Skip to content

Archive for May, 2009


Windows 7 RC FTW

windows_7_graphic I think Microsoft may have finally created an OS that can replace Windows XP. Of course I’m only speaking about my personal experiences with the latest incarnate of Windows, but it’s all pretty positive.

Same spec’ed laptop as the Windows 7 Beta review I posted a while back. Running its native Vista 64bit installation, I decided to try the upgrade path instead of a clean install. The worst result is an unstable install that I would nuke and do a fresh 7 install.

The upgrade took damn near 2.5 hours, mostly thrashing the hard drive moving files around. The installer was detailed enough to give me a percentage of completion on each task plus an overall progress bar – but never an estimated time (that has never been correct in the history of any Microsoft progress bar anyway).

After the upgrade – everything worked. The laptop was still a member of the domain, fingerprint scanner, graphics driver, network adapters, bluetooth… heck even iTunes and Outlook 2007 was working.

I’m fairly impressed and it seems to be catching on around the office – two others have upgraded or installed a VM to see the buzz. I think we made the right choice to skip Vista on the desktops and wait for 7 to bake in the Microsoft oven long enough to be a worthy replacement.


Sophos ES4000 Active Directory Fun

The college recently purchased a new Sophos Email Security appliance model. It was very easy to setup and I’m looking forward to having PureMessage filtering our spam and crapmail attacks, it’ll be a good thing.

The Active Directory integration is not a polished as their Web Security appliances’ are. We have two WS1000 appliances, also from Sophos. Both hooked right into AD and pulled down both students and staff accounts without issue. Even indicated what sub-domains it found during the process. Top notch, no brainer installation.

The problem I’m writing about is the ES4000 appliance’s inability to detect our second domain in the same forest as the domain our service account is in. First off, it couldn’t even automatically detect settings using the same service account using the “Detect Settings…” feature. An undocumented bug was documented on with the workaround being you have to use an account with Schema Admin privileges in the domain’s original Users OU. Once detected, you could move the user and modify the DN used to authenticate.

Okay, that one was fixed. But I still couldn’t sync both staff and students – even if I pointed the Base DN to the top domain or left it blank.

I opened a case with Sophos and went through first level support. After 48 hours (plus a weekend) of remote support they kicked me to second tier.

Second tier connected remotely and continue the troubleshooting. After an hour or so they found a workaround and had me test it. Success.

Fix: Replace the Base DN for users/groups with a single space. Done and now it works. I’m not much of an LDAP junkie, but I would consider that a bug.

Anyway, it works for me and I hope it helps someone else out there scratching their head wondering why the eff their ES4000 is not working.

Side note: All in all, Sophos support is pretty good I just wish they would read my entire email before firing back the first canned response that essentially was exactly what I had already done. For anyone absolutely buried with this product, I can highly recommend leveraging their consulting services. Well worth the small price to get it done right the first time.

%d bloggers like this: