Sometimes Windows' error messages are like reading a different language

Back to the story …. So I get the laptop turn it on, and see that it spends about a minute at the Windows XP splash screen and then BSODs (too quick for me to see what it actually says). ‘Hmmm’ I say to myself – do I spend the time to actually try and figure out what is going on, or do I take 15 minutes to re-image the laptop. Seeing as how time is a precious commodity at work these days, I opted for the re-imaging approach (of course I confirmed that there was no data needed off of the drive).

So thanks to my handy-dandy Windows Deployment Services setup that I have, I am able to reload fully patched Windows XP SP3 images in minutes; did I mention that these images also include all of our standard corporate software (e.g. Cisco VPN client, Office, etc)?

So I start going along my merry way with a PXE boot and choose my images, watch them copy files/expand, and then *BAM* good old 0×80070070. My first thought was that maybe it was the wrong image file …. Although that shouldn’t matter at this stage. So I rebooted, tried another image file and the same thing … 0×80070070.

A quick Google brings up a lot of Vista install problems with this particular error message, but not a whole lot relating to Windows Deployment Services. Since WDS uses the same environment as Vista to deploy itself I figured that there was a good chance that there would be some overlap. So apparently 0×80070070 means low disk space – however the laptop I was trying to image had 18GB free …. Even though that should really matter as the partition should be formatted anyways.

The fix turned out to be delete the partitions (C: and D: ), create a new partition and voila – WDS imaging in all its goodness. I ended up just booting off a Windows XP disk, deleting/creating the partition and the rebooting.

So long story short, 0×80070070 may not be quite as it states but at least it seems to be in the general area.

When I first started working for my current employer, they stashed the servers in a small corner room (maybe 10 x 10) and the door would sometimes be left open, sometimes closed, all depending on who was in there last. Realistically there should have been only two people allowed access to that room (three if you count me), but yet it was essentially a spare office for anyone who walked by.

On my first day when I was first showed the server room, I remember remarking how hot it was – there was no ventilation or A/C[1]. Later that day I found out that the door didn’t even have a lock on it. I also remarked about that, but it didn’t seem to be of much concern.

A couple of weeks later I walked in there to take care of something, and lo and behold someone (outside of the IT department) was in there taking a phone call. I was a little surprised to say the least. In fact she was sitting at a small desk in there making notes. I was just thankful that didn’t decide to log on to the server so that she could play solitaire or something [2].

It was shortly after that I really pushed to have a lock installed; if I was going to be responsible for these servers, then I wanted to make sure nobody was screwing around with them. I showed the powers that be how easily I can get into a system if I had physical access to it: I could pull out a hard drive, I could install a key logger, I could use a Linux boot disk to change the Administrator password, or I could even have changed the time in the BIOS of the domain controller – that would have really pooched things.

Long story short – if someone has physical access to your computer, you better have damn good encryption on the drive, otherwise it’s game over.

Note: This post from The Daily WTF reminded me of my experience.

[1] My request to get a portable A/C unit was finally approved after one of the systems overheated and shut down on a weekend.

[2] To make matters worse, the other two people in the department where consistently leaving the servers logged in under the Administrator accounts. That was just utterly ridiculous, but don’t get me started on that.

First of all let me preface this by saying that I have never spied or co-workers or snooped through their stuff. Quite frankly, I barely have time for my own life, let alone time to go through other people’s email and files. I also tried to stress to co-workers that I can appreciate their privacy and I will uphold it the best I can [1].

Anyways, my first beef with the report is the sample size: 300 people. How many hundreds of thousands of people are in a position to spy on co-workers (from an IT standpoint)? I would imagine quite a few, yet a sample of 300 people creates a blanket statement.

Secondly, what size shops were the respondents from? Were they small shops (less than 50 people) or larger places (hundreds? thousands?). This seems relevant to me because I know that most smaller shops lack policies when it comes to this type of stuff. Further to that, most larger companies usually (hopefully) will have auditing and monitoring systems in place to make sure nobody is doing or seeing anything that they shouldn’t.

Finally I have to question whether this is just an attempt to spread FUD. I mean come on, a security company publishes a report saying that people chances are your IT guy is snooping on you.

Unfortunately I can’t help but feel that this report will cast IT pros in a bad light. Let’s face it; the average user will see this and automatically wonder if their IT staff are in the 1 in 3 category instead of lumping them in with the 2 in 3 category.

[1] Of course there are times when their privacy has to be secondary, like if there are legal issues or if a manager has a valid reason to access staff data.

Quite often if somebody says to me ‘hey, is our email down’, one of the first things I will do is send an email from my corporate account to a personal account. This will tell me right away if our server is accepting connections internally, it will let me know that our DNS is working properly (it would have to in order to resolve the recipients domain MX) and it will let me know that it is sending mail to external recipients.

I usually follow this up with a reply to the test message to let me know that our DNS records are up and running correctly and that our mail server is accepting incoming connections from outside the network.

Of course there could be a slew of other problems in between (whether it be spam/content filters, storage issues, firewall issues, etc), but having an accessible external email address sure helps narrow down where the potential problem is.

Even if the message doesn’t get through to the external account, at least now you have a known message that you can trace through the log files.

I first started working for the organization in 2003, and most of the systems were running Windows 2000 Professional. By the time Windows XP SP2 was released I had started looking into performing a company wide upgrade, but I was quickly shot down due to the cost of licensing. I talked to a Microsoft partner and we went through a bunch of different licensing options from retail to Open Volume, but I just couldn’t the number low enough to get the OK.

I knew that unless I could lower the cost, the only way the systems would ever get upgraded would be through buying new systems. Even at that, it would be a fight to spend the extra cash on upgrading from Windows XP Home to Windows XP Professional.

After some searching around, I found a true gem: TechSoup. TechSoup’s purpose is to be a middleman between non-profits and software companies. They administer relations between companies and take care of a lot of the leg work; in return they are able to provide software (and hardware in some cases) to non-profit organizations at huge discounts. All they charge is an administrative fee. Windows XP Professional upgrade, for example, costs $8 a license.

So if you are a non-profit looking to cut costs while still having access to great software, make sure you go to TechSoup and see what they have. It’s not just Microsoft software there either. Other vendors include Adobe, Cisco, and Symantec.

Another unique aspect of my job is that we are a non-profit, member based organization which throws all sorts of curve balls our way. If members aren’t happy, they cancel their membership and our budget shrinks.

As I start to post more and more, I am sure that details will come out about some of the unique situations I run into, but that’s part of the reason why I decided to start blogging. My intent for this site is that it will be place where I can record my thoughts on things that I run across daily and if that happens to help someone else along the way, all the better.