server. The process will be much more pleasant for you :) For testing (with no additional physical drives to be added), Virtual Server works just fine with Windows Home Server.
Hello All-
As you may have noticed, I am in the process of customizing the layout of my blog, so bear with me as I tweak my CSS over the next few days. Thanks!
*Update: Big thanks to Mike Swanson, as I borrowed CSS liberally from his site :)
All right. I admit it. I have a problem.
I read my favorite "Tech Deals" site, (http://www.dealnews.com), and I just can't control myself from buying hard drives. They just keep getting cheaper and bigger and cheaper and bigger. The one that showed up today was $132 shipped for a 500 GB drive.
Fortunately, I have an outlet for my collection of drives. Windows Home Server allows me to add drives, one at a time, and they become part of a giant pool of Hard Drive space onto which I store my music, pictures, and computer backups. Due to the magic of Single Instancing,I am able to backup all of my family's computers onto the server, while taking up much less than the total space used by all the different computers.
Definition: Single Instancing is technique that allows you to store two or more copies of a file for the space cost of one copy. For example, if images 1, 2, and 3 all contain file A, single-instancing stores a single copy of the file A and points images 1, 2, and 3 to that copy.
I have the option (which I use) of duplicating files stored on the server, and behind the scenes, Windows Home Server makes sure that the files are present on two physical drives, so any one drive can fail completely without losing my data. Very handy when I am plugging in drives of every shape, size, and vintage! I am also able to remotely connect (through my Linksys firewall) into the Windows Home Server, access my files, pictures, and music; as well as remotely connect to PCs on my internal network. Very snazzy!
Rather than fill up my blog with pictures, I"ll leave you with a screenshot of my menagerie of hard drives, and point you to Paul Thurrot's blog, where he he has written (rather copiously) about the new capabilities, and provided (many) photos of the new user interface.
The one thing I will point out (if you decide to start throwing your entire collection of old hard drives from teh closet
Having 1.55 TERABYTES of space is not enough for me however. Windows Home Server is running very stably (a little too stably), and I like to live on the edge. I am downloading the latest CTP of Longhorn Server as we speak, and I will try loading the beta of Windows Home Server inside the beta of Virtual Server, on top of the Beta of Longhorn server. Woohoo! Certainly not for the faint of heart, but I am curious to see if it can be done. I'll report back after the jump.
While you're waiting, make sure to check out:
The very first day of release, and Windows Vista already had 3 critical vulnerabilities. The outrage! The horror!
Oh. Wait... that wasn't Vista with 3 critical vulnerabilities on the first day of release... it's RHEL 5. Nothing to see here. Move along now. (I'm going to guess that this story will not make the front page of /.)
Red Hat released Enterprise Linux 5 a week ago today, and according to the press release, it is the best Red Hat Enterprise Linux release ever. By far. Along with the "bazillion new features" and "quality, security, and performance" to go with it, you're still going to want to patch your box as soon as you're up and running.
http://www.press.redhat.com/2007/03/14/red-hat-enterprise-linux-5-pricing-and-packaging/
Red Hat Enterprise Linux 5 hits the streets today, on March 14 and, having been around for the release of versions 3 and 4, if there’s one thing we are 100 percent confident in saying, it’s that this is by far the best Red Hat Enterprise Linux release ever. By far.
Of course this is easy to say when our partners and engineers have incorporated two years of development work into the product. How could it not be better? But a better product is not one with a bazillion new features. A better product is one with a collection of features that really meet customers’ needs and provides the quality, security and performance to go with it.
I headed over to the ABC webpage tonight to catch up on the last few episodes of Lost (their online streaming shows are actually very high quality and easy to use!). I was somewhat surprised to receive a "your browser is not compatible" error message (as I am using the latest version of IE), but apparently the problem is that I am using INTERNET explorer, but I guess they only support "Interent Explorer". I wonder where I can download that... ;)
Just saw the following posted on the Microsoft Learning site…
http://www.microsoft.com/learning/mcp/certified.mspx
Number of Microsoft Certified Professionals Worldwide
Updated: March 1, 2007
The Microsoft Certified Professionals (MCP) Program was established in 1992. To date, more than 1.8 million people have achieved Microsoft Certification worldwide.
Microsoft Certification
Worldwide achievers
Microsoft Certified Technology Specialist (MCTS)
21,081
Microsoft Certified IT Professional (MCITP)
2,293
Microsoft Certified Professional Developer (MCPD)
1,433
Microsoft Certified Systems Engineer on Windows 2003 (MCSE)
68,668
Microsoft Certified Systems Administrator on Windows 2003 (MCSA)
105,178
Microsoft Certified Systems Engineer on Windows 2000 (MCSE)
286,736
Microsoft Certified Systems Administrator on Windows 2000 (MCSA)
144,068
Microsoft Certified Desktop Technician on Windows XP (MCDST)
26,597
Microsoft Certified Database Administrator on SQL Server 2000 (MCDBA)
145,063
Microsoft .NET Microsoft Certified Solution Developer (MCSD)
28,535
Microsoft Certified Application Developer on Microsoft .NET (MCAD)
65,583
How often do you laugh so hard that Coke comes out your nose while reading a Security blog?
The following post just did that for me, and I wanted to share. If you have ever been involved in a pentest, you can identify...
http://layer8.itsecuritygeek.com/index/layer8/comments/ways-to-annoy-your-pentester/
6. Port flashing. Randomly open and close access to ports while he’s doing his scans, so that when he comes back for a closer look later, they’ve changed. Bonus points if you can make it look like whole hosts are appearing and disappearing.
5. Tell him you have a whole class B to scan, even if you don’t. Make him figure out which IPs belong to you and which ones belong to the Department of Public Safety down the street. If he’s really good, he won’t tick off the wrong people.
4. Change the hostname on your most critical server to “honeypot.”
3. Have your lawyer deliver “cease and desist” letters to his house.
2. Let him get about 1/4 of the way through his initial scan, and then shun his IP address and call him up, saying, “Game over! I win!”
and the number one way to annoy your pentester:
1. Accidentally add an “is” to his job title.
Developing for Windows Vista? The User Interface guidelines have been recently updated:
Windows Vista User Experience Guidelines
The goals for the official Windows Vista™ User Experience Guidelines (or "UX Guide" for short) are to:
If you are new to Windows Vista:
The following new guidelines have been published since our December 2006 update:
By popular demand, we now have UX Guide in PDF format.
GREAT collection of training videos for several aspects of the new System Center Operations Manager 2007.
Source: http://www.microsoft.com/technet/prodtechnol/mom/opsmgr/webcasts.mspx
Diagnostics and Recoveries
Presenters: Steve Wilson, MicrosoftThis video introduces the use of diagnostics and recoveries for monitors in Operations Manager 2007. Date Posted: March 2, 2007
About Groups
Presenters: Steve Wilson, MicrosoftThis video will show you how to create different types of groups using the Operations Console. Date Posted: March 2, 2007
Building Management Packs (Management Pack Concepts)
Presenters: Steve Wilson, MicrosoftThis video provides and introduction to creating and using Management Packs in Operations Manager 2007. Date Posted: March 2, 2007
About Rules
Presenters: Steve Wilson, MicrosoftThis video provides a brief overview of how to create and edit rules in the Operations Console. Date Posted: March 2, 2007
About Tasks
Presenters: Steve Wilson, MicrosoftThis video provides a brief overview of how to create and use tasks in the Operations Console. Date Posted: March 2, 2007
About Views (Add New Views of Monitoring)
Presenters: Steve Wilson, MicrosoftThis video provides a brief overview on creating, editing, using and organizing views in the Operations Console. Date Posted: March 2, 2007
Computer and Device Discovery
Presenters: Justin Incarnato, MicrosoftThis video demonstrates installing agents on discovered Windows Servers and Proxy Agents SNMP devices. Date Posted: February 28, 2007
Use the My Workspace Space
Presenters: Tom Keane, MicrosoftThis video provides an overview of using the Favorites Views and Saved Searches. Date Posted: February 28, 2007
The Monitoring Space
Presenters: Tom Keane, MicrosoftThis video provides an overview of using the Active Alerts view, the Look for filter, Performance views, and the Computers view. Date Posted: February 28, 2007
Distributed Applications
Presenters: Justin Incarnato, MicrosoftThe Distributed Application video demonstrates creating a distributed application model using the MS PetShop application as an example. Date Posted: February 16, 2007
About Monitors
Presenters: Tom Keane, MicrosoftThe About Monitors video demonstrates creating a simple service monitor in System Center Operations Manager 2007. Date Posted: February 16, 2007
Using the Operations Console
Presenters: Tom Keane, MicrosoftThe Using the Operations Console video provides an overview of each of the nodes in the Operations Manager console including the Monitoring, Authoring, Administration, Reporting and My Workspace nodes. Date Posted: February 16, 2007
Just noticed two really nice Windows Vista Ultimate wallpapers over on the official Windows Vista Ultimate site. You can set them as the desktop background on any OS (Vista or otherwise), but... why would you?
I can't imagine that this will make the front page of People Magazine, but if you are a Network or Security Admin, I have great news for you. With Windows Server Longhorn, you will be able to implement Password Policies on a Per User and Per Group level, as opposed to the current Windows 2003 (and prior) limitation of one password policy per domain.
This new changes to Password Policy in Longhorn are covered in detail by Microsoft MVP Ulf B. Simon-Weidner here: http://msmvps.com/blogs/ulfbsimonweidner/archive/2007/03/12/windows-server-quot-longhorn-quot-granular-password-settings.aspx
Before I get too far into this post, I need to point to the definitive article(s) on password policies from former Microsoft Senior Security Strategist Jesper Johansson:
You're back? Feel smarter now? Alright... let's continue.
With Windows 2000 and 2003, you can only apply password policies on two levels. Local and Domain. I know of very few folks that have password policies applied to individual computers, so we'll keep our discussion to Active Directory Forests/Domain Password Policies. To make sure we're on the same page, feel free to familiarize yourself with the following:
I'll bet you didn't think you were going to have this much homework when you clicked on the post! The practical aspect of the way password policies were architected in Windows 2000/2003 was that your password policy had to be a one-size-fits-all policy. Think about the different types of users you may have on an enterprise domain, and the ramifications of a one-size-fits-all policy:
Standard Users - If you implement a password policy requiring 24 characters, uppercase,lowercase, numbers, special characters, and non-printable characters (Alt+whatever)... guess what? They're not going to remember their password, and it ends up on a sticky note on the side of their monitor. Or under their keyboard. Or in their pencil drawer. Or as their desktop background.
Network Administrators - Couple of problems here... Network Admins often have the keys to the kingdom, so it is critical that their accounts are not compromised. If your password policy is too lenient (to address those forgetful standard users) you end up with passwords that can be brute forced by any number of freely available or commercial password crackers. As well, it is a Best Practice for Network Admins to be issued separate accounts. One for their standard user activities (browsing the web, checking their webmail, posting to Digg); and a separate account that is ONLY to be used for administrative activities (adding users, installing Exchange, etc.). I'll let you in on a secret... while network administrators may be Idiot Savants in regards to remembering arcane computing knowledge and acronyms... we can't remember passwords any better than anyone else.
Guess who writes their passwords down? Cryptographer Bruce Schneier does (http://www.schneier.com/blog/archives/2005/06/write_down_your.html). Jesper Johanssen does (you did read his articles at the beginning, right?). From News.com: http://news.com.com/Microsoft+security+guru+Jot+down+your+passwords/2100-7355_3-5716590.html
"How many have (a) password policy that says under penalty of death you shall not write down your password?" asked Johansson, to which the majority of attendees raised their hands in agreement. "I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them." According to Johansson, use of the same password reduces overall security. "Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it," Johansson said. "If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords." Johansson said the security industry had been giving out the wrong advice about passwords for 20 years.
"How many have (a) password policy that says under penalty of death you shall not write down your password?" asked Johansson, to which the majority of attendees raised their hands in agreement. "I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."
According to Johansson, use of the same password reduces overall security.
"Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it," Johansson said. "If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords."
Johansson said the security industry had been giving out the wrong advice about passwords for 20 years.
Windows Vista and Longhorn make great strides towards allowing folks to run as Standard Users through User Account Control (even if they are administrators on their box), but too many organizations just take the easy route, and give godlike privileges to network admins on a single account. This is just asking for trouble.
UAC Links:
Developers - This 3rd class of user has an entirely unique set of issues relating to password policy. For one thing, they have access to the source code and intellectual property that your entire company may run off of. If their network account is comprimised, could you stay in business if your trade secrets/code/IP made their way onto the internet, or into a competitor's product? Compound this problem by the fact that Developers often need "test" accounts. They need to be able to test their application as test users, test admins, test service accounts... These accounts often have the same priveleges as real users, but none of the accountability. Who will notice if these accounts are misused?
The only solution do having different users with different password policies in the past was to create separate domains. You could assign one password policy to the "Development" tomain, a different password policy to the production domain... This raises administrative efforts fairly significantly, with very minor benefits. The Best Practice from Microsoft is to run with as few domains as possible. Ideally (unless you have business justification for having multiple domains), you should run a single Domain within a single Active Directory Forest. Before I get killed in the comments, I will stipulate that your particular Active Directory design requirements may be very different from everyone else. You may be a large Fortune 500 company with wholly-owned subsidiaries, or with regional presences that require different domains. That's fine... I'm speaking in generalities ;)
Best Practices for Active Directory Design and Deployment
What does this all mean? Long story short, the ability (with Windows Longhorn Server) to assign different password policies to different groups or users (depending on their specific security requirements) is a much-requested and much-anticipated feature. I will point you to the blog I linked to at the beginning, which discusses the technical details behind this change, as well as why this change affects Users and Groups, and Not Group Policy.
http://msmvps.com/blogs/ulfbsimonweidner/archive/2007/03/12/windows-server-quot-longhorn-quot-granular-password-settings.aspx
Cheers!
I'm sure many of you will notice shortly (as the Service Pack is replicated out to all the download sites and Windows Update), but Service Pack 2 has been released for Windows Server 2003 (and for Windows XP x64). I haven't had a chance to play with it yet, but once I do I will be sure to put up a post with the changes, any gotchas, and some Best Practices for upgrades. In the meanwhile, I give you...
The enhancements to Windows Server 2003 Service Pack 2 include:
Useful Reading:
Deployment Tools:
SP2 on the Download Center
Download this version of SP2 if you need to deploy it to multiple servers over a network.
SP2 Standalone ISO Image
Download this version of SP2 if you want to create your own CD.
As mentioned in my last posting on OpenSuse 10.2 in Virtual PC 2007, I could not get sound to work. After just installing Mandriva 2007, I encountered the exact same problem. After a little research, I found the answer here: http://www.linuxquestions.org/questions/showthread.php?t=149181
As I have already deleted my OpenSuse VPC image, I wasn't able to test and see if it worked, but I can confirm that sound works in Mandriva 2007 (within Virtual PC 2007) with the above steps. I hope this helps someone out!
OpenSuse 10.2 was by FAR the most pleasant installation experience on Virtual PC 2007 of the 3 Linux Distros I have tried so far (you can read about my Ubuntu and Fedora experiences). As OpenSuse was released shortly after the Microsoft/Novell collaboration announcement, I am pretty sure that the installation experience has not yet benefited from combined engineering efforts. I am excited to see the changes that occur once the Novell Engineers and our Port 25 Open Source Labs team get together.
First off, I want to give the Novell/OpenSuse teams BIG kudos for not making the same assumptions that the Ubuntu and Fedora engineers did, assuming that all computers support 24 bit color. While this is the case with physical hardware, it is not necessarily a safe assumption on virtual hardware. OpenSuse actually PROBED my (virtual) video card, and then ran at 800x600x16, which meant that this was the first distro that operated in GUI mode from start to finish. Huzzah!
Speaking of graphical mode, OpenSuse is also replete with eye kandy (I logged into KDE, where everything starts with a "K" ;) It has a snappy default wallpaper, bright colors, bouncing icons... It may be reviled by folks that love the command line, but this is the first distribution that I would feel safe giving to my dad to play with.
I did run into a few strange issues with OpenSuse that I hope will be fixed in future versions. First of all, the sound does not work. As Virtual PC 2007 emulates a Soundblaster 16 (as Lowest Common Denominator as you can get), I am not sure why this is the case. Ubuntu and Fedora had taken so much of my focus to get the GUI working that I never even tried the sound, but the easy install of OpenSuse left me time to try things like sound ;)
The default music player in OpenSuse is called Amarok. Although Amarok has a ton of bells and whistles, it is no Windows Media Player or iTunes. Through no fault of its own, no Linux distribution that I have seen has a concept of media folders within the home folder. Windows Vista and Mac OS X have "Music, Pictures, Documents" folders for each user, and 3rd party applications all store (and look for) music in the same place. When firing up Amarok, you need to specify where it will look for music, and the UI looks as it does in the screenshot below. Where would my dad start looking when faced with this screen? He would probably start expanding at the top and work his way down. I cannot think of any circumstances under which music should be stored in the "bin" "boot" or "etc" folders, which store executable programs, boot files, and configuration files respectively. Even if you expand the "home" folder, and the user underneath, there is no obvious place where music should go.
The next interesting inconsistency I ran into was in the area of the web browser. OpenSuse comes with two, FireFox and Konqueror. FireFox shows up on the desktop and in the Start Menu (er... Suse menu?), and Konqueror shows up on the Task Bar (er... Suse Bar?) at the bottom. When clicking on the "About Amarok" menu, which browser would you expect to fire up? Turns out it is Konqueror. Although choice is nice, so is consistency. I looked for a "default browser" setting, but was unable to find one. That doesn't mean that it doesn't exist... just that I couldn't find one.
One other strange thing that happened during install related to updates. As part of the install process, OpenSuse attempts to download updates before you ever reach the initial desktop. There is a great step-by-step (with pictures of the entire process) here: http://arcanecode.wordpress.com/2007/02/16/installing-opensuse-102-on-virtual-pc-step-by-step/. Installing updates (especially security updates) before first boot is a VERY good thing, as you don't end up with the race to patch your box before it gets hacked. However, for some reason, the updates timed out for me. Over and over. For several hours... All other network activity on my host machine was fine, and I ran into no such issues with Ubuntu or Fedora. I'm not sure if I ended up with a slow mirror or if there is an actual problem, but it was annoying enough for me to take note. I eventually aborted the updates during install, and completed the rest of install with no problems. When defining my users, I even had the option of authenticating to a Windows Domain, which was actually pretty cool.
Even after reaching the desktop, software updates continued to cause me trouble. First of all, it turns out that my non-root user did not have permissions to run software updates, and I needed to enter the root password in order to add myself as an authorized user. The UI does not indicate anywhere that I could see how many updates were available (look at the screenshots), although it did highlight Security updates in red, which was a nice touch. It turns out that if you hover your mouse over the yellow circle with the exclamation point, it turns out that there are 126 updates available. Some of these are installers for non-Open Source software such as Flash and Microsoft Truetype fonts, so the number is artificially high. Even after selecting everything and hitting "update", I continued to have timeout errors with software update. Weird.
All in all, with the exception of the sound card and software update issues, the install went very smoothly. The GUI is very usable and relatively intuitive, and I really like the YaST (Yet another Setup Tool) that handles all of the configuration on the box. Several more Linux distros to go! In the hopper is Mandriva, Debian, and FreeSpire, along with some customized distros like M0n0wall, IPcop, and Honeynet's Roo. Stay tuned!
Another day, another *nix in Virtual PC post, and today's entry is brought to you by the letter Zed.
Er… Zod. (like the Presidential Candidate?!?)
Last week I installed Ubuntu in Virtual PC, and shared the installation workaround here: http://blogs.technet.com/seanearp/archive/2007/03/06/ubuntu-edgy-eft-6-10-in-virtual-pc-2007.aspx
Today I will cover my experience with installing Fedora Core 6 in Virtual PC 2007. Right off the bat, I ran into the exact same problem that I had with Ubuntu. Virtual PC supports 16-bit color, but Fedora Core has a default 24 bit color depth. This leads to a wonky boot screen that is completely unreadable.
The resolution (no pun intended), as it was with Ubuntu, was to change the x.org config file to have a default color depth of 16 bits. As the process is slightly different than it was with Ubuntu, I wanted to share the steps.
Fedora Core release 6 (Zod)Kernel 2.6.18-1.2798.fc6 on an i686
localhost login:
sudo sed -e 's/DefaultDepth.*24/DefaultDepth 16/g' -i /etc/X11/xorg.confTo save yourself typing, copy the light above, click in the Virtual PC window (so that it has focus) and hit Right Alt + V to paste in the text.
Now… as I mentioned in my last post, I am a fan of eye candy. In that regard, Fedora core is MUCH prettier than Ubuntu was. By default, Fedora boots up into gnome, although you can also use KDE if you would like. For the most part, things look fairly similar in both windows managers.
After booting into ANY OS for the first time, it is important to download Security updates. In Fedora, I clicked on Applications à System Tools à Software Updater, which opened up Package Updater. (I would assume that Software Updater and Package Updater are the same tool despite having different names). Unfortunately, this gave me an error message of "Another application is running which is accessing software information." Same thing when I retried. After leaving FC6 at the desktop for a few minutes, Fedora popped up a window letting you know that there were a mere… (drumroll please!) 226 updates available. I'm not sure if these are security updates or not… the dialogue box says:
Security Updates Available
There are 226 package updates available
I hope it's not 226 security updates… Fedora Core 6 was only released on October 24th (a month before Vista RTM'd). To get a similar listing of downloads on a Windows box, you'd have to install a copy of Windows XP Gold (not SP1 or SP2), and that was released in October of 2001. 5 ½ years ago! Good times…
One interesting problem I ran into while using Fedora in Virtual PC was that keys would occasionally repeat themselves. It happened just often enough to bug me, but not often enough for me to do anything about it. This issue has not occured in any of the other Linux distros I have tried, and certainly does not happen in Windows (which means that my keyboard itself is not defective). Fortunately, it turns out that Ben Armstron (AKA "Virtual PC Guy") ran into the same problem, and found a fix: http://blogs.msdn.com/virtual_pc_guy/archive/2006/08/08/692395.aspx. According to Ben:
After a bit of poking around it turned out that this was an extreme case of KB918461 (http://support.microsoft.com/?kbid=918461) "The system time runs too fast on a Linux-based virtual machine that is hosted in Virtual Server 2005 R2".
What is happening here is that the 2.6 kernel is using the TSC (time stamp counter) to provide a higher level of accuracy for time over just using the PIT (programmable interrupt timer). The problem is that the TSC is highly unreliable inside of a virtual machine - and this results in all sorts of timing oddities.
The resolution proposed by this KB is to configure Linux to just use the PIT for timing - which solved my problem nicely.
All in all, not a bad experience, and I am getting pretty good at modifying .conf files to change the color depth. The first two Linux distros I have tried work fine in Virtual PC (after tweaking the color problem). Next up… OpenSuse 10.2. Wish me luck!
According to How Stuff Works,
Studies show that a satisfied customer will tell 2-3 people about his experience with your company. A dissatisfied consumer will share their lament with 8-10 people and some will push that number to twenty.
But here's the opportunity. An unhappy customer will become a loyal consumer if you fix his complaint and do it quickly. Eighty percent (80%) of these folks will come back to you if you've treated them fairly. That percentage rises to the upper 90s if you respond immediately. Every day you have the chance to transform your mistakes into returning customers -- the kind who will tell other people good things about you. Imagine that.
Having worked in retail for several years before heading into the IT field, I can tell you that those numbers are spot on. I served as the Tech Department Manager at a large computer retailer, and there is no angry customer like one who just spent two or three thousand dollars on a new computer system that isn't working as expected (this was back when a PIII system with a 15" monitor actually cost that much). I'm much too young to be telling stories about "the good old days", although I realize that my kids will snicker behind my back when I mention that music came on audiotapes and movies on 12" Laserdiscs in my youth. But I digress…
The reason I became a manager in the tech shop was that I worked as a technician during the closing shift, and usually answered the counter when Mr. and Mrs. New Computer Purchaser came in looking to yell at someone. That someone was usually me. I would listen to their problems, offer to help in whatever limited way I could, and would eventually pick up the intercom to page the Duty Manager over to the tech shop. My page for assistance would precipitate a mass exodus by anyone with authority. Managers and supervisors would remember that they were due for a break, or needed to step into the bathroom, or would become deeply engrossed with helping someone find the right ink cartridge for their printer. All the while, the customer at the counter would grow angrier by the minute while I repeated my entreaties for help to no avail. I recall a time when one particularly frustrated individual eventually picked up the phone and threw it in my general direction… it is moments like these when $7.50/hr did not make up for the abuse I received.
One manager in particular would eventually make his way over to the tech shop, walking in a manner that made it clear that he had no intention of helping the customer. His meandering gait said "I'll get there when I'm good and ready." When you have worked at any company for a while, you learn the ins and outs of the system. I have always endeavored to learn ways to help out my customers, but this particular manager had an snappy rejoinder for every complaint. Returning a product 2 hours outside of the return policy? Denied. Sent in the UPC code for a rebate? No exchange for you! Receipt with an extended warranty slightly illegible? Rejected. Although it would have taken no extra effort on his part to take care of the customer, he found a sadistic pleasure in using the store policies to leave the customer out to dry. I felt so strongly against his philosophy of customer service that I applied for the Tech Manager position once it opened, and went out of my way for several years to proactively solve little problems before they became big problems, to listen to customers and determine what they were actually needing (which is often different from what they are asking for), and to use my powers for good. This lead to customers that came back again and again, referred their friends and family to the store, and one customer in particular that gave me a bottle of Crown Royal (while I was 19). I still have the (unopened) bottle ;)
So how does this relate to the blog title of "Cingular Rocks"? I finally got a cell phone in January, after not having one for nearly 5 years.
5 Years without a cell phone? In the 21st Century? For a geek working at Microsoft? What gives?!?!?
In 2001, I bought a new Sprint Cell phone (my first), and brought it home. I tried for an entire weekend to make calls from home with the cell phone, but due to the fact that my apartment was built into a hill, I had no signal at all without walking a block away. This would obviously not work as my primary phone, and I called Sprint to cancel. Despite having had the phone for a single weekend… a phone with no signal… Sprint proceeded to charge me contract cancellation fees totaling over $250. I was transferred to supervisors and managers, and nobody would override the decision. I had signed a contract for a year of service, and they were going to hold me to that contract come hell or high water. The experience so disillusioned me that I went 5 years without a cell phone. To Sprint, I was clearly unimportant as anything other than a source of revenue.
Contrast that with my Cingular experience. After getting a Windows Mobile 5 cell phone in January, I synced it with my Windows Vista Box, and chose "yes" when asked if I wanted my work email to be sent to my phone. I didn't specifically check with Cingular to see if I had a data plan, but assumed that I did as emails started showing up on the phone. How convenient! When stuck in traffic or in a waiting room, I could fight the email monster that assures my inbox is always full. I could check traffic, and weather, and maps, and stock prices. How cool!
Or at least it was cool until the phone bill arrived… It turns out I didn't have a data plan, and I had been paying for my data by the kilobyte. A little over 20MB in traffic had cost me over $200 in data fees. Arrrggghhh!!! I formatted my phone to make sure that no more emails were pushed to it, and went out of my way to make sure that I did NOTHING on the phone other than speak to my wife. I thought all was well, until the next Cingular bill arrived yesterday, with ANOTHER 20+MB of traffic and another corresponding $200+ charge. It turns out that I had used that much data between the time the billing cycle ended and the time it took for the first bill to arrive. Nearly $500 for the privilege of checking email from the road. My skin turned green, muscles exploded from my clothes, and I ripped my shirt off as the painful memories of cell phone over-charges came back.
There was nothing I could do… I had clearly used the data, and had done so without bothering to make sure I was signed up for a data plan. I am quite certain that the phone contract (that I never read) had made it quite clear what the charges were per kilobyte, and I was going to have to fork over enough money to buy an Xbox 360.
Despite my previous experiences with Sprint, I thought that I would contact Cingular and beg for mercy. I shot an email to the Cingular rep that works with Microsoft, and explained my situation. I received an email back in eight minutes (Seriously. 8 minutes.) letting me know that he was researching my issue and would get back to me. Just before I left for the day today, I got another email letting me know that they had enabled the unlimited data plan on my account (which runs around $30 or so), and had credited me back nearly $500 for that data I had used.
They didn't have to do that. To be honest, I didn't expect them to. But they did. They made things right, exceeded my expectations, and they now have a customer for life. Cingular Rocks. Thanks guys!
Why is Microsoft an incredible place to work? One of my goals of writing postings on this blog is to contribute to the body of knowledge available on the internet, and not to rehash information that has already been covered elsewhere. To that end, I will not cover the benefits that are already listed on the Microsoft website here: http://members.microsoft.com/careers/mslife/benefits/plan.mspx (although I must say that they blow away the benefits at any other company I have ever worked for). Free health care? When you have 3 kids at home, how can you go wrong?
Here we go… Microsoft is an incredible place to work because of the:
At Microsoft, I am surrounded by incredibly passionate, talented, experienced, smart, and friendly people from a myriad of backgrounds. For the first few months that I worked here, I was quite certain that my manager would call me into his office to say:
"Sean… This is a little embarrassing, but it turns out that we hired the wrong person. We had intended to hire someone named Shane, and due to a paperwork mixup… In any case, if you could pack up your things, I'll walk you out. As you can see, everyone around you is incredibly smart and experienced, and I'm really not sure what you have to contribute"
I'm still here, so the paperwork must still be messed up ;) All joking aside, the incredible people I work with (and interface with on many different teams within Microsoft) are a major reason that I am excited to get up in the morning, and reluctant to leave here at night. The background of everyone on the team is very diverse, and the aggregate level of expertise is amazing. Everyone has a specialty (be it Project Management, SQL, Exchange, or SharePoint), and everyone is very willing to share their knowledge and experience. I have yet to run into someone on any team internally that was not willing to take time out of their day to share documents, best practices, or information that was requested. We have a large number of very active internal discussion lists, and it is incredible to be able to tap into the knowledge of Senior Architecture Consultants that are implementing Solutions in the field, as well as Program Managers and Developers that can explain not only how something works, but why the product was architected in that manner. How did all these people get so smart? That leads me to…
At the companies I have worked for in the past, professional career development was a liability for management. I have to guess that the prevailing thought pattern was that if the workforce became educated, that they would all leave to find better jobs. Any professional development was something that I did on my own time, at my own expense, and as soon as the opportunity arose, I found better jobs. A company that considers employee development to be a liability or an inconvenience is not a company that I want to work at.
Microsoft is not one of those companies. I can honestly say that there are more learning opportunities at Microsoft than there are minutes in the day to take advantage of them. Not only are their opportunities to learn within Microsoft, but it is expected that you do so, on an ongoing basis. As part of the Mid-Year-Career discussions with my manager (yes, everyone within Microsoft meets mid-year to go over progress on career development), I have had to decide on what roles I would like to consider in the future. Would I like to be a Developer? A Technical Account Manager? Work in Finance? In Product Support Services? After considering my future, I work with my manager to write a development plan. What training do I need to do on the job to develop myself for future roles? Are there particular projects I should undertake? Should I job-shadow someone on a different team? Are there internal classes I should take (everyone has at least 20 training days a year)? Books I should read? Should I spend time with a mentor? There are limitless opportunities for self improvement, management is very supportive, and the hardest obstacle can be deciding what I want to be when I grow up ;)
What sorts of resources are available? One incredibly valuable resource is the internal Library. You know when you go into Barnes & Noble and browse the technology book section? How cool it is to look at all the MS Press, O'Reilly, and Addison Wesley books? To read a few pages and consider buying the book (before you turn it over and realize that it will cost $50 and be obsolete before you get it home)? The internal library (there are various campus branches) has EVERY Tech, Business, and Management book you can think of. If they don't have one you are looking for, they'll order it for you. Don't have time to read? There are many books available on CD that you can listen to in your car (I just finished The Marine Corps Way: Using Maneuver Warfare to Lead a Winning Organization (Jason Santamaria) and Crucial Conversations (Kerry Patterson), both highly recommended). All of the leading tech/trade magazines are available, and online we have access to the Wall Street Journal, Safari Books (electronic versions of thousands of tech/business books), Practice Tests… It is a geek's paradise. As I mentioned, there are more opportunities for learning than there are minutes in the day to take advantage of them.
One of the reasons that LAMP is gaining popularity is that it is… well, free. For someone who wants to learn a Database application or a Server OS, you can't beat the price of free (even if it may be more difficult to setup, or not be directly applicable to a typical work environment). But why compromise? For learning purposes (to the General Public), Microsoft has some great (free) resources to allow you to get your feet wet:
For internal Microsoft employees, however, you can open up the Add/Remove programs control panel, and EVERY PROGRAM MICROSOFT MAKES is listed. It is an incredible way to learn new products when you can install them at your convenience. I had not used SharePoint before coming to Microsoft, but I am now convinced that there was no collaboration before SharePoint. I work regularly with my co-workers in India, and being able to use the Team Sites that SharePoint enables has markedly increased the productivity of myself and my virtual team.
I won't write entire paragraphs on these, I did want to cover some of the other great benefits of working for Microsoft. For starters, the Sammamish campus (where I work) is gorgeous. We are about ½ a mile away from Lake Sammamish, and there is a large park (with nice walking/running trails) between campus and the lake. On the other side of us are some beautiful tree covered hills and mountains. As we are approximately 30 minutes east of Seattle, traffic is relatively light, and Issaquah (the local city) still retains a small-town feel. Taking a walk down to the lake during lunch is a great way to get some exercise and clear your mind. Work/Life balance is also a big focus at Microsoft. We have intramural teams (soccer, rugby, flag football, softball), and Microsoft will also pay your dues if you decide to join a local community team. Home delivery of food from Safeway is free (so you don't have to stop at the store on the way home… shopping while hungry is just bad news), and each campus has a local restaurant (it's Thai food in Sammamish). There is also MUCH more flexibility to have a measurable impact (on your team, your customers, a product, the community) than I have ever experienced at any of my previous employers. Microsoft is very much a results-oriented company, and there is significant personal flexibility (with hours, work locations, processes) as long as commitments are met and deliverables delivered. I have found that this significantly increases productivity and creativity when delivering a solution.
Many of the other benefits of working for Microsoft are covered in detail at the following links.
http://qbrundage.com/michaelb/pubs/essays/working_at_microsoft.html
http://members.microsoft.com/careers/mslife/benefits/plan.mspx
http://www.fearthecowboy.com/2007/01/one-of-benefits-for-working-at.html
http://research.microsoft.com/displayArticle.aspx?id=1533
http://blogs.msdn.com/jobsblog/
Long story short, you don't have to have a response like this one if you ever hear from an MS recruiter. J