Being a Mum of two young boys who avidly use the Facebook, MSN, Online Gaming, Mobile phones I am very aware of the importance of keeping them safe online and clear about what to do if they feel uncomfortable in any way. On the 9th of February Microsoft are taking part in Safer Internet Day . We have a whole range of volunteers who have been trained by Ceops to train Parents and Children on how to safely use the Internet.
This year as part of the “Click Clever Click Safe” campaign UKCCIS will be launching a new digital safety code for children– “Zip It, Block It, Flag It”.
Download the CEOP (Child Exploitation and Online Protection Centre) IE8 toolbar Click Clever, Click Safe, Click CEOP add on.
http://www.ceop.gov.uk/ie8/
Remember be informed and be safe. Plus IMHO do not let children use the Internet alone on their own in their bedrooms. Have the Computer\Laptop in a public family area where you can keep a friendly eye on what is going on.
Also make yourself aware of the Language being used. For Example
POS = Parent over shoulder ! :)
I was reading an internal Newsletter and I found some great information about some great funky videos to help you learn lots about Windows 7 and Office.
These are a little bit different from our normal corporate videos. But I found them cool informative .
Check them out here http://www.microsoft.com/showcase/en/us/channels/officecasual
Also I think I must be the only person in the world who has not seen AVATAR yet. I was also did not realise how much Microsoft was involved in the making of the Movies special effects !. We even get a “special thanks” in the credits :).
Have a great weekend. !
Myself and a colleague Mark Empson have been developing a New Service entitled a GPO Health Check that looks at every aspect of the health of your Group Policies. Well one of the tests involved was checking for any Group Policies that had only the Read Group Policy Object permission and not the Apply Group Policy Permission.
Once this test had run through we found we had virtually every group policy in our test environment registering as having this Read only permission set against a group called the
“Enterprise Domain Controllers “ Group. On further investigation this proved to be absolutely correct and is the default setting for a Windows 2003 and Windows 2008 and Windows 2008 R2 environment.
This Read only access is required for Group Policy Modeling which is a feature of the Group Policy Management Console (GPMC) that simulates the resultant set of policy for a particular configuration. The simulation is performed by a service that runs on domain controllers. To perform the simulation across domains, the service must have read access to all Group Policy objects (GPOs) in the forest
However an important proviso is associated with this which I was blissfully unaware of .
If you are upgrading from a 2000 Forest to 2008 or 2008r2 only NEW group policies will have this “Enterprise Domain Controllers” permission of Read applied to them. All group policys created previously will not have this permission applied to them.
This will be exhibited by the Group Policy GPMC snap –in informing you that the “Enterprise Domain Controllers “ does not have Read access to the Group Policy.
To remove this error message all you need to do is use a script to update the Group Policy permissions across your Enterprise.
The details of this script , plus also details to run this from the command line are available here.
http://technet.microsoft.com/en-us/library/cc753453(WS.10).aspx
Well I did not realise the above until just the other day, so another tidbit to store away :).
Well my friend and Colleague Justin Zarb showed me something funky in Office2010 beta today. He was running his installation with a great “Black” colour scheme in Outlook, similiar to below;
The way he set this up was to go into options in word and choose optimize ribbon.
Then you have a choice of either Black , Silver or Blue.
Note this not only affects Word but also all your other suite of Office 2010 Applications including Outlook.
It is funny how the small things like that can make me happy !
Well I was busy working at Bett 2010 today at Olympia despite the snow. I left for Olympia at 6.30am this morning and I was quite suprised when I stepped outside my door into 4 inches of snow.
Our Stand at Olympia has been very busy all day. See Below;
There has been a tremendous amount of interest in our Office 2010 suite of products , Sharepoint 2010 plus also Win 7 , HyperV . Plus also there was some really good demos and presentations happening on our Lecture Theatre Stand and our Demo Pods.
One of the products I was particularly interested in with a view to possibly using it at the next Digigirlz event we are holding in June 2010 was KODU .
Kodu is a visual programming language made specifically for creating games. It is designed to be accessible for children and enjoyable for anyone. It can be used on an Xbox 360 or on a pc with or without xbox 360 controller. this is available for free download from as a Technical preview copy from http://fuse.microsoft.com/kodu/. There is some great information around it here.
http://community.research.microsoft.com/blogs/kodu/default.aspx.
In addition to this was actually seeing Semblio in action which was raising alot of interest from the teachers and also Dreamspark.
Well I am back on duty tomorrow at BETT all day so please come along and talk to me. I have answered questions ranging from Xbox360 through to Movie Maker, Photostory and Windows 7 and Office 2010, and event Windows Live & hotmail accounts……mmmm not bad for a days work !
Well this is a bit of a fun post . One of my colleagues told me about this website .
Where there is a contest going on to choose Barbie’s next career… and computer engineering is one of the options!
If you have a moment, go to the link below and vote for Computer Engineering
http://www.barbie.com/vote/
Mind you I was not a very good Barbie\Sindy owner. I can definitely remember taking a pair of scissors to her hair and the results were not pretty :)……..
I had a couple of informative emails today bringing my attention to some great new tools and utilities.
The first one is the Windows System State Analyzer as blogged about by the Ask the Performance team. I never realise this functionality existed . As they state on their blog.
“The basic functionality of the System State Analyzer tool is to allow you to compare two snapshots taken at different points in time. This allows you to compare the state of a machine both before and after an application install for instance.”
This tool is available as a free download from
· Server Logo Program Software Certification Tool x86: http://go.microsoft.com/fwlink/?LinkID=140110
· Server Logo Program Software Certification Tool x64: http://go.microsoft.com/fwlink/?LinkID=140109
Note: You must have the .NET Framework 2.0 installed for Windows System State Analyzer to work correctly
The second useful tool is that AD LDS ( Active Directory Lightweight Directory Services) is now available for download for Windows 7.
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a45059af-47a8-4c96-afe3-93dab7b5b658
Overview
AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers. In environments where AD DS exists, AD LDS can use AD DS for the authentication of Windows security principals. You can run multiple instances of AD LDS concurrently on a single computer, and have an independently managed schema for each AD LDS instance.
Thanks to John Gregson for bringing my attention to the above.
As part of my training for BETT I learnt about the HOME ACCESS programme.
This looks a really fantastic initiative to open up access to computing to children and parents who are less privileged.
As I sat at home watching my two boys using Xbox 360, ps3 etc . Plus moving through applications and surfing online with ease it really strikes home to have this potentially available to children who come from less privileged circumstances. Some of the key takeaways for this are;
Home Access is unlike other PC programmes
-It doesn’t measure success by the number of PCs shifted
-It focuses the benefits of sustained and meaningful use in the family
-It recognises that families who benefit will have limited ICT experience
Home Access focuses on sustainability
-The PC package includes PC / Software / Tech Support and Broadband
-All software is installed and pre-activated
-Significant assistive technologies have been included
Home Access promises a “safe out of the box” experience
-With user accounts for parents and students set up
-And parental controls and filtering installed and activated
-And training offered as part of the package
All the suppliers will provide information packs for new owner
Check out our website for more details.
http://www.microsoft.com/uk/education/schools/home-access-programme/default.aspx
We are going to be making all our visitors to the Microsoft stand at BETT aware of this great Initiative so I encourage you all to let all your schools and friends know about this initiative.
Well I am back to work and have now found some spare time to blog a little. Well we have been in the grips of a snow freeze here in the U.K. with temperatures dropping to –13C yes Celsius not Farenhite. Because we are not used to such weather we have had road chaos as we ( I include myself in this) are not great at driving in such treacherous conditions.
Well this certainly did not stop us from working. Even though Microsofts Office at TVP has been closed because of the treacherous driving conditions. We all reverted to using our remote home working facilities and Microsoft Live Meeting and Office Communicator worked really well. I spent alot of today on a Live Meeting training session for next Weeks BETT conference at Olympia. BETT is the world’s largest educational technology event. I am really looking forward to it and will be there next Weds and Thursday.The Live Meeting had over 65 attendees and It worked really well . As a diverting interlude to all the training every so often we had webcam views of snowy scenes from everyones Home Office :) . The organiser of the Live Meeting did have the foresite to warn us first before he switched to our webcams !
See below for a view of SNOWY Microsoft Thames Valley Park HQ
![clip_image001[8]](http://blogs.technet.com/blogfiles/janelewis/WindowsLiveWriter/HappyNewYearfromChillyBritainandlookingf_1292C/clip_image001%5B8%5D_thumb.jpg "clip_image001[8]")
I thought below was a striking picture . This was taken from the BBC website as a picture from a NASA satellite http://news.bbc.co.uk/2/hi/in_depth/8447023.stm…….Brrrr. Reaching for the thermals as I type.
What a fantastic picture !
Well I Know 2009 has been a busy busy year. And for some of you a tough year too. Therefore I wish you all the best and I am taking a break for the Christmas Holidays. I would like to wish Everyone a Very Merry Christmas and a very Happy New Year. Below is a Christmas scene from the back garden of my good friend Eileen Brown. They had alot of snow in Colchester !. Mind you 1 snowflake in the U.K. and we come to a standstill :). Read more about that on Eileens blog.
Certain customers have recently been experiencing an issue which I wanted to bring to your attention.
Issue with Domain Controllers Windows 2003 sp2
Wmiprvse.exe consistently consumes a high percentage of CPU on Domain Controllers and svchost.exe has a a high handle count of around 75000 and another svchost.exe hosting rpcss has 23000 handles.
Impact: Servers need to be restarted on a scheduled basis.
On Investigation of this issue I discovered that there have been other similar reported instances of this type of issue with other customers within the last 6 months.
Note: this does not occur in Windows Server 2008.
Cause
This has been traced to a problem with dnsprov.dll see below for more details;
“A windows Server 2003 (R2) SP2 machine, which implements a DNS role (usually true for many DCs), might become unreliable, unstable and misbehaving because of this problem. Manual intervention is needed to restore the server to its stable state each time administrators become aware of the problem going on, which can occur about once per week per DC, in an environment that implements SCOM/SCOM 2007 R2.
A windows Server 2003 server implementing the DNS role, when it receives certain WMI queries against the DNS WMI provider, will leak a TLS slot in the WMI process that hosts the DNS WMI provider. TLS slots are a finite resource (64+1024 slots available per process) so they can be quickly exhausted if leaked. A process that has its TLS slots exhausted doesn't behave normally and can incur in any kind of problem and unexpected behaviours.
Currently observed odd behaviours caused by this specific leak are:
- 100% CPU usages in the WMI host process that incurred the exhaustion.
- Other WMI providers sharing the same WMI host process not working as expected/misbehaving
Since WMI is a system service supporting many OS functions and application, having one of its processes in an unstable state makes the entire server unreliable, as mentioned and the problem needs to be resolved manually (DC reboot or WMI subsystem restarted).
SCOM 2007 happens to have a pattern of WMI queries that triggers the problem systematically after a few days monitoring a Windows Server 2003/DNS role.”
Workaround
On investigation of the issues 3 workarounds have proved successful in several of the previous reported cases.
Considering that:
1. The TLS slot is leaked each time a load/unload cycle occurs on the WMI DNS provider dnsprov.dll
2. A WMI provider is unloaded after 5 minutes it is idle
3. SCOM issues DNS queries at a rate that allows it to unload and reload between two queries
There are 3 possible workarounds see details below;
a. Execute a WMI script that uses the DNS provider to create an object and then never terminates, hence preventing the provider itself to become idle and then being unloaded. (Script is below).
' This script changes HostingModel property to run Microsoft DNS WMI provider
' in an isolated wmiprvse and allowing a workaround to a TLS leak.
strComputer = "."
strInstance = "__Win32Provider.Name='MS_NT_DNS_PROVIDER'"
strNewHostingModel="NetworkServiceHost:DNSSharedHost"
dim oMicrosoftDNSNamespace 'IWbemServices
dim oWMIProvider
Set oMicrosoftDNSNamespace = GetObject("winmgmts:"_
& "{impersonationLevel=impersonate, (Security)}!\\" _
& strComputer _
& "\root\MicrosoftDNS")
set oWMIProvider=oMicrosoftDNSNamespace.Get(strInstance)
Wscript.echo "Provider : " & oWMIProvider.Name
'updates the HostingModel property
Wscript.echo "Current value for HostingModel: " & oWMIProvider.HostingModel
If oWMIProvider.HostingModel=strNewHostingModel Then
Wscript.echo "No need to update DNS WMI Provider HostingModel property"
Else
oWMIProvider.HostingModel=strNewHostingModel
Wscript.echo "New value for HostingModel : " & oWMIProvider.HostingModel
'updates the object in the repository
oWMIProvider.Put_
End If
This needs to be renamed to .vbs. Also of course fully tested prior to being applied to the live production servers. The advantage of this is that this could be implemented via a Group Policy across the estate.
Note: This Script is provided with provided "AS IS" with no warranties, and confers no rights.
b. Isolating DNS prov. In a private wmiprvse. This can be done via the following steps;
1. Run WBEMTEST.
2. Click Connect and input root\microsoftdns in the Namespace.
3. Click Enum Classes..
4. Select Recursive and click OK.
5. From the classes list, select __Win32Provider and double click it.
6. Click Instances.
7. Select the instance and double click it.
8. Select HostingModel from the properties list and double click it.
9. Change the value from “NetworkServiceHost” to “NetworkServiceHost:DNSProvHost”
(without double quotation marks)
10. Click Save Property.
11. Click Save Object.
12. Click close to quit WBEMTEST
The obvious disadvantage of this is that the above steps for workaround b are manual and impractical across a large enterprise environment.
c. Write a simple rule in OpsMgr rule to keep the DNS provider from unloading by calling on it very frequently – this appears to keep the provider from unloading, and therefore leaking TLS slots.
Please see the following Blog which details this final workaround more specifically;
http://blogs.technet.com/kevinholman/archive/2009/06/29/errors-alerts-from-the-dns-mp-script-failures-wmi-probe.aspx
In most cases it will not be a problem if you are regularly patching and rebooting your servers on a regular basis. However if you are experiencing issues hopefully this information will help. If you are a Premier customer however I would advise raising a support case via Premier to double-check and validate the advice offered here. Plus also it gives you a documented escalation path.
Jane
Hello,
I had an interesting customer request recently that I thought I would share with you. Prior to an upgrade to 2003 they had an account which was used for Remote Desktop Users. On upgrading to 2003 this account became replaced by a System Owned Object with exactly the same name. So their question to me was how do we rename a System Owned account without getting the following error.
"The attribute cannot be modified because it is owned by the system"
Carry out the following steps.
Warning: Make sure you fully test these in a pre-production environment before applying them to your live environment.
1 Launch LDP.exe and bind to the DS server you want to modify. Make sure you are
schema admin, and admin over the partition you are modifying
2. After connecting and binding navigate to the browse menu and select the
"Modify" option.
3. Leave the DN blank, type 'schemaUpgradeInProgress' into the Attribute field and
in the values field type 1.
4. Click the Add operation and then click the enter button. This will add this
command to the entry list.
5. Click the Run button. If you are successful you should see a successful modify
message.
6. Go to View -> Tree. Connect to the appropriate base DN.
NOTE: If your goal is to delete an object in AD that has child objects, then you
will need to remove the child objects first.
7. Find the object, right click and select modify
8. In the attribute field, type "systemflags"; in the Values field, leave it
blank; in the operation radio options, select delete
9. Then click Enter, then click Run to remove the system flags values
10. Perform the modification or deletion of the object
11. Set the systemflags value back to the original value, to make it owned by the
system again
11. Once finished, run LDP again with the above steps, changing the
schemaUpgradeInProgress value to 0 (to prevent unwanted schema/system changes)
Well once again we had a fantastic day at Microsoft on the 27th of November. We held our second Digigirlz event of the year. We had over 200 girls and teachers who attended our event here in Reading. It was a packed day full of interactive presentations . We had Andy Sithers and Mark A’Bear doing some great presentations around Digital Photography and Surface. Our main challenge of the day was to encourage the girls to come up the
“Design the Next big IT Accessory”. The schools were divided down into teams of around 10 and given 2 1/2 hours to come up with their ideas. There were some really truely great ideas and it never ceases to amaze me the imagination and energy that these girls show.
Congratulations goes to Queen Annes School whose idea was ICQ which was based around some digital sunglasses which enabled you to have a multimedia internet based Sunglasses !. Brilliant Idea that was executed and presented using PhotoStory.
In the afternoon we had a really fantastic and interesting session delivered by Peter MCowan of the University of London
“The Magic and intelligence of Computer Science”
He has a brilliant website which I recommend you check out.
I always feel completely shattered but on an incredible high after each event. Roll on the next event in June 2010.
We are going to put our heads together to think up a completely new type of challenge :)
See below for some pictures from the day ;
Well even when you are working on the floor at Teched you have the opportunity to research and deal with customer queries. So I was busy doing my flipping between the Ask the Experts and the Hands On Labs and a delegate asked me a question that deserves serious consideration.
The delegate was asking what was Microsofts recommendation around having more than one Network Card in a Domain Controller.
Well my response was and is that this is not a recommended configuration however we do realise alot of our customers do work in this configuration.
Please see below for the kbarticles and background information around this.
The reason for this is various issues which are well documented in the following articles.
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
http://forums.techarena.in/active-directory/954155.htm
Both these technical references point to kbarticles which highlight specific issues which can arise in this situation , but also highlight workarounds.
246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too):
http://support.microsoft.com/?id=246804
296379 - How to Disable NetBIOS on an Incoming Remote Access Interface [Registry Entry]:
http://support.microsoft.com/?id=296379
Well Rane Johnson and myself delivered our Women in Technology session at Teched yesterday. I can honestly say that it went very well and was well received by our ladies and gentlemen who attended. To say the least this was not run like a normal break out session and to the suprise of the ladies & gentlemen we made the event as interactive as possible !. There were some great networking going on which we carried on into the Community Evening where we made a point of signing the Community Lounge “Berlin Wall”.
I would like to thank Rane Johnson Microsoft Technical Audience Marketing Lead for CEE for helping me make this session a great success.
Plus also Paula Januszkiewicz ,http://blogs.technet.com/plwit and Ilse Van Criekinge of Microsoft for helping us make this event a success !
See a selection of feedback quotes ;
“ A very inspirational Session - Thankyou!”
Also from an Male attendee
“Such an inspiring session with speakers passionate about the subject. Really enjoyed that the session was interactive since it makes the session much more valuable than else. The topic is very important, also for us men, and should be emphasized more in coming events.”
So thankyou to all that attended and I look forward to meeting up with you hopefully at some event in the future !
