Author: Wayne Zimmerman
Quickly Cleanup Your Windows Server Update Service (WSUS) with Just a Few Clicks
If your like me you have that special date that Microsoft releases updates marked on your Outlook calendar. Once a month you go to the update server and approve updates and move along with your IT day. Well there is a little bit of maintenance that needs to be done to WSUS. First off you need to go and check to see what product categories you are subscribed to. This will ensure that you are receiving updates only for the products that you support in your environment. To do this open up your WSUS administrative console and click on Options in the tree menu on the left. If you do not see these options you may need to update your WSUS to 3.0. From the menu then select Products and Classifications.
Now Scroll though this list of products and makes sure that any of the products you support has a check by it. If you have moved everyone off of the older version of the product you can uncheck it as well. 
I probably wouldn’t adjust anything in Classifications as the defaults here are relatively acceptable. Once finished press OK at the bottom.
Next we need to cleanup the server and remove any old updates. To do this from Options select Server Cleanup Wizard. Ensure that the options are correct and just click Next.
This should remove old updates from the database as well as updates that have been updated and clean up any computers that haven’t contacted the WSUS server in 30 days. It may take a few minutes to process depending on how large your WSUS database and update archive has grown to.
It saved me about 20% when I adjust off Office 200 and a few other products we didn’t support and got rid of all of those updates that had been updated or not approved.
Enjoy a nice clean WSUS server!
Allow User To Run Applicaton as Administrator Without a Password
A few days ago I came across a software application that just wouldn’t execute correctly without the user being an administrator on the computer. Since all of my users run as basic / limited users they were unable to use program. After contacting the vendor and looking for all type of rights that we could grant the user so the could execute the program properly we were unable to fix it without making the user an administrator. So rather than making them an administrator or giving them the administrator password I made a little application that calls the other application as a run as but has the administrator credentials complied in. I realize that you can probably decompile the application and get the password, but for many users that is too much work, or they lack the expertise, so I view this as a small security issue. To further protect the account I made one that only exists on that computer. Below is the code that you can use to build a similar application it is only a few lines but it can solve a headache and keep a password relatively secure.
This is a VB.NET application
This application will produce an error if it is unable to login as that account or if the target program cannot be found.
Public Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim DomainName As String
Dim UserName As String
Dim Password As String
Dim SysPassword As System.Security.SecureString = New System.Security.SecureString()
DomainName = System.Environment.GetEnvironmentVariable("ComputerName")
UserName = "administrator"
Password = "supersecretpassword"
For Each c As Char In Password
SysPassword.AppendChar(c)
Next
SysPassword.MakeReadOnly()
Try
System.Diagnostics.Process.Start("notepad.exe", UserName, SysPassword, DomainName)
Catch ex As Exception
MsgBox(ex.Message)
End Try
Me.Close()
End Sub
End Class
Digsby Come Back From The Dark Side
For many months now I have used an Instant Messaging client called Digsby. It allows you to connect to multiple different IM networks like AIM, Yahoo, Facebook, MSN, ICQ, Google Talk and a few others as well as your social networks like Facebook, Myspace, Twitter, and LinkedIn. Recently they have changed over to the Dark Side. By this I mean they have added two revenue generating programs to their application.
- Installer Spyware – This allows you to optionally install different programs so those companies will pay Digsby for getting them installed. The optional software usually doesn’t play nice and typically adds nothing more than a loss of screen real estate to another annoying system hogging toolbar in your browser. There are several other ones that are offered. This model I can tolerate because if the user is smart enough they will figure out how to not install them in the first place or how to uninstall them if they were installed.
- Research Module – This allows digsby to user your computer and bandwidth to do pretty much whatever they want with it. Most likely be another pawn in some search engines indexing program. This one I find much more troubling because it uses your electricity and your bandwidth (remember bandwidth caps are coming kids) to make them money. I agree everyone needs money but this isn’t the right way to go about it. This needs to be added to the installer as an opt out program or better yet you could add a non evil model and have it process something cool like cancer research or mapping the human genome.
Digsby please fix these items and in a hurry. I have already opted out of your research program as I like my bandwidth and computer to myself, your probably the best IM client out there but if you continue to the dark side I will have to find an alternative.
For more information about Digsby IM Clients Dark Side:
http://lifehacker.com/5336382/digsby-joins-the-dark-side-uses-your-pc-to-make-money
Also checkout Digsby’s Explanation: http://blog.digsby.com/archives/693