Posted by Shane Corellian on Wed, Mar 10, 2010
Photo by Halloween Wizard
A friend (who also happens to be a system management admin) tried a very interesting experiment several years back. System admins the world over will be able to appreciate this one...
His boss told him to deploy a security patch for an application that was present on ALL of their computers which ran Microsoft Windows. My friend, Mike, knew that if he made an announcement that he was going to deploy a patch, he would be inundated with support calls, questions and complaints that had zero, nada, nothing at all to do with the patch. This is the whole "Correlation Does Not Imply Causation" argument that scientists, nutritionists, medical personnel and certainly system administrators have to deal with all the time.
So Mike did something very interesting. He deployed the patch to 1,500+ computers on a Friday afternoon. He told NO ONE that he was doing this. He stayed late that weekend to ensure that the patch didn't break anything. He printed different reports showing time/date stamps and success rates of the deployment.
The following Monday there were no complaints other than the usual run-of-the-mill tech questions from users. The following Wednesday he sent out an email stating that he was going deploy a patch that evening. He didn't specify what, exactly, the patch was for. Of course he didn't allude to the fact that he had ALREADY installed the patch the previous week. The following morning a slew of calls kept coming in with frustrated users complaining that his carelessness had caused their systems to go "down". What were some of the problems caused by this patch? As I recall a few were:
"My scanner stopped working"
"My printers are no longer there"
"AutoCAD is broken"
"Power Point no longer shows my slides"
and a whole bunch of "My computer is running slow, thanks a lot!"
There were others but I was too busy laughing to commit them all to memory.
After he had collected dozens of complaints he sent his email stating the facts of the deployment. I don't know if he opined in public about his findings and conclusions of this little sociological experiment, but whether vocalized or not the results speak volumes.
As the old scuba diving axiom goes: "Plan your dive and dive your plan." We all need to document what we do and understand any dependencies (internal and external) of our actions. We need to understand that the general population will almost always confuse correlation with causation. "Oh, you installed an application on my computer and suddenly my printer toner ran out!"
If you are in an environment where you don't need to announce every step you take, then utilize this to your benefit. This doesn't mean not to document and track your administrative tasks, it just means you don't have to spend your time announcing to the world every time you modify a GPO.
If you ARE in an environment where you need to announce every change or thought, then it is wise to state what common outcomes may occur from your modification. This is actually standard Change Management procedure. Let your users know that you are going to patch versions of Attachmate Reflection. If they notice changes in their terminal emulation duties, these MAY be related to the update. If Peachtree, Quicken, or Solitaire don't work as expected the issue is almost certainly NOT related to the recent changes. If they think the change caused their printer to stop working then take that moment to send an email to the CEO explaining the importance of "thinning the herd" and call for mass lay-offs in certain departments. ahem.
Want deployment that your users will neither see nor hear? Try Admin Arsenal free for 30 days.
Posted by Adam Ruth on Mon, Mar 08, 2010
Photo by Steve Snodgrass
Here's a (seemingly) random collection of registry settings which I have recently encountered that you may find useful. Hopefully there's one or more that you may not be aware of.
1. Enable Unsolicited Remote Assist
Unsolicited remote assist is very handy for troubleshooting problems on a remote computer where you don't have some other form of remote control such as VNC. I've found that enabling it through the UI doesn't always allow it to work, and you get some cryptic errors. These settings seem to really get it going.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
fAllowUnsolicited = 1
fAllowUnsolicitedFullControl = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
AllowTSConnections = 1
fDenyTSConnections = 0
fAllowToGetHelp = 1
2. Increase Desktop Heap
Sometimes opening a lot of windows or tabs in Internet Explorer pushes use of the heap (a section of memory used by the desktop.) When you bump up against the limit, strange things start to happen. This blog post details a way to increase it which gives you more headroom.
3. Allow Popups on Secure Sites
Internet Explorer's popup blocker is pretty handy most of the time. But when you're connected to a secure web site you may want it disabled because the popups are part of the user interface for the site (such as for authentication.) This setting allows popups on HTTPS sites.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
Allow HTTPS = 1
4. No LAN Manager Hashes
An oldie, but a goodie. This entry prevents the system from storing LAN Manager password hashes which are much less secure than Kerberos or NT hashes. Older systems such as Win 98 and ME won't be able to authenticate, but that's actually a benefit.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Parameter
NoLMHash = 1
5. Disable Shaking
This one is a personal taste thing. I don't like the
shaking feature of Aero in Windows 7, I seem to activate it all the time on accident (perhaps I have muscle spasms.) Here's a way to disable it.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced
DisallowShaking = 1
6. Screen Saver Grace Period
The default setting for the grace period on requiring a password after the screen saver starts may be a bit too short for you.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
ScreenSaverGracePeriod = (number of seconds)
7. Take Ownership Menu
This one isn't as much of a registry setting as it is a shortcut, but it's still handy. If you find yourself needing to take ownership of files a lot, this will be quicker than going through the security tab. It adds a menu item in Windows Explorer when you right click on a file or directory which will give you ownership.
HKEY_CLASSES_ROOT\*\shell\runas
(default) = "Take Ownership"
NoWorkingDirectory = (empty)
HKEY_CLASSES_ROOT\*\shell\runas\command
(default) = "cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
IsolatedCommand = "cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
HKEY_CLASSES_ROOT\Directory\shell\runas
(default) = "Take Ownership"
NoWorkingDirectory = (empty)
HKEY_CLASSES_ROOT\Directory\shell\runas\command
(default) = "cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
IsolatedCommand = "cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
8. Disable Simple File Sharing
Simple file sharing in XP makes remote administration a bit difficult, mainly by disabling the admin shares (ADMIN$, C$, D$, etc.)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
forceguest = 0
9. Disable Writing to USB Drives
This is a helpful security setting if your organization wants to disable writing to USB drives on certain machines.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicie
WriteProtect = 1
10. Default User Settings
This is more of a tip than a setting. If you need to restore a key in HKEY_CURRENT_USER to its default, you can find them all in HKEY_USERS\.DEFAULT. This is also handy if you want to change a setting that will be used for all new user accounts because it is used as a template for each new user's registry settings.
Get a free 30-day trial of
Admin Arsenal and distribute registry changes with just a few clicks.
Posted by Shawn Anderson on Fri, Mar 05, 2010
I like Google Apps. Our entire office uses it. I've even written about it... a couple of times. It's great for collaboration. Better yet, it's great for those of us who don't just work on one computer in one location.
All that being said... Microsoft can win this battle. Here's why.
One thing has been very obvious to us in our use of Google Apps; we're not ready to throw out our Microsoft Office. Far from it. We all still have Office loaded on every system. While our use has certainly waned over the past six months, none of us could let it go.
That's why I like Microsoft's answer to Google Apps. They're not trying to play the game on Google's terms. They're not positioning Office Web Apps as an alternative to their well known (and still profitable) Office Suite. They're positioning it as an extension.
Bravo.
Google's answer is that you need only one solution. Microsoft's answer is that you can have both. While it's still in beta and therefore functionally broken (still can't edit word docs), it's coming along.
My gripe about Google Apps is that it's not really seamless to import a Microsoft doc or spreadsheet into Google Apps and have it ready for prime time. It's the little gotcha's that creep up and make you reluctant to completely let go of Office. (For instance, try printing Google Apps spreadsheet without the grid lines. It's possible, but not intuitive and not without modifying the URL of your spreadsheet - at least not as of a month or so ago).
Large companies have moved to Google Apps, while others have been hesitant because of the concern of needing large documents now only to have all of them being downloaded over and over again. Microsoft has answered this through their Office Web Apps over Sharepoint. It's a great idea. The benefits of hosting while still maintaining control of your docs.
Windows Administrators take note; we will still need to do software installations for Office 2010, even while taking advantage of Office Web Apps. Remember, it's extending Office, not replacing it. We'll post deployment instructions as the beta progresses.
There's promise in both Microsoft and Google offerings. It's just nice to see someone (Microsoft) playing a game but doing so on their terms.
And in true free market form, the products of both will be better and the consumers will benefit.
Take advantage of Office 2010 beta.
Posted by Shawn Anderson on Wed, Mar 03, 2010
Google is one of the best resources to answer questions, quickly. For system administrators, it's sometimes not just the first line of resource, but unfortunately the last.
Simply put, Google has made system administrators even more anti-social.
I've been impressed with Matt Simmons (of Stand Alone Sysadmin fame) and his work in the IT community. Matt is on the planning committee for a League of Professional System Admisitrators in New Jersey (LOPSA-NJ), which is a Professional IT Community Conference (PICC).
OK, no more acronymns. I promise.
So why should we care about this since most of us aren't in the New Brunswick area? I'll address that, but first I want to shoot a message to those of you are are in that neck of the woods.
The conference is not vendor or platform specific so it should appeal to a wide audience.
If you're in the area you should give serious consideration about attending. You'll see real world solutions that sys admins are utilizing every day. Some solutions will be home grown while others will be Commerical Of The Shelf (I would have used COTS, but I remembered my earlier promise on acronymn abstinence).
If you're not in the NJ area, never fear. You have many resources to help you find where your community hangs out. Be they official conferences or less official gathers.
And for the everyday community you have LinkedIn, Sys Admin Network, and even Server Fault.
Is LinkedIn really worth it? Isn't it just for your friends who have recently been laid off? Ummm, no (though it's value in finding new career paths is very high, especially for those who foster their connections BEFORE they need to polish up the ol' resume dot doc.)
To me the value of LinkedIn lies within its Groups. There are thousands of groups, so you will likely find one that is a tight community of people who deal with what you deal with, everyday.
Sys Admin Network is another good one. I like their motto: "no more hiding in the server room".
All of these tools have one thing in common. Community. Your management may treat you like an island, but you have a huge support network.
Google is great. If they keep giving us good information then we'll keep using them. But it's a starting point. We have tough jobs. We learn best when we're under pressure. Find out how you can tap into the knowledge from other sys admins.
From now on the only people who can call us quiet loners will be our neighbors.
And that's just the way it should be.
Follow me on Twitter @ShawnAnderson
Windows Administrator?
Learn how to deploy software quickly without needing to install agents or servers.
Posted by The Admin Arsenal Team on Mon, Mar 01, 2010
Author: Adam Ruth
I cut my programming teeth, like most programmers my age, on a version of BASIC that came with my computer. In my case it was on an IBM PC my father bought for his accounting business back in 1982. There's something immensely pleasurable about toying around with a small program and making the computer do what you want. Even if back then it wasn't much more than playing little tunes on the internal speaker or creating a calculator, it was still a very empowering experience.
Flash forward to the present and it's not easy to find that utter simplicity. The programming tools available to Windows administrators these days can be very complex, with learning curves that make it difficult to take up programming on the side as a way to automate your world. Batch files and Visual Basic Script tended to get a lot of use because they're so simple, even if they seem like little more than "toys." But they're both getting old and somewhat obsolete, less useful than they used to be with all of the new advances in Windows and applications.
Enter
Microsoft Small Basic, a programming environment intended to make programming fun again, like it was back in the days of green screens and 128K of memory and a big imagination. It's based on .NET allowing it to interact with newer system APIs easily. While it's not really meant for any particular kind of task, I can see it taking off in the administrator community as the heir apparent to VBS. It's still not a fully released product, but you can download it in it's current state to play with, it's at version 0.8 and it's free.
One nice thing about it is that it has a direct upgrade path to Visual Basic.NET, essentially meaning that it flattens out the leading edge of the VB.NET learning curve. Admins can start using it to automate tasks and then move up to full-blown VB.NET to get some serious work done. MSDN has a number of
blog posts with a lot of good information. Go ahead and download it and give it a whirl, if for nothing else than simple fun!
Try
Admin Arsenal for 30-days free.
Posted by Shawn Anderson on Fri, Feb 26, 2010
Photo by dybarber
Msiexec is a good friend to many an admin who deploys software remotely. It has great arguments (or switches) that can make your life as a Windows administrator much easier.
One of these is REBOOT=REALLYSUPPRESS
msiexec /i < your_msi_file > /q REBOOT=REALLYSUPPRESS
It does what it implies; it stops not only a reboot but any dialog that the user might see telling them that a reboot is necessary. If you absolutely don't want the system to reboot after an installation, I suggest making this a default argument for your remote deployments.
Now for my Billy Mays impersonation...
"But wait! There's more..."
Actually, there really is more. The error code.
Too often the error codes can be merely glanced at, or worse, outright ignored. It's a good idea to verify that they are a 0 value (meaning no errors detected). However, not all non-zero error codes are created equally. (Note: Error code and Exit code are synonomous).
3010 is an important code to detect. It's official definition:
3010 - The requested operation is successful. Changes will not be effective until the system is rebooted.
If your deployment requires a reboot and you suppress you may feel that you don't need this error code, but I would ask you to reconsider. The fact that this code was generated is further evidence that your package was installed the way that you expected it to be.
Any administrator who has been deploying for awhile will certainly have seen instances where an error code of 0 (successful) is returned on a remote software installation when upon further investigation it is determined that the software wasn't installed at all, or worse yet, wasn't installed correctly.
So... Really suppress the reboot. Evaluate the exit code. Move on to more important tasks (they're starting to pile up).
Windows Administrator? Follow me on Twitter @ShawnAnderson
Want to
deploy software remotely to all of your windows systems? Do it for free with our fully functional 30-day trial.
Posted by The Admin Arsenal Team on Wed, Feb 24, 2010
Photo by batega
Author: Shane Corellian
Here's an interpretive guide to the minds of people with whom we have no choice but to deal.
Scenario: You ask your moderately paid Microsoft trainer a pertinent question that is not specifically discussed in the training manual.
What he says: I can tell you but you will learn best by figuring it out on your own.
What he thinks: Ummm, I don't remember seeing that on my PowerPoint slides.
Scenario: You explain to your Director of IT the ramifications of swapping out your backup/restore software.
What she says: Thank you! I don't know what we'd do without you.
What she thinks: Just nod and pretend you know what the hell he's talking about.
Scenario: You finally bring back the COO's laptop after fixing his "Microsoft Word" problem (when the problem was actually malware infected from a porn site ending in .ru)
What he says: What was wrong with my computer?
What he thinks: Did he see my pr0n directory?
Scenario: You make eye-contact with the Marketing director in the restroom.
What he says: There's the man! You keeping our computer's running, Humphrey?
What he thinks: Is that the same gravy stain on his shirt from last week?
Scenario: You tell a vendor at Tech-Ed that you are only listening to them to get their swag.
What he says: Hey, that's what it's here for, boss! How's the convention treatin' ya?
What he thinks: I'm so glad I didn't use booth babes.
Scenario: You keep quoting Fletch to the new 21 year-old hottie receptionist.
What she giggles: Heh heh. Good one.
What she thinks: Who do I hate that I could hook up with this 80's-movie-quoting fossil?
Scenario: Your interviewer notices that you put CNE on your resume
What he says: I'm impressed.
What he thinks: Let me guess, you're from Utah.
Follow me on Twitter (@ShaneCorellian)
Posted by The Admin Arsenal Team on Mon, Feb 22, 2010
My oh-so-cool dual keyboard set up
Author: Adam Ruth
(Note:
last week I said that this week I was going to write up a tutorial for running Perforce, but it was getting so long I decided it was best to expand into a
whitepaper, we'll all be better for it.)
What follows is a story of hope. That even when things seem their bleakest a kludge can come along and get things limping along.
For the last couple of years I've been dreaming of getting a second keyboard, something that will allow me to take the myriad keyboard shortcuts I have now and give me one-key access to most of them. While developing in Microsoft Visual Studio, there are a lot of tasks that I perform regularly that require two hands and a bit of contortion to operate correctly. There's only so much I can do with changing the keyboard mappings, since I have more common tasks than buttons. An example is the default keyboard shortcut to debug all of a project's unit tests: Ctrl+T, Ctrl+A. This is easy enough to type, but it requires two hands and 4 keystrokes. Even if I wanted to simplify it, there just aren't many free buttons left to use.
This is exacerbated by the fact that I run my development inside of a
VMWare Fusion virtual machine on an iMac. OS X takes some of my precious keys away for its own use, and I don't want to give them all up. If you've ever looked at an Apple keyboard, you see that the function keys double as system keys for such things as volume control, Dashboard, and Exposé. Now I've got one more modifier key to worry about, the Fn key.
I thought the solution would be a second keyboard with a bunch of keys that I could map to different functions at will. But I wasn't sure how to do it. I didn't want to spend money on a specialized second keyboard, they can get expensive. I was looking for a way to plug in a normal keyboard and use it's keys as all brand new. I couldn't figure out how to do this because a second normal keyboard just duplicates the existing keyboard. Until I figured that out I installed a program called
Keyboard Maestro which at least let me use all of the extra keys on an Apple keyboard with Visual Studio (F13-F19, in particular.) But I was still running out of keys.
Then a product came to my attention called
QuicKeys. It has the ability to map separate devices to different actions. I tried plugging in another Apple keyboard, just like the one I already had and it seemed to work. But unfortunately, because it was the exact same type of device, QuicKeys kept losing the new mappings and it was a chore to get it working again. I had an older Bluetooth Apple keyboard in a box, which I dusted off and tried. It worked great, now I have a whole 78 keys that I can use for single-key access instead of the carpal tunnel inducing keystrokes I was using.
Only one problem. QuicKeys, for some reason, doesn't work with VMWare Fusion. When it sends keystrokes to Fusion the modifier keys (Shift, Ctrl, and Alt) get stripped off. Damn! I had just spent a few hours getting my new keyboard up and running and figuring out the QuicKeys mapping interface. I e-mailed support only to be told that the problem was VMWare, not QuicKeys (how many times have you heard that excuse?) That didn't sound right, because Keyboard Maestro worked just fine.
Aha! Wait, if Keyboard Maestro works maybe I could use it along side QuicKeys. An idea so crazy that it just might work. I set it up so that QuicKeys maps a keystroke from my Bluetooth keyboard to a keystroke that Keyboard Maestro then listens for and translates it for VMWare. An example through the Kludge-o-train:
The normal keystroke to build a project in Visual Studio is Ctrl+Shift+B. Not the simplest thing in the world to type, especially when you do it 5,000 times a day. So I used QuicKeys to map the second keyboard's B key to Shift+Ctrl+Cmd+B, and then Keyboard Maestro maps Shift+Ctrl+Cmd+B to Shift+Ctrl+B and voilà I can build my projects with a single hand easily. I use the Command key modifier for all of my QuicKeys -> Keyboard Maestro keystrokes because the Command key is rarely used in Windows with other modifier keys (it maps to the Windows key by default.)
My kludge is limping along just fine and I've even started to use my extra keyboard for other programs like iMovie and iPhoto. I'm in geek heaven.
Need administrator tools that aren't kludges? Try a 30-day trial of
Admin Arsenal.
Follow me on twitter @AdamRuth
Posted by Shawn Anderson on Fri, Feb 19, 2010
Here's the question that I posed to my Twitter followers last week (@ShawnAnderson):
Why can Domino's do minute-by-minute tracking of a $10 pizza but Dell can only say that your server is either "In Production" or "Shipped"?
Three weeks ago I decided to enhance my in-house lab with a server that could host about 20 virtual machines. Afterall, what better way to freshen up on newer products as well as enhance my blogs with step-by-step videos? Lastly, which perhaps I should have stated firstly, I wanted to add a little extra after-hours customer support for our Software Deployment tool Admin Arsenal.
About three hours after I placed the order I could see that my status was "In Production".
Fast forward 2 weeks. Dell is displaying the same "In Production" status. Has nothing changed in two weeks? Really? It's getting very close to the estimated delivery time, but no status change. Finally an email arrives at 2AM informing me of the delay.
Fast forward another week. I check status. No change. Bummer. It's 6:02 PM Friday evening. The kids are hungry, nothing had been prepared for dinner so I jump to Dominos.com and order pizza.
Maybe it's because I have Dell on the brain, but the online order process for my pizza was quite similar to ordering my server. As I selected an online coupon and started building my pizzas, I was reminded with a bright colored dialog box that my order had a problem, I had ommited the included 2-liter bottle of root beer offered on the coupon. I recall a similar shining notice on Dell when I was selecting the hard drives and had inadvertantly selected the wrong type for my desired configuration.
Way to go Dell and Dominos. You've both perfected the ordering process. So how about the production and delivery phases? Here's how it goes with Dominos.
6:05 PM, ordered online. Order accepted and in production. The pizza started preparation at 6:07 PM by someone named Dean (you can see his name at the bottom of the image).
Sweet. I let my wife know that I had ordered pizza (she was just preparing to send me a text asking me to do that very thing). I resumed my work, but I kept the Dominos website up to stay abreast of the status.
The next time I glanced at the screen it looked something like this (actually it looked exactly like this). Dean had removed the pizzas from the oven and was boxing 'em up.
With the next status change I learned that our delivery driver would be Bryan and that he had left the store at 6:26 with our healthy dinner in tow.
Let's compare this 24 minute Dominos experience with my yet-to-be-completed three week order with Dell.
Here's what the Dell status read after my order was placed and my purchase funds verified:
7 days later here is what my status read:
17 days after my order (and three days after my delay notice) here is what my status read:
And this morning, 18 days after my order was placed, and after two customer service calls where the reps were kind and professional but still could not see the cause of the delay, here is what I see:
But wait! That's not true. If I drill down into my order, I'll eventually see this:
Awesome! Let me get my shipping and tracking info. But when I click on the "Shipped" link I see this pop-up:
Oh, OK. I guess the "Shipped" link won't take me to my shipping information but will provide me with the English definition of 'shipping'. That's OK because I was a little unclear about what it meant.
Let's click on another link to get my shipping info. Ummm, how about clicking on the order number? (Do I dare click on this?) I'm a little worried that I will be sent to wikipedia for the comprehensive history of order numbers... but no where else to click, so let's roll the dice baby.
Alas! It takes me to my shipping detail page so that I can get my up-to-the-intersection status of my delivery... or not.
OK. I want to cut Dell some slack here. It changed status on a Friday night and they probably don't do weekend shipping for non-premium, non-enterprise, completely inconsequential customers (I mean that sincerely, by the way). So I would expect tracking info on Monday... oh wait, Monday is a federal holiday... so by Monday I mean Tuesday.
When I spoke with Dell they informed me that server would arrive before my delayed deadline. With the federal holiday looming that means that Dell will be footing the bill for 2-day shipping. OK. I'm good with that.
Dell really did have great customer service, but imagine what it could've been if Dell only followed Dominos lead on a $10 pizza.
OK - I admit that I don't need to know which person is working on my system at any given moment (though it's a cool feature and really humanizes a company). But a status that is as broad as "In Production" is useless.
There are too many phases wrapped in that definition. There is part ordering from within Dell, part ordering from vendors, part shipment from within or without the manufacturing plant, assembly, testing, and finally acceptance.
Imagine how cool it would be if I saw that my order was delayed due to short supply of 750GB hard drives. Even cooler would be if I could have interacted with Dell and opted instead for their plentiful stock of 1TB drives. The difference in cost would have been perhaps $200-$300 but could've saved me a week of waiting.
I don't know if delayed parts were the issue, and neither does Dell customer service. However, someone at Dell knows why my server was delayed, but in the era of instant data transmission that information is eerily absent.
Who'd of thought that a multi-billion dollar company that sells servers and workstations could learn from a... umm... multi-billion dollar company that sells pizza. OK, that's not as profound as I'd hoped.
But still... imagine the possibilities.
Need to install software remotely on all your Windows computers? Do it for free using with a 30-day trial of Admin Arsenal Software Deployment.
Windows Administrator? Follow me on twitter @ShawnAnderson
Posted by Shawn Anderson on Wed, Feb 17, 2010
Adobe has released new patches this week. These patches haven't caused near the stir as Adobe's previous release which is both good and bad.
Don't be vulnerable. Software deployment of patches is a snap. It's standard operating procedure. Most admins have the Windows Patch Tuesday down very well, but sometimes they struggle with other vendor security patches.
Thanks to Donna SecurityFlash for providing this list of the patches and their download pages.
We'll post a video on deploying these patches. The video should surface by the end of next week.
Here is the list of patches:
v9.3.1 - http://www.adobe.com/support/downloads/detail.jsp?ftpID=4640
v8.2.1 -http://www.adobe.com/support/downloads/detail.jsp?ftpID=4596