Regroup and Refocus on Transforming your IT Organization

This week I find myself frustrated in the quagmire of politics and bureaucracy. My typical role in an IT organization is to remove barriers to success, and in parallel motivate and lead them in the right direction. At times however, the sheer amount of work that needs to be accomplished can be incredibly overwhelming. In maturing organizations even the smallest task can require a new policy or procedure to be written. To combat this, the only true solution is to fall back on basic principles of time management, prioritization and delegation. It may feel like the house is on fire, during a hurricane, with the basement flooding, while the volcano in the backyard is erupting and causing an earthquake. In reality however, the situation is only as dire as you make it.

The first step in calming yourself and your team is to have an overarching strategy towards turning a team around. A great example of this is the 4-s strategy can be found in a blog post on entitled “how to turn around a failing IT department” This may not work for everyone, but the key is to begin developing some level of structure to your change efforts.

Now, take a look at your core processes. I don’t mean your “nice to haves” or things that are exciting. I’m talking about the basic things. Examples include:

  • Can you buy things, and can your customers buy (or organization fund) your services
  • Who can make authoritative decisions about the IT organization, what are the limits
  • Can you process the hiring of people, can you terminate people?
  • How will you document new decisions and make them publicly available?
  • What failing services, truly prevent (not degrade) business functions?

It may sound counterintuitive, but address the “hows” first, establish procedure and get everyone doing things the same way. Take small iterative steps and adjust your plans accordingly. Remember, your first goal is to “stop the bleeding”

I’ll be writing more on this topic in the near future……stay tuned


Excellent OSX AD Integration Resources

Binding OSX Lion to Active Directory Issues

Read this thread on the apple discussion forums

10 Most Dangerous Species of Help Desk Analyst

The link below is a great description of the type of Service Desk Analysts to avoid. (And its pretty entertaining as well!)

What is a Netbook?

As the saying goes, if I had a nickel for every time I’ve been asked this question I’d be a millionaire by now. Many are of the opinion that a netbook is a small inexpensive computer based on a specific type of hardware. Such as an intel Atom processor, 10-inch screen, and less than $300. I’m going to take a different approach.

Here’s the reason why….

The basic premise behind a netbook is that you have an inexpensive laptop and that store your data in the “cloud.” I would argue that any computer can be used for this purpose, and could technically meet the definition of a netbook. I can buy an intel core 2 duo laptop with 2gb of RAM and a 15″ screen off of ebay for $200. If I treat it as a netbook, and only store my data in the cloud (or a home server for us IT geeks) then I have better performing device, that costs less, and in my opinion is a much better deal.

So next time I’m asked what is a netbook? I’d reply with its all about how you treat your laptop.

MacBook Air 11” Review

Since this is my first published review, I’d should mention a little bit about my goals in writing a review. First off, my reviews will not be your typical review that you find on popular tech sites. It won’t be all about the hardware, the warranty, OS or bundled software. My reviews will always focus on how the product can be used, and my opinion of how well it fits any given use case. Please feel free to let me know what you think in the comments.


Ok so I might have fibbed a little bit. In my heart of hearts I am a hardware geek. I love everything about the physical computing gear we use. I have a special appreciation for Apple Computer products simply because they take the time to build quality hardware. The MacBook Air is no exception. It is a solid, well designed computer that does not neglect attractiveness. They keys are well spaced for being such a small laptop and does not feel cramped. The display is crisp and bright and I have nothing but good things to say about the physical hardware of this device. The battery will get me through a full day of meetings and is only bested by the iPad.

My Use Cases

1. As a Network Administrator

In my work environment, I spend a lot of time walking between buildings. I have a network in 14 buildings spread across campus. I have 25 wiring closets in just the large buildings alone. Chances are if I need to go to a wiring closet it is because a network device has failed or needs reconfigured. In this role, with the USB to Ethernet adapter, a USB to serial adapter and an installation of Windows7. the MBA has no competitor. Physically the MBA is just slightly larger than an iPad which makes carrying it around a minor task rather than a full workout like it is with some larger devices. I also find the MBA much easier to deal with on those occasions when you have to stand next to the rack an prop your laptop on something to type.

2. As a Meeting Note Taker

Again, since the device is just slightly larger than an iPad and is instant on and instant off (even with Windows Installed) its portability is unmatched. I also find it great for meetings because you aren’t hiding behind the large screen on a 15” laptop. It even fits in a padfolio as long as you don’t have it crammed with paper first.

3. As a Take Home Alternative to My Full-Size Laptop

This is where the MBA is not my favorite device. While it is much more convenient to carry than a full laptop, most of the time if I’m at home I am doing real work. In this scenario the screen does feel cramped. Also, with such a high resolution screen (which I do like) it is too far away from you when typing on your lap in the living room. However having an instant on device with FULL blown outlook is a wonderful thing. Most of the time I find myself missing a full laptop when I am using it at home.

All said and done I love the MBA. It makes a great supplimental computing device. While I’d propably never purchase one with my own money I find it a valuable asset for certain situations. Let me know what you think in the comments.

Managing Site to Zone Assignment With Group Policy

You can centrally manage what sites are assigned to what security zones in internet explorer with a group policy object (GPO.) This is especially useful for organizations implementing SharePoint and want to make sure users don’t have to log in twice to any SharePoint sites. In order to do this correctly there are a couple things you should know:

  1. IE by default only passes credentials to sites in the intranet zone. NOT trusted sites. This behavior can be changed to pass credentials in all zones but in some opinions (including mine) would pose a security risk. The best thing to do is to leave this as-is.
  2. The in a GPO the setting to manage this is <Windows Components/Internet Explorer/Internet Control Panel/Security Page/site to zone assignment list>

According to the GPO help:

“Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.

Specifically for SharePoint applications, ensure that you place your SharePoint domain in the list with a value of 1 which is the intranet zone.

Backup Bitlocker to AD

Open an elevated command prompt (not powershell – powershell will cause this to fail with errors)
run the command
manage-bde -protectors c: -get
you will receive output similar to this
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Volume C: [Windows]
All Key Protectors
    Numerical Password:
      ID: {9557D616-0BD0-4B2A-8A2A-9DD4C5C21CCC}
      ID: {5EB69F42-4ABC-4D6B-87C5-C894A3840FC4}
What you are looking for is the Numerical Password ID.
So in this example to backup the password to AD you would type the following command
manage-bde -protectors c: -adbackup -id {9557D616-0BD0-4B2A-8A2A-9DD4C5C21CCC}
When that completes you will receive the message…
Recovery information was successfully backed up to Active Directory.