David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small. I specialise in Windows Intune and SBS 2008.
This blog is purely the personal opinions of David Overton. If you can't find the information you were looking for e-mail me at admin@davidoverton.com.

To find out more about my Windows Intune BOOK - Microsoft Windows Intune 2.0: Quickstart Administration click here

To find out more about my SBS 2008 BOOK - Small Business Server 2008, Installation, Migration and Configuration click here

Browse by Tags

David Overton's Blog

Buy my books

Windows Intune:Quickstart Administration

This is the RAW book (Read as Written).
Click here for more information
Buy or pre-order today

SBS 2008 - Installation, Migration and Configuration

Small Business Server 2008 – Installation, Migration, and Configuration

Buy today in book or e-book form

Request a Review Copy



  • Windows Intune and firewalls / proxies

    We had this question circulate around at work, so I wanted to share.  Window Intune needs access to the internet.  This means that the services need unhindered access to the internet.  While for most of us, once we are connected, we are connected, some firewall / proxy devices require extra information to be entered into a browser and this is something that Windows Intune cannot deal with. Luckily, Richard at Windows Intunepedia has written about this and quite some time ago .  The key elements are: Ports 80,443 will be needed for outgoing communications and the firewall / proxy must be as follows: If the client computers exist behind an authenticating proxy server, you must configure the proxy server as follows: 1. Confirm that the proxy server supports HTTP and HTTPS. 2. Enable either Non-auth or Negotiate (Kerberos) authentication methods on the proxy. If your proxy server is using the Negotiate (Kerberos) authentication method then you must configure it to allow authentication using computer accounts rather than user accounts . This is because the Windows Intune client agents run using the LocalSystem security context not that of a logged on user. If it is not possible for your proxy to be configured in this manner the agents will not be able to report to that Windows Intune service while they are behind that proxy. More can be found from Richard at   Thanks David
  • Windows Intune Case Study - Ontario Systems, helping to prove Card Industry (PCI) Data Security Standard certification PC update reporting

    Ontario Systems is a larger Windows Intune reference with 350 employee PC’s to manage. They needed a better way to manage mobile computers and Windows Intune was the answer to their problems as it enabled them to manage these computers providing they were connected to the Internet and verify this management to enable PCI certification. The two most notable benefits (besides saving money) were: More control, better insight. With the ability to monitor PCs, distribute software and updates, and perform remote tasks from a single console, Ontario Systems has more control and better insight into its PC environment. The IT department will save up to an hour each time it delivers the software updates that employees need to work productively and securely. “Being able to use Windows Intune to issue a security update or remotely initiate a malware scan without interrupting our employees’ workday saves time for the IT staff and helps avoid hours of PC down time,” says Hughes. Better security compliance. By using Windows Intune to quickly produce detailed reports or grant security officers and outside auditors read-only access to the Windows Intune console, Ontario Systems will find it easier to comply with PCI data security standards. “We can produce security reports in minutes instead of half a day,” says Silverthorn. “And with read-only access to Windows Intune, auditors can run the reports they need by themselves, without tying up our IT staff for days at a time.” You can get the full case study material at Microsoft Case Study: Windows Intune - Ontario Systems .   ttfn David
  • How to get SBS 2008 to "fix" managing WSUS after you have manually upset it

    Today's post covers what to do when SBS says it no longer can change the WSUS settings from the console.  The exact message is "Windows Small Business Server Update Service is not running because it automatically turns off if you customize Windows Server Update Services (WSUS)". One way round this problem is to manually change all the settings in the WSUS console (from Administrator Tools, select Microsoft Windows Update Services 3.0 SP1) and change the settings as per instructions found at http://blogs.technet.com/sbs/archive/2006/07/13/441594.aspx .  I'm a sort of "quick fix" kind of guy, so the easier way is to go to the same tool, but then run the wizard.  The steps are: Start the Wizard   Click through the first two screens and set the updates to come from Microsoft Update Configure the proxy if required and press next.  Then press Start Connecting.  When done, press Next again. Select the language(s) you want to download Make sure "All Products" has been ticked Tick all the classifications - you can optionally leave out "Drivers" if desired Set the schedule - for me, 5am is a good quiet time on my server Tick to begin sync and press Finish.  Now SBS Console will be back on the case for you.   Ttfn David Technorati Tags: SBS 2008 , Small Business Server 2008 , Microsoft , SBSC
  • How to encrypt backups and optionally the system disks on Windows Server 2008 and SBS 2008 and Windows Vista too

    Hi, someone asked in the forums how if the backups on SBS 2008 and Windows Server 2008 were encrypted and the answer is no, even if the drives being backed up are BitLocker protected ( more details here ). However you can get encrypted backups with a bit of effort. To do this you will need to at least BitLocker enable your removable drives and optionally your system disk. I used the information at http://blogs.msdn.com/askdavid/archive/2007/06/08/enabling-bitlocker-on-removable-drives-usb-flash-drives-usb-hard-drives.aspx as a guide to putting together what I needed to do, so many thanks David Chandra for this. This same process can also be used on Windows Vista There are a couple of snags however and you need to work out which scenario you wish to have (if you have a TPM chip then option 2 & 3 can be replaced with entering a key into the TPM prompt: encrypt just the backup disks you will need to run a script each time a volume is added back to the system encrypt the system disk and the backup disks and you will need a USB key or key information to be entered every time you reboot the server encrypt the system disk and the backup disks, but store the system unlock information unencrypted on the server so you do not have to enter decryption information every time. Given the choices above the steps are as follows (they build from option 1 through to option 3): Option 1 Add BitLocker to the server Encrypt the Backup Hard Disks Add an unlock script Option 2 Prepare the system disk for BitLocker encryption Encrypt the system Option 3 Store the unlock key on the boot partition for automatic use Option 1 (encrypting the backup disks) You will need to repeat the steps below (excluding adding Bitlocker to the system) for each disk you want to encrypt. You can do this to an existing disk or a new disk. Add Bitlocker role To start this task we need to add the BitLocker role to SBS 2008. While BitLocker is built into Windows Server 2008 it is not installed. To install it start Server Manager from the Start Menu and then scroll...
  • SBS 2008 Forefront Virus protection for e-mail Errors or Warnings - “At least one of the engines enabled for update has not been updated in the last week” – how to solve

    My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront. I either had errors or at best warnings all the time about the scan engines. I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop. When I looked in the event log I could see errors like these below. Searching the internet delivered me the KB article http://support.microsoft.com/kb/939411/en-us which talks about timeout issues, however even with the recommended change things did not resolve themselves. Source: GetEngineFiles Event ID: 6014 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: AhnLab Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab Proxy Settings: Disabled Error Code: 0xC0001F58 Description: The operation timed out. Source: Microsoft Forefront Security Event ID: 7003 Level: Warning Description: Not all of the selected engines enabled for updates successfully updated at the last attempt Source: GetEngineFiles Event ID: 6012 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: Kaspersky5 Error Code: 0x80070102 Description: Unable to acquire the scan engine update mutex within the designated timeout period. The fix was to realise that the timeout value in the KB was still too slow. The KB recommended creating a DWORD called EngineDownloadTimeout in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server and setting the value to 600 decimal for 10 minutes. I’ve now set mine to 900 (384 hex) for 15 minutes and finally all the updates have succeeded. While the console has not shown the change just yet, looking at the events in the event log show that indeed everything is now up to date. ttfn David Technorati Tags: Microsoft , SBS 2008 , ForeFront , Security , Updates , Tips , Support
  • Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

    I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to update you on the Advance Notification of security update MS08-078 which will address a new vulnerability allowing remote code execution in all affected versions of Internet Explorer products. We plan to release this update on December 17th, around 10 a.m. Pacific Time (6pm UK time) through Automatic Updates and Microsoft Update. We encourage you to test and deploy this update as soon as possible. Our investigations of the known attacks have verified that they are not successful against customers who have applied the security update. You may be interested to know, that in response to the threat we mobilized security engineering teams worldwide right away to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight days. We also published the Microsoft Security Advisory 961051 . Microsoft's teams worked constantly to identify more options for customers and updated this advisory 5 times in six days. We remain committed to building secure...
  • Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC

    This is another question I was recently asked. One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN. The certificate looked something like this: This was a little strange as when the system was accessed from the intranet, all things appeared fine. The culprit for them was the SBS 2003 self signed certificate on the same machine. By removing the certificate and then installing the correct new one things got better. To remove the old certificate, start MMC.exe and accept the UAC prompt. Now press Ctrl+M to add a new snap-in and select Certificates and when asked, add for the user account . The do the same again, but select Certificates and Computer Account and hit OK to accept the current computer. Now expand out Personal Certificates and remove any SBS 2003 self signed certificates. To load the new certificates open a browser inside your SBS 2008 network and point to http://companyweb/Lists/Announcements/DispForm.aspx?ID=3 which should give you instructions and the URL. I hope that makes sense. ttfn David Technorati Tags: localhost.localdomain , SBS 2008 , Certificates , Tips
  • Important Microsoft security update – update your machines now!

    DavidOverton.com rebooted today due to an emergency security update – an “out of band” release from the normal “patch Tuesday” process.  It is worth considering updating and reboot your computers and servers asap.   More information on this can be found at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx .  Impacted systems below:   Operating System Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update Microsoft Windows 2000 Service Pack 4 Remote Code Execution Critical MS06-040 Windows XP Service Pack 2 Remote Code Execution Critical MS06-040 Windows XP Service Pack 3 Remote Code Execution Critical None Windows XP Professional x64 Edition Remote Code Execution Critical MS06-040 Windows XP Professional x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 Service Pack 1 Remote Code Execution Critical MS06-040 Windows Server 2003 Service Pack 2 Remote Code Execution Critical None Windows Server 2003 x64 Edition Remote Code Execution Critical MS06-040 Windows Server 2003 x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 with SP1 for Itanium-based Systems Remote Code Execution Critical MS06-040 Windows Server 2003 with SP2 for Itanium-based Systems Remote Code Execution Critical None Windows Vista and Windows Vista Service Pack 1 Remote Code Execution Important None Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Remote Code Execution Important None Windows Server 2008 for 32-bit Systems * Remote Code Execution Important None Windows Server 2008 for x64-based Systems * Remote Code Execution Important None Windows Server 2008 for Itanium-based Systems Remote Code Execution Important None ttfn   David
  • Configuring OneCare for Servers in SBS 2008

    The Console setup process ( Once SBS is set up, how to do the basic configuration through the management console ) sets up SBS 2008 for use. OneCare for Servers provide anti-malware capabilities and is an important part of the system integrity. SBS 2008 comes with a trial of OneCare and so far I’ve found it very effective. Setup today requires two updates that it downloads and applies itself: Notice that the initial configuration immediately informs you that you need to update Start the process, tell OneCare which country you are in and and accept the EULA. The download starts, updates and finishes If you have an activation key, or wish to purchase one you carry on through the process, switching to a web site to complete the process Note, DO NOT try to activate your trial in the Technical Preview unless you have already been provided with a key If you have been going through the Console in order then this is it baring the enabling of Office Live. Finally, all the SBS 2008 entries can be found at http://davidoverton.com/blogs/doverton/archive/tags/SBS+2008/default.aspx ttfn David Technorati Tags: Microsoft , SBS 2008 , SBS , Tips , SBSC , Small Business , Small Business Server 2008 , Community , Partner , Console , One Care , Security , Anti-Virus , Anti-spam
  • Why those Mac OS X vs Windows adverts are just so wrong … and so would the Linux vs Windows if they ran them

    What an amazing graphic … it talks about security issues and fixes. The nice “Apple” man seems to be hiding how many problems he has on his adverts :-) What is also interesting is how many issues are stilling being found on the various implementations of Linux. Obviously there is still more detail around this, so for the full rundown have a look at http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx . ttfn David Technorati Tags: Apple , Microsoft , Redhat , Ubuntu , Security , Updates
  • How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall

    I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security. A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too: Windows Firewall Settings: Optional Components Windows Firewall Settings: Remote Administration Tools Windows Firewall Settings: Server Roles Windows Firewall Settings: Services The two key entries for me are below – DHCP and DNS. Note that the DHCP entry has a wonderful tip saying that you will need to ensure is included in the scope of the acceptable ports – i.e. you can not just set the scope to local network only. This was my 1st mistake Windows Firewall: DHCP server Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server. Important: When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet . If you leave it set to My network (subnet) only , all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is , which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses. Windows Firewall: DHCP server On the DNS entry the thing which grabbed me was the ports other than 53 that were needed...
  • Understand the key security engineering activities that you need to be aware of in application development. Written by a Microsoft UK employee - "The Developer Highway code" as a download or a traditional book

    It you write code then you need to understand how to write secure code. If you want to understand how to write code that is secure by design then you need to seek the help of people who "have been there". Microsoft has helped thousands of people write applications that do not leak information and Paul's book has helped even more. The Developer Highway Code , written by Paul Maher of Microsoft, is a concise handbook that captures and summarises the key security engineering activities that should be an integral part of the software development process. This companion guide should be a must for any Developer, Architect, Tester etc. undertaking software development...The book is presented in easy to read checklist form, covering essential guidance on writing and releasing secure code. The book has been downloaded by over 100,000 people and over 20,000 actual books are out there ... and now it has been updated!! In case you are still not convinced, please read the following endorsements: “The developer highway code is an innovative guide for ALL developers across the United Kingdom. The weakest link in any Security solution adopted by our customers will be exploited by irresponsible criminals worldwide. The developer highway code empowers developers with the detailed knowledge and practical steps they should take to avoid Security compromises.” Nick McGrath, Director Platform Strategy, Microsoft Ltd. “Developers are a most critical component to a more safe computing experience for all computer users in the UK and around the world. Code written for a program or operating system, or process must be able to withstand the most aggressive attempts to ‘break it’. From games to mission-critical operations, secure code will form the base for success or disaster. The Developer Highway Code should be a required reading. Edward P Gibson, Chief Security Advisor, Microsoft Ltd WHERE CAN YOU GET THE DEVELOPER HIGHWAY CODE? Download full book only as a pdf or Download full book only as an xps Book eg Amazon - The Developer...
  • Latest news, events and downloads in the Security world from Microsoft - Windows Server 2008, Mobile, employee habits, Antigen, IPSEC, ForeFront, NAP, XP Firewall, System Center

    Each month the TRM blog product this great summary of the Microsoft world in various product areas. The blog can be found here http://blogs.technet.com/trm/ News Help your customers securely deploy Windows Server 2008 with the Windows Server 2008 Security Guide! http://go.microsoft.com/fwlink/?LinkId=92550 Every day, adversaries attempt to invade your customers’ networks and access their servers—to bring them down, infect them with viruses, or steal information about customers or employees. Your customers are looking to Microsoft and Windows Server® 2008 to help them address these threats. To assist customers in taking full advantage of the rich security features in Windows Server 2008, Microsoft has developed the Windows Server 2008 Security Guide. The Windows Server 2008 Security Guide provides IT professionals with best practices, predefined security templates, and an automated deployment tool to help strengthen the security of servers running Windows Server 2008. Supporting Your Family, Friends, and Neighbours http://go.microsoft.com/?linkid=8287993 By Steve Riley, Senior Security Strategist, Trustworthy Computing Have you become a support professional outside of the workplace? Read this article and learn how to discuss security with your family, friends, and neighbours to better help them stay safe and secure online. More Security and Control for Mobile Devices http://go.microsoft.com/?linkid=8287995 Learn how to add, manage, secure, and update Windows Mobile devices like you do Windows-based laptops and PCs. Microsoft System Center Mobile Device Manager 2008 provides robust security features and a comprehensive device management solution that helps safeguard your corporate data, reduce the cost and complexity of mobile deployments, and centralize and simplify Windows Mobile device management. Island Hopping: The Infectious Allure of Vendor Swag http://go.microsoft.com/?linkid=8287996 The technique of island hopping -- penetrating a network through a weak link and then hopping around systems within that network...
  • Small Business Server 2008 (formally known as Cougar) announcement

    Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also confirmation of some of the rumours around there. I've sliced the press release made today into 3 sections. This blog entry is based on the SBS 2008 section of which there is an extract below of some key points. The whole press release can be found at http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx . Windows Small Business Server 2008 Multiplies Business Growth Windows Small Business Server 2008,previously known by the code name “Cougar,” is ideal for organizations with up to 50 PCs, helping them protect business data, expand business productivity and present a professional image to customers. The new version adds a range of features and capabilities to the current, award-winning Small Business Server 2003 R2 product, and is also an example of Microsoft’s “software plus services” vision. For small-business owners and employees, Small Business Server 2008 provides increased security and protection with one-year trial subscriptions to Microsoft Forefront Security for Exchange Server Small Business Edition and the new Windows Live OneCare for Server, and with dramatically simplified server and PC backup technologies. Small Business Server 2008 also integrates with Microsoft Office Live Small Business to simplify setup and management of professional Web sites and private online work spaces. Enhancements to Remote Web Workplace, integration of Windows SharePoint Services 3.0, and support for the latest Windows Mobile devices will help employees work remotely and collaborate effectively. For IT managers and technology consultants, Small Business Server 2008 deployment, setup and administration is greatly simplified and improved. A powerful administration console, new monitoring across servers...
  • Windows Essential Business Server announcement

    Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also confirmation of some of the rumours around there. I've sliced the press release made today into 3 sections. This blog entry is based on the Essential Business Server 2008 section of which there is an extract below of some key points. The whole press release can be found at http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx . <snipped> Windows Essential Business Server 2008 for Midsize Companies Windows Essential Business Server 2008 is designed for the needs of midsize organizations with up to 250 desktops, helping IT professionals take control of their systems, reduce time spent “fighting fires” and focus more on strategic efforts to drive business growth. The solution includes built-in IT best practices and provides a unified console for management of key workloads and product licensing, which makes IT budgeting and purchase simpler and more predictable. Windows Essential Business Server combines the technologies of Windows Server 2008, Exchange Server 2007, Forefront Security for Exchange Server, System Center Essentials 2007, the next version of Internet Security and Acceleration Server and, in the Premium Edition, SQL Server 2008 technology. The product will be demonstrated on IBM BladeCenter S and HP BladeSystem c-Class c3000 hardware at the “Heroes Happen Here” launch on Feb. 27 in Los Angeles, and is slated for availability in the second half of 2008. <snipped> More information about Windows Essential Server Solutions is available at http://www.microsoft.com/essential and http://www.microsoft.com/presspass/presskits/serversolutions . Now much of this is a repeat of what we already know, but I felt I should share it: Based on x64 technology Capable from 25-250 users, so does...
  • "Windows Essential Server Solutions family of products" announcement

    Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also confirmation of some of the rumours around there. I've sliced the press release made today into 3 sections. This blog entry is based on the "family" section of which there is an extract below of some key points. The whole press release can be found at http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx . To help small and midsize organizations improve business efficiency, increase productivity and drive growth, Microsoft Corp. introduced the Windows Essential Server Solutions family of products, built on Windows Server 2008 and the newest Microsoft server technologies and services. The company also unveiled details about the newly named Windows Small Business Server 2008. The Windows Essential Server Solutions family includes Windows Small Business Server 2008 and Windows Essential Business Server 2008 for midsize companies. Microsoft conducted extensive research and gathered in-depth feedback worldwide to design the solutions, in order to meet the unique needs of small and midsize customers and partners. The products integrate the technologies of Windows Server 2008, Microsoft Exchange Server 2007, and other Microsoft products and services into all-in-one solutions that are reliable, easy to manage and able to grow with customers. “There are 31.9 million small businesses and 1.2 million midsize companies worldwide in need of powerful IT solutions, * and they typically have very small IT staffs, or none at all,” said Bob Kelly, corporate vice president at Microsoft. “Windows Essential Server Solutions make the benefits of enterprise-class IT accessible, affordable and simpler for smaller organizations and their technology advisors.” Windows Small Business Server 2008 Multiplies Business...
  • Security Vulnerability Research & Defence blog - worth a read for sure - eg MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities

    My background covers security and I've started reading this blog ( Security Vulnerability Research & Defense ) - it is excellent and definitely worth a read to understand how vulnerabilities work and how to mitigate them!! MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities Security bulletin MS08-001 addresses vulnerabilities described by two separate CVE numbers, as you can see in the bulletin. This post provides an overview of the two issues, the affected platforms and notes on the severity. We’ll be following this post up with two further entries that look at each issue in more detail. CVE-2007-0066 describes a vulnerability in parsing ICMP router advertisement packets. These packets are not processed by default on any supported version of Windows. If a computer is configured to process router discovery protocol packets and encounters this type of malformed packet, the Windows kernel will bugcheck (blue screen of death) and reboot. A separate blog post goes into more detail about the registry keys governing this behavior on each supported platform. CVE-2007-0069, the more serious of the two vulnerabilities, involves the way the TCP/IP stack handles IGMP protocol packets. Mark researched the exploitability of this issue and you'll find his research and more detail about the vulnerability in the next blog post. For those of you readers who are more visual, here's a picture describing the exposure of the vulnerabilities addressed in the security bulletin, by CVE: Security Vulnerability Research & Defense : MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities ttfn David Technorati Tags: Microsoft , Security , MS08-001
  • Windows Small Business Server 2003 at risk from critical flaw

    Hopefully everyone has seen this, but if not: Windows Small Business Server at risk from critical flaw Microsoft initially omitted Small Business Server from its list of critically affected OSes, but is now offering patches via its automatic update services In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows' networking software. The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product's users were being offered patches via Microsoft's various automatic update services. "Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure," Microsoft said in its updated bulletin. The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim's machine, which could then allow the attacker to run unauthorized code on a system. Windows Small Business Server at risk from critical flaw | InfoWorld | News | 2008-01-24 | By Robert McMillan, IDG News Service ttfn David Technorati Tags: SBS 2003 , SBS 2003 R2 , SBS , Security , System Updates
  • Make sure your Oracle based applications are being patched - it seems most don't bother! Then don't get complacent as 20% of Windows applications go un-patched too.

    It is funny. As people get more used to patching operating systems they seem to think that makes them bullet proof on the whole system, yet this is simply not the case. With Microsoft products people are used to patching them as needed to reduce the security risks on their systems. Others will sight that their systems are already secure and therefore don't need patching. I remember a few years ago watching the outcome of a Hackathon and the losing team lost not because of the OS security, but because of the application on top of it being unpatched and insecure. If you have an application that uses Oracle, check it is being patched and secured as in a single month Oracle have been known to release 40+ patches. Now before you go and pat yourself on the back for being so good at not having any Oracle systems, you might need to check your Windows applications are also patched. Fro the Windows patch story, look at One-fifth of Windows apps go unpatched - down from 28% last May, but still need to be careful Survey: Most Oracle professionals don't patch Tom Espiner ZDNet.co.uk Two-thirds of Oracle Database professionals are not applying critical patches, security company Sentrigo has found. In a survey of 305 Oracle professionals, Sentrigo found the majority did not apply the Oracle patches released in Oracle Critical Patch Updates. This leaves users' databases open to compromise, according to analyst company Canalys. When asked at various US Oracle User Group meetings last year, the Sentrigo survey found 67.5 percent of respondents said they had never applied any Oracle critical patches, and 90 percent said they had not applied the latest set of patches in the Critical Patch Update, which was released in October 2007. Users cited concerns over downtime and compatibility with applications as reasons not to patch. "On the face of it, these survey results look alarming," said Andy Buss, senior Canalys analyst. "Not patching can leave companies open to compromise. Companies need to get into the routine...
  • One-fifth of Windows apps go unpatched - down from 28% last May, but still need to be careful

    I like Secunia as an organisation. They present huge amounts of data that you can then pick into if you disagree with it. For example, ZDNet recently said that 2007 saw more serious security flaws for Apple OSX compared to Windows using the information provided by Secunia's web site. They also run a scan on people's PC to determin how good/bad they are and while things have improved - it is again too easy to be one of the people throwing things saying "I'm alright because I run Windows Update or applied Service Pack 1". One-fifth of Windows apps go unpatched Updates are available, but users haven't installed them, says Secunia December 28, 2007 (Computerworld) -- One in five applications installed on Windows PCs are missing security patches, a Copenhagen-based vulnerability tracker has reported. According to Secunia APS, more than 20% of the applications scanned by its Personal Software Inspector (PSI) utility were open to attack because available fixes for security flaws had not been applied. "More than 20% of all applications installed on users' PCs have known security flaws, but the users have yet to install the patch provided by the vendor of [the] product," said Jakob Balle, Secunia's development manager, in a post to the company's blog last week. The 20% figure was based on scans of more than 14.5 million applications installed on the Windows PCs operated by users who downloaded and installed Secunia's PSI. The utility scans for some 4,200 different applications and reports on their patch status. The 1-in-5 ratio, however, is an improvement over earlier PSI scans. Last May, Secunia said that 28% of the applications PSI scanned were missing available security updates. One-fifth of Windows apps go unpatched ttfn David Technorati Tags: Security , Patches , System Updates
  • Macworld - First Trojan reported for the iPhone

    Ahh, once again the joys of lessening the security on a device to enable modification or easier use shows its dark side. Once upon a time geeks could open and hack the software they bought and make their own world a better place. Now, more people do this without the knowledge of the risks they are taking or how to manage them. The result is that "other" things start to happen showing that the need for knowledge is even more important, especially with regard to security. First Trojan reported for the iPhone by Jim Dalrymple While not a huge risk, the first Trojan for the iPhone has been discovered. The first reports came from iPhone enthusiast site Modmyifone.com and were later confirmed by security research company F-Secure. <sniped> F-Secure reported that it was an 11-year-old kid playing with XML files who created the Trojan. “Next time it might be someone else with more skills and with specific target,” they said. Macworld | First Trojan reported for the iPhone ttfn David Technorati Tags: Security , iPhone , Trojan , Malware
  • Windows Server 2003 is beginning to feel left behind with the arrival of Windows Server 2008 inside the Microsoft datacenter - fun videos to watch and learn a few reasons why to use Windows Server 2008

    I saw these and they just made me laugh while sharing a few things about WS2008 vs 2003. Unlike some "new and improved" washing powders, Windows Server 2003 is a good product, but some key areas have been improved to meet people's new and different needs, such as more security, sharing of information, web based applications, minimal systems and virtualisation. The blog entry (which was obviously written before RC1 appeared, but posted afterwards) can be found at Windows Server Division WebLog : About Lone Server . If you want some fun, skip the soapbox video and look at the long video from the blog / link below. About The Lone Server Once I was almost famous. For years, my friends and I were on the front lines: we were the Windows Server 2003 servers that powered Microsoft.com, one of the hottest Web sites in the world. Then, early last summer, everything changed. Quietly, without warning, the new kids took over. Windows Server 2008. Yes, I know, the product’s not even done yet. These were Beta 3 servers, for Pete’s sake. Long way from prime time. But there they were, humming away. No problems. All of ‘em on Windows Server 2008. Except me. The last Windows Server 2003 left at Microsoft.com. Here’s a video (1:58) of my life today: And here’s a longer version (3:14), in case you have as much time to kill as I do: How can this be? If you’re like me (and I know I am), you probably wonder how a product that’s eight months away from shipping can be handed the responsibility of running something as big and important as the Microsoft corporate portal. Fact is, Windows Server 2008 was lurking around MS.com since back when they still called it Longhorn. Those early bits first took live traffic back in ’05. And since then, WS08 has been everybody’s favourite kid. They called it part of the development team. Said it was a prodigy. Given all the cool little jobs. But then, suddenly, to be given the whole enchilada? All of MS.com? While still in Beta friggin’ 3? Unimaginable, but there it was. My only hope is that...
  • How to Disable Internet features of Office 2007

    I saw this go around on a thread at work and I have seen it requested for those security conscious partners, so here is the answer (courtesy of Eric Ellis): 1) Via the Office Customisation Tool (OCT) and a custom MSP: — or — 2) Via Group Policy: The difference between the two is that using the OCT will preset the desired configuration during the initial installation (or in a maintenance mode change), but users can change the settings if they desire. Group policy enforces the desired configuration, and if a user makes a change to the setting, they will revert back to the settings defined in the policy during the next application session. ttfn David Technorati Tags: Office 2007 , Security , Internet , Group Policy , Office Customisation Tool , OCT
  • If you are a developer, what can Windows 2008 do for your developments... lots maybe

    Sorry to sound so vague, but I have to start by saying that Windows Server 2008 is a server platform, not a cure for cancer, so lets put it in perspective and set our expectations high, but not stupidly high expecting it to be revolution. Server 2008 is a quality evolution of Windows Server 2003 and extends and enhanced the Server 2003 offerings. However, if you plan on building applications for the future then Server 2008 will be the place to be. Microsoft have released a document called the "Windows Server 2008 Developer Story" that has a wealth of information on Server 2008 developer directions and how they combine to offer something greater than the sum of the parts. The download site describes itself as: Windows Server 2008 Developer Story An executable containing the Windows Server 2008 Developer Story The Windows Server 2008 Developer Story introduces users to new features of the Windows Server 2008 operating system by providing a cohesive story about how the features fit together to make a compelling platform for developers. The Developer Story topics explain how to take advantage of a new feature or solve a problem using the new Windows technologies. The topics include conceptual information for context and technical specifications for practical application of each scenario. This download contains the Windows Server 2008 Developer Story (ServerDevStory.chm). Download details: Windows Server 2008 Developer Story If you look inside the help file it loads then you get this list of the top 7 ways to take advantage of Windows Server 2008. Top 7 Ways to Light Up Your Apps on Windows Server 2008 Whether you are building Web applications or writing core server-based system services, Windows Server® 2008 provides many new features that you can leverage to build more secure, flexible, and innovative applications. Build More Flexible Web Applications on Internet Information Server 7.0 (IIS7) Extend IIS7 through modules New unified configuration model Administration capabilities using Microsoft.Web.Administration...
  • Office 2007 SP1 is here and it does more than just update the desktop - SharePoint gets AJAX for example

    I'm sure you have heard that the Office 2007 Service Pack is here. Darren Strange has documented what is in it and how to get it at Office 2007 sp1 ready for download today and OfficeRocker! : More detail about sp1 . In answer to Susanne's post at here , hopefully this post has some more info in it One of the little things he puts that I like is: Some other factoids about sp1 There are roughly 2500 fixes in SP1. This an average size for a service pack, but the issues fixed are very important to our customers. Almost 20% of those fixes are direct result of customer requests. Over 500 of those fixes focused on security. There are a total of 24 different releases in 38 languages. There are 683 distinct packages. All have released simultaneously today. If you get the whitepaper then you would be keen to see the information below. Notice that SharePoint amongst other things a developer update to support Ajax and that other server products (Groove and Project Server) are also updated. Stability Microsoft continues to improve its software products by listening to customers and acting on customer requests. With the 2007 Microsoft® Office system Service Pack 1 (SP1), Microsoft demonstrates this commitment by fixing at least the top five software bugs in each application that caused crashes, resulting in an even more stable product. The 2007 Office system SP1 also addresses many minor annoyances and distracting problems that users had to contend with in the initial release. Many of these minor usability and stability fixes are in response to customer requests as well. The following section lists summaries of some of the most notable stability improvements delivered with the 2007 Office system SP1. Access 2007 For third-party applications that use Data Access Object code to synchronize replicated information in a Microsoft Office Access™ 2007 database, Office Access 2007 no longer returns a run-time error that causes the application to close or time out. Communicator 2007 Microsoft Office Communicator 2007 now presents...
  • A comprehensive list of Microsoft Blogs and Web Resources about Security

    Ed Gibson pointed this out today - a "to be continually updated" list of Microsoft security blogs that relate to various products from Microsoft - Security Blog di Feliciano Intini : Microsoft Blogs and Web Resources about Security 1.0 Network Security 1.1 ISA Server ISA Server Product Team Blog 1.1.1 ISA 2000 1.1.2 ISA 2004 1.1.3 ISA 2006 1.2 Remote Access & Quarantine Services Routing and Remote Access Blog 1.2.1 ISA 2006 QS 1.2.2 Win2003 QS 1.2.3 Win2003 RAS/IAS 1.3 NAP Solution Network Access Protection Blog 1.4 VPN Solutions ISA Server Product Team Blog Routing and Remote Access Blog 1.4.1 Win2003 RRAS VPN 1.4.2 ISA 2006 VPN 1.4.3 Internet Application Gateway 2007 1.5 Wireless Security Windows Core Networking Blog 1.6 IPSEC Windows Core Networking Blog 1.6.1 Win2003 IPSEC 1.6.2 Server & Domain Isolation Solution 2.0 Host Security 2.1 Client OS Security 2.1.1 Windows 2000 client security 2.1.2 Windows XP security 2.1.3 Windows Vista security Windows Vista Security Blog Windows Genuine Advantage Blog 2.2 Server OS Security Windows Server Team Blog 2.2.1 Windows 2000 Server security 2.2.2 Windows Server 2003 security 2.2.3 Windows Server 2008 security 2.3 Windows Mobile Security Windows Mobile Team Blog 2.4 Security Update & Compliance Management solutions Microsoft Security Response Center 2.4.1 Windows Update, Microsoft Update & Automatic Update Agent Microsoft Update Team Blog 2.4.2 WSUS WSUS Product Team Blog WSUS 2.0 WSUS 3.0 2.4.3 SMS & System Center Configuration Manager SMS 2.0 SMS 2003 System Center Configuration Manager 2007 2.4.4 Microsoft Baseline Security Analyzer MBSA 1.2.1 MBSA 2.0 2.5 Anti-Malware Solutions (for host systems) Anti-Malware Engineering Team 2.5.1 Windows Defender 2.5.2 Forefront Client Security Microsoft Forefront Client Security Team Blog 2.5.3 Windows Live OneCare Windows Live OneCare Team Blog Windows Live Safety Center Team Blog 3.0 Application Security 3.1 Application & Platform Core Security...
  • Microsoft switching SharePoint to claims-based authentication - The Password is changing

    You've heard it before, well this seems to suggest that the password or AD based auth is just too wrong! So SharePoint is going as open as possible!! Microsoft switching SharePoint to claims-based authentication By John Fontana , Network World, 10/16/07 Microsoft is replacing the authentication system for SharePoint Server and plans to make the collaboration platform one of the first of the company’s marquee applications to rely on a new claims-based identity model . The goal is to have SharePoint incorporate an authentication model that works with any corporate identity system, including Active Directory, LDAPv3-based directories, application-specific databases and new user-centric identity models, such as LiveID, OpenID and InfoCard systems, including Microsoft’s CardSpace and Novell ’s Digital Me. Microsoft switching SharePoint to claims-based authentication - Network World ttfn David Technorati Tags: SharePoint , Claims-Based Authentication , Security
  • Hackers eye open source coding tools - are your development tools safe to use?

    Now this sounds familiar - compromise the dev tools and they compromise all products produced with them. Enterprises using open source software to engineer custom applications could be vulnerable to a newly discovered class of hack attack, a security firm claimed today. Fortify Software 's Security Research Group reported that so-called 'cross-build injection attacks' could allow a hacker to insert code into the target program while it is being constructed. The use of open source coding tools have opened the doors to "possible system-wide exploits", according to Fortify. If an attacker compromises either the server that hosts a component, or the DNS server that the build machine uses to locate that server, he could use these vulnerabilities to take full control of the build machine and possibly other machines on the remote network. Fortify discovered that, during the application build process, systems that automatically download external dependencies, including the popular Ant, Maven and Ivy tools, are particularly vulnerable. Hackers eye open source coding tools - vnunet.com ttfn David Technorati Tags: Security , Developer tools , Open Source
  • Windows is now getting too difficult to hack, so the hackers sights are moving elsewhere, but that does not mean security is now easier.

    I have heard many times how Windows is the big target for virus and phishing nasty people in general, but more and more people are showing that Windows is just too hard to hack when applications and other platforms offer so much more opportunity. From the article at eBay: Phishers getting better organized, attacking Linux Dave Cullinane, eBay's chief information and security officer said that in his previous job protecting a bank from phishers "The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes. Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected. Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine. " In the same article it also mentions: "We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based." Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks, said Iftach Amit, director of security research with Finjan Inc.'s malicious code research center. Now this might sound like a load of old "mine is better than yours", but there is much more to this. Oracle, who on the whole don't make that many products, released their latest set of patches, just 51 this month - http://techworld.com/applications/news/index.cfm?newsID=10369&pagtype=all , compared to a much smaller set from Microsoft. What is worth noting is...
  • From the Official SBS Blog - SBS now has a Best Practices Analyzer!

    You have seen the Exchange, SQL, Security and Windows best practice scanners, well now we have all that SBS expertise wrapped up into an SBS scanner - enjoy!! SBS now has a Best Practices Analyzer! The Microsoft Windows Small Business Server 2003 Best Practices Analyzer examines a server that is running Windows Small Business Server 2003 (Windows SBS) and presents a list of information and errors that administrators should review. The Windows SBS Best Practices Analyzer examines the server and collects configuration information from many sources including: Active Directory Windows Management Instrumentation (WMI) Registry Metabase After collecting information about server configuration, the Windows SBS Best Practices Analyzer verifies that the information is correct and then presents administrators with a list of issues sorted by severity. The list describes each issue and provides a recommendation or possible solution. System Requirements Supported Operating Systems: Windows Small Business Server 2003 (Any version of Microsoft Windows Small Business Server 2003) Links KB article http://support.microsoft.com/kb/940439 Download http://www.microsoft.com/downloads/details.aspx?FamilyId=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en So take a look and let us know what you think about it! (Feedback email address is in the KB article). The Official SBS Blog : SBS now has a Best Practices Analyzer! ttfn David Technorati Tags: SBS 2003 R2 , Best practices , If you only read one post today
  • Sometimes we need to remember that Windows is pretty good as far as security vulnerabilities go

    I saw this on good old X (part of the GUI stuff for Unix and Linux systems) and it reminded me that although these codebases have had millions of hours of review (I worked on X systems from 1992-1995 inside a security project) they still have holes in them. Anyone who thinks security is something that is fixed by more eyes, just using A/V or not using Microsoft can find many more of these sorts of examples. It is also nice to see that the Microsoft Secure by Default / Secure by Design project was well received at Sun :-) X Font Server (xfs) Security Hole in Solaris As noted in the ZDNet posting X Font Server flaw hits Sun Solaris hard , the recently announced X font server vulnerabilities not only affect Solaris, but are exposed to the network by default in some Solaris installs. What the article fails to mention is that it's only older installs that are vulnerable by default - Solaris versions up through Solaris 10 6/06 run xfs by default from inetd listening to the network. Solaris 10 11/06 and later Solaris 10 releases ask you at install time if you want your network services to default to being open or closed. Solaris Nevada/Express just closes them all by default and requires you to turn back on the ones you want. (These changes came from the Solaris Secure by Default project , which has more information on its project pages.) X Font Server (xfs) Security Hole in Solaris [Alan Coopersmith's Weblog] ttfn David Technorati Tags: Security
    Filed under:
  • WSUS on SBS and helping clients that think they are up to date, but WSUS does not

    I saw this posted internally and thought I would share. If you have clients that think they are up to date, but WSUS does not, have a look at this KB and also try these commands: 940357 An update is available to enable automatic approval of definition updates and to fix two problems in the Update Services component of Windows Small Business Server 2003 R2 - http://support.microsoft.com/default.aspx?scid=kb;EN-US;940357 and Wuauclt /detectnow /resetauthorization or wuauclt /reportnow from a cmd prompt on the client box (elevated if running on Vista) ttfn David Technorati Tags: SBS 2003 R2 , WSUS , Security
  • Securing ASP.Net applications

    Building Secure ASP.NET Applications: Data Access Security http://go.microsoft.com/?linkid=7243611 This MSDN article presents recommendations and guidance that will help you develop a secure data access strategy. Topics covered include using Windows authentication from ASP.NET to the database, securing connection strings, storing credentials securely in a database, protecting against SQL injection attacks, and using database roles. just a short one :-) David
  • SQL Security and SQL on Vista / Windows Server 2008

    Security Tip of the Month: User Account Control and SQL Server http://go.microsoft.com/?linkid=7243604 By Devendra Tiwari, Microsoft SQL Server Product Team User Account Control (UAC), a new feature in Windows Vista that helps administrators manage their use of elevated privileges, affects Microsoft SQL Server in terms of connectivity (SQL Server login) and in limiting access to resources on the administrators' access control list (ACL). This article discusses the impact of UAC on SQL Server and presents tips on how to run SQL Server applications securely in Windows Vista and Windows Server 2008. SQL Server 2005 Security Overview for Database Administrators http://go.microsoft.com/?linkid=7243606 This paper covers some of the most important new security features in SQL Server 2005. It tells you how, as an administrator, you can install SQL Server securely and keep it that way even as applications and users make use of the data stored within. Security Considerations for SQL Server http://go.microsoft.com/?linkid=7243607 SQL Server 2005 includes a variety of highly precise, configurable security features that can empower administrators to implement defense-in-depth that is optimized for the specific security risks of their environment. Access guidance about password policy, surface-area configuration, credentials, authenticators, and more. Security Considerations for Databases and Database Applications http://go.microsoft.com/?linkid=7243608 The SQL Server 2005 Database Engine helps you protect data from unauthorized disclosure and tampering. Learn about highly granular authentication, authorization, and validation mechanisms; strong encryption; security context switching and impersonation; and integrated key management. SQL Server 2005 Security Best Practices: Operational and Administrative Tasks http://go.microsoft.com/?linkid=7243609 This white paper covers some of the operational and administrative tasks associated with SQL Server 2005 security and lists best practices and operational and administrative tasks...
  • Bad anniversary - 25 years of viruses and malware

    According to the article at MSNBC, 25 years ago a 9th grader let loose a virus on his friends because they didn't like his practical jokes. It was the 1st wild boot sector virus and started a whole industry of security watching. The whole article is worth reading as it discusses the whole business and how it has moved from people wanting to be discovered as the malware was originally designed for notoriety, while now it is more for stealing cash or launching attacks and the writers would rather remain unknown. School prank starts 25 years of security woes First person to ever let loose a personal computer virus was a ninth grader Marcio Jose Sanchez / AP Rich Skrenta poses for a portrait in front of his first personal computer, the Apple II Plus, at home in San Carlos, Calif. Skrenta set loose the first computer virus in 1982 — when he was in ninth grade. NEW YORK - What began as a ninth-grade prank, a way to trick already-suspicious friends who had fallen for his earlier practical jokes, has earned Rich Skrenta notoriety as the first person ever to let loose a personal computer virus. Although over the next 25 years, Skrenta started the online news business Topix, helped launch a collaborative Web directory now owned by Time Warner Inc.'s Netscape and wrote countless other computer programs, he is still remembered most for unleashing the "Elk Cloner" virus on the world. "It was some dumb little practical joke," Skrenta, now 40, said in an interview. "I guess if you had to pick between being known for this and not being known for anything, I'd rather be known for this. But it's an odd placeholder for (all that) I've done." School prank starts 25 years of security woes - Security - MSNBC.com ttfn David Technorati Tags: Virus , Malware , 25th anniversary , security
  • SharePoint User Group Meetings in UK (Newcastle and Reading) in September

    I got this e-mail today from the UK SharePoint User Group. They have two meetings coming up, one in Reading and one in Newcastle. Since SBS includes WSS and you can easily load WSS v3 onto it too, here are the details: Newcastle - 10th September MOSS MVP and general all round nice guy Spencer Harbar will be presenting an evening of goodness for all that attend. Arrive 6:30 for a 7pm start 1st Presentation: MOSS Server Farm Architecture & Design. This session introduces the fundamentals of MOSS Farm design including server roles, topology constraints and design goals which are paramount for delivery of a secure, available and scalable MOSS hosting platform. Each server roles’ unique characteristics will be covered with their associated trade-offs. In addition, three common models will be presented with a discussion of their strengths and weaknesses. 20 minute food and drinks break 2nd Presentatoin: Top 10 Tips for your SharePoint Development Environment. This session will present 10 essential tips, tricks, tweaks or utilities for making your SharePoint Development easier and quicker. All tips can be used equally in a Virtual Machine or on a “real” server. Many of the tips are also useful for systems administrators working with SharePoint 2007 location: BT, Unit 7, room 3, Innovation Place , Delta Bank, Newcastle upon Tyne, NE11 9DJ Please post your full name here if you with to attend. Reading - 17th September The famous Patrick Tisseghem is over from Belgium so it seemed like a great opportunity to arrange a meeting. 1800 - 1830 arrive 1830 - 1930 - OBA, Office Business Applications Explained - Patrick Tissegham This talk provides an overview of Office Business Applications. OBAs connect Line of Business (LOB) systems with the people that use them through the familiar user interface of Microsoft Office. They enable businesses to extend the Microsoft Office clients and servers into business processes running in LOB applications such as Enterprise Resource Planning (ERP), Customer Relationship Management (CRM),...
  • Tool to modify UAC behaviour in Vista using Group Policy - BeyondTrust Privilege Manager

    I am one of those people who always leaves UAC enabled - I like to see when something (*cough* - Adobe Update - *cough*) wants to execute with admin privilege on my system and then get the choice as to whether to allow it or not. However, not everyone likes the choices that are presented by default with the GPOs ( Group Policy Objects ). Coming to the rescue are tools to help enhance these offerings, such as the Privilege Manager from BeyondTrust. Sometimes people forget that Microsoft is a platform for others to build on and this is no different. Their product enables pre-defining the responses to UAC based on a number of variables. While I have NOT tried the product, it is getting good reviews. You can however download an eval copy for free if you so desire. One thing to bear in mind is that when a tool like this is used, you weaken security - why, well, even if you use a SHA1 hash to work out if an application is safe or not, a clever hacker will use plugins, dll's etc to attack that product - it does not have to have the main .exe file to breach the security and once they are in, they are in. You can find out more about Privilege Manager from the FAQ at BeyondTrust | Privilege Manager FAQ , however a short snippet is below (which I have cut around, so there is much more under each section): Applications are targeted on the Application tab, which allows you to specify an application by one of several criteria. This includes: Path to an executable file supports wildcards and environment variables Folder of one or more executable files including wildcards and environment variables Hash rule SHA1 hash of the targeted executable file MSI Path rule target Windows Installer installation of specified packages MSI Folder rule ActiveX rule My gift to those of you who are UAC challenged :-) ttfn David Technorati Tags: UAC , Vista , Security , Group Policy
  • New blog "hackers @ microsoft"

    A new blog has opened at Microsoft called "hackers @ microsoft". As many people know Microsoft is very strongly involved in the security arena. Part of this is having people who have hacked or now hack against our products to understand how to make them more secure. This group of people know have a voice in the blogsphere. Welcome to a new blog from Microsoft. The focus of this blog is likely to be a little different from most other blogs you'll see on blogs.msdn.com. Microsoft employs some of the best hackers in the world and actively recruits them and develops them. They work on all kinds of projects, whether it be in development, research, testing, management and of course security. Of course, there is controversy even in the word " hacker " but I don't think that should stop us from using it in the manner I think is the most appropriate. At his or her core, a true hacker is someone who is curious and wants to learn how systems work. This can and of course at Microsoft is done in an ethical, legal manner. We employ " white hat hackers " who spend their time pentesting and code reviewing applications and software looking for weaknesses and vulnerabilities so that others don't once we've released that code into the wild. We employ many many smart testers who know more about some of our software then perhaps the architects who designed it. We also employ some of the top researchers in their industry, dedicated people working on the bleeding edge of whats going to be common place in the next 5 or 10 years of computing. So yes, Microsoft does have hackers, and its time to introduce you to some of them and show you what it is, exactly that they do. Generally most of the content you'll read and people you'll meet on this blog will be somehow related to security but not all by any stretch. -techjunkie hackers @ microsoft ttfn David Technorati Tags: Hackers , Hacking , Security , Microsoft
  • Web scams trick one in five US surfers - vnunet.com

    This applies to the UK as well as the US, however recent surveys which showed that people in the UK were prepared to give up their password for chocolate. Anyway, the rules are: If it seems to be too good to be true, it probably is You have not : won the lottery failed a bank security test had someone try to hack your account and you need to re-enter them had bad feedback on a site you have never heard of, or without your full name in the e-mail Got someone at a bank in another country wanting to give you some money If the mail is not sent to you and only you, then it is very, very, very unlikely to be real If the phishing scanner says it is a bad site, trust it unless you know that the address is the address bar is real, and then still don't enter personal information Even if they don't want your mail, handing over your personal details is telling them what they need to know in the real world. If you are asked to disable your system security, don't! Web scams trick one in five US surfers - vnunet.com Nearly one in five US adult surfers has been a victim of at least one internet scam, according a recent survey commissioned by Microsoft . Some 81 per cent of these victims admitted that they did something to compromise their own security, such as opening an e-mail message that appeared to be from a legitimate person or company. Security experts at Microsoft said that the biggest threats facing consumers online this year are criminals posing as trusted third parties to extract personal information. "Microsoft has witnessed a shift in criminal behaviour in the past year," said Adrienne Hall, senior director of communications and marketing at Microsoft. "The internet has changed the way we live, but many of the experiences that make the internet so valuable in our daily lives also require us to share information about ourselves that can present certain risks." Despite increasing media exposure and user education about identity theft and online fraud, many people are still not getting the...
  • Security is a journey, never a destination

    I was watching the Bourne Identity the other night and Marie asked "how did they find us", to which Bourne replied "we let our guard down, we got lazy". This is so very true for computer security - you can't stop updating your systems, updating your anti-malware tools, updating the firmware in your firewall and more. To highlight this I saw the article below. There was an operating system that claimed it did not suffer from the issues of needing constant TLC. Then 5 of the 8 community servers were compromised. Nice. Ubuntu Servers Hijacked, Used to Launch Attack Members of the Ubuntu colocation team suggest the attack could have begun with a Chinese IP address. The Ubuntu community had to yank five of the eight Ubuntu-hosted community servers sponsored by Canonical offline Aug. 6 after discovering that the servers had been hijacked and were attacking other machines. It was suggested during an IRC (Internet relay chat) meeting of the Ubuntu colocation team Aug. 14 that the source of the troubles might have been a Chinese IP address trying to log onto the servers by brute force "for a long time now it seems," said a participant. On Aug. 14, the community began to bring the machines back up in a safe state so that they could recover data from them. Unfortunately, according to Ubuntu Community Manager Jono Bacon, the servers were all found to be out of date, stuffed with Web software, and missing security patches—at least in the instances where it was easy to determine what version they're running. "An attacker could have gotten a shell through almost any of these sites," Bono wrote in a posting, regarding a change to location server policy that resulted from the incident. Ubuntu Servers Hijacked, Used to Launch Attack ttfn David Technorati Tags: Security , Linux
  • Are you an IT related architect (Office Business Application, Windows Server Security or Services Revolution aka SaaS) - if so then one of these events could be for you

    I've hung up my architecting gloves, but I still get the e-mails. I saw this and thought there were a few partners out there who would want to take advantage of the events. As a practising or aspiring architect, it's vital to keep up to date with the latest news and technological developments to make sure your work remains at the cutting edge. By attending a free Microsoft Architect Forum you'll learn how to get the most from your architecture and gain information to aid your architectural decisions. The Architect Forum series gives you free access to one-day events providing an expert overview of a specific topic as well as fantastic networking opportunities. To register for one of these events, follow the relevant link below: Office Business Applications Architect Forum - 13 September 2007, London Office Business Applications are an emerging class of application that helps businesses unlock the value of their line-of-business (LOB) systems and turn document-based processes into real applications. Office 2007 has expanded off the desktop embracing the concepts of SOA and leverage the fundamental shift to combining software plus services. In this forum we will discuss the architectural elements of the Office Technical Platform and discover how these elements can be applied across several business scenarios. Windows Server Security Architect Forum - 11 December 2007, Reading Security, alongside reliability and interoperability, is central to Microsoft's software design philosophy. Yet it is still an area where Microsoft is perceived to underachieve. However, security is a very broad term that can be used to describe a great many number of IT scenarios. In this forum we will discuss the central role of security in the architecture of Windows Server 2008 (codename Longhorn) in relation to Systems Management scenarios such as web and application management, high availability, and server virtualisation. The Services Revolution Architect Forum - 19 February 2008, Reading The first Internet-based services...
  • Windows Client (Vista and XP) - Active X installer service, Volume Activation Tool, Diagnosing XP crashes, modifying the boot configuration parameters

    If you use volume licensing with Windows Vista then you need to be aware of the tools to manage them - it is not as simple as it used to be as you now need a management tool inside the business. VAMT answers this as does Desktop Management. Then we have some webcasts on slow networks, diagnosing crashes in Windows XP (although many of the techniques work for Vista too), backup and restore in Vista, using the ActiveX installer Service and Boot config parameters VAMT 1.0 (x86) The Volume Activation Management Tool enables IT professionals to automate and centrally manage the volume activation process using a Multiple Activation Key (MAK). VAMT v1.0 is only available as a US-EN (x86) release. Best Practices on Managing Windows Vista Desktops Get best practice guidance for managing Windows Vista desktop operations. Windows Vista Service Life-Cycle Management (WVSLM) provides concise guidance to help minimise the total cost of ownership of desktop infrastructure. Process guidance and document templates help make service management concepts from the IT Infrastructure Library and the Microsoft Operations Framework tangible and easily implementable by focusing on a single and common IT service. http://go.microsoft.com/?linkid=7137227 TechNet Webcast: "The Network is Slow": Identifying the Cause of Slow Network Communications (Level 200) The Offline Crash Diagnostic tool for Windows XP is available - http://support.microsoft.com/?kbid=923800 TechNet Magazine: The ActiveX Installer Service in Windows Vista How do you secure the desktop against malicious ActiveX controls without limiting application compatibility? We'll take you on a tour of the ActiveX Installer Service (AxIS) in Windows Vista that addresses this issue with a new way to manage ActiveX controls. http://go.microsoft.com/?linkid=7137204 Discover How to Modify Boot Configuration Parameters In the Boot Configuration Data (BCD) Editor FAQ, find out what the BCD store is, why it was created, where it's located in the registry, how to modify it and...
  • Security for Windows Vista (understanding more about UAC), Networks, plus advice and guidance

    Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that User Account Control (UAC) is one of the most misunderstood new features in Windows Vista. But its goal -- to enable users to run with standard user rights -- can solve many security issues. Get an inside look at the problems UAC addresses and see exactly how this new feature works. http://go.microsoft.com/?linkid=6803653 Network Security Internet Protocol Security Enforcement in the Network Access Protection Platform This white paper describes the Network Access Protection (NAP) platform, how IPsec protects traffic, and how IPsec Enforcement in NAP provides system health policy enforcement for IPsec-secured communication. http://www.microsoft.com/downloads/details.aspx?FamilyID=144cc69f-790f-4f52-8846-3f3b8584d7cd&DisplayLang=en Introduction to Network Access Protection Read this white paper for an overview of the NAP business scenarios, an outline of the components of NAP, and a description of how NAP works. http://www.microsoft.com/downloads/details.aspx?FamilyID=5d5e243a-23a8-479c-9f2d-37d6d79153e7&DisplayLang=en Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab Test lab to demonstrate VPN NAP enforcement http://www.microsoft.com/downloads/details.aspx?FamilyID=729bba00-55ad-4199-b441-378cc3d900a7&DisplayLang=en General Microsoft Security Intelligence Report http://go.microsoft.com/?linkid=6755495 The Microsoft Security Intelligence Report provides a comprehensive understanding of the types of threats Windows customers face today so they can take appropriate action to help ensure they are better protected. The report highlights trends observed over the past several years, leveraging data collected by Microsoft between July 1 and December 31, 2006, from numerous sources including the Microsoft...
  • Malware Removal Kit from Microsoft, including a boot from CD solution

    Malware Removal Kit The Malware Removal Kit is a download from TechNet that provides you with excellent guidance and tools to help you restore PCs infected with malware. The newest Solution Accelerator from Microsoft, it provides free, tested guidance to help you combat malware attacks and restore infected systems - so users can safely get back to work. The kit shows you how to use the Windows Preinstallation Environment (Windows PE) to discover malware by performing a thorough offline scan of your computers, uncovering malware that may be hiding in the operating system. And once malware is located and identified, it can be quickly removed from infected PCs with a number of free anti-malware tools, like the Malicious Software Removal Tool from Microsoft. ttfn David Technorati Tags: Malware Removal , WinPE , Security
  • Windows Live OneCare 2.0 Beta - sign-up

    I saw on the OneCare blog that a new beta is out this can be signed up for at Windows Live OneCare 2.0 Beta . I like OneCare - while it has it cranky moments (like I have to manually remove the old product to install the beta) it works better than some others I could mention without killing my machine or network. It is the product that I have bought for my home to protect it. According to the sign up site, this is what OneCare does. Windows Live OneCare 2.0 Beta - All-in-one security and performance for all your PCs Windows Live OneCare is an automatically self-updating PC care service that's on whenever your PC is on, helping provide persistent protection against viruses, hackers, and other threats. It also performs regular tune-ups to help keep your PC running at top speed, and helps you back up important documents. Runs quietly in the background, providing anti-virus, anti-spyware, online identity and scam protection (anti-phishing) and firewall protection Updates itself to help you keep ahead of the latest threats Runs regular PC tune-ups, even checking for ways to shorten PC boot-up time Provides one-click solutions to most problems Makes backups a breeze Lets you see the status of all your computer systems at a glance As for improvements on the Blog they say: Here’s a quick overview of the new features we’ve added to OneCare version 2.0 to help keep users’ PCs and networks safe, reliable and performing well: Multi-PC and home network management. Helps ease management of multiple-PC environments by providing a single navigation bar for monitoring the security and maintenance of networked computers. Also enables one-click actions to resolve issues among computers within a home PC network. Printer sharing support. Makes it easy to connect printers to local networks so all users in the vicinity can use the same printer. Start-time optimizer. Speeds PC boot time by removing rarely used applications from start-up menu. This helps to address one of the noticeable areas of frustration for PC users as time goes on...
  • Microsoft Security products - Forefront and the next version codename Stirling

    I have grabbed these security tit-bits from Technet this month and thought I would share them with you. Expect to be playing with Forefront in one form or another with a year, so might as well see what it does now :-) Microsoft Unveils Next-Generation Forefront Business Security Solution Codename "Stirling" http://go.microsoft.com/?linkid=6951832 Announced this month, the new Microsoft Forefront solution, codename "Stirling," is a single product that will deliver unified security management and reporting with comprehensive, coordinated protection across client, server applications, and network edge. "Stirling" acts as a distributed system, sharing and correlating information to identify complex threats, and dynamically responding to protect the organization. Microsoft Forefront Client Security 120-Day Trial Is Available http://go.microsoft.com/?linkid=6959785 Microsoft Forefront Client Security 120-day trial version is available for evaluation, a security solution that helps protect business desktops, laptops, and server operating systems from viruses, spyware, and other current and emerging threats. - Read how other IT professionals use Forefront Client Security http://go.microsoft.com/?linkid=6959833 - Take the virtual labs http://go.microsoft.com/?linkid=6959834 - Download the trial software http://go.microsoft.com/?linkid=6959835 Microsoft Security Awareness Toolkit http://go.microsoft.com/?linkid=6951861 Guidance, samples, and templates for creating a security-awareness program in your organization. Microsoft Forefront Server Security Management Console Beta 2 Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen. http://www.microsoft.com/downloads/details.aspx?FamilyID=2048daae-b9f2-4612-ada9-51537a5479ca&DisplayLang=en Microsoft Forefront Server Security Management Console Beta 2 User Guide Forefront Server Security Management Console allows administrators...
  • Vlad Mazek - "What is service management" and "how to avoid being hit by a truck when it is most inconvenient"

    I love Vlad's straight talking. If you get a chance read the whole of the blog entry Vlad Mazek - Vladville Blog » Blog Archive » Windows Server 2003 SP2 EEULA & CYA because as far as I am concerned he is preaching to the converted. I will stand by my view that Service Packs are tested as much as possible, but you need to do your own validation (see Who should test software and service packs - I think vendors,customers and partners - others thi ) to ensure that your application vendor is also happy to support their products on that service pack. If you only have MS products, check the release notes AND SUPPORT.MICROSOFT.COM as both may well have important information. I've extracted part of Vlads process to avoid a bloody head - read his post for more as people like Susan Bradley wishes she had :-) However, a part of me wonders just how heavy the rock was. You know, the one that he was under since Microsoft started releasing service packs. As painful as the above is to read, and as painful as this process has been for him, this outlines the fundamental lack of respect for change management we have in the IT industry. First , where is the full backup of the server that this was done on. At the very least this would have allowed him to take the server back to the last known good configuration. Second , where is the test system on which he checked Act 6.0 for compatibility? Third , never change more than one thing. If you installed the Service Pack and it broke things, do not proceed to install drivers (that likely have not been tested with the said service pack) and do more exotic changes. Fourth , test, test, test, test. Forget about the stuff you should have done before you patched, too late to setup a test vm, too late to do a full backup, too late to check the app vendor for advisories related to the patch, too late. You’re patched, there is a whole new world on your network. Isn’t the first thing to check all the workstations and rerun MBSA, performance testing, reset the performance counter on both...
  • Microsoft Webcast: Security Intelligence Report Debrief: July to December 2006 (Level 200) - Thursday, June 14, 2007 8pm UK Time

    I saw this and wondered if anyone wants to attend? Microsoft Webcast: Security Intelligence Report Debrief: July to December 2006 (Level 200) Thursday, June 14, 2007 12:00 PM Pacific Time (US & Canada) This public webcast is designed to bring you up to speed on some of the latest threats that Microsoft’s customers and partners are dealing with today. The webcast is presented by the former vice president of the Anti-virus Research and Vulnerability Emergency Response Team (AVERT) for McAfee, Vinny Gullotto. For the past year Vinny has been working as the General Manager of the Microsoft Malware Protection Center (formerly known as MSAV). Please feel free to attend the webcast and to invite customers and/or partners as well. Simply use this link to register: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032340085&Culture=en-US ttfn David
  • Sean Daniel on "Where's my next version of SBS?" - Cougar as was known

    I was browsing Vijay's blog and notices a link to Sean Daniel's blog discussing Cougar. While there are many details of Cougar still to be released and some I would imagine still to be decided, here are some of the most interesting things he said: There will be a migration too that will take you from your current SBS to Cougar on ANOTHER BOX. We are still working on this solution. The SBS Backup solution is being completely re-vamped. However, we have made the full switch, and the backup solution will no longer support backing up to tape. Using snapshot technology, the backups will be extremely quick using incrementals that can be scheduled as often as every 30 minutes. A copy of NTBackup will be able to extract files from the old SBS 2003 format, but no new data can be added. Cougar will need to be installed behind some kind of firewall and the single-NIC model will be the only mode. You must use a firewall in front of the SBS box, this can be a hardware router type item, or a software firewall such as ISA. There is more at SeanDaniel.com - SBS 2003 and Technology Discussions: Hey! Where's my next version of SBS? , however I thought that was interesting enough to start things off. ttfn David Technorati tags: Cougar , SBS , Backup , Migration , ISA , x64
  • "Vista, XP Users Equally At Peril To Viruses, Exploits" and then a lengthy retort from Roger A Grimes including the comment that the number of vulnerabilities over a given time for OSs were XP-28, Vista-11, Max OSX-101

    I have been RSS feed and news hunting and found this review in IT Channel News stating that Vista was no more secure than Windows XP. Then I read how things seemless slipped onto the system and I started to get frustrated that they must have turned off every security feature in Vista to get the results. There I was about to write a WTF reply when I found a HUGE one by Roger. There also seemed to be some confusion that Microsoft also still recommends anti-virus software for Vista. I tell people to buy AV software and not some complete "take over everything on your system" suite. Rogers reply is worth reading for sure - Microsoft is far from perfect, but turning off all the security features and then saying it is no more secure is just a little bit silly too. If you look at the number of found vulnerabilities in Windows XP (28) vs. Vista (11) this year, Vista wins again. If that seems like a lot, don't forget Mac OS X has had 101 in the same time period. Cute commercials, but not necessarily a stellar reason to dog Microsoft about. In conclusion, I'm not sure why you choose to run a story that paints Windows Vista as no better security-wise than Windows XP? Sincerely, Roger A. Grimes, Sr. Security Consultant Microsoft ACE Team Author of Windows Vista Security: Securing Vista Against Malicious Attack Review: Vista, XP Users Equally At Peril To Viruses, Exploits - Software - IT Channel News by CRN and VARBusiness ttfn David Technorati Tags: Security , Mac OS X , Windows Vista , Windows XP
  • How to configure SQL Server 2005 to allow remote connections on Windows Server 2008 (Longhorn) / Windows Vista

    Just a quick one - I was playing around with SQL2005 on my Longhorn server and I could not connect from a remote machine - Ahh I thought, the firewall is in the way, but it turned out I had to do 3 or 4 things to get things working. The Microsoft KB article that pointed to the light was How to configure SQL Server 2005 to allow remote connections which covers how to enable the firewall for the 2 programs you need and so on. When you try to connect to an instance of Microsoft SQL Server 2005 from a remote computer, you may receive an error message. This problem may occur when you use any program to connect to SQL Server. For example, you receive the following error message when you use the SQLCMD utility to connect to SQL Server: Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. This problem may occur when SQL Server 2005 is not configured to accept remote connections. By default, SQL Server 2005 Express Edition and SQL Server 2005 Developer Edition do not allow remote connections. To configure SQL Server 2005 to allow remote connections, complete all the following steps: Enable remote connections on the instance of SQL Server that you want to connect to from a remote computer. Turn on the SQL Server Browser service. Configure the firewall to allow network traffic that is related to SQL Server and to the SQL Server Browser service. Well, the above is all well and good, but we also need to remember that in a Vista and Longhorn setup the "admin" accounts do not have admin control over the database, so you may well also need to run the SQL 2005 Surface Area tool that enables you to add administrators I also found I had to enable network connections by going to the SQL Server Configuration Manager and enabling TCP connections on my IP v4 network. ttfn David Technorati tags: SQL , Vista , Longhorn...
  • Changing the way that Vista User Access Control (UAC) works in Vista by group policy

    James gave me some hassle the other day for not referencing his blog (which is a valid thing to do), so I thought I would point out this post as it will end some of the gripes of people out there. Using Group Policy you can change the following: User Account Control: Behavior of the elevation prompt for administrators User Account Control: Behavior of the elevation prompt for standard users User Account Control: Elevate on application installs User Account Control: Run all users, including administrators, as standard users User Account Control: Validate signatures of executables that require elevation User Account Control: Virtualize file and registry write failures to per-user locations More information from James Blog at Views on Windows Vista : Can I customise UAC? . ttfn David Technorati Tags: Vista , Group Policy , UAC , Security
  • Windows Hacktivation (or Activation) Trojan Horse / Phishing scam

    I saw this and for a change decided I needed to blog on something about Symantec. The story is simple - a program pretends to be Windows Activation and asks for a credit card to prove ID. IT IS OBVIOUSLY NOT A MICROSOFT TOOL, but I am sure some people might presume it is. For more information, have a look at the eWeek and Symantec sites: Symantec is reporting on a Trojan horse that mimics the Windows activation interface. Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don't enter the credit card information it shuts down the PC. How to clean it - Symantec writeup Source: Top Threat: Windows Hacktivation ttfn David Technorati tags: Security , Activation , Phishing
  • May security updates for Server DNS and Office 2003/2007 and IE7. Also Quicktime needs an update

    I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution MS07-029 Critical Windows 2000 (server), Windows Server 2003 Remote Code Execution Summaries for these new security bulletins may be found at the following pages: http://www.microsoft.com/technet/security/bulletin/ms07-May.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://go.microsoft.com/fwlink/?LinkId=40573 High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS) Microsoft is also releasing High-Priority...
  • From the The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

    I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store. 1. Connect to your OWA site by going to https://host.domainname.com/exchange FOR THE REST OF THE INSTRUCTIONS PLEASE FOLLOW THE LINK TO THE SOURCE BELOW Source: The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista ttfn David Technorati Tags: Vista , Certificate , SBS
  • Installing WSUS 3.0 on SBS White Paper Released, including when you already got WSUS on there, or need to upgrade

    I thought you should be aware of this WSUS 3.0 on SBS White Paper Released [Today's post comes to us courtesy of Chris Puckett] WSUS 3.0 has released. You can download it here . For information on installing WSUS 3.0 on your SBS 2003 SP1 or R2 server, check out the Installing WSUS 3.0 on SBS 2003 whitepaper. The issue blogged in February 2007 regarding Vista updates not synching in SBS 2003 R2 has been fixed in WSUS 3.0. If you experienced performance issues like high cpu usage by svchost, a UI hang and long scan times, the new new WUA client included with WSUS 3.0 addresses these issues in combination with the MSI update in KB 927891 . It’s important to note that the new client is only a partial solution for the svchost/msi issue and clients must have both KB 927891 and the new 3.0 client installed for a full solution. Source: The Official SBS Blog : WSUS 3.0 on SBS White Paper Released Having looked at the whitepaper it seems it covers the following areas: Install WSUS v3 on 2003 SBS SP1 and R2 (when to press cancel) Upgrading Windows Small Business Server 2003 with Service Pack 1 to Windows Small Business Server 2003 R2 while running Windows Server Update Services 3.0 (uninstall WSUS 1st and then re-install the database) Uninstalling and reinstalling Windows Small Business Server 2003 R2 components on a server that is running WSUS 3.0 (uninstall WSUS 1st and then re-install the database) ttfn David Technorati tags: SBS 2003 , SBS 2003 R2 , WSUS v3
  • Got SBS Premium (or an ISA firewall) and Vista customers - you will need the updated ISA Server Firewall Client

    Just a quick note to say that if you have a SBS customer who has some PCs with Vista then you will need the updated ISA firewall client. You will need to go to this page - ISA Server Firewall Client Firewall Client for ISA Server Brief Description Firewall Client for ISA Server installs the Firewall Client software on 32-bit and 64-bit computers running supported Windows operating systems. It is also worth noting that the install script will look something like this \\Servername\shared folder\SETUP.EXE /Q /P "SERVER_NAME_OR_IP=Servername ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1" Note this will almost certainly force a reboot due to the changes in the Winsock stack. ttfn David Technorati Tags: ISA , ISA Firewall client , SBS , SBS Premium
  • Changing Vista boot screens and opening yourself up to rootkits (or not)

    I love people who want to customise WIndows Vista and some of my previous posts have covered this, however you can go too far - you can hack the OS. While I understand the desire to "hack" the OS to get customisations, there are better ways. This particular example is where people want to change the boot screen in Vista. The ability to do this will be coming from StarDock soon, but until then people have taken to modifying the existing OS files. THERE IS ALWAYS a change that by downloading someones customised file to your PC and it being loaded so early on in the boot process that it could do nasty things, especially since these files are in now way certified by Microsoft. A classic example of this can be found here when people want to change the boot logo - this could easily be a social engineering attack. The instructions tell someone to remove the access and security permissions from a core system file, overwrite it with one that might make the system look prettier during boot, but who knows what else will happen as a result of the change? This is also known as a trojan horse - as you accept it through the gates on the assumption that it is a gift from the gods, but infact inside it has lots of the enemies troops. You have a choice - compromise your system security or wait until StarDock release thier boot screen changer. Is it really worth risking the integrity of your system for a pretty graphic for a few seconds during startup? http://www.myvistaboot.com/Joomla/index.php?option=com_frontpage&Itemid=1 Changing the boot screen: http://tweakvista.com/article38970.aspx Boot screen logo generator: http://www.neowin.net/forum/index.php?showtopic=527262 ttfn David
  • Symantec "Microsoft Listed as Most Secure OS"

    Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it is out there then the more likely it is that it will be used, however always nice to see that MS is trying hard and while not perfect, is doing better than other people who throw stones at MS. Of course, Windows also has more in it, so being better with more features in the box is even nicer and this is across all versions of Windows, not just the latest (Vista) for example. I think it shows that the IT industry has more work to do in this area - as Ed the Fed said - "this is a journey." Surprise, Microsoft Listed as Most Secure OS By Andy Patrizio UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec ( Quote ), no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors. The information was a part of Symantec's 11th Internet Security Threat Report . The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems. The report found that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006. <snip> During this period, 39 vulnerabilities , 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them . It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily. <snip> Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix ...
  • BBC News Online | Technology | Decoys fix quantum key swapping

    As some of you might know, my background was in Security for a while and I studied how Quantium keys and security could be used while at University (RHUL for those who want to look it up, although for me it used to be called Royal Holloway and Bedford New College, University of London). Anyway, quantum keys and entanglement were the talk of the days and how bullet proof they were. Well now it appears that they might not be quite so amazing, or at least our ability to use them without leakage. Anyway, I saw this at the BBC technology site and it is nice to see that there is a light at the end of the tunnel :-) Decoys fix quantum key swapping British scientists have found a way to fix a vulnerability in quantum cryptographic systems. If left unpatched, the flaw would make it possible to grab information about the keys used to scramble information without being detected. The flaw emerges because of the way that laser diodes emit the photons of light used to carry quantum key data. Using decoy photons, researchers can spot when attackers are eavesdropping on secure communication channels. Source: BBC News Online | Technology | Decoys fix quantum key swapping ttfn David Technorati tags: Security , Quantium
  • How to start an administrative (or elevated) command prompt and tell if you got it right (in Vista)

    I have had a few people tell me that they have had problems getting an administrative command prompt up and running in Vista. If you have done it correctly then a windows will open just like the one to the left. Notice that it has opened into the X:\windows\system32 directory and that it has the title "Administrator: X:\windows\system32\cmd.exe. Anything else and I would be suspicious. The process is simple - do either of these Click Start , click All Programs , and then click Accessories . Right-click Command Prompt , click Run as administrator or Click Start Type cmd into the search box and wait for Command Prompt or cmd.exe to appear in the list Press CTRL-Shift-Enter Either way, you should get an User Account Control (UAC) prompt appear with a BLUE banner on the top - press Continue here. For more information on User Account Control go to here ttfn David Technorati tags: Windows Vista , Elevate , run as Administrator , Vista Ultimate , Security
  • Help us to shape next-generation 64-bit technology - from Microsoft Partner Newsletter

    Help us to shape next-generation 64-bit technology We are shipping a private beta of our upcoming 64-bit server for medium-size businesses, codenamed 'Centro', and we're looking for partners to test the technology and give us feedback. The server, which is an x64-only version of Longhorn targeted at smaller enterprises, will integrate Exchange 2007, System Centre Essentials, SQL Server 2005 and ISA Server. To sign up to the beta programme, go to http://connect.microsoft.com/ , click on 'Invitations' (in the left-hand navigation) and sign in with your Windows Live ID (Passport ID). Then enter the following invite ID; Extr-GHBC-JCJM. You will be asked to take a short survey. When you have completed the survey you will receive an email from MsftConn@microsoft.com . If you don't already trust this address, please add it to your trusted email addresses. More information on the beta programme More information on Centro Technorati tags: Centro , Beta , Exchange 2007 , System Center Essentials , SQL Server 2005
  • Windows Vista Security "Guide", why Jim Allchin doesn't use Anti-Virus software for his son and why some people just don't want to have improved security unless you pay them for it.

    OK, so I saw that the Vista Security Guide ( http://blogs.msdn.com/windowsvistasecurity/archive/2007/01/05/windows-vista-security-guide-1-2-released.aspx ) had been updated - it is worth knowing more about the security model in Vista, how we protect against some threats and how it might impact your applications (eg if a non-admin application wants to send UI information to an admin one), Group Policy, Settings etc. Now, while security is important, so are the basics, like turning on the auto-updates, firewalls and anti-malware software. Well, MS now supplies a great anti-spyware product built into Windows in the form of Defender and the firewall can now be configured on outbound comms as well as inbound if you want, but no AV in the product. So, you need a 3rd party AV product (or Windows OneCare)... well, Jill Allchin, who delivered the Vista project for all of us does not use one for his son's machine.... http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/19/windows-vista-and-protection-from-malware.aspx Then having been through all of this, there are some who want to take the great steps forward in Vista that allow Jim to do this and put us back 6 years and have a company that makes money by keeping the fear up and security quality down. One of the great progresses in Vista, even if you do notice it most when setting up, is the UAC control, so why would you want to outsource it to a programme that can be fooled? More info at http://www.windows-now.com/blogs/robert/archive/2007/01/10/symantec-anti-uac-product-is-a-very-bad-idea.aspx ttfn David
  • What do Small Businesses worry about in IT?

    I just saw this re-sent internally and the data is quite UK centric, so: 63% of small businesses put data back and privacy as a top priority 7.6% of UK small business software spending was on Anti-Virus, in 2006 they planned to spend 10% more on data security - Source AMI 2006 50% of small businesses have as a priority to deploy in house or hosting data back up and disaster recovery (AMI) ttfn David
  • Do you want to beta test Centro, the big brother to SBS based on Longhorn by becoming a TAP partner?

    It is strange how some things are so different and yet so similar. If I was to talk to you about a product from Microsoft that ran Windows, Exchange, SQL and ISA and had some management capability then you might think I was talking about SBS, but this time, that is not so. This time I am talking about the grown up brother - codename "Centro". We are looking for a few good men (or women) to test this and potentially even roll this out with some customers. This is not something to just say yes to without actually being able to test it somehow, but if you think this is you, then here are the details: Windows Server "Centro" Technical Beta and Technology Adopter Programme Microsoft are shipping a private beta of its upcoming 64-bit server product for midsize businesses, codenamed "Centro. The server, which is an x64-only version of Longhorn targeted at smaller enterprises will integrate together Exchange 2007, System Centre Essentials, SQL Server 2005 and ISA Server. We are urgently looking for Partners to give us feedback on Windows Server “Centro”. If you have a partner who is willing to test some next generation technology then please ask them to sign up to the Beta. Centro will provide IT professionals in midsize businesses with simplified, guided installation across multiple servers, using a single administration console that will provide a unified view of the network . That will include providing consolidated alerts and automated wizards. Centro, which is due out in 2008, will also provide integrated license reporting aimed at making it easier for IT professionals to track the licenses used in their company. How Partners sign up to the Beta: Go to http://connect.microsoft.com , click on Invitations sign in with their Windows Live ID (Passport ID) and enter the following invite ID; Extr-GHBC-JCJM . They will be asked to take a short Survey. Once they complete the survey they should look for an email from MsftConn@microsoft.com . If you don't already trust this address, please add it to your trusted email addresses...
  • The SBS Diva spots why your workstations (and sometimes your SBS servers) are spiking at 100% CPU this month after the patches (yes, it is the Update services)

    Updated 08:07am 12th January - the blog title used to suggest this was a server issue - Susan pointed out that this is a client / workstation issue much more I had to blog this one - if you are seeing CPU spiking when patches are being installed, go look at http://msmvps.com/blogs/bradley/archive/2007/01/10/on-patch-tuesday-if-you-are-seeing-a-spike-in-cpu.aspx ttfn David
  • ISA 2004, meet Vista, Vista, meet ISA 2004 client so that you can now work!!

    If you are using Vista and ISA, you will be used to getting a compatibility warning when the client loads. Well, this KB and download gives you a time when that is no longer the truth :-) From the joys of Susan B's blog View article... .. How to obtain the version of Firewall Client for ISA Server (December 2006) that includes Windows Vista support: http://support.microsoft.com/kb/929556 Finally the ISA firewall client that will support Vista is out today and there's a new WSUS category to boot! As always, be careful when playing with your systems ttfn David
  • Need Norton Anti Virus for Vista - get the beta then

    I have just seen that the beta for AV and security software from Symantec is now available for download . As one would hope, it comes with the following information: What is a Beta? A “beta” is a pre-release version of a Symantec product that is available for public testing before the final version is released. Through public testing, we can evaluate how the product performs in “real world” environments and collect valuable feedback from you. We want you to tell us what you like and don’t like about the product and report any problems to us directly. Be among the first to experience the new features and functionality of our latest products. Current betas: Norton Internet Security 2007 Vista Public Beta Norton AntiVirus 2007 Vista Public Beta Norton 360 All-In-One Security Learn More
  • Need a machine to practice or simulate Windows Server, Exchange 2007, SQL 2005 or ISA 2006? Download the pre-configured VHDs for these virtual machines

    I am sure you have seen these already, but if not, these are great tools to help when you quickly need a machine to test something on, or spend longer learning about a product. I know you can get the disks in the action pack, but then you have to load it up on a PC or VPC - this saves you all the trouble. Windows Server 2003 R2 Windows Server 2003 R2 helps to simplify branch server management, can improve identity and access management, helps to reduce storage management costs, provides a rich Web platform, and offers cost-effective server virtualization. In this VHD, you'll have the opportunity to road-test new and improved features and functionality of Windows Server 2003, including management and usability enhancements to Active Directory. Exchange Server 2007 Learn how to take advantage of key features of Exchange Server 2007. This VHD provides an exploration of Active Directory and the new features in Exchange Server 2007, new features in Outlook Web Access 2007, enforcing compliance and retention policies in Exchange Server 2007, and more. SQL Server 2005 SQL Server 2005 is data management and analysis software that helps deliver increased scalability, availability, and security to enterprise data and analytical applications while helping to make them easier to create, deploy, and manage. In this VHD, you will get to experience many of the new features in SQL Server 2005. ISA Server 2006 VHD This download comes as a pre-configured VHD. ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing users with fast and secure remote access to applications and data. For a complete list of Microsoft products and technologies in a VHD, visit the VHD Download Center . Source: Run IT on a Virtual Hard Disk
  • Windows Defender released to market - free Anti-Spyware product

    Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected and minimizes interruptions and helps you stay productive. Now with 2 free support incidents for Windows XP and Windows Server 2003. Source: Windows Defender home The product has the following features: A redesigned and simplified user interface – Incorporating feedback from our customers, the Windows Defender UI has been redesigned to make common tasks easier to accomplish with a warning system that adapts alert levels according to the severity of a threat so that it is less intrusive overall, but still ensures the user does not miss the most urgent alerts. Improved detection and removal – Based on a new engine, Windows Defender is able to detect and remove more threats posed by spyware and other potentially unwanted software. Real Time Protection has also been enhanced to better monitor key points in the operating system for changes. Protection for all users – Windows Defender can be run by all users on a computer with or without administrative privileges. This ensures that all users on a computer are protected by Windows Defender. Support for 64-bit platforms, accessibility and localization - Windows Defender supports accessibility and 64-bit platforms. Microsoft will release localized versions including German and Japanese soon after the availability of the English versions. Delta definition updates - Windows Defender now downloads smaller delta definition updates when possible which reduces the time required to download and install definition updates. Customers can expect shorter download times when updating their definition updates. Free Limited Support - As a part of our commitment to the security of our customers, free support for installation, configuration, definition update, detection and removal errors will be available for...
  • Microsoft blocks 'Black Hat' Vista hack

    I remember when this story 1st broke - that someone had found a way to use cpu virtualisation technology to provide the ultimate "root kit" to steal information from Vista (although this would work for any / every operating system). One little niggle was that the user had to install the nasty, which required admin access, so a UAC security prompt was part of the "process" of the seamless install. Then came the uproar about the 2-yr old technology of PatchGuard, which stops the hooking and replacing of certain x64 kernel APIs to make it harder to attack the system and blocks another set of routes for non-virtualisation based root kits. The noise about this was because some Anti-Virus vendors felt it was their right to modify the kernel in anyway they wanted and this access would obviously be used by both good and bad people. A compromise has been reached, so hopefully systems will be protected and AV vendors will be happy. The final piece is the changes that have been made to stop the virtualisation attack. Once again the changes have raised eyebrows, but overall, I suspect it will lead to secure systems. Link to Microsoft blocks 'Black Hat' Vista hack | CNET News.com ttfn David
  • IE7 Installation and Anti-Malware Applications - why you should turn them off for the install!!

    I saw this and because IE is coming soon, thought you might like to read this! IE7 Installation and Anti-Malware Applications A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation. Along with copying IE7 files to your system, IE7’s setup writes a large number of registry keys. A common way anti-malware applications protect your computer is by preventing writes to certain registry keys used by IE. Any registry key write that fails during setup will cause setup to fail and rollback changes. We work around the problem in most instances by checking permissions at the beginning of setup, but many anti-malware programs monitor the key rather than change permissions. Therefore, setup thinks it has access when it starts, but then fails when it later attempts to write the key. The majority of users likely haven’t seen any such problems even with anti-malware enabled because we work with third-party vendors to identify IE7 setup as ‘safe’ based on something like digital signatures or file hashes. While this could lead us to remove the recommendation to disable anti-malware apps, we’ve decided to leave it in setup because a number of factors may still cause some customers to have this problem. Specifically: With all the anti-malware apps available, we don’t want to assume all of them work just because we haven’t heard of a problem yet. Even anti-malware apps we’ve tested sometimes require the latest definition updates. If a user doesn’t have the latest definitions, he or she may still hit a problem even though we consider the issue resolved. Failed installation is an awful user experience so we take every step to reduce the chances of setup failing. I hope this helps answer some of your questions. John Hrvatin Program Manager Source: IEBlog : IE7 Installation and Anti-Malware Applications
  • Windows Live OneCare safety scanner: Free online tool for PC health and safety

    This has been around for a while, but it is no longet in beta - scan a PC to see how it is doing! Get a free PC safety scan Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC. Check for and remove viruses Get rid of junk on your hard disk Improve your PC's performance Fix specific PC issues Use the full service scan to check everything. To help fix particular problems on your PC, turn to the individual scanners below. Protection Clean up Tune up Source: Windows Live OneCare safety scanner: Free online tool for PC health and safety
  • E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Now remind me again why it's a bad thing to exclude other vendors from the Kernel?

    There was me ranting on security yesterday and then I spot this post by Susan that says it all Link to E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Now remind me again why it's a bad thing to exclude other vendors from the Kernel? enjoy David
  • Vista and security - are Microsoft doing the right thing?

    This is something I have thought long and hard about and as such I have to caveat things by saying this is my opinion and that I am no more informed than any other member of the public or IT community. Having said that, I have done my time as a Windows Developer and even once worked on emulation systems such as Wine. These protections will be coming to all OSs - so Vista, Longhorn, SBS - all of them! I really think this is some of the worst mud slinging I have seen in a long time and much is wrong! So what have I seen in the Press. McAfee and Symantec have complained that they want the ability to ignore the APIs in Vista and bash at the Kernel directly for security services. However, Kernel code has to be signed for the integrity of the system. Microsoft will not stick to the rules above and will gain advantage by using unknown APIs That the security prompts and center can not be turned off That Microsoft is right to make these changes and want to increase the integrity of the system As someone who once worked on a large secure project I recognise the types of controls Microsoft wants/has to put in place on the Kernel - something that has been around since Windows XP 64-bit addition based on Server SP1 (yes it was). When you have a look at all the nasties out there, some (rootkits often) place drivers on the system to do the "hiding" from you. A driver sits in the kernel and can see and change almost anything that goes on in there - if you are compromised in the Kernel, they you are hosed!! You will never know it and your tools will tell you everything is fine. If you allow some people to not obey these rules, then the dishonest ones will not be hindered by it. Yes it can be disabled, but why would you as a user want to turn it off? I even saw someone say that the Kernel is where the holes are, so it is important that rather than fixing the issues, MS was better off leaving it to others. Well, why not have Ms produce a better kernel and then most users would be happy. Second, long, long before I worked for Microsoft...
  • KB for SBS and your customers - MS06-055: Vulnerability in Vector Markup Language could allow remote code execution

    I almost feel that I don't need to publish this, but even though the next round of patches is just a day away, you need to think about this one too. MS06-055: Vulnerability in Vector Markup Language could allow remote code execution View products that this article applies to. Article ID: 925486 Microsoft has released security bulletin MS06-055. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: IT professionals: http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx Source: MS06-055: Vulnerability in Vector Markup Language could allow remote code execution ttfn David
  • Installing the Windows SBS 2003 R2 Premium Technologies

    This simple guide covers what you need to know to install the Premium Technologies. Installing SQL Server 2005 Workgroup Edition You can install SQL Server 2005 Workgroup Edition as your database for a business application. Additionally, you can upgrade the instance of Microsoft SQL Server Desktop Engine (Windows) (MSDE) that is used by Microsoft Windows SharePoint Services if you want to be able to search document libraries in your company's internal Web site. For step-by-step instructions about how to install SQL Server 2005, download the file sqlinstallsteps.htm below. Installing ISA Server 2004 You can install ISA Server 2004 as the firewall for your local network. For step-by-step instructions about how to install ISA Server 2004 with Service Pack 1, download the file isainstallsteps.htm below. Installing FrontPage 2003 You can install FrontPage 2003 on one computer in your Windows SBS network and then use FrontPage to create or modify your Internet Web site. Note It is recommended that you do not install FrontPage on your computer that is running Windows SBS 2003 R2. You should install it on another computer in your network instead. Download details: Installing the Windows SBS 2003 R2 Premium Technologies ttfn David
  • Want to play with Vista, but don't want to install it - Welcome to the Microsoft Virtual Lab for Windows Vista

    I have had a few people say they don't have the resources to load and explore Vista, but wanted to see more. Well now you can explore all the following subjects without leaving your desk or loading a DVD. The Vista lab covers the following areas: Microsoft Virtual Lab Express: Exploring New Functionality in Internet Explorer 7 Using System Image Manager to Automate Windows Vista Installations Windows Vista: Image Engineering Configuring Windows Firewall with Advanced Security Exploring New Group Policy Settings in Windows Vista Exploring User Account Control in Windows Vista Migrating User State from Windows XP to Windows Vista Managing Windows Vista and Windows Server Longhorn Network Bandwidth with Policy-based Quality of Service Managing Windows Vista Using New Management Technologies Source: Microsoft Virtual Lab: Windows Vista Enjoy them! ttfn David
  • How patching should be done for all servers and clients - by Susan Bradley (super Jedi)

    I still fear Susan and what she would do if I ever made a serious security blunder. Luckily for me, I haven't yet. I also love the way she tells you the way it should be and makes it easy. I went through the process of evaluating my patches and then installing those I thought were needed (I do have some Office components on my test server, but I am hoping she will let me off for that). I was thinking on how to write this up when I say Susan's entry The risk evaluation of patching and saw she put it exactly how I would have done. What is my message - use her process and your customers will be as safe as can be expected. In fact, I applied the IMF patch immediately, which resulted in Exchange being offline for a few minutes, which when using Outlook 2003 or 2007 is no biggie at all. ttfn David
  • BitLocker is very secure, so how can you prepare for when you or your customer looses their key / password so their disk is not turned to mush?

    I have been asked this before - how can someone recover information if they forget their BitLocker password. One of the things that Bitlocker does now is offer a recovery mechanism. This is not something that can be done post a failure, but at the time a disk is encrypted. This is documented on the Bitlocker Team's blog at Open Sesame: BitLocker Recovery Passwords . ttfn David
  • If you are interested in the Full Disk Encryption(BitLocker&trade; Drive Encryption) feature in Vista - it has been made over

    This tool has been made over, simplified and is now far less confusing. While the full capability to re-partition the disk if required is not automated, the info at BitLocker™ Drive Encryption Team Blog : BitLocker Makeover also provides RC1 step by step instructions too. ttfn David
  • Windows XP SP1 support is ending in October

    Support Ends for Windows XP Service Pack 1 http://go.microsoft.com/?linkid=5159878 Effective October 10, 2006, support for Windows XP Service Pack 1 (SP1) will end. After this date, Microsoft will no longer provide any incident support or security updates. To enhance the security of your computer and to continue receiving updates, we recommend upgrading to Windows XP Service Pack 2 (SP2). To learn more about this upgrade and the free technical support provided to download and install the service pack, visit the Web site http://go.microsoft.com/?linkid=5159908 . You know the answer, if your customers are not on XP SP2, time to move them up. ttfn David
  • Small Business Security Guidance (Windows Clients and Peer to Peer networks)

    These documents are slightly old, as in published in late July 2006, but very much worth a read and a potentially useful as a checklist for those customers without servers in their environment. Protecting Client Computers from Network Attacks.doc Securing Remote Clients and Portable Computers.doc Securing Windows XP Professional in a Peer-to-Peer Networking Environment.doc Link to Download details: Small Business Security Guidance ttfn David
  • Small Business Security Guidance (via Group Policy)

    These are a little old, as in published on 21st July 2006, but still great step by step guides on how to ensure that servers and clients connected to them are secure. They do not just look at SBS 2003, but also Windows 2000 & Windows Server 2003 server environments too. How to Configure Windows Firewall in a Small Business Environment using Group Policy.doc How to Configure Windows XP SP2 Network Protection Technologies in a Small Business Environment.doc Securing Internet Information Services 6.0.doc Link to Download details: Small Business Security Guidance ttfn David
  • Vista could create 50,000 jobs in Europe

    Recently there has been discussion about Vista in Europe around security - some to-ing and fro-ing around if there will be a requirement to ship a version without security features. While all this stuff has been going on, there has also been some discussion around the impact of Vista on the European economy. Vista could create 50,000 jobs in Europe | Tech News on ZDNet European Launch of Windows Vista is on Track ttfn David
  • Want to understand more about BitLocker (drive encryption) in Vista and how to set it up?

    Vista has loads of features, but for those small businesses who think that spending the small amount extra to get Software Assurance for the Enterprise version or Ultimate Edition to get the disk fully encrypted, so that even with physical access to the machine the disk is still unreadable, this is the info you need. I don't see all small businesses needing this, but for those that do, here is how to set it up and understand what it is doing. http://www.microsoft.com/downloads/details.aspx?FamilyID=90c3a9c7-e324-404d-afad-e8f52885419d&DisplayLang=en ttfn David
  • Microsoft acquired Win Internals (SysInternals.com)

    http://www.microsoft.com/presspass/press/2006/jul06/07-18WinternalsPR.mspx This is a bit of old news, but I have not reported it. There has always been a set of amazing tools that were usable to diagnose inside Windows, they were sold from a company called WinInternals, who then produced a set of free tools on the web site http://www.sysinternals.com . These tools I normally use are below. I use them for those questions like "what file is failing to load", or "where is it looking in the registry" or "what process is using all the CPU". Filemon This monitoring tool lets you see all file system activity in real-time. MoveFile Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files. PageDefrag Defragment your paging files and Registry hives! PendMove See what files are scheduled for delete or rename the next time the system boots. Autoruns See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process TCPView See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView even displays the name of the process that owns each endpoint. Includes a command-line version, tcpvcon. Regmon This monitoring tool lets you see all Registry activity in real-time. Winobj The ultimate Object Manager namespace viewer is here. Enjoy the tools and expect to see more as these become MS items. ttfn David
  • Do you use Business Critical Support - did you know you need to re-register each year now?

    This one was a bit of a surprise to me, but my Dad, who is an IT Consultant phoned me up to explain that when he range business critical support for a customer down situation he was told that his registration had lapsed. He then had to go through a process to re-register before his call could be processed - and this all took valuable time. I put this down to my Dad's unique way of finding problems with systems, however the very next day I got a mail from another partner who hit exactly the same thing, so think of this as a warning, go give yourself the ability to call MS Support without them charging you when your customers are "down". To get more information and registration information (it is not a long process honest), go to Register for free- Business Critical Telephone Support for registration and http://www.microsoft.com/uk/partner/tech_support/b... for information. Once you are set up, you MUST note your Support ID - this is the magic that will make it work when you need it. ttfn David
  • Two Windows Vista events next week in London and Reading

    11 September 2006, London: Windows Vista System Integrity Technologies Windows Vista will ship with several new system integrity technologies, including code integrity, secure start-up, service hardening, mandatory integrity control and Internet Explorer protected mode. In this session, Steve Lamb explores how these technologies work to thwart malware's attempts to take over your computer. 14 September 2006, Reading: What's New in Administering Vista? In this session, we will examine Group Policy functionality improvements that have been made with Windows Vista. We will describe the new and updated features and how these help to alleviate the problems that were present with previous versions of Windows. ttfn David
  • UK Partner Technical Specialists... Who are they, who were they?

    So I WAS a PTS and now there is a different team, but Susanne has blogged on it, so go read her blog on who they are now and learn what I used to do :-) I am obviously above being part of that elite group, but I am still here for the community. They do cover a wide range of technologies and solutions from Microsoft, so they are a great place to get information, visit blogs and see what is what. If the PTS do not cover the technology you want, then as a member of SBSC you get access to managed newsgroups (which means you get prompt answers from MS people and the community). Now, the photo on the left is a bit old, but we were having a nice time out on the town - so much so that we had a drink or two - and I studiously took the photo, so I am not in it. My head was so muddled that when they found Keira Knightley in the bar, they got her autograph on someone's hand and rather than going downstairs with a camera and taking a snap, I snapped the autographed hand !! ttfn David
  • Short chance to offer feedback on the Vista Security Guide

    The Vista Security Guide will be released to Beta on September 6 th exclusively through Microsoft Connect. It will be available to anyone who signs in at https://connect.microsoft.com/InvitationUse.aspx?ProgramID=820&InvitationID=VSG-P74P-BFTH&SiteID=14 . The Beta period will extend for just three weeks, during which we’ll be accepting and triaging bugs and comments. To support this Beta release, the development and program management teams will deliver a LiveMeeting on Wednesday September 6 th . Details are below. We want to welcome as many customers and partners into the Beta as possible to gather the most feedback and ensure that we ship a customer-driven solution. With that in mind, feel free to forward this information to anyone you think might benefit from attending the session. We’ll be describing the guide, how we developed it, the best way to use it, and one really cool new tool that can save lots of time in the test and deployment phases. We will also take questions at the end of the presentation, so this is a great opportunity for customers to directly interact with the security guide team. Livemeeting details: Topic: Windows Vista Security Guide Abstract: The Vista Security Guide in now in Beta! This session reviews the structure of the guide, discusses some of the old and new approaches for deploying security configuration, and demonstrates how the guide leverages some of the new security technologies built into Windows Vista. Date and Time : September 6, 2006, 8 am – 10 am PT To join this Live Meeting up to a half hour before the session starts, click here . ( https://www.livemeeting.com/cc/microsoft/join?id=5TNM3W&role=attend&pw=6379 ) Live Meeting FAQ Installing Live Meeting Install the Windows-based Meeting Console before your meeting: http://r.office.microsoft.com/r/rlidLiveMeeting?p1=7&p2=en_US&p3=LMInfo&p4=DownloadWindowsConsole
  • USATODAY.com - Cybercrooks constantly find new ways into PCs

    I was reading this article and it reminded me of a few things. Sometimes when sitting in the Microsoft camp we say how good / bad others are at security, but rarely reflect on what people need to do and why. When there is a known issue with a package, I suspect many don't go to a test environment and pull the patch apart, many just do a quick test on 1 pc and then deploy wider. Obviously SBS 2003 R2 makes this process easier as you can now control the deployment and retraction of patches via the console. It also reminds me that it a patch is needed, it is really a mute discussion on how many issues it fixes, reboots or any other aspect - if your systems are vulnerable, you need to patch of mitigate. To do neither is inviting huge issues - and I have seen plenty of customers with issues. What I did also see was a comparison table showing that systems often thought to not be at risk, such as those by Apple, can still be very susceptible. When a security issue exists on a system, it does not matter if 1 or a 100 people are gunning for you, you will be got. It is a bit like the human body - just because you have some medicine and some vaccinations, if you miss a preventative medicine and then get exposed to the illness, you will get ill. If each month there are 1 or 100 issues with your security, they will all be tested, so you need to patch them all, on any system from any organization. It is nice to see that MS does not top the list, even when including Office, Windows, Media Player and IE all in 1 go. Obviously for info on R2 go to the SBS website , for Security patches, visit the security site and finally, for general advice, try the http://www.getsafeonline.org . ttfn David
  • How to get content filtering (anti-virus, anti-spam, anti-malware), archival services, DR / Continuity and Encryption services for your SBS box at a great price

    As many of you know, I have always argued that MS online services only serve to complement our other solutions. One classic example of this is the Hosted Exchange Services - now before you run around with your fingers in your ears shouting "LALALA", have a look to see what they are. These services work with an existing Exchange server - ala SBS, so there is no threat to the SBS system at all. We then offer 4 services which includes those listed below, but the nice thing is the price. On the How to buy page is lists the prices - these are per user and you can start at 5 users - oh, and this is real per user, so if you have 20 aliases for 5 users (eg sales, support etc) - that is 5 users: Estimated Pricing All prices below are based on estimated retail pricing (per user, per month licensing). This pricing would apply to a small business with as few as 5 users. Services Prices Comments Microsoft Exchange Hosted Filtering $1.75 US Exchange Hosted Filtering is a fully managed service that employs multiple technologies to help prevent spam, viruses, and phishing scams from reaching corporate networks and to help enforce corporate email-use policies. Microsoft Exchange Hosted Encryption $1.90 US Exchange Hosted Encryption is a policy-based email encryption service that uses customizable policies based on users, keywords, character patterns, attachment types, and more to identify messages that require encryption. Microsoft Exchange Hosted Continuity $2.50 US Exchange Hosted Continuity is an email continuity service that is always on, providing your user community with access to the last 30 days of email and the ability to send and receive email in real time, even when the primary email system is unavailable. Microsoft Exchange Hosted Archive $17.25 US Exchange Hosted Archive is a managed service that captures and archives external and internal mail, IM and Bloomberg mail according to your contracted retention period. When the retention period is met, messages are automatically destroyed. Hosted Archive includes...
  • Microsoft's Anti-virus and Anti-spam technologies for an Exchange Server - ForeFront

    This is not something for every Exchange / SBS user, but it might be interesting to some. We have released our "ForeFront" security technologies that includes mail clensing as an option. CNet gave it a small amoutn of coverage, but you can get more information from the Microsoft web site . It is worth noting that to buy ForeFront you need a volume license agreement, hence why I said it *might* not be ideal for smaller businesses. For most SBS customers, the Hosted Exchange Services may well be the right answer at the right price. ttfn David
  • Microsoft is damned if it does and damned if it doesn't sort out security in windows Vista

    One again I was scanning the news when this article caught my eye. It discusses the complexity of trying to make a more secure OS for Vista while also trying to enable application compatibility. I once discovered that we had over 10,000 "fixes" in previous OSs to cover for bad applications to ensure they ran, rather than breaking them by putting in place more robust APIs. Microsoft around the time of Windows XP SP2 started to change this, we now favour security over compatibility. Having said that, we have put in place a HUGE amount of technology to make applications run, but rather than breaking security we put in new ways to allow them to work without opening up a security hole. In my opinion, one of the biggest holes in Windows today is the number of users who run as administrator and then ignore any warnings we put up. If we had a dialog box that said "By clicking OK you agree for us to scramble all the files on your hard disk" I wonder how many people would click OK if it let them view the website, or download the "You must watch this" file. To combat this we have obviously done loads of stuff, which I have blogged on before, however there are some blogs worth looking at. From an application compatibility point of view I would start here . The testing of security is obviously a key process and the organisations involved are discussed on the Windows Vista Security Blog . Obviously one of the most commented and seen sections is the User Access Controls that limit the damage an administrator can do and also gives priviledge when required. To understand more you migth want to read this . I am still planning on doing lots of write-ups, just need the time. ttfn David
  • looking for bugs in Vista at the moment is the right thing to do, but to say that by finding a bug constitutes a security risk just makes me laugh

    Symantec Continues Windows Vista Bug Hunt I saw this article and it just made me want to cringe. Symantec have released a report that has rightly pointed out issues and concerns with the new technology in Vista. Every time code is changed there is a risk of inserting new security vulnerabilities, however, new code is the way of new products and the evidence from Windows Server 2003 and SP1 vs Windows 2000 shows that the processes Microsoft goes through has a real and tangible impact on the security quality of the applications. Now, security is indeed a key feature of Vista and while we all know there will be a security patch for the product at some point, jumping up and down and pointing the finger at bad code before we have finished the security sweep or even got out of beta is not likely to reflect life once the product releases. I have to say, this looks like someone getting a little upset with the features in Vista and therefore saying - look, you need us because they are not good at this security stuff. Obviously I have absolutely no official connection here, just laughing at the implied statements that are being blown up in the press. For information on the Vista security features, go have a look at http://www.microsoft.com/windowsvista/businesses/security.mspx ttfn David
  • IE7 to become your befault browser - by default

    I read about this internally yesterday and then on the blog posts today - IE7 will become part of the core OS when it is released. What does this mean - simple, unless you load a " blocking tool " similar to the XP SP2 blocking tool, then IE7 will ship down to your PC as a security update. Why - well IE7 does make the browsing experience much more secure using the including ActiveX Opt-in , the Phishing Filter and Fix My Settings features. ttfn David
  • David Overton moving to a solution / revenue based role (it means I need to help partners sell)

    Many people ask me what I do and sometimes they are amazed with the answer "I help Microsoft Partners build solutions that deliver value to their small business partners – for free". This is a great job and part of it is to engage with as many partners as possible to improve the quality and knowledge around the solutions that can be built upon Microsoft technology. This year my role has a slightly different focus, but the way I achieve it will have many similarities. It has becoming important for me to ensure that partners are not just technically capable, but also selling solutions, sometimes even offering their customers alternative licensing options to suit their business needs. Some may see this as me selling out in some way, but while I love technology, if it is not applied correctly and you and I can't make money out of it, then there is a limit to the business value of the technology. I will still be blogging, posting on both business and technical ideas, but also be discussing how to sell solutions, what the licensing options truly mean, what extras you can add to a sale to add value for you and the customer. I'll even be discussing how online services are an opportunity for you, but more on this later. On this note, is there more I should do to help you sell more, have more customers and make more money? If so, let me know what is needed, whether it is something from Microsoft or David. Comments are open on this one, so fire a comment onto the blog. Expect to see a post on the work we are doing with the Technet team to get you even more technical resources and the process for access to all those nice betas, hosted services and where they fit as part of a solution and the options on licensing to make it easier for your customer to understand the value of technology and even buy earlier. Ttfn David
  • How to patch your SBS 2003 system using hotpatching and not have to reboot this month (July)

    One of the bad things about the monthly patch cycle is that a reboot is often required. Now while 10-15 minutes of downtime is not a great price to pay for good security, this does work out at a system performance of 99.97% availability for 24x7 systems, so not exactly shabby. With Server 2003 SP1 came a technology that not many people have noticed, called HOT PATCHING - where an OS patch is applied without having to reboot the system, even though a normal patch would require a reboot. Not every patch can work in this scenario, but if you can reduce the issues, so be it. Looking at this month, many of the patches are for office etc, but there are 3 for Windows Server, of which 2 can be applied as hot patches. Teh one which can not is the DHCP one, so if your server is not using DHCP client, i.e. is using static IP addresses, then you do not have to rush to patch this. In this case, you can use hotpatching. Simple download the two downloads and run as below: http://www.microsoft.com/downloads/details.aspx?familyid=48f03ad7-38f9-48f4-bbfc-14c52e9c942a&displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=c5e274a8-f962-4944-8878-6b88b1592bbf&displaylang=en WindowsServer2003-KB917159-x86-ENU.exe /hotpatch:enable Windowsserver2003-kb917537-x86-enu /norestart /hotpatch:enable that is it - your system will update and not need a reboot. Amazing ttfn David
  • Summary of Worldwide Partner Conference (WPC) just before I leave

    so, I have about 5 mins to write this, so it will be short & sweet. From the Small Business pre-day: event was sold out people told us licensing was still not up to scratch, but Eric Ligman's lessthancoffee.com site was very useful Much of the information for people was how to run a small business as it 1) enables us all to understand what is going on in the minds of our customers and 2) since many SBSC members are small businesses, hopefully gives them some ideas on how to be more successful as a business The Sloan Brothers were the highlight for me in advice ( http://startupnation.com ) - they said Got for 10% of the Watermelon, not 90% of the grape - this basically meant get funding and help to grow your business - keeping ownership of your business is more than just the number of shares - it is being there, so even if other people own 90% of the equity, you are still in charge. Outsource non-core skills Hitch your wagon to a star - eg Microsoft, but also someone local who will recommend you - so you get business by the power of recommendation from someone your customers will trust Harness the eye of PR - basically, PR is whatever you do for it, but use it, write it yourself or outsource, but make it have impact Manage your burn rate - know at all times how much cash you have and balance needs vs this my favourite - Know thy end game - to help you make decisions about all of the above you need to know what you want to achieve - is it to sell the business, to chair, to work until you are 90.... what is it - know this and many decisions canbe done on does it help me achieve this or not. There were many other announcements at WPC, which can be found at http://www.microsoft.com/presspass/events/wwpc/materials.mspx One other key thing that James Akrigg said to me: "Why are we always talking to people about their pain points? We also need to find out about their aspirations. " This was a key thing for me. ttfn David

(c)David Overton 2006-13