Corporate client provisioning

As usual, when holidays come, I have the time to do whatever I missed in the year. Finally our corporate PC full provisioning system has reached the production state! It has taken me some hours to resolve many issues about WMP11 deployment and I had to deal with a time-consuming MSI repackaging, but now I can press F12 after the POST on a PC, write down my domain credentials and wait for the RIS (Remote Installation Service) by Windows Server 2003 and the software distribution feature by Intellimirror doing the work for me. When I come back (about 1 hour later), the client is setup, all corporate policies have been enforced, all programs have been deployed and patches applied: I only have to log on and simply start using my new PC… everyone working with a PC at business should have that at Christmas! 😀

Cisco IOS management over SSH

Until now, all administration of my two Cisco Internet routers was done over vty terminal sessions, using the telnet transport protocol. Since an access list was placed to allow only vty connections from internal networks, it has been not a great security issue, but I was always sensing some “disease” every time I wrote the enable password in my terminal window! :S  Obviously I had enabled in the past the SSH server included in that wonderful thing which is the Cisco Internetwork Operating System (IOS), but with my old SSH client (OpenSSH) I had a bad interaction with it. At that time I blamed the IOS for it… only today, by retrying with a different SSH client (PuTTY), I realized my mistake! I hope it has been the last time I have a doubt about the IOS quality… now all my management traffic (and authentication) flows encrypted between hosts of my internal networks, and I can finally go to bed without having nightmares about security concerns. 😉

Single Sign-On

Yesterday morning, instead of starting to do what I had to do, I began fixing a couple of problems which were annoying me from a lot of weeks.
One of the main concerns I solved was the need to enter the same credential each time an external user gains access to a web site published by my array of ISA servers.
In effect, ISA 2006 come with the SSO Web Listener functionality, but when I last worked on it, I had more urgent tasks to accomplish, so I did not find the time for testing and bringing it in the production environment.

My first impression in a test environment was good, so I spent some hours (obviously after midnight) to activate this function on the production servers. Some troubles, mostly due to the Outlook Web Access application configuration, but at the end I reached the goal: now you are requested for credential one time only, and the user experience in accessing the Phoibos online services has been dramatically improved (have a try with it at… thanks you one more time, ISA! 😉

Windows SharePoint Services 3.0

Finally Microsoft released the new WSS package on November, 13. The new system requirements include the .NET Framework 3.0, Windows Server 2003 SP1 and SQL Server 2000 with SP3 (or later).

Yesterday I had the time to have a first try to this new platform, so I started a new testing website at What I have first noticed is the setup process, dramatically simplified to guide the administrator through the creation of the first WSS webfarm, the search server role assignment, and the whole IIS configuration (virtual sites, application pools, etc.). It is now extremely simple to manage that OS components by using the Application Management site, under the redesigned Central Administration website.
From the user perspective, the new look and feel is simply awesome, tanks to the new Recycle Bin feature (great stuff!), the redesigned Quick Launch, the new “Site Hierarchy”, the Breadcrumbs and “Top Link Bar”. All these components greatly improve the user navigation experience, by reducing the time needed to reach the contents you are looking for.

I have not so much time to spend in testing, but I wish to try at less the migration of site contents from my current WSS 2.0 environment. Hoping to have the time to post further comments about that.