I’m at a Residence Inn in Boston today, and just perused someone’s voicemail messages. I don’t need to say who’s messages they were, or their content but it was rather interesting. How did I do this? Well, nothing too hackerish or illegal. I actually listened to messages that someone decided to share out there.

This poor fool installed iTunes and let it be the default mp3 player on his machine.  He also didn’t change his preferences to require a password, or not share his music.  Which means that anyone on the same network as him, with iTunes running, can browse and listen to his whole library.

Where does the voicemail come in?  It looks like he’s using one of those fancy services that sends you your voicemail message as an mp3 file.  Or perhaps his corporate PBX does it.  In any case, he downloads his voicemails on his computer, listens to them, and then they remain in his iTunes library.

And when he plugs into the network at the hotel, everyone with iTunes can see anything he’s got in his iTunes library.  There was an interesting message from a company that wants to partner with his company that was 53 seconds long titled ’20101251614511956509.’  Given that its now May, I wonder if that partnership took place.

I should look it up . . . in the mean time, make sure you’re machine isn’t sharing anything you don’t know about.  I love Apple but they’re a little too ‘consumer friendly’ and definitely give IT departments a huge headache with things like this.

BTW – have you considered using Quest’s VAS to deploy out group policies to your employees’ Macs to stop them from using iTunes?  You should!

I had a client a long time ago (in 2007) ask if they can have a way to never re-use an account name.  They were looking at Quest ActiveRoles Server (google for it), and this was a key requirement.  Well, this would be very easy to do with the built-in policies if they kept their disabled users around.  However, they didn’t want to clutter AD with similar account names, and disabled accounts.  Which meant that QARS wouldn’t be able to check AD for uniqueness as the accounts would be wiped out.  I initially suggested they use an ADAM (now called AD LDS) store for this, and have AD include it in the scope.  However, but they thought it was too cumbersome for this task (and, honestly, it was).

So I had to come up with a scripted solution to get past this hurdle and still provide them a way to create unique names into perpetuity without leaving objects in AD or ADAM.  This question has come up again internally, so I thought it would make sense to publish this to the rest of the world for future reference. First is a recording of how to install the bits and show you how it works.  The short version is that it:

a. creates a table in the QARS database to keep track of every user name created as the account is being provisioned.
b. it installs a policy that checks the table from part (a) and generates a new user name based on the previous names in the DB.

The way the script is written (and this is what the client wanted), they wanted to create a user with first name, then last initial.  If that was taken, use the next 2 letters, 3 letters, and so on.  At some point, you run out of options, and have to resort to numbering.  Obviously, the script needs to be modified to meet your needs, and there are some great Professional Services people at Quest to help if you need it, but perhaps this sample is enough.

This post, as with all others, implies no warranty, and I do NOT support this solution (unless you wish to pay me) and is posted as an example of what is possible with Quest ActiveRoles Server.  If you have questions, please contact your Quest account manager about what support options are available.

Now . . . without further ado, here are the links you want.  First, here is a recorded video of the installation and usage:

http://www.idmwizard.com/quest//UniqueUserID/index.html

And here is the zip file shown in the video (albeit renamed – but you should be able to figure it out):
http://www.idmwizard.com/quest/UniqueUserID/UniqueUserID_policy.zip

Cheers,
Dmitry

(note: edited 2009-09-22 – changed some text and updated links to open in new windows and work properly).