Naah, its to cover the failures because of course Microsoft can't program anything.
It very often seems that way. Here's the list from a whopping 20 minutes at a client site yesterday afternoon:
1- 2008 Server- "Delayed Automatic Start" of the Service for NIS service (Default MS-enabled startup property at install) seems to mean "Don't start this service at all" under some conditions - awesome, you've got an authentication process on an Active Directory domain controller that won't start- good thing you bought into a Microsoft-only single-sign-on solution! We won't even start on the two-way password change thing.
2- Error SECCLI 1202- 0x534: No mapping between account names and security IDs was done: Microsoft says
To find the friendly name of the GPO, use the Resource Kit utility Gpotool.exe. Type the following at the command prompt, and then press ENTER:
gpotool /verbose
But wait! there is no gptool.exe in Server 2008, and the one for 2003 won't run in 64-bit environments. Way to go Microsoft! Pull out the diagnostic tools! They're just trying to stop bloat- right? Good thing the customer bought into the whole MSDN thing so they could fix any issues they had...
3- The utility cacls.exe was replaced in Server 2008 by icacls.exe- but while cacls would let you set file permissions on an object for an object in a different domain, icacls seemingly doesn't have that capability- great update Microsoft! It's a security feature, right? Oh wait, you can manually add the SID, um- exactly what sort of feature is it now? Yeah, I'm feeling that kwality.
4- You can dump the user SIDs from an Active Directory with csvde, the SIDs are in hex. You can only pass a string format SID to icacls, and there's no included utility to convert between hex and string format SIDs. Yeah, that shows the quality foresight and planning done by Microsoft. Consistency- that's the key- now where are the bolt cutters?
5- New domain, new GPOs- for some users on some machines, the drive mapping policy applies. For the SAME users on DIFFERENT machines, the drive mapping doesn't happen- all the settings are good and all the policies are applied according to RSOP with gpresult. All the computer objects are new, nuking them and re-adding them doesn't change the situation. Yeah, that's real quality and consistency there- you want your group policy objects which contain your security policies to apply sometimes, but not all the time, that'd be booooring!
6- Same issues with folder redirection, but in different ways on different machines with different users. Yeah, I'm feeling all that good Microsoft programming. So's the client.
That's literally
20 minutes yesterday- the last two weeks have been filled with little bundles of Microsoft's semi-functional software quirks. If they can write good, solid, functional, consistent and reliable code they've not proven it with Server 2008, Service for NIS, Server for NFS, Active Directory, Group Policy Objects, ADMT, folder redirection or file system ACLs.
[Microsoft's "help" for ADMT was to send us a Powerpoint that's "Way better than the online documentation and what we use internally now!"]
Microsoft is a software vendor. I've worked for an ISV who wouldn't accept that sort of poor quality from a junior programmer with six months of experience, let alone entire teams of engineers and product managers.
You may be in love with Vista and may wear Microsoft footie pajamas to bed and dream of Steve Balmer's monkey dancing- but frankly the acceptance of such purely bad code is what's got computing in the state it's in today. That's ok though, I'm sure they're promising to fix it all in the next release- destined to be the "Best Windows Ever!"