DHS says “Disable Java”, Company vendors still require it

2010-10-15-dhsSo here’s an interesting dilemma… the Department of Homeland Security is advising users to disable or uninstall Java – this would be fantastic, but in a business we can’t do this. Many of our vendors require Java for doing the course of business and if you know anything about businesses, they don’t like to update their standards. We still have some users who cannot use Internet Explorer 9 (or any alternative browser that the IT Department endorses as “safe for use”) because these sites simply won’t work.

But here’s where the dilemma gets really interesting. DHS says there’s an exploit, Alien Vault confirms the exploit, but from a security stand-point, I am un able to properly secure the network and the computers. So, here’s an open note to the many companies that require Java: please update to modern standards – are you going to do damage control when our network turns into a botnet? No, of course not. Please update your methods!

Dell to HP, or It’s no wonder Dell is no longer the market leader

43608540_951e2c7ae7_oWe have been long time customers of Dell – like since our company was started, we have been buying Dell. The old Dell was fantastic. The new Dell, well, I’d be ashamed if I was Michael Dell. I’m usually pretty fair with vendors – I pin them against each other in sort of a “vendor sudden death” round.  In this case, HP won against Dell (and Lenovo). As we are a fairly decent sized organization, you can bet we love to save money where we can and that’s what we thought we were doing with Dell… until I noticed a pattern. We have some old Dell laptops in our fleet still and sadly (and somehow), these are the best performing laptops in the fleet. They’re reliable, they don’t break down… they are tanks. Some have been passed through many hands, while some others have been with their original employees. Some even don’t have a single service ticket logged! Enter the Dell Vostro 3500, 3550, and 3555 models. This is where the hell has begun. I started noticing a trend: on average, about every 6 months we either had to replace or repair one of these models in our fleet. First, it would usually be a general issue that re-imaging would fix. Next, the hard drives started dying (and don’t even think about filing a warranty claim – Dell takes their sweet old time on those… it took over A MONTH to replace a broken screen in a laptop), and now we have issues all over the board. We’re actually replacing a bunch that haven’t even celebrated a 1 year birthday yet.

Enter HP. We did a trial run with some cheaper ProBook models and our users loved them… in fact, our ProBook models are still chugging along and doing excellent. We’re over 6 months in with them and have yet to hear a complaint. No service tickets have been logged with any of them either. We also bought a few Lenovos  to try alongside the HP’s. Some other users were fortunate enough to score one of these bad boys. Again, no complaints. The only issue we had was a Windows issue that required re-imaging and a user that needed a smaller model. Again, no issues other than things that were beyond the hardware manufacturer. Since then, we have begun to roll out HP EliteBooks and we have been replacing our fleet of Dells with HPs. Our users that have been assigned the HP EliteBooks love them. My boss replaced his 5 year old laptop with one and he said to me, “I enjoy taking my laptop home again.” Yep, we absolutely love the HP EliteBooks and I’m glad to be standardizing our fleet with them.

I’m hoping we can retire the year old Dells we bought and sell them to employees or donate them out and make a return on tax breaks or whatever we can make from selling them to the employees. If your organization is looking to replace your Dell computers, you can’t go wrong with HP. Either contact HP directly or contact CDW and get yourself a CDW rep. Very worth it.

Windows 8 in the Enterprise

windows8_broken_glass

First, Happy New Year from the Cave! One of the projects I am working on is a test of Windows 8 in an enterprise setting. Let me tell you from my own opinion after using it for a couple weeks daily – it’s not “enterprise grade”. The IFKAM (interface-formerly-known-as-Metro) interface isn’t too bad, but it’s a pain. Yes, you get used to it. Yes, customization is limited (25 color combos, really?! We have millions of colors available and the best you can let me choose are 25 of your own combos?) and the wallpapers are hideous (alright, some of you might like them, but they’re not my cup of tea). But there are some things I like about it… specifically, the Desktop App. Yep, classic Windows all rolled up into a handy app. Launch that baby and you’re good to go. Alright, maybe a few extra tweaks… Classic S

hell, the free and open source start menu replacement. This handy program ensures I rarely see the IFKAM start screen and deal with that antagonizing mess and it’s brings back a clam feeling of Windows 7.

Booting is much faster, though in an enterprise environment, who cares? Your users are used to waiting for their machines to boot (and all of mine boot in 15 seconds or less, minus some XP machines which are being replaced soon anyways) and there is no difference between 8 seconds and 15 seconds. When my machine boots, I’m making coffee anyways.

Logging in has become… interesting. Click the “lock screen”, select your network username, type your password, and you’re in. The lock screen concept used is perfect for tablets, but the whole Ctrl+Alt+Esc thing was to ensure you weren’t logging into a fake login screen setup to capture your network credentials. Well, I guess that doesn’t matter anymore.

What’s with the random Aero icons still in place? You know, the recycle bin, Windows Explorer (and the icons in the explorer shell) and I’m sure there’s more in some other locations. Microsoft, this is being lazy. This is putting more effort into an interface no one wants to use then making a new major OS. Better yet, why is Aero still in place during installation? Why do I see this beautiful glass, but then Windows installs and I’m greeted with a boring, dull, flat interface?

And why do you let me set my Active Directory logon server but not actually let me pull updates from it?! This is my biggest gripe. As a Network Administrator, I usually make configuration changes on my head honcho Domain Controller and I want to make sure that updates will be pushed out successfully – but sometimes I’m not in the same site as the primary DC. In Windows 7, you open up command prompt, set logonserver=\\SERVER-NAME and good to go. Windows 8 will do the same thing, and if you run set logonserver it’ll even show you what you set it as, but run a gpupdate /force and it’ll pull GPOs from your site’s DC! Why even bother leaving that functionality in Windows if you’re not going to let me use it?!

That’s all my gripes on Windows 8 in the Enterprise for now.