Are you embarrassed?

Originally posted on The World According to Mitch:

We have all done things that we are ashamed of, embarrassed by, or simply regret.  If anyone tells me that they have not then I will say they are probably lying.  The thing is, the world has changed over the past few years, and there are two factors that we all have to be concerned by:

  • Everyone has a camera (and video camera) in their pocket; and
  • The Internet is forever.

When I say we have all done things that are embarrassing I do not mean simply tripping over an untied shoelace while all eyes are on you.  That sort of thing happens to everyone.  As my friend Bill Sparks used to say ‘just say ‘Tadaah!’ as if that was what you meant to do.  I am talking about the sort of thing that ten years down the road can come back to bite you.

Over the last twenty years…

View original 1,967 more words

Jacob comes for a visit

A lot of people asked me how I could bear to part with my dogs when I moved out of my house.  Well I do have shared custody of them, and I am allowed to take them when I want.  In truth my lifestyle now is not conducive to having dogs – I work from 9-5 and teach Taekwondo from 6-9 four nights per week.  However there are going to be times when I do get them… and this is such a week-end.

Actually to be fair I only got Jacob, because I did not think it would be fair to them (or to me) to have both 40lbs dogs in the condo at the same time.  Theresa took the kids to Ohio for the week-end, and I asked if she would take Gingit with them.  The kids were thrilled about it, and Jacob came with me.

IMG_0569 This was Jacob’s first visit to the condo, and I wasn’t sure how it would go.  I took him for a little walk before coming back here, and I hoped that would settle him down.  No such luck… we got here, and he wanted to go for another walk.  ‘Dad, I have to check out this new neighbourhood!’  Okay… in truth I had not explored at all yet, and we found a great walking path not far from here.  Along the path we found a baseball diamond (actually we found several, but one had a game going on).  We sat in the stands and watched a couple of innings before continuing on.  When the game was over we continued on our walk, and I figured that after 3 miles he would be satisfied. 

We took a nap together on the couch… the TV was on for a bit but I was knackered and Jacob was happy snuggling up to my legs.  I had plans for Saturday night so I set the alarm, and he didn’t move until it went off… at which point he was hungry (it was meal time).  I fed him, and then took him outside to do his business.  When we came back in (he was all business this time, and made a bee-line back to the condo) I grabbed my stuff and headed out… and hoped for the best.

You see, the proof would not be how well behaved Jacob was when I was home, it would be how would he be when I was gone… for nearly five hours.  I didn’t have a choice, and besides… how much could he really destroy?  A silly question, knowing Gingit as well as I do :) (See article).

When i walked in at around 12:45 I was greeted by a dog who it seemed had been crossing his legs for a while… no accidents, but he really was eager to go out.  No problem, we went downstairs for a quick turn, more business, then right back. As I write this he is stretched out on the couch… and for the record there was absolutely no damage done.

I love my Jacob Puppy and while I do not regret leaving them both for the kids, it really is nice to spend some time with him… and I can tell he feels the same way :)

Bypassing IT: A REALLY bad idea.

Wow. I just read an e-mail that made me lose a lot of respect for one of the most respected publications in the world of journalism: The Wall Street Journal (

The article, Ten Things Your IT Department Won’t Tell You, outlines several (would you believe 10) issues that employees encounter with corporate systems, and how to get around them.  I encourage you to read the article, but here is the list:

  1. How to send giant files
  2. How to use software that your company won’t let you download
  3. How to visit the web sites your company blocks
  4. How to clear your tracks on your work laptop
  5. How to search for your work documents from home
  6. How to store work files online
  7. How to keep your privacy when using web email
  8. How to access your work email remotely when your company won’t spring for a Blackberry
  9. How to access your personal email on your Blackberry
  10. How to look like you’re working

This article was shared by one of my LinkedIn contacts recently, and if you are looking for proof that the article is outdated, all you have to do is look at the items that list Blackberry and not mobile devices – since very few companies are still on the BB platform.  As a System Administrator and self-proclaimed IT Fascist (there are two ways to do IT – my way, and the wrong way) I nearly fell off my chair when I read the list, as well as the mitigations and risks that are outlined therein.

Let me be honest… as an IT Pro I don’t care if you ‘look like you are working’ when you are not. While there may be consequences for the company, they do not generally affect my bailiwick.  I also don’t care if you try to cover your tracks on your work laptop.  Frankly I think it is a good idea to keep your system as clean as possible, and anything that I need to track should be tracked at the server (cloud) level, which the end user is not able to touch.

Now that I have cleared two of the listed items, let me say this clearly and for everyone: When you came to work for the company, or sometime thereafter (when I or an equivalent me came to implement policies and procedures for the company) you signed a document that is called IT Usage Policies, or something else with the equivalent meaning. It is a document that your HR department has on file somewhere, and it is a legally binding document with your signature on it.

I don’t know what your company’s policies are… they can be as vague or as detailed as your company’s legal department felt necessary, often based on various certifications (ISO, FISP, Sarbanes Oxley, etc…) that your company tries to comply with. It might say something as vague as ‘All systems provided to you by the company are the property of the company, and are only to be used in accordance with the company’s IT policies,’ or it may be as complex as a twenty page document written in legalese with bullet points and sub points and sub-sub points.  Whichever it is, there is a very good chance that anywhere from five to eight of these points are fireable offenses… and at least a couple of them could actually be criminal offenses that could land you in jail.

Yes, that sounds pretty severe… but if you send confidential corporate documents outside of the firewall so that you can access them remotely there is a case to be made (and it’s not a stretch) that you are involved in corporate espionage. If your company does not want you to access your e-mail (or any other corporate information source) remotely it is often not because they are too cheap to spring for a mobile device, but because they want to ensure that any sensitive corporate information does not leave the relative security of the corporate systems.

As a Systems Administrator I have designed the company’s infrastructure to be as secure as the company is willing to make it. Sure, there are some websites that I do not want you to visit because the content is inappropriate, but there are others that inject Trojans and other malware into your system that infect my systems, and can destroy the integrity of our systems.  In most companies the systems are like an egg… we have hardened the outer wall with firewalls and intrusion detection systems, but because you have asked us to make them as useable and friendly as possible the inside is more like the insides… soft, and vulnerable.  So if a particular website is blocked by my systems don’t try to bypass my systems!

Unless we have a specific policy guideline for it (and you have a valid reason for it) there is no reason you should bring your own personal device in, and if we have a policy that you can only use sanctioned and licensed software we have a reason for that too… one of those reasons is that if you bring unsanctioned software in we are responsible for the license (and therefore the license violation).  We would also be responsible for keeping it properly patched, which we cannot do if we don’t know it is there.  We don’t let you install software on your own not because we don’t trust that you know how to press <NEXT> <NEXT><NEXT><FINISH>… we don’t let you do it because there is more to installing software to that.

If you have a giant file to send, ask me for help. There is a good chance that I have implemented a sanctioned way to do it.  Any other way… remember that corporate espionage thing?  Same thing… in or out, I need to be able to see what is going out and coming in.  Out, because you may inadvertently use a system that is not secure and compromised, In because if you want to bring a file into the company I need to make sure it is not compromised, not a virus or malware or anything else.  I don’t want to take your word for it, I want to scan it.  Don’t take it personal, it is not that I don’t trust you… it is that I do not trust anyone, and for that reason I don’t bypass the systems that I don’t want you to bypass because I don’t trust myself either.

When you joined the company (or sometime thereafter) we may have issued you a mobile device. If we did not, and if we did not give you a talk about BYOD (Bring Your Own Device) then there is a very good chance that you do not need to access your data or e-mail during off-hours.  Because of that do not try to check your e-mail on your own device.

I don’t know what your job is. You may work in HR or Sales or Marketing or in Widget Production, I don’t know.  It is not that I don’t respect what you do – I really do.  However I need for you to respect what I do too.  My job is not only to provide you with the IT tools you need to do your job – that is certainly part of it.  However the other part is protecting the company from hackers, data loss, and all sorts of other things that you probably don’t need to consider… but please know that I cannot do my job properly if you go out of your way to circumvent my systems, and I grant you that there are workarounds for a lot of my procedures.

You might get away with it… you might even do it safely. However if I do discover that you are doing this expect to be called into your manager’s office for a good talking to… and depending on several factors know that you may be joined by a security guard who will be tasked with taking your credentials away and escorting you from the building.

Office Customization without VL Media

Over the years I have written quite a bit about Desktop Deployment, especially using the Microsoft Deployment Toolkit (MDT). It allows us to install not only our operating system but also our drivers, patches, and applications with little or no user interaction.

Recently I did some consulting for a small company of seven users. They are a Microsoft Partner, and took advantage of one of the best deals going, the Microsoft Action Pack Subscription. In essence, this gives them use rights for most Microsoft software (for up to ten users) for a small yearly fee. Now before you get your hopes up, I am sorry to tell you that it is only available to Microsoft Partners.

One of the recommendations I made to them was to create a Deployment Server using the MDT. I demonstrated the value, and they thought the idea of lite-touch installation was great (they are far too small for zero-touch, which requires a System Center infrastructure). They got right to work. Unfortunately when they got to creating the Application Package for Microsoft Office 2013 they ran into a snag.

“We tried to run the Office Customization Toolkit but it doesn’t work!”

I took a look, and sure enough they were getting the following error:


Just to be sure, I tried it myself. In a command prompt I navigated to the network share where they had copied the source files for Office 2013, and I typed setup /admin. I got the same error.

I had seen this problem before… when trying to use FPP (Full Package Product) media for a deployment… the OCT is not included. Drat.

So here’s the way around it:

1) Download the Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool. You can find them here:

2) Extract the files as directed; you will now have two directories – Admin and ADMX. You will also have an Excel file called office2013grouppolicyandoctsettings.xlsx.

3) Copy these files into the network share (or local directory) to which you copied the Office 2013 source files (because neither the DVD nor the ISC is writeable).

4) From a command prompt navigate to that directory, and execute the command: setup /admin

Congratulations, you can now run the Office Customization Toolkit on your non-VL media, and use it to create your custom .MSP files. Now go forth and deploy!


Note: The same process would work for Office 2010 and Office 2007, but you will have to download the appropriate OCT version.  Just look for it online Smile


The Evils of Offices…

I have really been enjoying working at Yakidoo.  The people are really nice, I am enjoying the work, it’s all good.  However they are out to get me, the lot of them…

As I have mentioned in the recent past I have been losing weight.  It is, as anyone who has gone before me knows, not an easy journey.  So when the culture of an office is ‘Hey, I want to be nice to everyone, and since I am going to Tim Hortons anyways I might as well pick up a box of doughnuts for the gang.’ the need to maintain discipline is more important than usual.

chocolate_chip_cookieYou see, at home I have been good.  I don’t keep the fattening foods that I love in the house, so if I am in the mood for something it is more than just ‘go to the fridge and get some.’  I actually have to get up, go out, and either walk or drive to the store.

Last week I was very proud of myself for ignoring the doughnuts.  Today I was not as good when Lorena (she looks so sweet and innocent, but I am about to prove she has her diabolical side) came in from lunch with a box of chocolate chip cookies.  I had just gone downstairs to pour myself a cup of coffee and there they were… I decided that since I had been so good yesterday (aside from burning over 2000 calories walking, I also didn’t come close to hitting my calorie limit for the day) I was going to indulge.  I opened the box and grabbed a couple.

The first bite was already in my mouth when I realized that even when indulging (or especially when…) I have to track what I eat.  I pulled out my iPhone, opened the MyFitnessPal app, and scanned the barcode on the box.  I learned two things… the cookies were from Whole Foods, and they are more calories than I wanted to waste on a cookie… or at least on two of them.  I would have put the second cookie back in the box, but since I have been coughing all week I played it safe and threw it out.  The one cookie (at 160 calories) was very good, and complimented my coffee well.

Truth be told, it was a good cookie to be sure, but not much better than the nutrition bars I keep in my desk for mid-morning and mid-afternoon snacks… the whole bar (1.76 oz of minty chocolate) has 210 calories (60 from fat), but it also has 14g of protein, nearly zero cholesterol (the cookie has 30g).  The carbohydrates are the same, but aside from that the cookie has no nutritional value.

In the end the single nutrition bar is more satisfying than a single cookie (although two would have been tough)… I’ll stick to them.

And as for the Diabolical Lorena… I’ll get you! :)