Monthly Archives: December 2010

The Blog Wrap Up and Happy New Year

Hello Everyone!

In this last post I wish you Happy New Year!

I also wish you to be healthy and fit:


Have fun:


and no bad news:


And just in case you care to reread something from this month’s blog posts, here is the wrap up:

IPv6 is great. But Are we really ready yet?

Yeah, those free books are great, but I need another 24 hours per day to read them.

Plan, implement, win. No malware is good news, but be prepared… Just in case…

The first part of “How to change attribute in AD”. The second is quite tricky for me, so I am still working on it.

I was good! Well, at least they told me so Winking smile

For the situation when you know what, know how, but cannot find where. If you don’t see your attributes then read it.

Good stuff. No kidding. I use it and I recommend at least to try it.

Want new blog or sight based on .NET? Here is the list.

IPv6: hopes, disappointments…



This scary gadget screenshot (26th of December here) tells us that it is only a question of a month, may be, two to run out of IPv4 addresses. Well, not exactly “we”. It is IANA who will run out of it. Of course, some time since then it will affect some customers who want to buy their own autonomous system, and large providers and sooner or later – end users. I won’t do any predictions about the time it will become a real problem (you know, there were too many of these predictions) but now it is more than ever obvious that IPv4 must R.I.P just soon enough to think about it at least today, in case you didn’t do it yesterday.

Some guys are not only prepared for it, but even more: they are in it almost totally (some say that China has almost half of their addresses in IPv6), or partially (US governmental institutions are to be on IPv6 by now, AFAIK), or not ready at all.

I’m ready to roll towards implementation in my mind: I subdued to the necessity in my mind, but… Again those “but”. There is too many problems in security (LOL: security problems with the protocol which has built-in IPSec, huh? =) ). My ISA cannot filter it. Darn: TMG cannot also! I need some transition technologies to implement DirectAccess, because some legacy software just cannot do well with IPv6.

Well… Anyway, how are you feeling about IPv6? Do you need it? Can you implement it just with good planning, without some crutches or changing your firewalls, network equipment and company you work for? Why?


(Pictures: a screenshot of Windows gadget from Hurricane electric and IPv4-picture from

Freebies: some more free eBooks

Being ill I’m not currently in the state to write anything smart, so I will just provide you with some more free eBooks (and their parts) from the list which were announced at MS Press blog (And were kindly mustered together by one of MS employees for me. Thanks, pal):



Moving to MS Visual Studio 2010



Sample code




Introducing Microsoft SQL 2008 R2 (Yeah, another two hundred pages for me to read)






Programming Windows Phone 7 Series (DRAFT Preview). We still don’t have WP7 here, but already have some programmers for it… Strange, isn’t it? =)



Sample code



Own Your Future: Update Your Skills with Resources and Career Ideas from Microsoft. Read in case of emergency. Or rather earlier Winking smile







First Look Microsoft Office 2010. Sometimes looking at some office pro work in, say, excel, I’m being just jealous. So the book is in my reading list too.






Windows 7 troubleshooting tips. 12 pages of “must read”!







Introducing Windows Server 2008 R2. Well… It is somewhat outdated proposal for me, but if you are new to R2 – that’s where to start.







Deploying Windows 7, Essential Guidance. Here you have an excerpt from Windows 7 Resource Kit and TechNet.





Enough for today. Enjoy your reading!

IPD Guide: Beta for malware response

I love those IPDs. You don’t know what “IPD guide” stands for? Well… I suggest it to be for “I Plan Darn good”. MS, all of a sudden, thinks that it is for “Infrastructure Planning and Design guide”. Anyway, what has been just issued is a beta for one more process: answer to a malware infection in your organization (I bet I can adopt it for home usage too, but it can wait). Why is it important to have such a plan (we do have one, by the way Winking smile)? Well… It is like everything with security: if something went wrong it is a disaster… unless you have a plan which is good and which is known to be implemented and is known how to implement. Because if you have a plan, you can just go and do what’s in the paper. If you don’t – you are beginning with a creation of some plan and usually it doesn’t work from the first try, you go for the second and so on…

If you plan something like that:


but in more details and delivery the training on the process, then you will be able just to get rid of your troubles in a very effective manner.

So, at the moment I am still reading the IPD guide and already have something to say to its authors. If you are interested in it, then go for download to the MS Connect site, read and tell the authors what you think of it.

How to change attribute in AD: alternatives

After my post on delegation and filtered attributes I got a question about more convenient means of editing an attribute (say, employeeID) than Attribute Editor in ADUC.

Well, let me enumerate everything I can suggest from tools for the task.


It is the most common tool for the single attribute change.

Just launch Active Directory Users And Computers, check that Advanced Features are on:


Then find your object and open its properties, select Attribute Editor tab and find your attribute:


Drawbacks of the method:

  • You need to find the object in AD tree, else you won’t be able to find Attribute Editor tab.
  • Think of the situation in which you are to change attributes for, say, 100 objects… Crazy, huh?


It is more powerful than ADUC, but actually is kind of overkill in this situation. Still some can like it. Almost the same, but first connect to default naming context, found your object and change the attribute in editor. Almost the same window and exactly the same problems.

Active Directory Administrative Center

It is one of the most appropriate tools for managing users and some other objects on a one-by-one basis. Unfortunately in this case it is almost the same as ADUC:


the only difference is that you don’t need to go down the AD tree to find your objet. Here you can just search for it from a search box and just edit what you need.


I love it. Really. Even though I am not very proficient in it I can do soooooo much with it. In this case, for example, we can assign a new employeeID attribute value just like that:


I’m almost sure it can be done in one line, but here I hadn’t such task. As you can see, this method already can help us to create some script with even something like GUI. You can too create a script for doing some bulk changes. It’s pretty good method, actually.

Enough for today. In one of the following messages I will try to introduce to more methods for changing objects’ attributes.

Bragging: Platforma results

As I already wrote, I visited the “Russian TechEd” being an expert in AtE and a lab instructor for “UAG and DirectAccess: better together”. Well, I cannot tell you If I was good enough (though I think I wasn’t bad): there weren’t any quantitative measurements. But the attendees of my lab surprised me, stated my 8.8 out of 9 mark. Thanks, guys!

Now I am just obliged to implement both UAG and DirectAccess in my company to be really professional in them Winking smile

Delegating something… “I don’t see the attribute I want to delegate!”

As I have been dealing with some delegation tasks recently, I had to recall some basic stuff. Actually, it took me two occasions of “suddenly missing attributes” to get on the problem seriously and find out the fact that “filtered attributes” can be related not only to RODCs =)

So, the situation generally renders as the following: you are trying to delegate permissions for an attribute in AD through the Delegation wizard and find out that you cannot, because you don’t see the attribute in the wizard. Let me show you an example. Suppose I’m trying to delegate permissions for changing attribute emplyeeID in contact to some group. In the delegation wizard you will see the following dialog:


As you can see there are no employeeID checkboxes to fill in. Where are they? That’s simple enough: they are filtered out from our sight. It is done so that to ease our life, actually: there is too much of attributes for some objects, which usually are not needed. Removing them from our wizard (not only from it) makes it not so overcrowded. “But, but, but… I need it!”, you tell me. Well, no problem: let’s get the attribute back. To do so we need to make some changes to dssec.dat file in %systemroot%system32 folder (make a backup copy!). It has very simple and easy to understand structure: a section for each object we can use, which begins with [<attributename>] and ends with the beginning of the next section. For instance, the section for contact looks like the following:


As you can see, in the section there are lines, consisting from attribute name, “=” sign and a number. In red rectangle you see the property we cannot delegate access to. Why? Obviously it is because of number 7. What should we put in there instead? There is only three options:

  • to display both read and write options use 0
  • to display only write option use 1
  • to display only read check box use 2
  • and 7, of course will hide both options again

So, let us put here “employeeID=0” string


restart our ADUC console, then start Delegation wizard and:



Some extra reading:

Using Windows Live Essentials: my experience

Recently I’ve been asked to share my own experience with the stated in the subject program suite. Actually I was going to do it anyway, because it is a great bunch of programs. Well, maybe not all of them: I don’t know about some, because I’m using only several:


Others haven’t found any place in my life yet. But these… They just fits me perfectly… Well, almost perfectly =)

Live Mail

It is sort of replacement for old Outlook Express. Ok, I almost never used OE, because it was not too convenient for me and I was able to spend several hours to configure some fancy mail client like TheBat. Now I’m a bit too busy (or lazy, who knows…) so I prefer something more or less good configured by default. This email client allows me to configure all my accounts in an instant. Really. Just like that:

  • LM: What is your email?
  • Me: <something>
  • LM: Oh… Ok… What’s your password?
  • AVery5ecurePa$$w0rd
  • LM: excellent, you can proceed using your account

Just like that! What’s more? I can see what account the email has come to just by color of the subject line:


You can see that the color is the same as for my Gmail account.

Other features:

  • RSS aggregator (don’t like it because I need to read my news anywhere I am, so only some “cloud” solution can suit me completely)
  • Contacts (Nothing special about it for me)
  • Calendar (I’m planning on starting using it so that to split my personal calendar from one related to my job)
  • Newsgroup (Using it for checking on MS TechNet forums through NNTP Community Bridge)

So, for me it is quite convenient, it is free, it is quite good and I have almost everything I really need from it. 

What’s on wrong side?

  1. It cannot work with my mail account if I turn on the full security. Oh, come on, guys, you are killing my security! =(
  2. You are to configure settings for messages download in news groups individually. That sucks.

But still it is good enough for being in my “install after setting up a new OS” list.

Photo Gallery and Movie Maker

This one is the least used by me. I use it only for some basic video editing, like cutting out some funny scene from YouTube video. For more complex tasks I use some other software. But for the purposes I assign to it – it is quite good again. And free, as opposed to my “other” solution.

Next two programs are just “must have” for me.

Live Writer

Guess in what program I’m composing this message? You bet it is Live Writer! It rocks. Rich editing, auto-discovery of my blog style, inserting of video, inserting and editing of pictures, several accounts, several blog platform support, you name it. Awesome. In more details:

1) Now I’m writing this message and I can see how it will look on the blog. You can compare what you see with what I sow some time ago in LW:



2) Rich editing: well, you can see that my posts have not only plain text in them =) Not some professional designer work, of course, but it will do at least for me. =)

3) Multiple blog accounts:


I have only two, but seems like I can have many of them. And they can be from almost any blog platform:


Configuring a new one is (for me) just a bunch of next-next-finish sequences.

4) and more, and more… Just one brilliant small feature, which I’d like to see on every ribbon tab in every Office product, but found it only on the Picture Format tab in LW:


This small button saves your current settings in this tab the default ones. Great, really. Very simplistic and though it would be used not very often, it is the “must have” feature for any ribbon interface.

Windows Live Mesh

This program rocks too! I used old Mesh, while it was in beta testing. It was very unstable and sometimes just didn’t work, but I used it. Now it works without interruptions, it synchronizes my stuff perfectly (including IE favorites), it just works. Though I don’t use it for synchronizing my OneNote notebooks anymore (OneNote manages it itself), I still synchronize quite a bunch of stuff, including drafts for my Live Writer. Nothing confidential, of course, just the data which are to become my articles, blog posts, or I need to read about new technologies. But they are wherever I am =)

The only thing which is not stable is remote access. And this is the feature I don’t need.

One more thing to be aware of – there is only 5 GB for your synchronized data on the SkyDrive.

That’s what I use from this perfect suit. If you use something else and are not satisfied enough, or you are looking for something with the functionality, then I ‘d recommend you to have a look at it.

ASP.NET-based blog engines, CMSs, etc…

One of the Russian MS employees published a list of ASP.NET-based engines for site creation. Maybe someone will be interested in it.

I failed to insert a good looking table here, so get a link to the .xlsx file with the engines. Where the discussion begins (Russian):