TiGra Networks

Microsoft MVP renewed

In July 2007, TiGra's founder Tim Long received Microsoft's Most Valuable Professional award for technical excellence and community participation. The MVP award lasts for one year and we're very proud to announce that Tim has been re-awarded for 2008/9, demonstrating a continued commitment to technical excellence and community involvement. Tim's competency is Windows Server System - Small Business Server, there are currently about 55 such awardees worldwide, only 2 in the UK and TiGra Networks has the only one in Wales, so this is indeed a special honour bestowed by Microsoft.

2008 will be an exciting time for SBS MVPs with a new version of Small Business Server 2008 and the introduction of a new product called Windows Essential Business Server 2008, both slated for public availability in the November 2008 timeframe. One of the roles of an MVP is to help Microsoft improve its products and TiGra Networks is actively involved in the pre-release beta testing for Small Business Server 2008.

The term MVP is less familiar in the UK than in the USA, where it is traditionally used in popular sports such as baseball, American football, hockey and basketball. A player will be nominated MVP, meaning Most Valuable Player, either for one specific game or for an entire season or major event such as the Superbowl. The term MVP is, therefore, fairly well established in American culture and Microsoft has borrowed from its popularity for its own way of recognising leaders in the technical community.

Stop Searching - Start Finding

Are you making the most of Windows Search? This was one of the most important new features introduced with Windows Vista that can save you a good deal of time. Instead of clicking through layers of folder hierarchy, simply type the filename or a phrase that occurs in your document and Windows will find it for you - even in emails and images! In Windows Vista, just click the Start button (or press the Windows key) and start typing your search keywords. The results are displayed right in the start menu. Tip: you can quickly find and launch programs that way.

For a series of videos about Windows Search, visit the Windows Search 4.0 website.

Managing your Mailbox

Exchange mailboxes are never large enough. The upward pressure of the ever-increasing volume of email we deal with is set against the downward pressure from system administrators, as they battle to manage the servers and keep up with storage requirements. The end result is that our mailbox is usually smaller than we would like. It's important to garden your mailbox and keep it below the quota set by your administrator, or your ability to send and receive email could be affected. This is a task that no-one likes doing, but luckily there are some productivity features built into the Office System that can help you keep your mailbox clean and lean - automatically. In brief, here are my recommended strategies.

1. Empty Deleted Items and Junk Email folders regularly. The easiest way to ensure that happens automatically is to use Outlook's AutoArchive feature.
2. Run AutoArchive on a schedule, at least weekly. Set your retention threshold so that your mailbox is always within quota.
3. Be mindful of large file attachments - pay attention to Sent Items.
4. Don't use email (and therefore your mailbox) for file-sharing. There are better ways to share files.

It is worth looking at a couple of those strategies in a little more detail.

Auto Archive

Outlook's AutoArchive feature is designed to help you keep your mailbox clean and relevant. Set it up by visiting the Tools | Options menu, Other tab.

When done, be sure to click

Once configured as above, AutoArchive will move old items from your mailbox on the server to a Personal Store (.pst file)your local hard drive and they will no longer count against your mailbox quota. If you selected the option, then your archive folder will show up in your folder list and your archived items will still be accessible, indexed and searchable. However, This means that you must also assume responsibility for backing up the archive file, and you will only be able to access the archived items on the computer where they are stored. There are ways and means to make these files available on other computers, but that's for another article.

I tend to start a new archive folder each year, named 2007 Archive, 2008 Archive, etc and I periodically copy the archive files to a DVD-ROM as a permanent backup.

It is worth changing the default AutoArchive settings on both Deleted Items and Junk Email folders to both shorten the retention period and delete old items rather than moving to the archive. To do this, right-click on the folder, select Properties... then the AutoArchive tab. Configure the Deleted Items folder to permanently delete old items after a few days. Do the same for Junk Email. I typically use about 7 days for this, as shown:

Managing Attachments

One thing that quickly eats up your mailbox quota is file attachments. Each time you send or receive a message with an attachment, the file is stored in your mailbox along with the message. Sent Items is one place where attachments tend to linger unnoticed. Outlook 2007 includes a feature called Search Folders and, by default, comes pre-configured with a Search Folder called Large Mail that will show you all messages larger than 100Kb. That's a bit conservative for my own email usage pattern, but the folder is easily customised with a different threshold by right-clicking and opening Properties...

The search folder is constantly updated by Outlook so you'll always be able to find where those large items are lurking.

Shared Attachments

A second strategy is to avoid putting the file in your mailbox in the first place. If your organisation uses Windows SharePoint Services (WSS) or Microsoft Office SharePoint Server (MOSS) then you can make use of a feature called Shared Attachments. In Outlook 2007, this feature is curiously obscure. After attaching your file, click on the little icon in the corner of the Include pane, shown here.

A task pane will open on the right of your email where you can provide the URL of your SharePoint server and select "Shared Attachments". Outlook creates a Document Workspace on the server and places a link to it in your email, like this one:

This technique not only allows several people to see and collaborate on the same document, it also means you don't need to store a copy of the document in your email. When the recipient opens the email and clicks on the link, they will be taken to the newly-created document workspace.

File Sharing

Finally, if you need to share files with colleagues but don't have access to a SharePoint Server, you have a number of options. consider using Windows Live Messenger (which supports folder sharing) or Microsoft Office Groove 2007. Live Messenger Folder Sharing is suitable for most ad-hoc file sharing needs and is very simple to use. There is also Office Live Workspace which is integrated with Windows Vista and Office 2007. Groove works best when the same set of information needs to be shared with several people. It is ideal for virtual teams or where a workgroup is spread across multiple organisations.

For more information about anything in this blog article, please email Tim Long at TiGra Networks.

Further Reading

Office Systems Blog, 2007 Office System Training Presentations (Manage you Mailbox parts I, II, III, IV, V)

Does Your IT Provider Rely On Your Systems Going Wrong?

When choosing an IT provider, ask yourself this question: "Does my IT provider rely on my systems going wrong to make money?". If the answer is "yes" then perhaps you should consider a new IT provider. If your IT provider bills you by the hour, then you probably fall into this category.

Of course, things will always go wrong with IT. Software vendors try to tell us that "it isn't rocket science" and that we can all manage our own IT with ease, but the fact is, successful IT is actually pretty darned close to rocket science. There can be dozens or hundreds of interconnected systems that all have to work correctly.

At TiGra Networks, our aim is to proactively manage our customers' IT so that we minimise faults and down-time. We charge an affordable, fixed monthly fee and try our best to keep your systems going, so there are no nasty surprises and you're never held 'over a barrel' when your systems are down. As part of our standard service, we try to help our customers develop a long term strategy for technology, guiding them to make the right choices that'll result in reliable systems that support the business' processes and practices. IT Companies who still bill by the hour are fundamentally conflicted, since the better the job they do, the less money they will make. Our managed services approach means that it is in our best interests to keep everything working for a fixed regular payment. We believe this business model is fairer to everyone. We get rewarded for doing a good job, while you get reliable systems and predictable budgeting. Which type of relationship do you want with your IT provider?

Oh, and don't forget to look for credentials. We support primarily Microsoft products and we try to build strong links with Microsoft's small business team in Reading, UK. We attend regular seminars and have passed exams to prove we have the skills necessary to support your IT. There is precious little regulation in the IT industry and there are still plenty of 'fly by night' characters out there. We highly recommend looking for the Small Business Specialist 'blue badge' logo as a minimum standard for any IT provider (click the image for more information).

Small Business Server 2008 is Coming

Microsoft formally unveiled its upcoming server solution for small businesses this week and first indications are that the price will be "about the same as the 2003 version". There is no news on upgrade pricing yet and the product release itself is still some months off. Nevertheless, if you are currently using Small Business Server 2003, now is a good time to start planning for an upgrade. You may well need new hardware as the new version requires a 64-bit processor and there are some other significant changes that need forward planning. Talk to us sooner rather than later and we'll help you decide whether and when you should upgrade and plan for it so the transition is as smooth as possible. TiGra Networks specialises in supporting Small Business Server and our founder, Tim Long, is one of only 4 "Most Valuable Professionals" with a competency of Small Business Server in the UK, so we are uniquely qualified for the task.

If you're not already using Small Business Server, then you should seriously consider it as your business is missing out on a lot of productivity-boosting features at a seriously reduced price compared to buying all the components seperately. Download our brochure "Make IT Work For You - A 20 Minute Guide for Small Business Owners" and let us give you a free IT Health Check.

If you're interested in the details, you can see Sean Daniel (Product Manager for Small Business Server) discussing the product and demonstrating some of the features here:

SBS 2008 PM Interview and Demo | Media | TechNet Edge

Instant Messenger Viruses

It seems there is an instant messenger virus at large at the moment. The virus sends messages similar to these (the URLs are deliberately obfuscated):

"Hot or Not? hxxp://mymsngallery.my.funpic de/viewimage.php?youremail@someplace.com"

or

"this really looks like you hxxp://mymsngallery.my.funpic de/viewimage.php?youremail@someplace.com"

Opening the page actually calls up an executable file that infects your computer with malware.

5 steps to help avoid instant message viruses

As with most threats on the Internet, you can help keep yourself safe by taking basic precautions. If you know how to avoid e-mail viruses, you'll already be familiar with many of these steps.

1. Be careful with links and files in IM. Never click a link or open, accept, or download a file in IM from someone you don't know. If the link or file is in an IM from someone you do know, don't click the link or open the file unless you know what the link or file is and you were expecting it. Contact the sender by e-mail, phone, or some other method to confirm that what they sent was not a virus.
2. Update your Windows software. Visit Microsoft Update to scan your computer and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. For more information, visit the Protect Your PC site.
3. Make sure you're using an updated version of your IM software. Using the most up-to-date version of your IM software can better protect your computer against viruses and spyware. If you're using MSN Messenger, upgrade to Windows Live Messenger, which will block attachments that might contain malware and allow you to scan attachments for viruses. For more information, see Windows Live Messenger Overview.
4. Use antivirus software and keep it updated. Antivirus software can help to detect and remove IM viruses from your computer, but only if you keep the antivirus software current. There are good antivirus programs that are free for personal non-commercial use, such as AVG Free Edition from Grisoft. If you are a business and required a commercial license, talk to TiGra Networks for advice.
5. Use antispyware software and keep it updated. Some IM viruses may install spyware or other unwanted software on your computer. Antispyware software can help to protect your computer from spyware and remove any spyware you may already have. TiGra Networks recommends Windows Defender. Windows Defender comes with Windows Vista. If you use Windows XP SP2, you can download Windows Defender for no charge.

If you suspect you have already been infected by an Instant Messenger virus, then immediately follow steps 4 and 2, above. Then go back and run through the whole list. If you are a business, you should call TiGra Networks straight away for expert advice and to avoid critical data loss and further problems.

One final thing - be very careful about downloading programs that claim to fix your computer. Again and again I see computers infected with multiple so-called anti-spyware cleaners that are actually malicious. You should be suspicious of anything on the Internet that is free - always question the motives. The ONLY free antivirus program that we recommend is AVG Free Edition from Grisoft and the ONLY free antispyware program we recommend is Windows Defender, from Microsoft.

Further Reading

Visit Get Safe Online for more advice on protecting yourself from malicious software.

Windows Vista SP1 and Windows Server 2008 Go Gold

The 2008 launch wave is gaining momentum. Microsoft announced a few hours ago that both Windows Vista Service Pack 1 and Windows Server 2008 have been released to manufacturing.

Windows Vista service pack 1 will likely impact most users in the short term. At TiGra Networks, we've been actively involved in testing pre-release versions of Service Pack 1 on both 32- and 64-bit systems and we're pleased with the improved stability and performance. We'll be upgrading immediately and will be recommending the same to our customers running Windows Vista. No doubt there will be a lot of information circulating in the press over the next few days and not all of it will be accurate or fair, so we'll try to keep an eye on what people are saying and present our real-world experience here on the blog.

You can expect to see Service Pack 1 on Windows Update and on the Microsoft Download Centre in mid-March, with deployment by Automatic Updates beginning mid-April. TiGra Networks will deploy Service Pack 1 for our customers as part of the normal automatic update cycle.

Windows Server 2008 is the first of a slew of exciting product launches slated for 2008. Visual Studio 2008 is already shipping and we can still look forward to SQL Server 2008 with its new data types supporting binary documents and geographical data types. The implications here are obvious for applications like SharePoint with its document libraries and Graphical Information Systems. Later in the year, of primary interest to me and TiGra Networks' customers, we can look forward to Small Business Server 2008 codename "Cougar". We are currently beta testing Cougar under non-disclosure agreement and can't discuss it publicly yet, but I think I can safely say it is going to be as popular as its predecessor. Later in the year TiGra Networks will be hosting a series of "IT Surgeries" for local businesses and we'll be showing off SBS 2008 "Cougar" as soon as we possibly can.

Don't be caught out by the domain name registration scam

I saw this article in Microsoft's UK Security Newsletter (which you can subscribe to online). Ed Gibson, chief security advisor, relates the following story:

The owner of a '.com' web domain name is telephonically contacted by someone claiming to work for a domain registration service. The caller advises the owner that someone else operating a similar business is set to register the '.net', '.org', and '.co.uk' domains of the same web address. The caller said he can stop these registrations, and therefore possible dilution of the owner's business, but the owner must buy the domains now - with a credit card. The owner agrees to pay the asking price of $200 for each.

The owner is feeling quite proud of herself . . . until another telephone call a couple of days later. The caller tells the owner that her credit card did not go through; could she please confirm all the details one more time to ensure her domains are captured in her name. Without thinking, she confirms her details.
Days later she finds out that several thousand pounds have been charged against her credit card.
The moral of this story: the owner should have simply registered the domains herself, if at all.

I wanted to repeat the information here because this is a scam I have actually seen happen to one of my customers. Fortunately, they did the smart thing and rang me for advice and I was able to prevent any damage being done, but I bet lots of people fall for this.

Never commit to purchasing something like this on the spot. If it is a genuine offer, it will be valid in an hour, or a day. This scam relies on putting you under pressure to nudge you into making a bad decision.

So let's pick this scam apart.

1. When someone goes to a domain name registrar and asks to register a domain, generally that process is completed online and automatically. The registrar would probably not have a chance to intervene.
2. Assuming the registrar did have the ability to intervene, then by contacting the applicants competitors, the registrar would likely be breaching a number of data protection laws. A reputable company would simply not expose itself to legal action in this reckless manner.
3. If the domain names were genuinely available, then you could just register them with another registrar at the normal rate, probably for under £10/year. There would be no need to spend a large sum to assure the registration.

What to Do

If someone contacts you out of the blue and puts pressure on you to make an instant decision to purchase something, I suggest the following:

1. Tell the salesperson that you need to get authorisation from your boss, partner or co-director to make the purchase and ask for a name and telephone number where you can call them back. Keep a record of the company name, salesperson name and phone number. If they will not give you a number, end the conversation there and then.
2. If they give you a number, call it back and see if it is a genuine number and is answered by the company and/or person they claim to be calling from. If not, <click, brrrrrr> (sound of telephone hanging up).
3. Even if they pass those tests, Stop. Think. Cool off. Have a cup of coffee. Now call your technology consultant - or me, or another Microsoft Small Business Specialist - and ask for advice.

If this scam worries you into registering all the domain name variants for your business, then OK, by all means go ahead and register them, or ask your technology consultant to do it on your behalf. Do it at the prevailing rate, though - don't pay orders of magnitude over the odds. As of today, 1st February 2008, it costs typically under £10 per name per year.

BNI Presentation

This is the slide deck (actually a superset of the slide deck) that I presented to my BNI chapter on 29th January 2008. The PowerPoint file is included as a file attachment below.

The case study linked from the slide deck is this one: http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=1000003722

Format: wvx
Duration: 03:20

Are You Being Criminally Negligent With My Personal Information?

The recent spate of announcements from the government and others regarding "lost" confidential information has really annoyed me. I'm so angry because every shipped business edition of Windows since 2000 has included encryption technology that was easy to use. Just a few clicks could have prevented each of these data losses. Moreover, IT administrators are able to set policies to turn on encryption for certain folders by default. Windows Vista, available for over a year now, includes even better protection using BitLocker Drive Encryption, but how many laptops come with this enabled as standard today? I don't believe I've seen even a single one. This was not a failure of technology, it was a failure to develop suitable policies and to train employees. It was also a failure of the office of Data Protection to check that the Data Protection Act was being implemented.

Only after a series of embarrassing failures did anyone take this seriously. I suspect that data loss has been far more widespread than anyone imagines and the complacency is not confined to the government and large corporations. All businesses are bound by the same data protection laws and every company should now be looking to its own policies and procedures to determine whether data loss is possible. If your company has laptops that are taken off site, how do you control or protect what information is on those laptops? How do you control use of removable storage devices such as USB memory drives? This is the decade of the Internet and it brings with it new challenges that need to be faced.

If you are a small business, the chances are that you don't have an IT department, or even if you do, they are probably too busy fighting fires to step back and look at the big picture. Either way, your IT strategy will suffer and you will not put the correct policies into place. Your best hope is to develop a relationship with a Technology Consultant - a company like TiGra Networks that has achieved Microsoft's Small Business Specialist qualification would be ideal. Your Technology Consultant is outside your day-to-day concerns so is better able to look at your business use of IT and make recommendations on how to improve it, helping you develop policies and an IT strategy. Most IT companies offer a free IT Health Check, why not contact your local provider and take them up on the offer?

So what can TiGra Networks do to help?

1. We can show you how to use the technology you have already bought and paid for.
2. We can train your staff to use the built-in encryption technology and to know when it is appropriate.
3. We can review your existing IT systems, identify gaps and develop solutions to plug them.
4. We can help you draft a data protection policy and verify that it is implemented.
5. We can help you purchase secure solutions - like Windows Vista BitLocker Drive Encryption - in future.
6. Through our secure data destruction partners, we can ensure all your confidential information is safe from the moment it enters your business until the moment it is destroyed, managing the complete life-cycle of your confidential data.

Don't wait until you get a visit from the Data Protection Registrar.

How To Make A Strong Password

Another blog article I've been meaning to write for a long time: how to construct a strong password. Much has been written on this subject, but it is also out of date.

To understand what makes a password strong, first we need to be clear what would make it weak by understanding how black-hats can crack a password. Generally, this is done using a Dictionary Attack and, when that fails, a Brute Force Attack.

What Makes a Weak Password?

A dictionary attack is just what it sounds like. A computer program can be made to run through a list (or dictionary) of known words, trying each word in turn until it recovers the password. Using techniques such as Precomputation, many weak passwords can be compromised very quickly. if your password is just a word from the dictionary, it is as much use as a chocolate teapot. Some sources advise switching numbers and letters, "passw0rd" instead of "password" for example. Similarly, mixing upper and lower case is also recommended. While these techniques help and make the casual hacker work a bit harder, a computer can still try all these alternatives fairly quickly so these techniques do not really lead to strong passwords.

Brute Force and Ignorance

When a Dictionary Attack fails, a Brute Force Attack can be used instead. Having tried all the instantly recognisable dictionary words, the computer will begin trying every possible character combination in turn. There are even some shortcuts to this technique. For example, if we know that the minimum password length on a particular system is usually 7 characters, then we don't need to try any combinations with less than 7 characters. So the attacking software might start with "aaaaaaa" then "aaaaaab", "aaaaaac" and so on, changing just one character each time.

As an example, lets assume there are 100 possible characters, numbers and symbols that can be used to make up passwords. This assumption is over-simplistic but serves well enough for illustration. For a 7 character password, that would be 100⁷ or 100,000,000,000,000 possible combinations that an attacker would need to try. It sounds like a big number, but a computer can get through that many combinations in a few hours to a few days, depending on the hardware and software used. This might be good enough to protect your account on an online social networking site for example, but you probably wouldn't want to rely on it to protect your bank account.

What Makes It Strong?

Doubling the length of the password doesn't double the number of combinations. Using the same assumptions as above, an 8-character password is 100 times harder to crack than a 7-character one and a 14 character password would have 10,000,000,000,000,000,000,000,000,000 possible combinations - billions of times harder to guess. Every extra digit you add makes a huge difference to the "guessability" of your password.

So the key to strong passwords is in length, not randomness. I think this is a point much misunderstood in the IT industry. One source, Robert Hensing from the Microsoft Security Response Team suggests not using complex passwords at all, but instead using phrases like "If we weren't all crazy we would go insane". I think he is on to something. If you are at all good at typing, you can enter that in about two seconds. That phrase contains 42 characters including spaces and punctuation (space is perfectly valid in a password) and would result in a mind-bogglingly-large number of possible character combinations. You might think that this password is easy to crack because it is made up of dictionary words, but Robert has a good justification why that's not the case (I refer you to his blog article and to this article in the Microsoft Knowledge Base for the details).

The Human Factor

One final point to take into account: The Human Factor, which is so often overlooked in these discussions about security technologies. The Human Factor can be summed up like this:

No matter how strong or weak your password, if it is too difficult for you to remember and use, it is a security risk. If you can't easily remember your password, you will write it down, which makes it easily discoverable and defeats the purpose of the password.

Some web sites - and banks are some of the worst offenders here - enforce arbitrary and arcane complexity rules. They make it so difficult to create memorable passwords that they make it almost inevitable that the password will be written down, thus undermining the very security they were trying to achieve. The Human Factor is not to be underestimated.

Thanks for the Memory

With that in mind, my preferred technique for thinking up strong passwords is closely linked to a memory technique. First, think of a memorable phrase - a book title, a line from your favourite song, poem, or something else that is easy for you to remember. The phrase should be a few words long, something easy to say in your mind and, above all, memorable. Now, simply take the first letter from each word in your phrase. As an example, consider the book title "Zen and the art of motorcycle maintenance". Taking the initial letters gives "zataomm".

That's not a bad password, but we need to meet our network's password complexity requirements. Typically (in Windows networks) the minimum requirements are:

1. A minimum of 7 characters
2. A mixture of at least three of: upper case; lower case; numbers; punctuation
3. Cannot contain the user name or have been used before

We can ignore the third rule here and our new password already meets condition 1, but we fail on rule 2. I have a few techniques for working around that. First, proper nouns like "Zen" should have capital letters. The second word is "and" so we can replace that with a punctuation character "&". Finally, just for good measure, we can make letter-for-number substitutions, such as 1 for i, 0 for o and so on. So my final password would be "Z&ta0mm". That's a strong password by most definitions and exceeds the default complexity requirements for Windows. When it comes time to enter your password, simply visualise your memorable phrase and type the first letter of each word. With a bit of practice you can make all the punctuation and number substitutions on-the-fly and if you like mental gymnastics you can vary things by using the last letter of each word, second letter, and so on. The password I use to secure my most precious assets was constructed using exactly that technique, has over 15 characters, yet I can enter it in under 3 seconds. It is amazing how quickly the fingers develop a memory.

Speaking of fingers having memories, you could also consider a biometric device to make entering passwords a one-touch operation.

Wrong Tools for the Job

I was driving along the M4 today and I passed this DHL delivery truck. I snapped a photo with my mobile phone but unfortunately I didn't capture what someone had written with their finger in the grime on the rear of the trailer:

Don't ask the driver - he hasn't got a clue. No Sat Nav!

I wonder what circumstances led to that message being scrawled onto this truck? An unhappy customer angry about a late delivery, perhaps? Well, I've had a number of problems getting things delivered lately - not with DHL but with another well known courier. Amazingly, their excuse is nearly always "the driver couldn't find the address". You might think that being able to find places would be of critical importance to a company whose job is to deliver things, but apparently, even though for several decades every package has carried a uniquely-identifying postal code, couriers are still unable to reliably find UK addresses. They can track a package's every move across the world from source to failed delivery - because they can't work out how to look up a postcode!

I'm really amazed that delivery drivers aren't provided with satellite navigation and postcode lookup. It seems to me that SatNav technology, built into a Windows Smartphone or PDA, would pay dividends in a short time. It could help drivers improve their productivity, avoid failed delivery attempts and attendant refunds to unhappy customers.

Are you giving your staff the right tools to do their job? Are you making it easy for them to improve productivity and do their job better? The right IT systems can really help you streamline your processes, keep your finger on the pulse of your key performance indicators and improve customer satisfaction. Take us up on an offer of a free IT Health Check and let us start working to make you more successful.

Why You Shouldn’t Forward Chain Email

I received the following email today, which is clearly a rather crude hoax:

---

From: <deleted>@hotmail.co.uk
To: <24 MSN/Hotmail addresses removed to protect privacy>
Subject: PLEASE READ
Date: Thu, 10 Jan 2008 21:48:22 +0000
Hey it is tara and john the directors of MSN, sorry for the interruption but msn is closing down. this is because too many inconsiderate people are taking up all the name (eg making up lots of different accounts for just one person), we only have 578 names left. If you would like to close your account, DO NOT SEND THIS MESSAGE ON. If you would like to keep your
account, then SEND THIS MESSAGE TO EVERYONE ON YOUR CONTACT LIST. This is no joke, we will be shutting down the servers. Send it on, thanks. WHO EVER
DOES NOT SEND THIS MESSEAGE, YOUR ACCOUNT WILL BE CLOSED AND YOU WILL COST 10.00 A MONTH TO USE. SEND THIS TO EVERYONE ON YOUR CONTACT LIST. NOW YOU NOW WHAT TO DO. PLEASE DO NOT FORWARD THIS or REPLAY. COPY THE WHOLE EMAIL.
GO BACK TO YOUR INBOX AND CLICK ON NEW. AND PASTE THANK YOU FOR YOUR
ATTENTION. It's no joke if you don't believe me then go to the site
(http://news.bbc.co.uk/1/hi/business/1189119.stm ) and see for yourself.
Anyways once you've sent this message to at least 18 contacts, your msn dude
will become blue. please copy and paste don't forward cos people dont read them.

---

You might think that forwarding this email is harmless, but let’s look at that. This was forwarded to 24 people. If they all forward to 24 people too, that’s 576 emails, then if they all forward to another 24 people each, that’s a total of 13,824 email messages. If you look at the addresses sent to, they are all MSN or Hotmail addresses. So, somewhere in MSN is a poor email server that is suddenly overloaded with nearly 14,000 messages, email will be delayed and the server might even crash. What you just did, by forwarding that harmless looking email, was to allow a prankster to persuade you to launch an attack on MSN without you even realising it. This is what we call a “Denial of Service Attack” in the trade. It was an attack on MSN/Hotmail. I know from experience that my own email server can send about 100 emails per minute, so those 13,824 emails could take over 2 hours to deliver – in the worst case, someone’s email could be delayed by 2 hours just as a result of this one attack. Now, I wasn't the originator of the email, so how many people are already forwarding it? There could be many, many more copies of it out there, and there could be other hoax email messages circulating too. Are you starting to see the problem? In the extreme, this is how companies get taken offline.

The web link in this message that is supposed to corroborate the message is (unusually) genuine but actually dates back to 2001:

What To Look For

There are usually clues in the message that it is a hoax and this one is no exception. This email is benign but sometimes they can be more sinister so you really need to be careful with these messages, especially if they ask you to visit a web site, download or open an attached file. They are almost always trying to trick you into doing something that you probably shouldn’t. You will not be doing your friends any favours by forwarding such content.

Does it seem likely that the message actually came from the claimed source? Take a look at the grammar. It’s full of mistakes and slang. Would the directors of MSN really send out a message that reflects badly on their company? I wouldn't send an email like this on behalf of TiGra Networks and I suspect neither would any self-respecting company director.

Next, is the message content verifiable? At first sight, it appears to be genuine and links to a reputable and respected news web site - but the link to BBC News dates from 2001 and is only obliquely related to the message. It does not, in fact, support the assertion that "MSN is closing down". So the message is self-repudiating.

Do links actually go where they appear to? One thing to watch out for, when asked to visit a web page, is to check that the link actually goes where it appears to go. Outlook 2007 and Internet Explorer 7 both have new security features to protect you from this type of trick. Outlook 2007 will block access to the link. If you use an older version or a different email reader, sometimes if you hover the mouse over the link you will see a "tool tip" popup window that shows the real destination of the link, like the one shown to the right. Typically, fraudulent links will contain an IP address (a group of four numbers seperated by full-stops). If the link is different to the actual destination address, don't go there!

Here is the Golden Clue: “SEND THIS MESSAGE TO EVERYONE ON YOUR CONTACT LIST”. Alarms bells should be going off in your head whenever you see this. MSN, like all companies, has its own customer list. If they need to get a message to everyone, they can just send it directly, themselves. Why would they ask YOU to forward the message to everyone?

What To Do

Sometimes these attacks are quite subtle and either make you feel good about yourself because you seem to be helping others or afraid that something bad may happen if you don’t act. This one does both. That’s called Social Engineering. In fact, you’ll be allowing someone to manipulate you into doing their  dirty work for them. You will never profit from it, you will not help those you forward it to and no good will ever come of it – even if the original intent was genuine, chain email still does more harm than good. In the extreme, you might end up looking like a bit of a fool, so when people ask me, I always recommend this simple strategy, no matter what the content of the message:

Never forward chain letters, always file in the recycle bin.

If you can't follow that advice and for whatever reason, you have a burning need to forward a chain email, then at the very minimum verify the content of the message before forwarding it. Usually, a very cursory investigation will reveal the message as a hoax. You can visit the Urban Legends web site as one useful source of background checks.

Further Reading

Visit the excellent Get Safe Online web site, take their Safety Test and subscribe to the Blog for plenty of sound advice. You can also subscribe to our RSS feed to receive more hints and tips from TiGra Networks - the small business IT specialists. We also have some useful links on our web site. The Urban Legends web site is the de facto standard for debunking Internet hoaxes.

Printer Deployment for Windows Vista and Small Business Server 2003

I recently had a problem with a customer running all Windows Vista clients on an SBS 2003 R2 domain. The problem was how to deploy printers to users who have restricted access (i.e. standard users). The users cannot install the printer drivers themselves because they do not have permission - nor should they need to as the customer is a training establishment with high student turnover, so it's important that the environment is right for each new student the first time they log in.

Windows Vista seems to solve this problem with a great new feature called Printer Deployment which works using Group Policy. Great! Except it doesn't work when your group policy is provided by SBS 2003. If you try to deploy a printer you'll receive a message that your active directory schema is not supported.

The problem is that Printer Deployment requires the R2 Active Directory Schema (version 31). Small Business Server 2003 R2 does not use the R2 schema, because it is based on Windows Server 2003 Service Pack 1, not R2. So you have a "Catch 22". You can't deploy printers normally because the users don't have permission; you can't deploy with Group Policy because SBS doesn't use the R2 schema.

Today I found a solution - update the Active Directory Schema to R2 using a Windows 2003 Server R2 installation media. I need to issue a disclaimer here that I'm not sure about the licensing legalities of this solution, I have yet to get an official opinion on that. If the network already has an R2 member server, then we're covered, but SBS networks don't always have an R2 member server. Nevertheless I think we should be OK as we're not actually installing the software, just using it to make updates to an existing Active Directory domain. Perhaps if any Microsofties are reading this post, they could leave feedback/trackback commenting on whether my solution is allowed. If you use my solution yourself, it's up to you to check the licensing issues for yourself. "Chewie, it's not my fault!"

OK, so here's what I did (see also KB 917385).

1. First, take a system state backup of your SBS installation in case you need to roll back.
2. Find a copy of Windows 2003 Server R2 (NOT Small Business Server) and pop it in the CDROM drive of your SBS box. You need CD 2, the one with the R2 components on it.
3. Open a command prompt and change directory to \CMPNENTS\R2\ADPREP
4. execute adprep /forestprep to install the R2 schema update.
5. Go back to your Windows Vista Print Management console and re-try your printer deployment, it should now succeed.

Having created/updated your group policy object, you can test it by going to a client workstation and typing GPUPDATE at a command prompt. You should see your deployed printers appear.

NOTE: this is exactly the same issue that prevents a Windows 2003 R2 Server from being DCPROMOd in an SBS R2 domain. Updating to the R2 schema should allow you to add R2 member servers and DCPROMO them to domain controllers.

CAVEAT EMPTOR: Don't mess with your Active Directory unless you're comfortable with that. You did take that system state backup in step 1, right? If you are an end user, get your technology consultant to do this for you.

Introducing the TiGra Networks Micro Business Server™

Introducing the

TiGra Networks Micro-Business Server™

The name “Micro Business Server” is ours, not Microsoft’s. These amusing video clips actually highlight some serious advantages of Microsoft’s new server product.

Based on Windows Home Server operating system, our Micro-Business Servers are designed as “no-brainer” backup and disaster recovery for up to 10 PCs. They also give you remote access to your files when out of the office.  I’m offering this solution for businesses with up to 3 computers, possibly up to 5 but certainly beyond that we would normally recommend the more capable Small Business Server product.

You can only buy this server product pre-installed on a new computer. Our offering is a compact “book size” headless (no screen or keyboard) PC with a 500Gb hard drive. It runs almost silently and you just “set it and forget it”, so it will just sit in the corner doing its job, backing up all your computers and giving you secure remote access.

If you’re currently risking your business by carrying it around on a laptop hard drive, you need this product.