I used the free time after Christmas to install Windows Vista Ultimate and Office 2007 - instead of doing an upgrade of my current Windows XP system I choosed to do complete new installation...

I succeeded in a short time, but afterwards I had some trouble and therefore I had to solve some issues...

1. Join your domain as soon as possible - but pay attention!

The first step you should do after installation is to join your domain - if you have one.

But please pay attention if you use Small Business Server mechanisms - or any other - to deploy software to your clients. I had a configuration which tried to install IE6 and other tools from the server to the client after joining the network. There just pops up a question if you really want to execute the setup and being a "creature of habit" I just clicked "Yes".

This seems to have wrecked my installation, because afterwards Vista decided to start without a taskbar, explorer and elements on the desktop...
So I installed it a second time...

2. systemvendor-specific software

I am using an IBM R50 laptop, which brings up some vendor-specific software like powermanagement utilities, Network access and so on.

Do yourself a favor and keep a cable for Internet access ready after installation and do not panic if you have got a kind of incomplete system after a successful installation.

Therefor the second step you should do afterwards is to start the windows update and download all vendor-specific software the system will offer you. That brought back power management and WLAN also, but some other tools are still missing (like the display control to switch to a beamer) and are not allowed to install on Vista.

3. Security and UAC (User account control)

I bet, that the new feature UAC (User Account Control) will be a pain in your neck - especially during the first hours doing all installations you need. Everytime you start a setup you will be faced with "Do you really want to?", everytime you will be alerted "a program tries to..."...

As described in the article above it really gets annoying and also brings up some risks like clicking every OK you will face without reading carefully, but if you want to be secure you can not have everything. That UAC could give you a hint for investigating for Trojans and others is proofed with this blog-entry

If you are interested in digging deeper into Windows security, read Windows Vista Security blog or UAC blog.

4. Installation of SQL 2005

I you want to install SQL 2005 on your Vista client you will have to fulfil some prerequisites, especially enabling the IIS and doing some configuration, as described in KB article 920201. But even if you do this it is not guaranteed that Reporting Services will run as described in the comments of James Kovacs' posting.
Further tips and known issues are described in Microsoft SQL Server 2005 on "Microsoft Windows Server Longhorn" or Microsoft Windows Vista.

We will have to wait for the official version of SP2 and see what it brings - I hope it will work!

5. OWA with IE7 and Vista

I am using OWA to access my exchange server and I did do this also using IE7 and Windows XP.
Windows Vista seems to have a slightly other IE7, which handles ActiveX-controls - even the one form Microsoft - a little bit stricter. Using OWA I was able to read messages, but I could not answer to a message´, because the input frame just displayed a red X...

There are two KB articles - 911829 and 924334- and also two downloads which will solve this problem.

6. 3G data card for PCMCIA-Slot

I am using a Novatel Merlin™ U740 Wireless PC Card to connect via 3G to the Internet and my German provider is Vodafone.

In Germany it is very common that providers will deliver a specific software with there own branding to assure that you will have an easy installation and access, the Vodafone software is called "Dashboard" and the current downloadable version is 7.04.

Due to the Vista restrictions you will not be able to install the software and there you neither get the drivers nor the software to communicate with your data card.

So I allowed myself to call the business hotline to ask for a new version of the dashboard to enable the data card using Vista.
The answer was that there is no specific time schedule which is public but that there will be a good chance that the software will be presented at the CeBit and available afterwards...
Presented? This software is just a little tool to enable and control the connection and not the ultimate version of a hype-whatever software suite!
And CeBit? This fair will be in the mid of March! Should I wait about three months to enable my data card?
Common, I understand that the software has to be tested and certified also and that this could be time consuming but to be honest... Is Windows Vista really such an unexpected and uncommon OS??

So I called not only one time but twice, because the first answer was not very satisfying...
The second answer was that there will be a version around end of January....
Ah, there is light at the end of the dark! But having to wait till end of this months would be also annoying...

So I choosed another solution, why not to use the data card as a kind of normal dial-up connection??

First you will have to disable the PIN on your SIM-Card, because the dial-up connection will not be able to ask for the PIN like the dashboard does.
You can use your mobile phone or the dashboard software for that.

After disabling the PIN insert the data card to your PCMCIA-Slot and wait for the drivers to be installed.

Then you will have to do some manual steps:

• Open the Control Panel - Network and Sharing Center
• Click "Setup a connection or network" in the tasks at the left side.
• Mark "Connect to the Internet" and click Next
• "Create a new connection"
• Choose "Dial-up"
• Choose the Novatel Wireless Merlin HSDPA Modem
• enter *99# as Dial-up phone number
• leave User name and Password blank
• enter a describing description into Connection name
• decide whether to allow other people to use this connection
• click Connect

To make it a little bit more secure you should turn of all options in "Sharing and Discovery" and as a little comfort hint: you should put a Shortcut on the Desktop or into the Quick Launch to be able to activate the connection very easily.

This will work, but without the Vodafone dashboard you will not be able to diagnose you connection speed and control your download rates (a pity if you pay for volume or time and do not have a flat rate) so be careful! But I think that will be a proper workaround till the software will be available...

Randy Dyess has published an article called "Auditing Your SQL Server Environment: Part II (Reviewing Role Memberships)"

The following content is intellectual property of Randy Dyess, the original posting can be found here:

"Roles should be in foremost in your mind when planning the security of your SQL Server environments. Auditing inherited SQL Server installations is a relatively easy thing to accomplish, and all DBAs should audit their environment and create documentation if they have not already done so. Once you can document the logins assigned to each of your fixed and user-defined roles, you can start to remove any duplication of permissions which can reduce the time needed to troubleshoot future permission errors."

--Use the master database
USE master
go

IF OBJECT_ID('dbo.spRoleMembers') IS NOT NULL
DROP PROCEDURE dbo.spRoleMembers
GO

CREATE PROCEDURE dbo.spRoleMembers
AS
/************************************************************
Creation Date: 04/28/02 Created By: Randy Dyess
Web Site: www.TransactSQL.Com
Email: RandyDyess@TransactSQL.Com
Purpose: Loops through all databases and obtains member
for database roles as well as server role members.
Location: master database
Output Parameters: None
Return Status: None
Called By: None
Calls: None
Data Modifications: None
Updates:
None

************************************************************/
SET NOCOUNT ON

--Variables
DECLARE @lngCounter INTEGER
DECLARE @strDBName VARCHAR(50)
DECLARE @strSQL NVARCHAR(4000)

--Temp table to hold database and user-define role user names
CREATE TABLE #tRolemember
(
strServerName VARCHAR(50) DEFAULT @@SERVERNAME
,strDBName VARCHAR(50)
,strRoleName VARCHAR(50)
,strUserName VARCHAR(50)
,strUserID VARCHAR(100)
)

--Temp table to hold database names
CREATE TABLE #tDBNames
(lngID INTEGER IDENTITY(1,1)
,strDBName VARCHAR(50)
)

--Create permanent table
IF OBJECT_ID ('dbo.tRolemember') IS NULL
BEGIN
CREATE TABLE dbo.tRolemember
(
strServerName VARCHAR(50)
,strDBName VARCHAR(50)
,strRoleName VARCHAR(50)
,strUserName VARCHAR(50)
,strUserID VARCHAR(100)
)
END

--Obtain members of each server role
INSERT INTO #tRolemember (strRoleName, strUserName, strUserID)
EXEC dbo.sp_helpsrvrolemember

--Obtain database names
INSERT INTO #tDBNames (strDBName)
SELECT name FROM master.dbo.sysdatabases
SET @lngCounter = @@ROWCOUNT

--Loop through databases to obtain members of database roles and user-defined roles
WHILE @lngCounter > 0
BEGIN

--Get database name from temp table
SET @strDBName = (SELECT strDBName FROM #tDBNames WHERE lngID = @lngCounter)

--Obtain members of each database and user-defined role
SET @strSQL = 'INSERT INTO #tRolemember (strRoleName, strUserName, strUserID)
EXEC ' + @strDBName + '.dbo.sp_helprolemember'

EXEC sp_executesql @strSQL

--Update database name in temp table
UPDATE #tRolemember
SET strDBName = @strDBName
WHERE strDBName IS NULL

SET @lngCounter = @lngCounter - 1

END

--Place data into permanent table
INSERT INTO tRolemember
SELECT trm.* FROM #tRolemember trm
LEFT JOIN tRoleMember prm
ON trm.strUserName = prm.strUserName
AND trm.strDBName = prm.strDBName
AND trm.strRoleName = prm.strRoleName
AND trm.strServerName = prm.strServerName
WHERE prm.strServerName IS NULL

GO

--Test Stored Procedure
EXEC dbo.spRoleMembers

PRINT 'Display by User'
SELECT strUserName, strDBName, strRoleName, strServerName FROM tRolemember
WHERE strUserName <> 'dbo'
ORDER BY strUserName

PRINT 'Display by Role'
SELECT strRoleName, strDBName, strUserName,strServerName FROM tRolemember
WHERE strUserName <> 'dbo'
ORDER BY strRoleName

PRINT 'Display by Database'
SELECT strDBName, strRoleName,strUserName, strServerName FROM tRolemember
WHERE strUserName <> 'dbo'
ORDER BY strDBName

Randy also has published a script about auditing user's passwords

The following content is intellectual property of Randy Dyess, the original posting can be found here:

IF OBJECT_ID('dbo.spAuditPasswords') IS NOT NULL
DROP PROCEDURE dbo.spAuditPasswords
GO

CREATE PROCEDURE dbo.spAuditPasswords
AS
/****************************************************************************
Creation Date: 03/22/02 Created By: Randy Dyess
Web Site: www.TransactSQL.Com
Email: RandyDyess@TransactSQL.Com
Purpose: Perform a simple audit of user's passwords
Location: master database
Output Parameters: None
Return Status: None
Called By: None
Calls: None
Data Modifications: None
Updates: None
Date Author Purpose
---------- -------------------------- ---------------------------------
****************************************************************************/
SET NOCOUNT ON

--Variables
DECLARE @lngCounter INTEGER
DECLARE @lngCounter1 INTEGER
DECLARE @lngLogCount INTEGER
DECLARE @strName VARCHAR(256)

--Create table to hold SQL logins
CREATE TABLE #tLogins
(
numID INTEGER IDENTITY(1,1)
,strLogin SYSNAME NULL
,lngPass INTEGER NULL
)

--Insert non ntuser into temp table
INSERT INTO #tLogins (strLogin)
SELECT name FROM master.dbo.syslogins WHERE isntname = 0
SET @lngLogCount = @@ROWCOUNT

--Determine if password is null and user iis SQL Login
PRINT 'The following logins have blank passwords'
SELECT name AS 'Login Name' FROM master.dbo.syslogins
WHERE password IS NULL
AND isntname = 0


--Determine if password and name are the ssame
SET @lngCounter = @lngLogCount

WHILE @lngCounter <> 0
BEGIN
    SET @strName = (SELECT strLogin FROM #tLogins WHERE numID = @lngCounter)

    UPDATE #tLogins
    SET lngPass = (SELECT PWDCOMPARE (@strName,(SELECT password FROM master.dbo.syslogins WHERE name = @strName)))
    WHERE numID = @lngCounter

    SET @lngCounter = @lngCounter - 1
END

PRINT 'The following logins have passwords the same as their login name'
SELECT strLogin AS 'Login Name' FROM #tLogins WHERE lngPass = 1

--Reset column for next password test
UPDATE #tLogins
SET lngPass = 0

--Determine if password is only one characcter long
SET @lngCounter = @lngLogCount

WHILE @lngCounter <> 0
BEGIN
    SET @lngCounter1 = 1
    SET @strName = (SELECT strLogin FROM #tLogins WHERE numID = @lngCounter)
    WHILE @lngCounter1 < 256
    BEGIN
        UPDATE #tLogins
        SET lngPass = (SELECT PWDCOMPARE (CHAR(@lngCounter1),(SELECT password FROM master.dbo.syslogins WHERE name = @strName)))
        WHERE numID = @lngCounter
        AND lngPass <> 1
        
        SET @lngCounter1 = @lngCounter1 + 1
    END

    SET @lngCounter = @lngCounter - 1
END

PRINT 'The following logins have one character passwords'
SELECT strLogin AS 'Login Name' FROM #tLogins WHERE lngPass = 1
GO

--Test
EXEC dbo.spAuditPasswords

And last but not least Bradley Morris has published an article about "How to Script User and Role Object Permissions in SQL Server"

Definition from the SQL Server 2005 Product Guide:

"Analysis Management Objects (AMO) allows client applications to access the range of administrative commands and capabilities that are available to Analysis Services by using an object library that can provide object-level validation capabilities. This is an alternative to manually generating both the DDL scripts for Analysis commands and the often-lengthy contents of the ASSL ObjectDefinition element. Applications that use AMO can either connect and work directly with objects on an Analysis Services instance, or they can create such objects without an existing connection and persist the metadata for later deployment. AMO also “wraps” Analysis Services Scripting Language (ASSL) commands and elements."

Microsoft SQL Server 2005 Management Objects Collection from the Feature Pack for Microsoft SQL Server 2005 - April 2006

Introducing AMO Concepts

Readme for AMOBrowser Sample

AMO Security Classes

Programming AMO Security Objects

Analysis Services Concepts and Objects

Permissions and Access Rights (SSAS)

Strong passwords: How to create and use them

Password checker

The article Applying the Principle of Least Privilege to User Accounts on Windows XP brings up some interesting thoughts about limited user rights

Extract from the website:
"The Least-Privileged User Account Approach
A defense-in-depth strategy, with overlapping layers of security, is the best way to counter these threats, and the least-privileged user account (LUA) approach is an important part of that defensive strategy. The LUA approach ensures that users follow the principle of least privilege and always log on with limited user accounts. This strategy also aims to limit the use of administrative credentials to administrators, and then only for administrative tasks.

The LUA approach can significantly mitigate the risks from malicious software and accidental incorrect configuration. However, because the LUA approach requires organizations to plan, test, and support limited access configurations, this approach can generate significant costs and challenges. These costs can include redevelopment of custom programs, changes to operational procedures, and deployment of additional tools.

Important   It is difficult to find utilities and guidance on using limited user accounts, so this white paper refers to third-party tools and guidance from Web logs and other unofficial sources. Microsoft makes no warranty about the suitability of the tools or guidance for your environment. You should test any of these instructions or programs before you deploy them. As with all security issues, there is no perfect answer, and this software and guidance is no exception."

The whole article is also avalaible for download as a Word-file.