Home » IT Pro

Category Archives: IT Pro

The Perils of a Manual Environment

I am not going to lie to you and say that every environment that I manage or have managed is an optimized Secure, Well-Managed IT Environment.  It’s just not true.

In a secure, well-managed IT environment we monitor to make sure that things are working the way they are supposed to.  When we spin up a new server, for example, the proper agents are installed for anti-malware and monitoring without our lifting a finger.  Tuesday evening a new server is spun up, Wednesday morning it is already letting us know how well it is running.

But what about the other environments?  Many smaller environments do not have automated deployment infrastructures that make sure every new server is built to spec.  What do we do for those?

The answer is simple… where automation is lacking we have to be more vigilant in our processes.  When a new server (virtual or otherwise) is created, we not only install an operating system… we also make sure we add the monitoring agent, the anti-virus agent, and make sure you schedule proper backups because if you don’t it will all ne for naught if everything goes down.

So the answer is to make my environment completely automated, right?

Well, yes of course it is… in an ideal world.  In the real world there are plenty of reasons why we wouldn’t automate everything.  The cost of such systems might outweigh the benefits, for example… or maybe we do not have an IT Pro managing it, just the office computer guy.  Ideally we would get that guy trained and certified in all of the latest and greatest… but if you work in small business you know that might not always be the reality.

So what IS the answer?

Green-Check-MarkSimple.  I have a friend who has made a fortune telling people around the world how to make checklists.  I am not the guru that Karl is, and you don’t have to be either.  But if you do have a manual environment, spend the time to make a checklist for how you build out systems – make one for servers, one for desktops, and probably one for any specific type of server.  You don’t have to do it from memory… the next time you build a machine write down (or type!) every step you take. 1) Create virtual machine. 2) Customize virtual machine. 3) Install operating system… and so on.  When you are satisfied that your system is built the way you want it (every time) then you should try it again… but rather than using what you know, follow the checklist.

These checklists, I should mention, should not be written in stone.  There are ten rules that were so written, and that’s enough.  Thou shalt not murder is pretty unambiguous.  Thou shalt install Windows 8.1 may change when you decide to upgrade to Windows 10.  So make sure that every time you use the checklist you do so with a critical eye, trying to see if there is a way to improve upon the process.  The Japanese word for this is Kaizen.  They are pretty good at a lot of things from what I have seen Winking smile

True story: I gave this advice to a colleague once who thought it was great.  He started creating checklists, and had his employees and contractors follow them.  One day he invited me for a drink and told me a funny story.  His client had been using System Center Operations Manager (SCOM) to monitor all of their servers.  He had a checklist that included installing the SCOM agent in all servers.  One day the client decided to switch from SCOM to SolarWinds (a great product!) and after several weeks he decommissioned his SCOM infrastructure.  Six months later the client (a pretty big small business) complained that since they switched from SCOM to SW all of their new servers kept reporting a weird error.  It seems that the IT Pro who was following the checklists had continued installing the SCOM Agent into their servers, and since it could not find a SCOM server to report to, it was returning an error.  As I said, these checklists should be living documents, and not set in stone.


There is no one right or wrong answer for every environment.  What is a perfect inexpensive solution for one company might be cost prohibitive for another.  The only thing you have to do is use your mind, keep learning, use common sense, and keep reading The World According to Mitch!

Where’s My… <Fill in the blank Admin tool>?

If you are me you like that every few years we get a new version of Windows.  Great new features, new tools, new this, new that… and new frustrations trying to figure out where the hell all of my tools are!

Yeah yeah I know… this is the last version of Windows we are getting as a major release; from now on it’s going to be incremental updates released as patches.  Frankly I don’t know how crazy I am about that idea, but okay I’ll live with it.  In the meantime I want to know where I go to adjust my time and date, set default programs, add devices, set up ODBC data sources, and so much more. 

We know where those were in Windows XP, and then Windows Vista came about but nobody really used it anyways.  Three years later we got Windows 7 and they were moved, but we got used to them.

Windows 8 came about and they were moved again… crap, now not only do we have to find them, and this time I don’t have the Start Menu to look in.  Oh wait, here comes Windows 8.1, and my Start Menu is back… but they’ve moved my tools again!  Phew, I found them… just in time for them to release Windows 10.

So there is a hidden trick in Windows… it has been there since Windows 7 (DO NOT try it in Windows Vista… as if there was a lot of chance of that!) that allows you to place a full ‘Admin’ file on your desktop.  Do this:

  1. Right-click on your desktop and click New – Folder.
  2. Name the folder Admin.{ED7BA470-8E54-465E-825C-99712043E01C}.

That’s it!  You now have a shortcut on your desktop called Admin (Although technically you can call it anything you want).  It will look like this:


When you open it up it will look like this:


Notice the scroll-bar along the side… there are dozens of categories, which are:

  • Administrative Tools
  • AutoPlay
  • Backup and Restore
  • BitLocker Drive Encryption
  • Color Management
  • Credential Manager
  • Date and Time
  • Default Programs
  • Devices and Printers
  • Display
  • Ease of Access Center
  • File Explorer Options
  • File History
  • Fonts
  • HomeGroup
  • Indexing Options
  • Internet Options
  • Keyboard
  • Language
  • Mouse
  • Network and Sharing Center
  • Pen and Touch
  • Personalization
  • Phone and Modem
  • Power Options
  • Programs and Features
  • Region
  • RemoteApp and Desktop Connections
  • Security and Maintenance
  • Sound
  • Speech Recognition
  • Storage Spaces
  • Sync Center
  • System
  • Tablet PC Settings
  • Taskbar and Navigation
  • Troubleshooting
  • User Accounts
  • Windows Defender
  • Windows Firewall
  • Windows Mobility Center
  • Work Folders

Wow… 42 categories, and 250 items.  That’s a lot of admin tools all in one place! Smile

So go ahead and try it… It won’t hurt, it will just be one more icon on your desktop.  Frankly if you are like me, it will allow you to remove several desktop shortcuts that you placed previously Smile

Distinguished Names: How do I…

powershell1Yeah yeah, I know… A little while ago I talked about how to determine the Distinguished Name (DN) of an Active Directory Object, and I got a flurry of requests for doing it with PowerShell.

Now, normally I do like to show you how to do things via the GUI, and then what the PowerShell cmdlet would be for the same task.  However since I didn’t actually show a GUI way of doing it, I didn’t think to show you the PowerShell way of doing it.  My bad… Here you go!

1) Let’s say you want to get the DN of all objects with the name Mitch in it.  We can use the Get-ADObect cmdlet.  Like so:

Get-ADObject –Filter { CN –like “Mitch*” }


Okay, that’s not bad… but what am I going to do with a DN that includes an ellipses? Of course that is useless, so instead let’s use a full list,… or |fl:

Get-ADObject –Filter { CN –like “Mitch*” } |fl


So here we see the full DN (with the domain name hidden to protect the customer’s identity). 

Of course, if you don’t want a whole list, and you know the exact name of the Active Directory Object, you can change the parameters, so:

Get-ADObject –Filter { CN –eq “Mitchell Garvis” } |fl


We have eliminated the need for wildcards by changing the switch from –like to –eq, but we now need the exact name (no typos now!) for it to work.

2) The problem is, that doesn’t seem to work with Organization Units, which is what I was talking about in the first place.  So try this:

Get-ADObject –LDAPFilter “(objectClass=organizationalUnit)” |fl


Here we have changed the switch from –Filter to –LDAPFilter, and are able to see the entire list of our Object Class… in this case OUs, but you can change that for sites or domains or users.

Windows PowerShell may look complicated to those who grew in the GUI, but here’s the best part… you don’t have to memorize anything to become a PowerShell PowerUser!  All you have to do is know how to use Google (or Bing, if you are still drinking the KoolAid).  Type into the Search Bar PowerShell AD Distinguished and you will come up with a good starting point.

Now go forth and script!

An Experienced Eye

There’s an old adage about a guy who takes his car to a mechanic.  The car is coughing and banging and sounds like it is dying.  The mechanic listens for a minute, then takes a hammer and takes a big whack at the engine, which then starts purring perfectly.  That will be $200 please.  ‘WHAT? You want me to pay you $200 for hitting my engine with a hammer??’ No, replies the mechanic.  I want you to pay me $200 for spending the time to know where to hit it, how hard to hit it, and that the hammer was the right tool.

I was dropping something off for my son the other day when Theresa asked me to look at the computer.  ‘It seems to work fine, but it won’t connect to the Internet.’  This can mean any number of things.  I booted it up, logged in, and sure enough, I could not surf the Internet.

I ran a couple of very quick tests and then proclaimed ‘Yep, it’s malware.’

My sixteen year old son looked at me quizzically and asked how I knew.  The answer is simple… experience.  When you have been in the industry long enough, there are some things that you are going to know.

He was sceptical of course, and asked why I didn’t just re-install Windows.  Instead I went to another computer, downloaded the installation package to Windows Intune (which includes Windows Intune Endpoint Protection), and installed it.  I told him to leave the computer on and then try it in the morning.

Over the next couple of hours I got several texts – from him and Theresa – telling me the computer wasn’t doing anything.  ‘Is there anything I am supposed to be doing?  What should I be seeing? Nothing is happening!’ I kept reassuring them that it was working in the background, and to confirm I told them a couple of things about the computer that I wouldn’t have known, unless the Windows Intune agent was actually reporting back to my account from that computer.

The next morning I got a text from Theresa telling me that the computer was now fixed.

The moral of the story is not ‘Trust your IT guy!’, nor is it ‘You may have a virus.’  The moral is that experts are usually experts for a reason, and the seasoned ones don’t spew out platitudes.  If you think your IT Pro is charging you a ridiculous rate, he is not doing it because he is greedy; it is because like any other professional he has invested the time and effort into learning his trade.  If it hurts to think that he or she charges you $150 an hour to get your computer back up and it only took him 15 minutes, stop thinking about it as an hourly rate because what you are really doing is paying him to fix your computer.  If it takes him 5 minutes or 45 you are paying him the same, yes… but not for time, for expertise. 

Surface Pro 3: Two weeks later

Are there problems with it?  Yes.

Do I absolutely love it? I love my kids and my dogs… but I suppose I do like it as much as I have ever liked a laptop or tablet… and I have had quite a few of them over the years!

What are the problems? There is really only one that you should be aware of if you are thinking of going out to buy one.  It’s the patches and the battery.

How, you may ask, do patches and batteries wind their way into a single problem?  Simple… as you probably know, everything in computers is managed by software drivers… and that includes the battery to some extent.  When you buy the device (or any device) you are prompted to apply patches, and at this point a couple of them for the Surface Pro 3 are firmware updates.  You apply the first one, and then you have a problem…

…Windows tells you there is no battery detected.  Worse, if you unplug the device it shuts off immediately.  The firmware update actually tells the computer that there is no battery installed.

BUT THERE IS! Wait a minute!  I was using it unplugged just a few minutes ago!  Where did it go?  Oh… I get it!  The pesky firmware is what screwed me up.  Let’s check to see if there is ANOTHER firmware update.  Plug it in, connect to the Internet, run Windows Update… By Jove, there it is!  Install it, and presto changeo, there’s my battery!

…and what a battery it is!  My original Surface Pro probably gave me 3 hours of battery (with Hyper-V and a bunch of other things draining it).  The Surface Pro 2 was probably closer to 5.  The Pro 3? I haven’t had it run dry on me yet… for the first time in my laptop-owning life I am not afraid to leave the house in the morning without the charger.

(Imagine the voice of Hervé Villechaize if you would…)

Yes, there are a lot of improvements over the Surface Pro 2, but wow I never would have imaginged that the 1.4″ difference in screen size (12″ over 10.6″) would make that much of a difference.  As I told you recently I have an external 16″ screen that I keep in the trunk of my car so that I can have the dual screen experience on the go.  I don’t know that I have pulled it out once since I got the Pro 3… the combination of the slightly bigger screen and the much improved screen resolution make the extra screen redundant… at least when I am on the go.

Don’t get me wrong… the day the Pro 3 docking station is available I am buying it – I have pre-ordered it from the Microsoft Store, and I have the voucher for it (from something else I returned).  All I need is the e-mail saying it is in… and I expect that to be around the same time the remaining Surface Pro 3 models (with the Intel i3 and i7 CPUs) are released, sometime in August.  When I am at home (or an office) I will still want the multi-screen experience.  On the go?  Not necessary anymore.

A lot of people are saying I should have waited for the Intel i7 version, but the reality is I have not found myself lacking.  The Surface Pro 3 runs everything I need it to with 8GB of RAM and the Intel Core i5 CPU, and frankly I don’t want to spend the extra money (the i7 version will come in two models – 256GB storage for $1,599, and the 512GB model for $1,999.  Too rich for my blood, but thanks!


I am asked pretty often (including 3 minutes ago, as I sit at the Microsoft Store in Square One Mall blogging) whether the Surface Pro 3 is really a laptop replacement.  The answer, as with everything, is that it depends.  I would think that for the vast majority of people the answer is yes.  If you are a true hard-core gamer? Maybe not; there are some gamers who need more than 8gb of RAM.  If you are a coder? I have a friend who is a programmer who needs to run virtual machines running more than 8gb of RAM at all times.  (Did I mention that I LOVE the fact that it runs Hyper-V?  Well I do…). Aside from them?  I don’t know too many users – even power users – who need more than 8gb of RAM ever, not even occasionally.  For them (like myself) I would say that this is the device for you.

If you are in the Greater Toronto Area come down to the Microsoft Store at Square One or Yorkdale Malls to check it out! :)

Sad Times for an Industry

I used to say to my audiences that while the number of jobs in IT will go down, the best will always be in demand.  I then spent several months essentially unemployed.

The IT field has changed dramatically over the course of the last few years.  I suppose it is natural for an industry as young as ours to evolve drastically and violently… but I didn’t expect it would happen to me.  When I did find a job I was relieved to say the least.

During the time when I was looking I noticed that a lot of people turned their backs on me.  I thought for a while it was personal, but I have realized that people in our field are becoming a lot less secure than they were even a year or two ago… yes, some of the people who disappointed me did it out of malice or jealousy, but I have realized that there are also a lot of people who have realized that if they are not protective of what they have, someone else might get it.

I am not naming names… but one of the people who didn’t turn his back on me – someone who commiserated, and did everything that he could to help me – pinged me this morning telling me that he had been let go.  I know that a few months ago I had counselled him on a position at Microsoft, but realized before I even replied (because of time zones it was the first message I saw this morning) I realized that while I remembered him telling me that he found something, I had no idea where it was.  I suppose now it doesn’t matter… he’s not there anymore, and through no fault of his own.

There are a lot of reasons for someone to leave their company… often they will leave because of a better job offer elsewhere (I e-mailed a friend at VMware Canada last week and the message bounced… he turned up at Microsoft Canada this Monday).  Sometimes we are just fed up, and we leave of our own accord.  Of course there is also the termination for cause, and we all hope to avoid that.

All of those are reasons we could have done something about… but when the company simply cannot afford to pay us anymore – they don’t need five IT guys and are downsizing to three, or the project we were hired for was cancelled – it can come as a shock… we did nothing wrong, and there was nothing we could have done to prevent it.  We’re just… gone.  This is a lousy situation.

A few years ago when I went to the US border to apply for my TN visa so that I could work in that country.  Please remember that US border agents are quite loyal, and very protective of their country.  I was trying to explain to the agent what I did as an IT Pro helping companies to virtualize did.  After a few minutes he said to me ‘Let me get this straight: you want me to let you come into my country to teach companies how they can become more efficient and need fewer American workers.’  I could feel his eyes boring into me like lasers.  But the truth is I always felt that the students who learned from me would always be safe, because I was helping to prepare them for the inevitable shift in the industry.  And yet there I was, looking for work… for a long time.

The friend who pinged me this morning was one of those students… I taught him virtualization and System Center, and those are two very important skills to know.  But how do you prepare yourself for the company canceling the project?  It’s not easy.

I have said for years that one of the worst advancements in IT with regard to the IT Pro field was the advent of Microsoft Windows.  In the days of DOS, Novell, and AccPac computers were a mystery to most people, and it was only the real IT Pros who could make sense of everything for the masses.  With Windows `Press Here, Dummy!’ interface myriad people figured it out, and started calling themselves IT Pros.  Some of those people would eventually learn what was really under the hood, get certified, and thrive… but a lot of them did a lot of our customers a disservice and made those people and companies distrust the entire profession.  I see that coming back to haunt us even worse, in a time when automation and virtualization are making thing easier for the fewer IT Pros needed, we are living through the worst of times for the profession.

What is the solution?  I don’t know… but I do know that we can’t put the genie back into the bottle, and it is going to get worse before it gets better.  I hope we are all able to weather the storm.

Surface Pro 3 and Windows 8: Not everybody’s cup of tea

I’ve said it before and I’ll say it again… I do like my Surface Pro 3.  With that being said, I know everyone has different tastes, and some people are not going to like it.  A couple of months ago my sister, a long time Mac user (and Apple Fanboi) told me that her new job would be giving her a Pro 3, and asked what I thought of it.  I told her – it predated my realizing the extent of the network issues – that I loved it, and expected she would too.

Last week she e-mailed me to tell me that she really hated it.  It crashed a number of times in the first week, and she does not have the patience for these errors – she said her Macs (all of them) just work, and don’t have blue screens of death or other issues.

Now to be fair to the Surface team, a lot of the issues she outlined had to do with Windows 8.1, Microsoft Office, OneDrive, and the Microsoft Account.  I understand her frustration – if you take the device out of the equation, those are four different products from four different teams that are all supposed to work together seamlessly… but don’t.  I respect that Microsoft has a lot of different products, but if you are going to stop talking about products and start talking about solutions then you should make sure your teams work together a lot closer to make sure that seamless really is seamless.

I probably know Windows better than 99.5% of the population, and work very fluently across these four products… but one of the reasons for that is because I have come to understand that sometimes the seams between them are going to show, and like a Quebec driver I have learned better than most to navigate the potholes.  However if Microsoft really wants to stay at the top in an era where customers do want things to just work, they had better get off their butts, come down off their high horses, and start making sure that seamless really is just that.

I want to be clear… I am not trading in my devices for Macs (or Linux).  While I do have an iPhone (See article) I would just as soon have an Android or a Windows phone.  I love Windows 8.1, and even now at my office I cringe at having to work with Windows 7 (Ok, cringe is a strong word… I just wish it was Windows 8.1!).  However I have worked with iPads, Androids, Macs, and more, and I know that those solutions do make for a better experience with regard to some features than the Microsoft ecosystem.  I hope that under Satya things get better… but nearly a year into his tenure and I don’t see much progress.

In the meantime I am strongly considering going to open an account at one of the banks that is currently offering free iPad Minis to new account holders!

%d bloggers like this: