binaryfactory.ca

Today I read a post on Windows Networking by Brien M. Posey about “The Confusion of AD Design”.

He argues that some people use way too many OUs and that “less is more”.

As I said before, there are situations that do warrant using multiple OUs. This is particularly true in situations in which there are multiple administrators, and each administrator needs to be delegated control over a different portion of the network.

Well, I’m not aware of many domains that do not have “multiple administrators that need to be delegated control over a different portion of the network”. Those that don’t have that usually don’t have any OUs created other than the default ones, with every user under Users, and every computer under Computers. Of course there might be some exception, for example a domain used only to host your Exchange servers, however, most companies that pay high priced consultants to come in and set up their Active Directories have structures a little more complex than a 25 employee small business.

Having a lot of OUs can be very useful in almost any big domain structure. Let’s say you have 50 different types of servers. Each of these server sets has their own Hardening rules. You apply a “master” hardening GPO at the top of your OU structure, that locks everything down, and then you unlock things for each application, at the OU level. This way, your OUs apply in the proper order by default, and delegation is pretty easy as each application has their own container.

At least, at the end of the article, he acknowledges this:

Right about now, you might be wondering what I really have against creating multiple OUs. There are a couple of reasons why I do not like using multiple OUs unless I have to. Maybe it’s just laziness on my part, but the first reason why I like to try to stick to using a single OU in an Active Directory design is because having multiple OUs tends to complicate LDAP queries.

Well, just do a subtree search then! Laziness, on my end, makes me want to have a structured design where Group Filtering is the exception rather than the rule.

When working a lot with Group Policy, one thing that I would love being able to do is merging user right assignments. If you’re aware of how to do it, be sure to post a comment (Workaround, 3rd party tool, etc).

Let’s say you have 500 servers. All servers run some agent service that must always be set to automatic, and for which you have customized ACLs. (You grant helpdesk the right to restart the service for example).

Well, this is pretty easy to handle as every service can be handled in different GPOs, so you just create a GPO with your settings, and you link it appropriately.

Now, what if you want to grant the service account that this service uses on every computer the right to “Log On as a Service” ? You could put that in the same GPO, but it would override any other policy that has “Log On as a service” defined and is applied before this one. Wouldn’t it be nice to be able to specify in a GPO that the service account must have “Log on as a service” while keeping the currently specified rights?

Vmware

When I use Windows virtual machines, sometimes the system beep gets annoying to my neighbors.

When I use Linux virtual machines, it goes through my laptop’s PC Speaker, which makes me have a heart attack, and annoys my neighbor.

Find your Vmware preferences file

Windows: Application Data\VMware\preferences.ini

Linux: ~/vmware/preferences (you could possibly do it in the system wide config as well)

Add this line:

mks.noBeep = TRUE

All beeps should be gone.

Windows itself

If for some reason you use some other Virtualization product that does not allow you to disable beeps, just create a Group Policy on your test domain (you could do it local as well). Configure any non critical service in the GPO to be DISABLED. (I use the print spooler).

Once that is done, browse to the sysvol, find the GPO’s folder, and edit the security policy text file. Replace the name of the service you disabled with “beep”.

The reason we have to do that is because you don’t see the beep service in the list of the GPO editor. But this effectively disables the beep service that Windows uses, well, to beep ! I deploy this on test domains where I “beep” often.

Get it here – Coupon at bottom of post

I received my invisibleSHIELD for iPhone 3g.

It came in a nice box, with the little squeegee and some spray to apply it. I read the instructions, watched the guide on their web site, and got to work.

Applying the front and the button piece was a piece of cake. I did it first, but I think it is a better idea to do the back first, let it try for a few hours, and then do the front. When doing the back, you apply a lot of pressure on it and you might ruin what you have done on the front, which thankfully did not happen to me, but came pretty close.

Applying the rear was easier than I expected it to, after reading comments of people who were “not able to get the corners to stick” etc.

I aligned the back piece with the headphone jack and the power/volume buttons, then folded it on its back and made sure the camera hole lined up. Then, I “squeegee’ d” it a bit to get the rear slightly  glued.

Making the corners look good was not hard, but takes a while (half an hour maybe). The reason for that is that at first, the flaps are too soft and not sticky enough. I shaped the corners by stretching the flaps and applying some pressure with my palm, while breathing hot air on it. I did not get it perfect but I’m confident if I had to do a second one I could. There are some slight imperfections in the corners, and the alignment of the plastic on the chrome trims is not perfect either.

However, I usually carry my iPhone around in a Griffin Elan Clip so as long as the front is perfect, that is great. And while the back might not be perfect, it is still awesome to be able to carry it in my pockets without being afraid to scratch it.

Will post a follow up with close up pictures as soon as it is done drying !

*note that this is an actual unbiased review and that none of the links I posted send you to sites where I get referral money when you buy it. However if you do order one here are some  coupons I found. They may or may not work, worth a shot:

pcworld20

5he27e

( http://xkcd.com/458/ )

I couldn’t resist.

Actual Numbers from Google (Canada)

“I should have kissed her” : 7730

“I shouldn’t have kissed her:” 806

Results from Cuil

I should have kissed her: 4

I shouldn’t have kissed her: 0

My regret is actually having wasted time to check this out. I actually feel guilty comparing anything to Cuil, since it might generate some “buzz” around it.