Are you still running Windows Server 2003? The End is Near(er)!

Back in November 2014, the US Computer Emergency Readiness Team issued an alert about the end of support for Windows Server 2003. It’s now the end of March of 2015, and the end-of-support date will be here in less than 4 months. Starting on July 15, 2015, Windows Server 2003 will no longer receive security updates, fixes, or technical assistance from Microsoft. To borrow a phrase: the end is near!

The sky, however, is not falling.

Migration from your on-premises server to a different system is not terribly complicated, generally-speaking (the devil’s in the details, of course). And you have options – sort of. You can get a new server and move your stuff, or you can choose to migrate to a cloud-based offering, such as Office 365 and Microsoft Azure. Considering that here at inWorks LLC we believe that you should not be running a server unless you’re in the datacenter business, I suggest that you take the following path:

Take your email to Exchange Online with Office 365. With ridiculously low per-user prices, virtually unlimited disk space, and enterprise-grade features you simply cannot find a better messaging & collaboration system. Some may suggest Exchange hosted by other providers, Google, or Amazon (which recently added its own mail service), and unless you have very specific, compelling reasons for choosing those routes, don’t. Exchange Online will give you the best email, calendaring, contact management system you can buy in terms of usability, functionality, compatibility, extensibility, and some other *ilities I’m probably forgetting.

Take your files to SharePoint Online with Office 365. Some folks are apprehensive about SharePoint Online. It does represent a departure from the typical local server-based file access, with its familiar mapped drives and network shares. It also represents a major step forward for your business, in terms of managing documents and data – and it doesn’t have to be scary, or painful.

With a little bit of advanced planning and proper execution and tools, the transition can be painless, and using SharePoint – liberating. Plus, this is the one opportunity you’ll have to really clean house with your documents!

Even if you don’t take the time to explore SharePoint’s moderately advanced capabilities you will still end up ahead – with things like automatic document versioning, recycle bin, search indexing to make stuff easy to find, top-notch security, simple external sharing, easy access on all devices from anywhere, and so on. I haven’t even talked about building apps on top of SharePoint Online – apps that may not require any code at all! I won’t this time, either, just to keep things brief.

Move business apps to the cloud.
Microsoft Azure provides a datacenter in the sky that’s at your beck and call – pay just for what you use, with no upfront costs and no capital expenditures. Don’t need it anymore? Shut it down and the bill stops.

Anything you want to do that can’t be done with Office 365, can be done in Azure. Virtual machines, websites, storage, custom scripts, databases, et cetera – are now in your business IT tool belt, and with the recent addition of RemoteApp to the already deep and wide set of services that Azure provides, you can deliver even legacy applications from the cloud directly to the desktop, tablet, or phone. I’m not exaggerating when I say that it is really cool.

Sign up for This service grew out of our experience helping other businesses that made the cloud switch. It’s optimized for cloud customers and uses a similar, utility-based cloud model for all your needs, whether cloud or not.

With a monthly subscription you get what essentially amounts to Technology Insurance for your business – in return for a monthly “premium” you get someone who’ll pick up the email when you send in a support request, get back to you right away, answer your question without charge if it doesn’t take long, and get you help at lower support rates if it’s something gnarly. We’ll also handle hardware, software, and licensing procurement, set up backup if you need it, manage remote access to your systems, and provide antivirus software along with central device inventory & management, plus security for your mobile devices.

Don’t believe me? Have questions? Would like to discuss migration planning or ongoing support? Want to talk haiku form? Drop me a line!

Ditching Small Business Server? Use USMT to convert to local accounts

The User State Migration Tool is quite useful when managing user profiles & accounts on your PCs during an operating system migration or upgrade – especially if you have lots of devices to work with. Documented features show you how to switch user profiles between domains – useful when consolidating your Active Directory domains, for example. What about cases when you’re ditching your local infrastructure in favor of all things cloud?

Microsoft’s documentation doesn’t say anything about converting from a domain account to a local account – and yet it’s possible. Here’s how you do it.

First collect your “user state”. To speed up the process, you can use the /hardlink and /nocompress options like so:

Scanstate.exe %temp%\store /i:miguser.xml /i:migapp.xml /hardlink /nocompress /l:%temp%\store\save.log /progress:%temp%\store\save_progress.log /o /ue:*\* /ui:DOMAIN\username

Let’s break down the statement above.

  • %temp%\store specifies that the collected user state should go to the temporary folder, in the store subfolder
  • /i:miguser.xml /i:migapp.xml provide configuration files to move files and settings
  • /hardlink specifies that the source files shouldn’t actually be moved. We can do this because we’re not actually switching PCs for the user, so there’s no need to move profile data. Instead, scanstate simply builds a catalog of files to include when reloading the data into the new profile
  • /l: and /progress: switches specify where to save log and progress log files
  • /ue:*\* tells scanstate to exclude all user profiles from the process. Why? Because we’re going to explicitly call for the profile we’re interested in next
  • /ui:DOMAIN\username is explicitly telling the migration tool to copy ONLY the DOMAIN\username profile. You can use multiple /ui switches if you want to.
  • /o tells the tool to overwrite whatever’s in that store directory. We don’t need to use it, but if you had a failed run, this will ensure a clean slate. Don’t do this on a shared store :).

Once this operation completes, you can create the new local profile by running the following command:

loadstate.exe %temp%\store /i:miguser.xml /i:migapp.xml /hardlink /nocompress /l:%temp%\store\load.log /progress:%temp%\store\load_progress.log /ue:*\* /ui:DOMAIN\username /lac:NewPassword /lae /mu:DOMAIN\username:%computername%\username

Let’s break this one down too (skipping switches that are the same):

  • /lac:NewPassword – specifies that loadstate should create a new Local Account with the password of NewPassword. If you don’t specify NewPassword, the new local account will be created without a password
  • /lae – specifies that the new local account should be enabled. If you don’t use this switch, it’ll be created, but disabled
  • /mu:DOMAIN\username:%computername%\username – this is the magical conversion dust. It’ll switch the account from being a domain account in the DOMAIN domain, to a local account belonging to the %computername% computer. If you’re running this as part of a script, you can just leave %computername% to automatically substitute the actual PC name at run-time.

When this operation completes, your new user profile will be created, data migrated, and now you’re ready to remove this PC from the domain. Note that Outlook email settings aren’t migrated this way, so you’ll need to reconnect Outlook to (presumably) Office 365. Also, default migration files don’t include things like Google Chrome bookmarks, so you’d need to manage that transition separately.

Going into the details for USMT is beyond the scope of this post, but if you’d like a guided tour, check out the Curah! collection that puts it all in one place.

Got questions? Looking to migrate from the soon-to-expire Small Business Server? Give me a call – 1-484-558-0404 or create a support request with!



Microsoft SharePoint Online ups its storage max per site collection

This is a pretty big deal for SharePoint Online. Up until recently you could only have (for Enterprise plans) site collections up to 100GB in size. 100GB isn’t anything to sneeze at, but there are cases – quite a lot of them, actually – where storage accumulated over the last, say 10 years, exceeded that quite a lot. There are also folks who use SharePoint Online for storing lots of high-res imagery, and in any scaled operation, 100GB limit starts to become restrictive.

Good solution architecture and planning can overcome such constraints, of course. In many cases it is preferable to segment a solution across site collections – regardless of storage limits. There are scenarios, however (long term archiving), for example, where it may be preferable to let storage grow (and grow).

Microsoft announced (almost a month ago, actually) that SharePoint Online now supports site collections up to 1TB in size. In addition, you can grow your tenant almost without limits – creating as many of those 1TB site collections as your budget and business will allow (up to 10,000, which is the current limit).

Here’s the original blog post explaining the details:


Advanced application crash troubleshooting in Windows

I recently upgraded a company from a mixture of Windows XP and Windows 7 machines to Windows 8. Almost immediately one of the machines (a tiny and awesome Lenovo M93p) started having issues with crashing applications whenever sign-in of some kind was required, and it started happening shortly after install. It was a fresh machine, with no prior issues, running brand new installations of all applications.

The crashes primarily manifested in Outlook, which would crash right when the user was being prompted for their password. The crashes were all pointing to KERNELBASE.DLL (located in C:\Windows\System32), according to Event Viewer, and the error messages had something to do with System.IO.FileNotFoundException. Not terribly helpful.

Thinking that the culprit may be Office 2013 ProPlus, I first repaired the installation (quick repair), then really repaired it (online repair), then uninstalled it and reinstalled – all with the same results.

A few internet searches later, I found this little gem – a crash analysis freeware app written by NirSoft. When you run it, you get a view of modules loaded by the crashing application, and the ones at the bottom of the log would indicate the module closest to the crash – which, at the very least, should give you some further pointers for troubleshooting purposes. In my case, it was Lenovo’s Password Manager (which would explain why anything related to passwords would crash – Outlook, specifically, in this case). After removing the application, the problem went away.

Office 365 Multi-factor authentication is now available

Microsoft has made available multi-factor authentication for the following Office 365 plans:

  • Midsize Business
  • Enterprise
  • Academic
  • Non-profit
  • Exchange Online
  • SharePoint Online

Multi-factor authentication will allow you to use your mobile phone, office phone, or a smartphone app as a secondary authentication mechanism to increase sign-in security. While client application (Microsoft Office) updates are forthcoming to enable seamless integration with multi-factor authentication, for the time being you have to use a feature called App Passwords, which automatically generate a 16 character secure password to use when signing in from applications other than the web – just another reminder that security and convenience rarely go hand-in-hand :).

To learn more about Multi-Factor Authentication for Office 365, read the Office Blog post.

Managing Contacts in your Global Address List

Managing contacts in your Global Address List can be delegated. This “How do I…” article on will show your designated personnel how to perform such tasks as adding new contacts, editing existing ones, and performing contact search in the administrative interface.

Note that delegation of permissions isn’t covered in the article – if you need help with that task, create a support request and a pro from will help you out!

Read the “How do I…” article: