Tuesday, November 23, 2010

We have met the TSA.... and he is us

We have met the TSA and he is us.... Yes, friends, the TSA (and its parent agency the DHS) are a direct result of our frenzied demands for a safer country. ("Our" does not mean necessarily "you" or "me", but "us" the citizens of the USA.)

We supported President Bush by an overwhelming majority when DHS and the TSA were created. We supported the Patriot Act. We supported allowing the federal government to take over airport and port security. We supported President Obama in allowing the DHS and TSA to continue to operate with bullies and thugs in their ranks. I'm not saying all TSA employees are bullies and thugs.

Since Sept 11, 2001, I have traveled a bit over 1,000,000 "base" miles via air.  I *did* have a brief "brushing up against my junk incident" once in 2004, but I usually just witness clueless employees and inconsistenly enforced policies. By and large, MOST of the TSA people I have encountered were polite, but bored civil servants.

The current frenzy over back scatter machines, aggressive pat-downs, and 5 year olds being searched is a natural progression of the power and authority that we have enabled for the DHS and TSA. Regardless of who controls Congress or the White House, expect this to expand further.

I don't know of a better solution for transporation security, but I can tell you that the current "solution" is one of our own making. And I certainly don't trust Congress to make things any better.  The only thing I know for sure is that terrorists and extremists are going to continue to look for ways to exploit current or future weaknesses.

Monday, November 22, 2010

Uploading photos to Active Directory for use with Outlook 2010

One of the coolest new features in Outlook 2010 is the ability to view photos stored in the Active Directory. While this is supposed to work only with Exchange Server 2010, it seems to also work if you are running Exchange 2007 and Outlook 2010.  I am also expecting to see the capability to use this photo integrated in to other products such Office Communication Server (Lync) and SharePoint.  You can upload photos to the Active Directory using the Exchange 2010 Exchange Management Shell.

My company's products Self Service Active Directory Update and Directory Manager are great tools for getting the data in to the Active Directory and are MUCH easier to use than the Exchange Management Shell. Our Directory Search application can be configured to display a user's photo. For existing and future customers, here is some information:
  • Use the thumbnailPhoto attribute NOT the default jpegPhoto attribute
  • Microsoft's recommendation for the photo size is 96 x 96
  • We recommend setting the photo size to 128 x 128
  • Typical image sizes are between 5KB and 10KB
  • Impact on the Active Directory is usually minimal
  • Adjust the settings using the DirectorySettings.XML file in the section
  • If you supply a photo at EXACTLY the size (such as 128x128) then we do not alter the photo
  • Photos supplied at different sizes/resolutions are re-rendered to the size specified in the XML file
  • The thumbnailPhoto must be flagged in the schema so that it replicates to global catalog servers
  • The NETWORK SERVICE user must be given "modify" permissions to the \inetpub\wwwroot\directorymanager\photos or the \inetpub\wwwroot\directoryupdate\photos folder.  This folder is used for temporary storage only.
  • The IIS application pool's Identity must use the NETWORK SERVICE account
Existing users of Directory Update v1.6 or later and Directory Manager v1.3 or later can modify their application to upload photos by editing the DirectorySettings.XML file.  If all you wish to do is upload photos, the other sections of Directory Update or Directory Manager can be hidden.

While Directoy Update and Directory Manager can both upload photos, we recommend using Directory Manager and designate the task to a small number of people (such as Human Resources) so that you get consistent and good quality photos.

Labels: , ,

Sunday, November 21, 2010

Directory Update, Directory Manager, and Directory Search on Windows Server 2008

Most of our new customers are now running Directory Update, Directory Search, and Directory Manager on Windows Server 2008 or Windows Server 2008 R2.  Our applications are fully supported on both flavors of Windows Server 2008, but the enhanced security and minimal install surface may make installation a bit more complicated.  Here are some recommendations for installation and troubleshooting:
  • Internet Information Server requirements:
    • IIS 7 web service components
    • The IIS 6 compatibility components of IIS 7
    • ASP.NET
    • .NET Framework 3.5
    • We recommend creating a separate IIS application pool that uses the Identity NetworkService.  Call it something such as "DirectoryUpdateAppPool".  That application pool's 32-bit features must be disabled on Windows x64.
  • Give the NETWORK SERVICE user "modify" permissions to the .\Photos folder and/or the .\Logs folder

Monday, November 08, 2010

Exchange Connections Fall 2010 Session PowerPoints slides

Thanks to everyone that attended my sessions at Exchange Connections in the Fall of 2010.  As promised, here are the slide decks from my sessions along with the session I covered for Paul Robichaux.

High Availability for Small and Medium Sized Businesses without the High Cost

Migrating to Exchange 2010 from Exchange 2003

Making Good IT Business Decisions While Cloud Proofing Your Career

Robichaux - Get Off My Cloud


Sunday, November 07, 2010

Exchange Server 2010 Best Practices - Two Thumbs Up!

I just recently picked up Exchange Server 2010 Best Practices. While there is a bit of overlap with my own book, this is a really great book and has a lot more technical depth on Exchange Server 2010 (including SP1) than any other book on the marketing. Great job to Sigi Jagott and Joel Stidely! I also really like the concept of allowing other Exchange Server experts to write small side-bars or articles within the book. Two thumbs up!!