Scott Hanselman

How to Determine if a User is a Local Administrator with PowerShell

July 3, '07 Comments [13] Posted in PowerShell
Sponsored By

I truly must be losing it, but my intern and I fought with this simple task for at least 15 minutes today and it REALLY shouldn't be this hard.

Anyway, this is what we came up with to figure out if a user is a Local Administrator. It's not very "terse" PowerShell because the goal is (trying to) teach him so there's temporary variables.

$userToFind = $args[0] 
$administratorsAccount = Get-WmiObject Win32_Group -filter "LocalAccount=True AND SID='S-1-5-32-544'"
$administratorQuery = "GroupComponent = `"Win32_Group.Domain='" + $administratorsAccount.Domain + "',NAME='" + $administratorsAccount.Name + "'`""
$user = Get-WmiObject Win32_GroupUser -filter $administratorQuery | select PartComponent |where {$_ -match $userToFind}

$user
I Googled all over and thought about a number of ways this could be done, but this turned out to be the easiest. I'm interested if you have hit this before also and what you came up with.

Nonte that SID value for the Administrators group is a "Magic Number" that's hardcoded, but we get around that because it's always been that way and can never change. Instead I call it a "Well-Known Value" and sleep better at night.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Password should not contain any special characters, symbols or spaces

July 3, '07 Comments [27] Posted in Musings
Sponsored By

secure

When signing up for an Mvelopes Personal trial, I selected my traditional unique super secure crazy password special for this site and was told "Please enter a valid Password (Password should not contain any special characters, symbols or spaces)."

Patrick was standing with me while I tried to sign up. After we picked our jaws up off the ground he said:

"Seriously, how about a dialog box that says 'Please ensure your password is all lowercase and only contains words from the dictionary.'"

Folks, please, use strong passwords. For me, I'm going to pass on financial institutions that encourage passwords like "password" to protect my money.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Why I don't use Intuit's Quicken or Microsoft Money

July 3, '07 Comments [61] Posted in eFinance
Sponsored By

compuserveI've been banking online as long as I've been online. I've always avoided checks, preferring to do as much as I can electronically.

I used QuickBooks under DOS, and ComputerServe Finance under OS/2. Even though I took "Home Economics" in school - we were all required to learn how to balance a checkbook - it never made sense to me why I should have to reconcile how much I THINK I have with how much the Bank knows I have.

I used QuickBooks, then OFX (Open Financial eXchange - arguably the first public "Web Service," even though it's SGML and bailing-wire - and moved forward as new, better personal finance managers (PFM) came out.

I diligently have exported and imported, massaged and cajoled over 20 years (yes, twenty) of financial data from my first sole-proprietorship at 15 until today moving accounts and account data from bank to bank and from PFM to PFM.

To this day, I'm convinced that Microsoft Money 95 was brilliant, wonderful and before its time. It had a forward/backward browser like metaphor and was unapologetic about it. It wasn't trying to be like the MDI (Multiple Document Interface) "peer applications" of time. It focused on one thing and one thing only - to be a local register for all your money.

Then came the fancy stuff, and the advertising and upselling. I upgraded like clockwork. Oh! A new version of money! It must be 365 days better! I paid my $49.95, then got the Deluxe the next year for $79.95, then the super Deluxe Business Edition. It got slower and slower. Remember I've got Money files with data going back decades, plural. I tried culling the data, to include just the last 10, then 5, then 2 years. Still slow. Painting slow.

Accounts open and closed, banks changed account numbers, banks changed OFX servers, things broke. I got downloaded transaction data like "JITB#45,21312323423,$%@#$@ - $4.95" and wondered why my bank was swearing at me, rather than telling me I spent $4.95 at Jack In the Box on the corner of Walker and Jenkins then plotting it on a map.

redrocker@200665111650 Of course, this isn't all Money's fault, it's the banks, it's the data consortiums like OFX and IFX (disclosure, I was the OFX Vendor Committee Chairman for 2 years and I suck too. I could have done a LOT more.) and it's the back end systems.

Data's not pretty, and Money and Quicken are forced to create local rules to parse out the data they get from bank and the bill payment clearing house and built lists of rules of regular expressions to convert JITB#45 into "Jack In The Box."

Plus, if you don't log into your Money or Quicken for a few months, just try catching up and reconciling, especially if your bank only holds 90 days or less of account history.

I switched this year from Money 2006 to Quicken. Sadly, it's even worse. It paints unspeakably slowly, and in the 5 months I've been using it, it's updated itself at least three times, presumably in order to play well with Vista. Regardless, it's the same old story. Chasing data feeds in order to get my small mind around my smaller money. Even more, these OFX feeds that bring this data into Microsoft Money and Quicken may starting costing extra.

So, I stopped. I log into my bank's websites directly. I use their online tools, and they continue to get better, adding Ajaxy goodness, some powered by Corillian/CheckFree (my employer).

wachoviasample(By the way that's not a screenshot of my account...whoever that is did a lousy blurring job.)

I never thought I'd say it and I know Chris "Mr. Desktop App" Sells will disagree vehemently, but if I can get an application online, I'm more likely to use it, and use it often.

Sure, a lot, if not all, of the cool features of a site like Wesabe could be had via a connected local desktop application, but then there's all the updating and what not.

Maybe there's a space in the world for a Personal Finance Manager - a MoneyKiller or QuickenKiller - written in Adobe Apollo, Flash or Silverlight. Maybe online apps that manage money will get smarter with new Browser Plugins like Google Gears (once there's a security story). Either way, I don't think the future of my money involves a 350 megabyte CD-based installer.

Do you use Quicken, QuickBooks or Microsoft Money? Do you connect to your bank from inside those apps?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Why You Deeply Want an iPhone - NOW

July 1, '07 Comments [25] Posted in Musings
Sponsored By
IMG_2080Because you're bored.

Possibly because Steve Jobs said they are cool, but ultimately because we are all pretty much bored with computers. The whole keyboard and mouse thing is just about over. Maybe another 5 years, then it'll be keyboard and Multi-Touch. There will be some mice and some tablets/styli, but the majority of us will be lovingly caressing the non-scratch screens of our computers with our greasy hands.

Speaking of greasy hands, I stopped by the local AT&T store to check out an iPhone. To be clear, I didn't camp out or hire a college kid to stand in line. I mean, seriously, who does that? (Apparently all my friends.)

No, I just swung by at 10am yesterday. It went like this.

Me: "Hey, how's it going"

AT&T Dude: "How can I help you."

Me: "You're probably all out of iPhones, right? I wanted to touch one."

AT&T Dude: "Sure, we've got 8gig and 4gigs."

Me: "Waaa? You're not sold out? Didn't you have campers here?"

AT&T Dude: "Yes, but they got their iPhones, and we have hundreds left."

Me: "What's this? Hundreds you say? Why'd they camp out."

AT&T Dude: "I dunno, I mean, it's cool, but you're here on the next day"

Me: "But there's no one here at AT&T. Weird. Anyway, my wife won't let me have one."

AT&T Dude: "I hear that a lot. Well, feel free to use it as long as you like."

And I did. I spent quite a bit of time with it. It's gorgeous and I must have one. Why? Whether it's Microsoft Surface or the iPhone, Multi-Touch is brilliant. I know this  because I've seen touched the promised land. And because I'm bored.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Migrating a Family to Google Apps from Gmail, Thunderbird, Outlook and others: The Definitive Guide

June 30, '07 Comments [52] Posted in Tools
Sponsored By

The migration is complete. The Hanselman Family has moved to Google Apps. Why? Here's why:

  • I trust them (more or less).
  • I'm smart (I think), but I've recently lost 3 years of a family member's email. Backups are hard.
  • It's clean and easy.
  • Family members now have 10 gigs of space vs. their previous 50 megs.

However, we had a complex setup, as I assume most families do. Or at least, most Geek Families. This includes not just my wife, but also parents, brothers, cousins, in-laws, etc. Being IT for the family is hard. I've changed the names to protect the innocent, but all the tech is real.

The Pre-Migration Setup

We've got Two Families here, we'll say the Hanselman's and the Smith's. I married a Smith, so I'm the Support Department for them as well.

Family Member Email Program Note Technique
Mama Hanselman Outlook Has large local archive. Purchase gMove from LimitNone.
Daddy Hanselman Thunderbird Has medium sized local archive, but largely doesn't care. Create new AIM Mail Account. Setup IMAP and drag all email in. Use Gmail Migration Tools to suck IMAP mail out.
Hanselman Wife Gmail Already has existing Gmail account with 500 meg. Kept last name at my insistence, wants both domains to go to the same place. Also wants to keep Gmail account name. One-time import all from Gmail via POP. Foward new Gmail to Gmail for Apps.
Brother Hanselman SmarterMail Uses standard ISP webmail. Apathetic towards the whole process. No local mail store. One-time Import via POP.
Sister-In-Law Hanselman Outlook Express Large local store. Lots of important local mail. Mail is deleted from online via POP. Create new AIM Mail Account. Setup IMAP and drag all email in. Use Gmail Migration Tools to suck IMAP mail out.
Cousin Hanselman Forwards to Work Has Hanselman email forwarded to work, but uses SmarterMail sometimes. Has a few emails online. Uses a BlackBerry. One-time Import via POP. Re-setup forwarding rules to work. Download http://m.google.com/a for BlackBerry. 
Cousin-In-Law Hanselman Outlook 2003 We have email? Couldn't care less, just wants to send sometimes. One-time Import via POP. Possible candidate for gMove from LimitNone.
Brothers-In-Law Smith (3 in Africa) SmarterMail All three use the standard online email, but with the @smith.com domain, not @hanselman.com. One-time Import via POP.
Self Outlook 2007 and SmarterMail Massive (2 gigs+) offline store in Outlooks. Uses a BlackBerry. Mail is deleted from online via POP after 7 days. Purchase gMove from LimitNone. Download http://m.google.com/a for BlackBerry.

At this point, we've got folks with Email stored ONLINE and folks with Email stored OFFLINE. Let's first do the switchover to Google Apps, then tackle each problem one at a time.

Switching Two Domains over to Google Apps (Very Optional)

I have two domains, one for each family's last name. I could certainly create a separate Google Apps account for each last name, and you're welcome to do that. However, I chose to put Hanselman.com as the primary domain, and "Smith" as the Domain Alias. Everyone will be able to choose what last name they want their "From" to show, so it doesn't really matter.

Once you've signed up your first (primary) Domain go into the Domain Settings|Domain Names control panel in Google Apps and create a Domain Alias. When you "claim" ownership for a Domain, Google will give you a big long number and say "go make a text file with this big long number inside, and name it this big long filename. Upload it to your website, then come back and tell me about it, so I can go check to prove you own this domain." You'll need to do this for as many domain aliases as you set up.

Switching MX (Mail) Records in DNS

First, after creating a Google Apps account, make a new Google Apps User for each existing Email User at your existing domain. This is important because you don't want anyone losing email. So, if you've got scott@ and fred@, then make accounts for each one. Google Apps will generate a password, but I set a default one for each person myself.

Second, have a plan as to how you want your subdomains to be laid out. We wanted it simple and obvious, so: home.mydomain.com, docs.mydomain.com, mail.mydomain.com, etc. Log into your Domain Name's Web Control Panel (nearly everyone has this, and Google Apps includes a Dropdown Help menu with detailed instructions on how to do this with most popular hosting services. My folks are used to logging into mail.mydomain.com but I wanted to allow access to the old mail, so I renamed that host address to oldmail.mydomain.com in case I screwed something up.

DNS Records - Windows Internet Explorer

Notice all the CNames that are aliased to ghs.google.com. Each of those subdomains now is pointing to Google Apps. However, it's the MX Record that cause mail to switch over (nearly instantly). When you add those, then new mail starts getting delivered to Google. That's why it's so important you have a user account setup in Google for EVERY existing user ahead of time to catch new mail.

To switch over MX, delete all your existing MX records first, then enter in Google's. Make sure the priorities line up, at least in order. Google might say 1,5,10, etc, but your control panel only allows 10,50,90. That's OK, just make sure they are in the right order and the numbers are monotonically increasing.

After you change the MX records, note that all NEW email will be streaming into Google Apps for all mail to your domains. If you've setup a domain aliax, you'll need to change the MX records for that domain also.

OK, let's tackle each family member's email migration issue, one at a time.

Transferring Mail into Gmail for Apps from Another Online Service via POP

Brother Hanselman as well as the Three Brothers-In-Law Smith are the easiest folks to transfer. They keep all their email online and they are keeping their email addresses.

Go into Gmail for Apps|Accounts and click Add a Mail Account. Note that the name of this account doesn't matter. Gmail will complain if you tell it your email is the SAME. For example, if you were fred@fred.com and now you've moved to Gmail, just tell it the name of this account is fred@old.fred.com. The only thing that matters is that the username for logging into POP is correct and the POP Server is correct. I chose to leave a copy of messages on the server in case of a problem.

Hanselman Family - Edit mail account - Windows Internet Explorer

If you have a LOT of email on your server, these emails will come in at a rate of about 100-200 per 10 minutes. It might take hours, or days if you have a many thousands. Be patient, it will happen, and you can keep using Gmail while it does.

I did this for Brother Hanselman and Three Brothers-In-Law Hanselman and they are all in business.

Transferring Mail into Gmail for Apps from *another Gmail account*

(NOTE: Gmail has been considering a built in Gmail Import process, so this section will likely be old some day. Check the manual first!)

I'll be doing this migration via POP, but you can also use the Free gXFER tool from LimitNone for Gmail to Gmail Transfers.

Hanselman Wife has an existing Gmail account and wants to keep all those emails. However, if you try the technique above and enter in pop.gmail.com, you'll get a complaint from Gmail for Apps that you can't import Gmail via POP. Lame.

The solution is two-fold. First, in the original Gmail account, make sure you've enabled POP Email in Settings|Forwarding and POP and selected Enable POP for ALL MAIL.

image

Then, logout, and login to your destination account in Google for Apps and from Add an Email Account, enter in the Gmail username and the POP Server as 66.249.93.109. Also, note the non-standard port 995. Don't select "Leave a copy" because Gmail won't let you anyway. However, don't worry, your emails won't be deleted in the source.

gmailimport

Again, this is a long running thing, so be patient (possibly days of patience.) Ok, so this gets Hanselman Wife her email archives. Now, from the source email account, create a Forwarding Rule to the new account so that emails to the original account are forwarded to the new one.

In the destination (now primary) Google for Apps Account make sure to add an Email Aliases for each email you want this user to be able to send as. Since we had two Domains, I setup email aliases per user as appropriate. This means Hanselman Wife can send as wife@mydomain.com as well as wife@smith.com from the same account.

Transferring Mail into Gmail for Apps from Another Online Service via IMAP

The absolute easiest way to get your email into Gmail for Apps is if you have an IMAP server already. If so, just pay the money for a Google Premium Account and you've got migration tools available for you as seen below.

If not, and you've got a local client like Thunderbird or Outlook, go to http://mail.aol.com and get a free 2 gig account. Add it to your local mail client as seen below. Use imap.aol.com and smtp.aol.com. It's really a very nice service, truly.

Change E-mail Account

Drag all your email over, folder by folder, into the newly configured IMAP store. FYI, it's WAY faster Thunderbird. Outlook 2007 is a pig for IMAP, so I've got another solution for that, but it costs $.

After the email is up, use the Migration Tools to bring that IMAP email into Google Apps.

Google Apps - Windows Internet Explorer

Transferring Mail into Gmail for Apps from Outlook

There's lots of hacky ways that huge amounts of email can be moved from Outlook to Gmail for Apps. Believe me, Google knows this is a problem and I'm 99% sure they are working on it. Until then, you can do the IMAP trick above, or use a tool. Time is money, so I used gMOVE from LimitNone. It's a local app, licensed per computer for $29 ($19 for educational) that basically uses OLE Automation to take email out of Outlook, through it up to a "just in time POP server" at LimitNone, then it uses the GMail API to create a temporary POP account and suck the email back down.

The Good? It just works. Works fine in fact.

gMOVE Gmail Migration Wizard

Each folder in Outlook becomes a Tag in Gmail. Your Inbox in Outlook is tagged "gInbox" so as not to mess up your actual Inbox.

gMOVE Gmail Migration Wizard (3)

The bad? You can only move 5,000 emails at a time, so I had to run it 7 times. Of course, there are privacy concerns as well, but you can work that out on your own. Gmail also imports messages VERY slowly, as I've said before.

Warning

Otherwise, a useful utility, and faster for me than using IMAP. 

Conclusion

At this point, all Hanselman and Smith family members have email setup. They can use Gmail for Apps online, or if they prefer Outlook or Thunderbird, they can use the Gmail POP Troubleshooter or configure POP access to keep email in both places.

Other Useful Things and Gotchas to Know

  • Don't turn on POP access in your new accounts or configure your email clients to pull email until AFTER your existing POP migrations happen, otherwise email that's still being pulled into Gmail will also get pulled into your email client, possibly causing duplicates.
  • If you already have a Google Calendar with the same email you've just transferred over to Google Apps, if you visit calendar.google.com rather than calendar.mydomain.com you'll get this warning. Basically, you're forever stuff with a read-only calendar. I can't figure out how to delete the whole calendar. Worse, if you use any Sync applications that use the Google Calendar API, they will see the FIRST calendar. That means, NOT the one you want them to see.
    I'll post more if I get this fixed. This is a great example of the fact that while Google Apps is yummy, it's a WHOLE OTHER UNIVERSE and Lord knows what's happening on the back end. (Note the broken image...You'll also get HTTP/HTTPS warnings, occasionally. Google Apps may be having some growing pains. Any Google Employees want to comment?)
    Google sez this about deleting calendars: "Please note that it's not possible to delete your primary calendar. You can clear the events on your primary calendar, rename this calendar and schedule new events to effectively get rid of your original primary calendar." I sez, "weak."
    Google Calendar - Windows Internet Explorer
  • Plaxo is a great Synchronizing Tool that I like (yes, I know YOU don't like it) and the new Beta includes support for syncing Google Calendars and Outlook. It seems to have a problem with Google Apps, but I'm sure either Plaxo or Google will work it out. SyncMyCal is considered the best tool for syncing with Outlook. If you have a Mac, you can use Spanning Sync to sync with iCal.
  • If you've got a BlackBerry or mobile phone with Java, note that there are TWO GMAIL APPS. There's one that has a Red Icon for Gmail Users and one with a Blue Icon for Gmail for Apps Users. Don't ask me why. If you have accounts at both, you need both applications on your mobile phone. You can, of course, also use POP if you prefer.
    You can get them:

I miss anything? Works for me.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.