Joseph Hinkle at MyITForum.com

I like TaxAct myself, but PCWorld has a nice breakdown of the competition.

As I mentioned earlier, I'm evaluating different software virtualization options for my company. I know I'll be looking at several, but I decided Altiris SVS would be a good starting place. My company has been using Wise products since InstallBuilder 8, so virtualization using tools we already have and use is very appealing.

It really is interesting to see all of the different approaches that are used for virtualizing software. Some companies use an agent, some don't. Some allow virtualized applications to interact with one another, some don't. SVS uses an agent to manage the virtualization packages, called "layers" in their product. They also allow the applications running in different layers to see one another.

This presents an interesting opportunity. So far, the tools I've seen don't allow this kind of interaction, causing some angst in virtualizing Office due to the number of plug-ins and other hooks from third-party applications. SVS allows Office to be virtualized in one layer, plug-ins to be in other, separate layers, or even installed natively in Windows. This flexibility is very comforting to me.

The product comes in two flavors: standard and professional. Standard provides virtualization and an agent license. Professional adds streaming and license management capabilities. There is an unsupported SMS connector that allows layers to be deployed and activated with normal software distribution packages. I'm not sure that this approach will give me the flexibility that I want, since I'd rather have the set-it-and-forget-it functionality that the streaming server provides.

The license management capabilities of the streaming server were quite nice. There are a few features that really stood out to me. There is a license pool, which allows licenses to be allocated automatically and access denied - or not - if there is no license available. The product also allows licenses to be automatically deactivated after a specified time period of inactivity, like traditional metering capabilities. One interesting thought was a "single-use" license. Essentially, a license could be allocated for a single use, providing true concurrent usage.

Obviously, I am fairly impressed by the product. Honestly, I wasn't expecting to like it this much. I really liked SoftGrid when I saw it initially, but SVS adds some really intriguing flexibility.

The Microsoft Assessment and Planning Solution Accelerator is an agentless tool that will find computers on a network and perform a detailed inventory of the computers using Windows Management Instrumentation (WMI), the Remote Registry Service, or the Simple Network Management Protocol (SNMP). Using the inventory data, the tool will assess and report whether computers can run Windows Vista, Microsoft Office 2007, Microsoft Application Virtualization (SoftGrid), and Windows Server 2008. This includes assessment of device driver availability and recommendations for hardware upgrades that may be required.

Download details: Microsoft Assessment and Planning

I just finished pulling down ISO images of the SP1 upgrade for Vista and a slipstreamed version of the base installation.  Hit licensing.microsoft.com if you have an account.

I'm building a new laptop for myself and, since all of my blogging was previously done on my Mac, I was on the hunt for a new blogging client.  I have used w.bloggar for years on my work PC, but I've never been satisfied with the HTML only interface.

So far, I like Windows Live Writer quite a bit.  I'm not completely happy with the interface, but for free, I don't have any real complaints.  I was most impressed with the self-configuration option that picked up the Community Server blogs here without any problem.

The only down side that I've seen so far is that it won't install on my Vista box at work.  I'm not sure if it is a proxy problem or a problem with my PC, but I may try to figure it out if I have time tomorrow.

The primary way that my company grows is through acquisition. It is rather typical of manufacturing, as building facilities costs money, then customers have to be found to fill the new capacity. From an IT perspective, it leaves an interesting question: how far does the integration effort go?

I've been through a major acquisition and several minor ones. In all cases, we did a rip and replace, spreading our systems throughout the new locations. This has afforded us a great deal of flexibility in IT over the years, since we're keeping things standardized. Supporting 5000 users isn't a lot different from supporting 2000, except for the scale.

What if that isn't the case? I'd love to hear some of your stories about integrating disparate systems and what struggles or triumphs were part of the process.

Apple released a software update for the iPod Touch and iPhone today, incrementing the version to 1.1.4. In typical Apple style, they weren't very forthcoming with the information about the update. This time is was a classic: 'includes bug fixes and supersedes all previous versions'. That's it.

Interesting summary of capabilities and limitations.

I thought it was interesting to see a magazine about Microsoft products publish an open letter to Steve Jobs, but I agree with almost all of it.

With Apple's image at an all-time high (your stock isn't too shabby, either), it does seem arrogant for me to offer advice, but I believe Apple is missing out on a golden opportunity. And that opportunity is the enterprise. How many IT pros use Macs at home or buy them for the family? Isn't this a perfect target audience?

[From Redmond | Column: Dear Steve: Think Enterprise]

They switched from the KY-AK game with 45 seconds left to play to show the tip-off of the Duke-St. John's game. Bleh.

The patch management doc I promised got held up by a surprise management chain upheaval and subsequent meetings, but it is coming, I promise!

That was quick.

As with any software release, our commitment is to continuous improvement, and we are currently finishing up the first Office 2008 update, 12.0.1, which contains fixes for high-priority issues we’ve identified. We’re targeting a March 11th, 2008 release date, which will automatically be available via Microsoft Auto Update, and as a download from Mactopia at: http://www.microsoft.com/mac/downloads.mspx.

[From Mac Mojo: The Office for Mac Team Blog]

I spent most of the day today finalizing our patch management policy/strategy. It has been an interesting evolution for me, since I've watched the process grow from the basic patch management I was doing in SMS 2.0 to the well-tunes process I outlined for my staff today. While the tools have gotten better - and much more reliable - the process has not changed that much in my organization.

Our users, like most, have little tolerance for much of anything. I work for a manufacturing company, so spending money on a wake-on-LAN solution was never an option. We've experimented with different timings, patch groupings, and other mind tricks to help with the process. Today, I finally realized what I didn't like about our existing process.

Essentially, the process was unmanageable. Clients got advertisements they didn't need, resulting in unnecessary inventories. Patches weren't grouped into appropriate sets that made it easier to transition to a maintenance mode for that group. Clients rebooted multiple times, depending on different configuration items. In other words, it was bad. I was never really challenged on it because of some extenuating circumstances - the same ones that pulled me away from posting here for a year and a half - but that's all better now and I have time to focus on process improvement.

Tomorrow, I'll post a sanitized version of the result of my work, along with some queries that I'm using to build the collections that we're distributing to. I'm sure that someone is doing something better and, if so, I'd love to hear ideas for improving the process. If nothing else, I hope that it can serve as a starting point for a patch management policy and procedure for another needy admin.

I had a site full of clients that seemed to be using random servers for updates instead of the local repository. After changing the policy so that it could only fall back to our central site, the clients still fell back consistently. After some log diving, my first with McAfee, I found the following:

• Looking at the agent logs from the McAfee console is mostly useless for troubleshooting this issue, as no server is actually listed for any of the processes.
• The FrameSvc log at the top of the log page for that client is much more helpful. In the details, the error "SiteStat.xml is invalid" was found, which led me to the server (which was obvious, but the server guys didn't think it was their problem initially)
• After checking http://<siteserver>:9601/software/sitestat.xml I found that the repository was disabled. It was a simple fix, but somewhat painful to find from the client-side.

Here is some more information about SCMDM:

Device Management solution that integrates directly into a Windows Server infrastructure
Full, Over-The-Air device provisioning
Automatic deployment of targeted applications to devices
Secure data channel from the device to the corporate network
Enablement of core LOB scenarios in a mobile environment unlike before

[From Matt Hester's WebLog : System Center Mobile Device Manager 2008 has gone RTM!]

On Wednesday night, Feb. 20, for the third time in the past year, the moon will become completely immersed in the Earth's shadow, resulting in a total lunar eclipse.

[From Viewer's guide: Total lunar eclipse on Wed. - USATODAY.com]

I'm cross-posting this from my personal blog. It is quite relevant to some of you, so I thought I would share it over here as well.

We loaded Leopard on a couple of machines yesterday. It went very well, except for two significant problems.

First, Active Directory integration is broken. It centers mostly around authentication issues. If the Mac was joined to the domain before it was upgraded, it can't log on after. Directory Utility returns a "Server can not be contacted" error. If the machine was not joined to the domain, it fails while trying to with an "unknown error" in step 3 of the bind process.

The other issue is in Safari through a Microsoft ISA 2006 proxy server. When going to an SSL website, Safari crashes after it tries to authenticate. Firefox still works.

I'm guessing that both issues are related to the re-written Kerberos engine. Our call with Apple support has been escalated to engineering, so I'll post when we get a solution.

Update: As of 4:00PM EDT on Monday Oct 29, we haven't heard anything from Apple support.

Update 2: One of my coworkers didn't have a problem joining his domain at home. The difference is that he is in AD Native Mode and has DNS/DHCP hosted on Linux at home. We're in Mixed Mode and Windows-based here at work. Still no update from Apple.

Update 3: Matt (below) had success by adding his root-level domain as a search domain in the network preference pane. It didn't help me (I had already set it), but give it a try if you're failing in step 4 of the bind. I'm still failing in step 3.

Update 4: 10.5.1 didn't seem to fix my problems, but it fixed some that others were having. Apply it if you haven't already.

Update 5: We finished out migration to Active Directory native mode on our domain today. Both of my Leopard machines will now join the domain and the Safari crashes are not happening anymore.

Update 6: 10.5.2 took all of the fidgeting out of the bind process for me. It works like a champ on all of the machines we’ve tried it on. Safari still crashes when authenticating to our ISA server in production, but not in the lab. We’re still trying to determine what could possibly be causing that issue.

The Altiris Juice user community has some really interesting solutions for packaging problems on occasion. On this particular occasion, user Pogo posted a simple dotNet 2.0 Balloon Notification System. Essentially, feed it text from a command line and it will pop up a notification balloon in the system tray.

I've done this for a couple of programs I've written and have always gotten a positive response from my users.

JC Hornbeck linked to a TechNet matrix that details all of the current ways to deploy an OS image, as well as the capabilities of each. Very helpful, especially if you're trying to get a handle on the best way to deploy for your environment.

My trip to MMS 2008 was approved today. I'm glad I get to keep the seven year streak alive. I'm looking forward to seeing all of you again!

I just finished up sanitizing a presentation about basic SMS software distribution troubleshooting that I created for our help desk at work. I plan to upload it as soon as I know how. I originally created it on PowerPoint 2007 for Windows and was curious to see how the new version handled all of the changes in 2007, like Smart Art and the updated themes engine.

I walked through the presentation a couple of times, removing the company-specific information, changing the Smart Art, and putting a relatively ugly stock theme on it. All told, it was seamless. I didn't have any problems with any of the updates that I did. The file formats seem to be completely compatible with one another, as I couldn't find any issues with the updated document in PowerPoint 2007.

One interesting design decision was to add ribbon-like functionality without destroying the existing menu structure. From a training perspective, it seems easier to pick up than the complete overhaul given to the interface in Office 2007. It isn't perfect, but the combination of tabs and buttons seen in the SmartArt ribbon is really nice.

Light (no) posting tonight. I need to build my Vista SP1 test environment on my MacBook.

Update: I was wrong. I'm downloading a VMWare Fusion update instead.

I'm testing Office 2008 for Macintosh for general consumption at work. I just finished the install, but my first impression is fairly positive. The ribbon was implemented, but not as whole-hog as in Office 2007. I'll post some screen shots as I move through the applications.

I saw a link to SMS Collection Commander in the forums this morning and thought it looked pretty interesting. According to the site, it will allow you to execute commands like a policy download or SMS agent repair against a collection of PCs. I'm pretty impressed by it, but haven't gotten a chance to use it. The early impression from the forums is that it works well.

Thanks to Chris Monfet for posting it!

This makes me hungry.

Take the online quiz here.

Psychologists at Harvard have posted an online quiz that lets you know whether your unconscious mind favors the same candidate as your conscious mind. Spend a few minutes with it and see whether you’re in sync with yourself. And if you want, report your findings in the comments below.

[From Who is Your Unconscious Mind Voting For in ‘08? | Open Culture]

If your organization is thinking about implementing ITIL or change management of any kind, I highly recommend that you pick up a copy of The Visible Ops Handbook. The main purpose of the book is to outline a plan for implementing change management in way that is easier to audit and manage.

Two big things stood out about my organization as it related to the book. First, we are really bad at this. One of the assertions made in the book is that really great IT organizations spend 25% of their time on unplanned work. As our most recent metrics just showed, we're the reverse of that. Second, we need controls. One of the authors is a high ranking person at Tripwire, so that was one of the tools mentioned for auditing in the book.

If process is something you enjoy or you are preparing to embark on the ITIL journey, I think you'll enjoy the book quite a bit.

Steve Thompson wrote a post about sub-select queries that brought to mind a limitation of SQL that I wasn't aware of until recently. All of our Office installations are based on the Professional MSI. We install the 'Standard' components, and add Access and Publisher if a Pro license was purchased. This procedure was recently discontinued, but we still have machines out there and they're difficult to report on. The question of how to tell if they were Standard or Professional was raised. The quick answer was 'Do they have Access?'.

First, I used this query, much like Steve's:

CREATE VIEW dbo.v_Systems_w_MSOFFICE
AS
select distinct
SYS.Name0,
SYS.User_Name0,
SYS.AD_Site_Name0,
CASE
when sys.name0 in (select * from v_Systems_w_msAccess) then
CASE
when ADDREM.DisplayName0 like '%97%' then 'Microsoft Office 97 Professional'
when ADDREM.DisplayName0 like '%2000%' then 'Microsoft Office 2000 Professional'
when ADDREM.DisplayName0 like '%2003%' then 'Microsoft Office 2003 Professional'
when ADDREM.DisplayName0 like '%XP%' then 'Microsoft Office XP Professional'
when ADDREM.DisplayName0 like '%2007%' then 'Microsoft Office 2007 Professional Plus'
else addrem.DisplayName0
END
else
CASE
when ADDREM.DisplayName0 like '%97%' then 'Microsoft Office 97 Standard'
when ADDREM.DisplayName0 like '%2000%' then 'Microsoft Office 2000 Standard'
when ADDREM.DisplayName0 like '%XP%' then 'Microsoft Office XP Standard'
when ADDREM.DisplayName0 like '%2003%' then 'Microsoft Office 2003 Standard'
when ADDREM.DisplayName0 like '%2007%' then 'Microsoft Office 2007 Standard'
else addrem.DisplayName0
END
End as 'OfficeVer',
case
when ADDREM.Version0 = '9.00.9327' then 'SP3'
when ADDREM.Version0 = '10.0.2627.01' then 'SP0'
when ADDREM.Version0 = '10.0.6626.0' then 'SP3'
when ADDREM.Version0 = '11.0.5614.0' then 'SP0'
when ADDREM.Version0 = '11.0.6361.0' then 'SP1'
when ADDREM.Version0 = '11.0.7969.0' then 'SP2'
when ADDREM.Version0 = '11.0.8173.0' then 'SP3'
when ADDREM.Version0 like '12.0.4518%' then 'SP0'
when ADDREM.Version0 like '12.0.6215%' then 'SP1'
when ADDREM.Version0 = '9.00.2720' then 'SP1'
when ADDREM.Version0 = '9.00.3821' then 'SP2'
end as 'ServicePack'
from
v_R_System as SYS,
v_GS_ADD_REMOVE_PROGRAMS as ADDREM
where
SYS.ResourceID = ADDREM.ResourceID
AND SYS.Client0 = 1
AND ADDREM.DisplayName0 like 'Microsoft Office%'
AND ADDREM.DisplayName0 not like '%(%'
AND ADDREM.DisplayName0 not like '%runtime%'
AND ADDREM.DisplayName0 not like '%interop%'
AND ADDREM.DisplayName0 not like '%proofing%'
AND ADDREM.DisplayName0 not like '%converter%'
AND ADDREM.DisplayName0 not like '%viewer%'
AND ADDREM.DisplayName0 not like '%visio%'
AND ADDREM.DisplayName0 not like '%project%'
AND ADDREM.DisplayName0 not like '%disc 2%'
AND ADDREM.DisplayName0 not like '%sounds%'
AND ADDREM.DisplayName0 not like '%media%'
AND ADDREM.DisplayName0 not like '%meeting%'
AND ADDREM.DisplayName0 not like '%onenote%'
AND ADDREM.DisplayName0 not like '%template%'
AND ADDREM.DisplayName0 not like '%accelerator%'
AND ADDREM.DisplayName0 not like '%components%'
AND ADDREM.DisplayName0 not like '%frontpage 2003'

The question then became 'How many of each?'. As much as I wanted to tell the user export it and do a PivotTable in Excel, that just wouldn't fly. At this point, I hit a wall. The subselect can't be used in a GROUP BY statement. The answer is really simple: make a view from the query above.

Add a new view in the SMS database. Make sure that you grant the webreport_approle select permissions on the new view. After that you can base all of your queries on the new view.

To do a group by version:

select
officever as 'Office Version',
count (*) as 'Count'
from v_Systems_w_MSOFFICE
group by officeVer
order by Officever

To group by version and service pack level:

select
officever as 'Office Version',
servicepack as 'Service Pack',
count (*) as 'Count'
from v_Systems_w_MSOFFICE
group by officeVer, ServicePack
order by Officever, ServicePack

This solution is a little 'dirty', but it works quite well. Performance in SQL isn't always great when you're doing nested CASE statements with sub-selects, but it gave me the report I was looking for. If anyone can think of a better way, post it in the comments!