I may not test often, but when I do it's in production

The thrill of testing in production

if ($testing_in_production == true) {
else {


I’ve been spending a lot of time hopefully making something better for a customer. They recently had an au

ditor c

ome in and tell them they were doing the most basic layers of security (i.e. Antivirus) all wrong and it needed to be redone. And the organization was given a deadline about a month away for 40 PCs and a dozen servers.

This is not a significant issue except the 13-hour timezone difference makes anything that gets messed up a little more precarious to go fix. My first

real sysadmin job allowed me the luxury of driving across town if I broke something.

In all cases I’m lucky that I have experience deploying the tools in a much larger environment. That environment was also under pressure. They had just been pwn’d and didn’t really know it until I stumbled across that. Really didn’t know what I was dealing with… at that time in 2008 I really had no clue what real information security was about. I learned quickly.

What I have also learned through many years of work, is that if you’re going to have to test in production, I recommend that you take a deep breath, slow down, and read the manual first. Knowing what the heck you are doing is only the first step. You really have to know *why* you are doing a thing. There’s no shortage of opportunity to move fast and break stuff, but with each instance there’s also an opportunity for learning and growth.

I may not test often, but when I do it's in production

With the amount of chaos in the world, inability for many OPSEC teams to focus on actually securing all the things, and the continual drive to still give customers what they want, there’s also no shortage of opportunities to learn-on-the-fly, be creative, and solve problems. Even in production.

Microsoft Server Essentials still underestimated IMHO

For Small Business and tinkerers, the Server Essentials from Microsoft continues to be one of my favorite best-kept secrets. I’ve set these up at small-business consults since 2010 when it used to be Windows Home server which itself was a descendant of Small Business Server. The most “Essential” elements of why I can be please with this over-and-over again

Microsoft Server 2016 Essentials

  1. Ease of management
  2. Sampling of the best-of technologies available from Microsoft


I just finished going through this absurdly useful guide to migrate an existing client from Server 2012R2 Essentials to Server 2016 Essentials, and it reminded me how incredibly easy the Essentials line makes management for a very small-scale operation.

The admin dashboard alone makes management of this, and particularly support for a small Essentials domain the easiest gig available. Everything an admin for a larger enterprise-domain is actually available in some small slice in this product. And of course since it’s Server 2016 under the hood it can be manipulated in an enterprise fashion in case you want to.

The add-ons that are available to the average small-business would take dozens of hours of consulting and troubleshooting to get setup:

  1. Storage Spaces
  2. User Experience Virtualization
  3. DirectAccess
  4. Scheduled Backup
  5. Automated health reports
  6. Connections to O365 if you have it (great for non-profits btw)



I did the upgrade to move off of failing hardware, and I didn’t actually see any compelling reasons to update from 2012R2 to 2016 while I was working on this, but it was by request.

During the review of differences between 2012R2 and 2016 however I did find only one sad caveat; the Microsoft Streaming pack doesn’t yet work on this version. Womp womp.


If you haven’t checked out Essentials before and you need to setup a domain where you will NOT have the luxury of a full-time IT admin you can lean-on for everything, you must do so. It is the most supportable and competitive way to get small businesses the platforms they need to continue doing business in the modern environment.

Just can’t stand Lenovo any longer

Another personal hit against Lenovo has shown up. I recently needed to replace the WLAN card in one of my laptops. I grabbed an older Intel-2230 off the shelf and put it in.

I did it while the PC was hibernating (I know… testing in production and all that.) The OS recognized it immediately upon coming back up.

Later on however when I went to restart the thing, I received a cold warning from Lenovo. The apparently well-known 1802 Error.

In short the 1802 error means only a very specific set of add-ons such as WLAN, WWAN, and HDDs are whitelisted. You are not allowed to use something that Lenovo doesn’t want you to.

If I wanted to be restricted and cave and operate only according to a manufacturer’s demands, I would use Apple.

Between this, the Superfish incident, and the pre-installed malware that came on TWO Lenovo Yogas, I am again ruling out Lenovo from ever being part of my deployments again.