North East Bytes - a Microsoft technology usergroup in North East England.

Powered by Squarespace


Microsoft UK Tech Days Online starts tomorrow

For 3 days (6-8 Nov) Microsoft UK is running their Tech Days Online event, covering (day 1) Windows Client for IT Pros and Developers, (day 2) Server and Cloud for IT Pros, and (day 3) Visual Studio, Azure, Dev tools for Developers.

The late morning slot is where the headline content is because on Wednesday they have an intereview with outgoing Microsoft CEO Steve Ballmer, and on Thursday they have me ;-) talking about PowerShell, with a focus on Desired State Configuration.

As The Register says, "Microsoft TechDays Online is a lovely opportunity for IT pros and developers to beef up on the latest developments in Microsoft client, server, cloud, system management and developer tools technologies."

It's all free, and you can register at


PowerShell 4.0 DSC presentation at NEBytes

For those in or around North East England next Wednesday (28th August), I'm going to be doing a presentation at NEBytes on PowerShell 4.0, with a focus on Desired State Configuration.

If you haven't heard of DSC before, it's a really big deal - a new set of cmdlets and language extensions provide the ability to declaratively specify the configuration of your environment and maintain the desired state of your systems.

I'm going to cover what DSC can do for you, showing how to define and deploy configuration scripts, as well as touching on some of the other new features of PowerShell 4.0.

The event is free to attend, but we do ask that you register here:

As if PowerShell DSC wasn't enough, we've also got my partner-in-crime, Andy Westgarth talking about developing with Windows Azure Media Services.


Anatomy of a Scam Email

A little while ago I received warnings on a couple of mailing lists of a new email scam claiming to be from Microsoft. There was some suggestion that this particular scam was well structured and more convincing than most, although everyday experience tells us that phishing emails don't have to be very convincing at all to get passwords (or whatever) out of some computer users.

This is an example of the message that's going round. It links to a MSI file that you should install "in order to keep your computer and data safe" - I've broken up the URL so that nobody clicks on it by accident - it's malware that wasn't detected by all anti-virus packages at the time.

From: Microsoft <>
Subject: Attention: Microsoft Office
To: Recipients <>

Dear Microsoft Office user, through our annonymous statistical
information collection system built into all Microsoft Office
products, we have detected that your system is currently lacking 3
critical Office patches. These patches are for Microsoft Word,
Microsoft PowerPoint and Microsoft Outlook, in order to keep your
computer and data safe we urge you to go to
Microsoft Download Center and download the Microsoft Office Critical Update
Pack available on our website.

You can do this by searching for the patch on our website or
directly at:

http dot slash slash fileserver dot updateservermicrosoft dot net/MS00285913/CriticalUpdates/


Microsoft Office Support
Cardinal Place
80-100 Victoria Street 

Now, there are a bunch of reasons why you are too clever to be caught out by this. You've already seen a bunch of them, haven't you? You wouldn't be foolish enough to fall for this, I know. But let's break it down just for fun anyway...

First up are the email addresses in the header. That's obviously not how you spell Microsoft, and Microsoft haven't run out of addresses, so they wouldn't be using anything else. The trouble here is that this could potentially be much worse. Email is horrendously insecure and it's very simple to send an email that looks like it comes from absolutely any address whatsoever.

Some systems won't relay email from addresses without verifying the sender is who they say they are, and some systems won't accept email pertaining to be from some address if it didn't originate from a server that's designated as part of the DNS domain. Frankly though, there are loads of systems that are wide open, so you can pretty much assume that the address that an email comes from isn't proof that it came from that person/organisation.

The next thing that is often part of a scam email is bad speeling or grammar. This one is better than most, but even if I haven't screwed up the line breaks (which I may have - I didn't receive the message first-hand), this bit is suspect:

Dear Microsoft Office user, through...

You'd expect a line break after the comma there, which may have been in the original message - if this really was from Microsoft it would've been there, and if there was a line break "through" would be capitalised.

The next bit is the one that I would expect more people to miss:

through our annonymous statistical information collection system built into all Microsoft Office products, we have detected that your system...

Now some Microsoft products do optionally collect anonymous user data to feed back into their development cycle, so that's plausible, right?

The key thing here is that word "annonymous" (which is spelt incorrectly, but that's only part of the point). If the data is anonymous, how would they know that it was your system, or know your email address to warn you about it?

They wouldn't. Nobody will ever be able to contact you with a targeted message based on anonymous data. That's just nonsensical.

Other stuff that should ring alarm bells, although there require a bit of background knowledge...

Microsoft delivers critical patches via Windows Update. If they needed you to apply a critical patch, they'd simply direct you to Windows Update, or at the very least a page on

The physical address is Microsoft's London office, so at least the scammer went to the trouble to check that out. However, they didn't bother to find out what Microsoft does there. A quick seach would have uncovered this: "Our London office primarily serves the MSN and Xbox teams, although the ground floor is set up for hot-desking to ensure that any of our employees can work from this office when they are in London." Critically, it doesn't include Microsoft Office Support.

The scammers are getting better, but they need to try much harder if they're going to fool anyone with a decent dose of both scepticism and common sense (unfortunately there are too many people lacking one or both of those).


2013 PowerShell Scripting Games

If you've read very much of my blog, you'll know that I'm a big fan of the annual Scripting Games, where challenges are set for beginners and advanced scripters, to be solved in PowerShell. The reason I like this event so much, apart from enjoying a challenge, is that it's an excellent way to learn, regardless of your level of proficiency.

The great thing about the Scripting Games is that you can have a go at solving each problem and then see an expert solution to compare your efforts with. Even if you're really competing at the advanced level, you're likely to learn something from that, and if you're just a beginner, then there's no better way to learn that to try to solve a problem and being shown by an expert the best way to do it.

The 2013 event kicks off today, and I strongly recommend you take part if you have the time. If you don't have time to do it right now, then there's nothing stopping you having a go after the competition has ended - just make sure that you give the challenges a try before you look at the expert solutions.


More System Center 2012 SP1 on Microsoft Virtual Academy

Earlier this month, I pointed at a couple of courses on Microsoft Virtual Academy - which is a great free resource, if you haven't already found it. I've since found a post on the System Center blog pointing at a whole load more content that you might want to check out:

Configuring and deploying Microsoft's Private Cloud

Introduction to the Microsoft Private Cloud

Introduction to Hyper-V Jump Start (with System Center 2012 SP1)

Microsoft Virtualization for VMware Professionals Jump Start (with System Center 2012 SP1)

Microsoft Solution Accelerators for the Datacenter and Private Cloud

Private Cloud: Computing and Infrastructure Management

Private Cloud: Service Delivery and Automation

Private Cloud: Application Services Management

Private Cloud: Infrastructure Components

System Center 2012 Licensing Overview

System Center 2012 Service Pack 1 Updates

System Center 2012 SP1 Capabilities

System Center 2012: Operations Manager

System Center 2012: Configuration Manager

System Center 2012: Data Protection Manager

System Center 2012: Orchestrator & Service Manager

System Center 2012: Virtual Machine Manager (VMM)

System Center Advisor

What’s New in System Center 2012

That's a whole lot of learning, but that's going to be of limited use to you if you don't then go and kick the tires. To that end you might want to setup a test lab. You can download an evaluation of Windows Server 2012, either as an ISO if you want to pop it on a spare bit of kit, or a ready to use VHD file that you can attach to a VM, or boot from on your desktop. Then you can install an evaluation of System Center 2012 with SP1.

If you like, you can even setup an IaaS pop-up lab on Windows Azure and it doesn't have to cost you a penny: