dougzuck.com

• Initiate the download and / or installation of Windows updates on MANY remote computers simultaneously from a single console (works with your own WSUS server or Microsoft’s server)
• Deploy standalone Microsoft or third-party patches such as Adobe or Java updates, as well as registry keys, scripts, and just about anything else to remote hosts: (.msi .msp .msu .exe .reg .vbs and more) See this remote installation tutorial
• Reboot or shutdown remote hosts and monitor status in real-time with integrated pinging
• No remote agent installation required! Simply launch BatchPatch and start patching.
• Integrated job queues: You can create a set of actions to execute sequentially on remote hosts, which allows you to run scripts before and/or after reboot, or string together multiple patch and reboot cycles etc.
• Execute your own custom scripts locally or remotely or add them to job queues for full automation flexibility
• Integrated task scheduler: Launch any task or job queue on a specific date and time
• Retrieve the last boot time from remote hosts (very handy when rebooting computers)
• Retrieve the used/free C: disk space from remote hosts (make sure the remote hosts have enough space available for patch installations)
• Retrieve the list of services that are set to “Automatic” but not currently running on the remote hosts (diagnose bootup issues)
• Wake on LAN

—————————————————————————————————————————————————————————————————————————–

• Reboot or shutdown remote hosts and monitor status in real-time with integrated pinging
• No remote agent installation required! Simply launch RemoteRebootX and start rebooting.
• Integrated task scheduler: Launch any task on a specific date and time
• Retrieve the last boot time from remote hosts (very handy when rebooting computers)
• Retrieve the list of services that are set to “Automatic” but not currently running on the remote hosts (diagnose bootup issues)
• Retrieve the MAC address from remote hosts (required for Wake On LAN)
• Wake on LAN

Up until now it hasn’t been like me to just hop on the computer to blog about pop culture of any sort, but this morning I heard a horrible song on the radio while I was lying in bed, and I felt compelled now to share with you my disgust.

A couple of years ago Sara Bareilles appeared on the scene with a super-catchy tune called Love Song.  One of the things that made it so catchy, and probably the defining quality of the song, is the main piano riff, which has a fun and unique sort-of jazzy cadence.

Fast forward to this morning when I woke up in bed to one of the worst radio stations in the country, Mix 107.3 FM.  It’s one of the local stations here in Washington DC, and they’ve got this guy who calls himself Jack Diamond and hosts the Jack Diamond In The Morning show.  I have the dial on my clock radio set to this station because as much as I hate it, every other station is even worse when it comes to the morning programming.  So, under protest, I continue to leave my 23 year-old clock radio set to Mix 107.3 hoping that one of two things happen.  Either A, I wake up to a song instead of to the Jack Diamond morning talk show, or B, I wake up to a substitute show and host instead of Jack Diamond and his extremely lame sidekick Jimmy something-or-other.   Anyway, I digress.

Back to what I was saying…  A new song I had never heard before came on the radio while I was lying in bed this morning.  It’s called Haven’t Met You Yet, by Michael Buble.   Immediately it reminded me of Love Song, by Sara Bareilles, because it pretty much IS Love Song, but with a different melody.  I actually didn’t recognize the melody at all, which might mean that it’s original, but given how much I recognized the piano riff, I wouldn’t be surprised to find out that the melody was ripped off from another song too.

Who Michael Buble is, I couldn’t tell you.  I know nothing about him other than that he sucks, and that he blatantly ripped off Sara Bareilles.  If he had a brain he’d at least pick a song that wasn’t hugely popular so recently.  He could have ripped off some old song and no one would have known.

One item that I find interesting here is that under most circumstances in pop music, the melody is really the most important hooking factor, and the rhythm is generally a secondary component.  However, Sara Bareilles’ Love Song hooked everyone with both a memorable melody and with an extremely catchy, rhythmic, syncopated piano riff.

Usually when one artist accuses another of ripping off a song, it’s the melody that’s the center of the debate.  However, in this case, Michael Buble’s melody is definitely very different from that of Sara Bareilles’ Love Song.  Instead of stealing the melody, Buble and his co-writers apparently just took the catchy piano riff and changed the chords.  The riff in Haven’t Met You Yet still sounds like Love Song, but Haven’t Met You Yet as a whole song just plain sucks.  It’s ultra-mediocre with an unappealing melody, and there just isn’t a single thing about it that makes someone want to listen to it aside from the catchy piano riff.  And since he “borrowed” the catchy piano riff in the first place, what does he really have here with this song?  Why would any radio station ever consider playing it?

Here’s a quick comparison of the two piano riffs. You decide:

• Initiate the download and / or installation of Windows updates on MANY remote computers simultaneously from a single console (works with your own WSUS server or Microsoft’s server)
• Deploy standalone Microsoft or third-party patches such as Adobe or Java updates, as well as registry keys, scripts, and just about anything else to remote hosts: (.msi .msp .msu .exe .reg .vbs and more) See this remote installation tutorial
• Reboot or shutdown remote hosts and monitor status in real-time with integrated pinging
• No remote agent installation required! Simply launch BatchPatch and start patching.
• Integrated job queues: You can create a set of actions to execute sequentially on remote hosts, which allows you to run scripts before and/or after reboot, or string together multiple patch and reboot cycles etc.
• Execute your own custom scripts locally or remotely or add them to job queues for full automation flexibility
• Integrated task scheduler: Launch any task or job queue on a specific date and time
• Retrieve the last boot time from remote hosts (very handy when rebooting computers)
• Retrieve the used/free C: disk space from remote hosts (make sure the remote hosts have enough space available for patch installations)
• Retrieve the list of services that are set to “Automatic” but not currently running on the remote hosts (diagnose bootup issues)
• Wake on LAN

—————————————————————————————————————————————————————————————————————————–

• Reboot or shutdown remote hosts and monitor status in real-time with integrated pinging
• No remote agent installation required! Simply launch RemoteRebootX and start rebooting.
• Integrated task scheduler: Launch any task on a specific date and time
• Retrieve the last boot time from remote hosts (very handy when rebooting computers)
• Retrieve the list of services that are set to “Automatic” but not currently running on the remote hosts (diagnose bootup issues)
• Retrieve the MAC address from remote hosts (required for Wake On LAN)
• Wake on LAN

You can find the full post here: http://dougzuck.com/hta

One of the tasks I regularly have to perform at my job involves moving multi-terabyte databases from one server to another. The goal is to make these database moves happen with as little downtime as possible, so I always make use of differential backups and restores to keep the move times to a minimum. I’ll do a full backup of the source database, then I’ll perform a restore of that database to the new server, specifying ‘with norecovery’ in the restore command. For a 2 terabyte database, this process will take many hours, but that’s ok because I’ll make sure it’s complete prior to the actual maintenance window. Then when the maintenance window begins, I’ll disable access to the database and perform a differential backup of the database on the source server. Then I restore the differential backup ‘with recovery’ to the new server. The process of doing a differential backup and restore is much less time consuming than the full backup and restore, and this allows the actual maintenance window to be much smaller since the full backup and restore is completed at an earlier time. However, when I’m dealing with such large databases, it becomes extremely helpful to know how big the differential backup is going to be before I actually execute it. This way I’m able to estimate how long the whole process will take. When you have a 2 terabyte database, it’s not uncommon to have a several hundred gigabyte differential backup. You could see why it might help to know in advance whether the differential is going to be 10GB or 200GB.

Darwin Hatheway wrote a really nice article explaining how the differential backup size can be estimated.  He gets all the credit for teaching me how to do this.  I have two implementations below.  One is a straight T-SQL script, and the other is a HTML Application (HTA) that utilizes the T-SQL script with a bit of vbscript.  On a 2TB database it generally only takes a handful of seconds for the script to complete.

T-SQL Version: SQL Differential Backup Size Prediction
HTML Application: http://dougzuck.com/hta

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

/*SQL Differential Backup Size Prediction - Doug Zuckerman, 2009 - http://dougzuck.com */
 
IF isNULL(object_id('tempdb.dbo.##showFileStats'), 1) <> 1
	DROP TABLE ##showFileStats
 
CREATE TABLE ##showFileStats (
	fileID INT,
	fileGroup INT,
	totalExtents BIGINT,
	usedExtents BIGINT,
	logicalFileName VARCHAR (500),	
	filePath VARCHAR (1000)
)
 
IF isNULL(object_id('tempdb.dbo.##DCM'), 1) <> 1
	DROP TABLE ##DCM
 
CREATE TABLE ##DCM (
	parentObject VARCHAR(5000),
	[object] VARCHAR(5000),
	FIELD VARCHAR (5000),
	value VARCHAR (5000)
)
 
/*we need to get a list of all the files in the database.  each file needs to be looked at*/	
INSERT INTO ##showFileStats EXEC('DBCC SHOWFILESTATS with tableresults')
 
DECLARE @currentFileID INT,
	@totalExtentsOfFile BIGINT,
	@dbname VARCHAR(100),
	@SQL VARCHAR(200),
	@currentDCM BIGINT,
	@step INT
 
SET @dbname = db_name()
SET @step = 511232
 
DECLARE myCursor SCROLL CURSOR FOR
SELECT fileID, totalExtents 
FROM ##showFileStats
 
OPEN myCursor
FETCH NEXT FROM myCursor INTO @currentFileID, @totalExtentsOfFile
 
/*look at each differential change map page in each data file of the database and put the output into ##DCM*/
WHILE @@FETCH_STATUS = 0 
BEGIN
 
	SET @currentDCM = 6
	WHILE @currentDCM <= @totalExtentsOfFile*8
	BEGIN	
		SET @SQL = 'dbcc page('+ @dbname + ', ' + CAST(@currentFileID AS VARCHAR) + ', ' + CAST(@currentDCM AS VARCHAR) + ', 3) WITH TABLERESULTS'
		INSERT INTO ##DCM EXEC (@SQL)
		SET @currentDCM = @currentDCM + @step
	END
 
	FETCH NEXT FROM myCursor INTO @currentFileID, @totalExtentsOfFile
END
CLOSE myCursor
DEALLOCATE myCursor
 
/*remove all unneeded rows from our results table*/
DELETE FROM ##DCM WHERE value = 'NOT CHANGED' OR parentObject NOT LIKE 'DIFF_MAP%'
--SELECT * FROM ##DCM
 
/*sum the extentTally column*/
SELECT SUM (extentTally) AS totalChangedExtents, SUM(extentTally)/16 AS 'diffPrediction(MB)', SUM(extentTally)/16/1024 AS 'diffPrediction(GB)' 
FROM
	/*create extentTally column*/
	(SELECT extentTally =
	CASE
		WHEN secondChangedExtent > 0 THEN CAST(secondChangedExtent AS BIGINT) - CAST(firstChangedExtent AS BIGINT) + 1
		ELSE 1
	END
	FROM
		/*parse the 'field' column to give us the first and last extents of the range*/
		(SELECT (SUBSTRING(FIELD,(SELECT CHARINDEX(':', FIELD, 0))+1,(CHARINDEX(')', FIELD, 0))-(CHARINDEX(':', FIELD, 0))-1))/8 AS firstChangedExtent,
		secondChangedExtent = 
		CASE	
			WHEN CHARINDEX(':', FIELD, CHARINDEX(':', FIELD, 0)+1) > 0 THEN (SUBSTRING(FIELD,(CHARINDEX(':', FIELD, CHARINDEX(':', FIELD, 0)+1)+1),(CHARINDEX(')', FIELD,CHARINDEX(')', FIELD, 0)+1))-(CHARINDEX(':', FIELD, CHARINDEX(':', FIELD, 0)+1))-1))/8
			ELSE ''
		END 
		FROM ##DCM)parsedFieldColumn)extentTallyColumn

You can find the full post here: http://www.dougzuck.com/hta

This information applies to Windows XP only.  It is NOT valid for Windows Vista or Windows 7

I know that many organizations do not put restrictions on their users’ computers.  The users are often given full administrative privileges on their workstations, which means that they can not only mess around with all the settings on their computers, but they can also install and uninstall applications.  This includes accidental virus and malware installations.  While many Systems and Network Admins consider this unacceptable, it’s still a reality in many working environments.  So rather than complain about how it’s not the ideal way to run a windows network, let’s focus on cool ways to mitigate the risks of this approach.  This is one VERY simple but effective method to limit malware infections on your network computers while still allowing users to be local administrators.  This approach can be used across an entire network with a group policy object, or it can simply be applied to a single computer by modifying the computer’s local security policy.

Overview…

The idea here is that you apply a group policy object to the users or computers in your organization.   It prevents whatever applications you choose from launching with full admin privileges on the users’ computers.  The users are still local administrators, but the particular applications that you pre-select get launched without administrative permissions.  If you apply this restriction to all of the applications that deal with typically untrusted, unsafe, or unknown content, then you dramatically decrease the likelihood that a virus or other malware can be installed because non-admin users are not able to install software on the computer.  Windows doesn’t let them.  I recommend applying it to all web browsers, all email clients, and all media players because these are the primary apps that deal with internet content.  You could alternatively apply it to the entire C:\Program Files folder, but if you do so you should be mindful of the fact that some apps might break as a result.

You can produce functionality that is similar to DropMyRights but without the annoyances that come along with it.  In my opinion this method is by far the easiest to deploy to a lot of users or computers, something which DropMyRights isn’t suited for (since any time an application is updated or a new one installed, the DropMyRights configuration has to be re-applied).  Using Software Restriction Policies, you can apply this functionality in a way that is virtually transparent to users.  However, Microsoft doesn’t publicize this particular usage of SRP for whatever reason (the functionality is actually hidden in XP by default – you need to add a registry DWORD to make it available), which is why I’m taking the time to mention it here.  When I embarked on setting this up today at my job I spent hours researching something that took only minutes to implement.  Hopefully I’m now saving you the hours of research.

Caveat…

The only real caveat is that when an application is launched without admin privileges, if that application then launches another process or program, the program that it launches will also not have admin privileges.  This means that if a user wants to install software that he/she downloads from the web, he/she needs to be aware that launching the setup.exe file directly from browser’s ‘Downloads’ window will generate an error and abort the installation.  In some cases it might not throw an error and instead will appear to install successfully, but when the app is launched it isn’t able to run because the installation was actually not successful.  Users have to be trained to save the application setup files to their desktops (or wherever) and then launch them from the desktops or through Windows Explorer.

Additionally, it is up to you test out any applications that you restrict.  While most of the time this is a transparent deployment, there is always the possibility that this restriction could hinder a custom application from working in the way that it was designed.  However, for most applications in most situations it works great and causes no issues.

Here’s the step by step:

1. Expose the hidden ‘Basic User’ option by opening the registry editor and adding a DWORD called “Levels” with a value of 20000 (hexadecimal) to

HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

2. Open the domain Group Policy editor (or to apply to a single computer, open the local policy editor by going to Start > Run > gpedit.msc) and go to

Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies

If this is the first time you’ve looked at the Software Restriction Policies, the right hand pane will be empty.  To rectify this, click on Action > Create New Policies.  Once you’ve done this you should see ‘Security Levels’ and ‘Additional Rules.’  Now click on ‘Security Levels’ and verify that you see 3 options (Disallowed, Basic User, and Unrestricted).

If you do not see the ‘Basic User’ option on the right-hand pane, close the GPO editor, go back to step 1 and make sure you’ve properly created the registry DWORD, then re-open the GPO editor (Note that the Basic User option is hidden in Windows XP until you add the Levels DWORD value).

3.  At this point you’re going to highlight ‘Additional Rules’ and right click to create a new path rule. Specify the path to the application that you want to limit.  In the path entry you can use the asterisk (*) as a wild card for multiple letters/words.  The question mark symbol can be used as a wild card for a single letter.

Set the security level drop-down menu to Basic User.  This is the key ingredient that makes the magic happen.  Now any executable file in the specified path or its subfolders will launch with limited user privileges on a computer that receives this GPO.

4.  When you’re done creating the policy, link it to your workstations OU and test it!  That’s it.  Pretty simple, eh?

In this example, I’ve limited Firefox so that it can only be launched as a Basic User with no admin rights. I’m able to verify this is the case by first closing all instances of Firefox, then launching it once again after the path rule has been created.  I browse to a website and download a software installation package. I then try to launch the software package from within Firefox’s ‘Downloads’ window, but I can’t perform the installation, so I know it works!

What’s the deal with fruit allergies?

The whole fruit allergy thing is SO bothersome.  And I’m not talking about just having fruit allergies, which is annoying, to say the least, but I’m also talking about the mystery surrounding where they come from.  There are tons of postings all over the web, but none really point to any quality information about how to rid yourself of those darn allergies!  If you do a search for “Oral Allergy Syndrome,” you’ll end up with lots of posts and articles on the subject.  Pretty much every one of them says that fruit allergies are on the rise, in general, and that the cause isn’t known or understood.  The only suggestion they make is to stop eating the fruits that produce an allergic reaction.  Not too helpful.

I can’t make any promises to you about getting rid of your fruit allergies.  But what I can offer you is the hope of getting rid of them.  I was able to get rid of mine, and it makes me believe that there’s no reason that you can’t get rid of yours.  The hard part, of course, is figuring out how to go about doing it.

A brief background of my history with fruit allergies

Throughout junior high and high school I was one of those kids who took an apple to lunch with me every day.  I loved apples.  I liked other fruits too, but during that period of time, apples were my thing.  One day in high school I began to notice that after eating an apple my throat and mouth would get itchy, and I’d get some bumps and general swelling around and on my lips.  It got progressively worse over time, and I eventually stopped eating apples. The really sad part was that I had to stop eating pears, strawberries, cherries, peaches, nectarines, and plums too! Some people talk about pesticides as a possible cause for these allergies, but I would react equally to organic fruit, so I don’t think that had anything to do with it.  I should also note that people often tend to associate fruit allergies with people who get spring allergies, and I do deal with allergies in April and May, so that’s certainly a possible link.  However,

The tide eventually turned…

When I was in my mid-twenties I met a super-sweet vegetarian girl who’s diet soon rubbed off on me.  Admittedly I was never much of a red-meat eater.  I typically stuck mostly to chicken, turkey, pork, and fish, until I made a dramatic shift and stopped eating all animal products. After about 6 months of being vegetarian (vegan, technically), I had a piece of an apple and thought to myself that the allergic reaction it produced was much weaker than it used to be.  I didn’t think much of it at the time, but I did make a mental note for future reference.  After about a year of being vegan, the allergy was 90% gone and I was back to eating every fruit that once caused problems for me! It didn’t take too much longer before I was 100% back to normal with no allergic reactions to any fruits.  I can’t tell you how exciting this was, especially since I love fruit and wanted to eat so much more.  After all, I had become a vegan, and I needed to get my nutrition from somewhere!  These days I’m a raw foods enthusiast who eats probably about 50% of my diet as uncooked whole fruits and veggies, and I can’t tell you how much I enjoy eating fruits with no itchiness or swelling.

Why I believe my fruit allergies disappeared

First off, let me say that I’m not here to promote vegetarianism.  Really, that’s not my goal.  I can’t even say that I think animal products were necessarily the cause of my allergies.  Animal products might have caused my fruit allergies, or to be more specific, it’s possible that a particular animal product might have caused my fruit allergies.  However, I’m more inclined to think that it was something in one or more of the animal products I was eating.

When I initially shifted to being a vegetarian, the most dramatic change I made in my diet was to eliminate poultry and tuna.  Prior to making the switch, poultry and tuna were the two primary sources of protein in my diet.  I typically had one or the other on any given day.  Admittedly I made other changes during that time, but none was so pronounced.

It seems ironic but it also makes perfect sense that the oral “allergy” that used to be triggered when I ate certain fruits, was actually caused by other foods in my diet.  The problem is I can’t say with 100% certainty, which food was the ultimate cause.  However, I feel extremely confident that it was a result of either the poultry or the tuna that I was eating during that time.  I ate both of them very frequently and in significant quantities during that time period.  I was a young teen, and I had begun to consume a lot more calories at that point in my life, and so tuna sandwiches, ground turkey sloppy joes, burgers, and chili, were pretty much my life-force.

If I had to make one recommendation to a person suffering from fruit allergies…

… Do you eat a lot of poultry?  Do you eat a lot of turkey or ground turkey products?  Do you eat a lot of tuna?  Cut it all out of your diet right away.  Ideally I think you should stop eating all non-organic meat, dairy, poultry for a period of 1 year.   If you eat tuna or any other fish, especially high mercury-content fish– you know, fish that are near the top of the food chain– you should stop eating that too.  You should also consider switching to all natural or organic meat and dairy products that contain no hormones, antibiotics, toxic metals or other chemicals.  See if this make an impact.  I was able to notice after only about 6 months that my allergies were going away, so I think 1 year should be sufficient for most people to detect a dramatic change.

Good luck.  I know how much allergies can put a damper on your ability to enjoy nature’s BEST food.  I’d love to hear your thoughts and comments on this one, especially if you make the dietary shift.

You can find the full post here: http://www.dougzuck.com/hta

You can find the full post here: http://www.dougzuck.com/hta