Windows 2003
When I decided to get all gung-ho on blogging, I did it for all the wrong reasons. There was some perceived pressure from management that blogging would be an unwritten requirement to succeed come annual review. There was the competitive factor from seeing some of my co-workers embrace blogging and become successful at it. Finally, there was the desire to try something new.
I have since learned that there are much better reasons for blogging.
First, let’s assume you aren’t blogging with the end-goal of making money directly through your blog by advertising. That is a whole different reason for blogging. Once that is out of the way, most technical bloggers blog for the following reasons: Raise awareness of a product or technology, to form a relationship with a community that has a common interest or goal, ensure correct and accurate information makes it to the public, and most importantly – being passionate about something.
While my blogging to date has sort of touched on some of those areas, what I have lacked so far has been the most important aspect – the passion. I have spent the past few weeks thinking about this and whether blogging is the right thing for me to do. I have decided that it is.
I do have some passion around a few products and technologies that Microsoft (and others!) has or will have. I just have a difficult time expressing that passion outside of being hip deep in product CD’s in my computer room. I think some of what I get to work with and see is fantabulistic. I just don’t express myself well when trying to communicate it in writing.
BUT! I seem to be able to tap that passion when I do live presentations. I get animated and excited. I get stressed when demos don’t work, and spastic when they do (there is no better feeling than demoing a beta product that has given you grief for weeks only to do it live and it work). So how do I tap that same energy, broaden it’s reach and appeal, while overcoming my lack of written communications skills?
My Answer: ScreenCasts
Actually, it isn’t my answer so much as a borrowed answer. Some of my co-workers have done a few screen casts already. If you have not seen Chris Henley’s fantastic ScreenCast on Vista Voice Recognition, then you have missed a phenomenal presenter with true passion talking about a very, very cool and useful technology in Vista. Go watch it now. I will gladly pause typing while you do.
Welcome back……now, go watch his ScreenCast on Vista Parental Controls……and now go watch his ScreenCast on PhotoStory. ScreenCasts are one of the coolest ways to talk about and show the technology that we (and others!) have.
So what does this all mean?
It means I am changing my blog. I am going to narrow the focus of my blog to fewer technologies. I talk about a lot of different products, but let’s face it, not all of them interest me. It is a lot easier to get truly excited when you are excited about the product. It makes you WANT to talk about it. So what do I LIKE? Small Business Server, Media Center, ISA, Exchange and Windows. That sounds like a lot but when you consider that Exchange and ISA are a part of SBS Premium and I have worked with SBS for 7 years now, it lends some perspective. I also run my own Windows, ISA, Exchange, Web servers at home (which I wouldn’t be doing if I didn’t LIKE to). I also have a secret love affair with my Media Center (actually, I built it for the Nun 3 years ago under the guise of a Christmas present……it’s really mine…..she just thinks it is hers…..) that I wish to extend and grow. Like any love affair, there are rough spots and like any relationship that you want to succeed there needs to be some good communication. So I want to communicate my ups and downs with the product.
I suppose I could just narrow the focus to SBS and Media Center. Now that I have typed that up, it even makes more sense. I will leave that up in the air for now.
There is another part to this as well. Community Server 2.0 is available now and I have been itching to try it. That means the blog gets a face lift and over all improvements. My understanding is that 2.0 is more than just a new coat of paint too. So I am going to change the look and feel of the blog over the next two weeks to go along with the refined focus. Btw, I was originally going to do this in the June timeframe (after the wedding…after the relocation) but I am really excited about doing the ScreenCasts so I have decided to do it now instead of later.
Besides…..I still feel a perceived pressure from management, I am still competitive with my peers, and……it’s something new to try!
Cheers!
Ps….I recently attended an MVP Briefing in San Diego and met some fantastic MVP’s. During the session, Ed Hickey, a Director (someone correct me if this title is incorrect) in the MVP Program explained some of the most basic criteria to being an MVP – Be Recognizable, Be Credible, Be Accessible. All of which apply directly to blogging as well. So that is my promise to you, faithful readers.
Double Cheers!
There is a new Administration Tool Pack that alloows you to administer some of the new Windows 2003 R2 features from an XP workstation. You can grab it here!
Cheers!
If you didn’t know, Technet has an Internet Radio show that you can access over the web. Our very own geek blogger, Robert Scoble, is currently featured with a couple of short interviews. You can stream it or download and MP3/W<A for offline listening on your favorite (Media Player!) audio listenin device.
Cheers!
Well how about this for some cool news…..headline – “Windows bumps Unix as top server OS”. I kinda like that headline!
Cheers!
Here are the slides from this morning’s Webcast – MOM 2005 Technical Overview. If you are interesed in a replay of the webcast, check back at the Microsoft Webcast site fro archived webcasts. We record ALL webcasts and make themn available online within 24–48 hours.
Cheers!
I am delivering a webcast later this morning entitled – Microsoft Solutions to Windows Update Management. The Webcast starts at 9am Pacific Time and I expect all 23 of you to show up! :)
Cheers!
I recently received an email asking – “How can I populate Internet Explorer Zones using Group Policy?”. I receive this email pretty frequently so I thought I would just blog it….
First, get into the Group Policy Object Editor then locate the Internet Explorer Security Page objects. You are looking for the Site to Zone Assignment List object.
Open that object and can enter site names you wish to push to the clients. You select the zone using a numerical value (1-4) for the zone it should go in:
1= Intranet Zone
2= Trusted Sites Zone
3= Internet Zone
4= Restricted Sites Zone
In my example, I have added my blog site to the Trusted Sites Zone –
Once the policy is created and linked to an OU (or domain or site), and the clients have refreshed, the client will have the list you set in group policy.
Downside - with the control we give the admin, we sacrifice control at the user level. This group policy will overwrite any existing settings in place at the client. In addition, the user loses the ability to add sites to the zones theselves. The user can get into the interface and add sites to zones but the will not stick. As an admin you may wish to lock out access to the page completely.
You can find more detailed information on this and other settings in this document.
Cheers!
I receive a lot of questions around Group Policy. One of the more common questions is about how to locate a policy in the large (and growing!) list of policies available. The good news is there is a nice reference spreadsheet that MS makes available for download here. Load this Excel spreadsheet and you can locate different policies easily and simply. It has seperate tabs for different administrative templates, Security Settings for Win 200o and also for Win 2003/XP.
Cheers!
Whew! I came home from Seattle for the weekend only to now be in Palm Beach, Florida. I am covering some Technet events for a co-worker who is working on a project. I am delivering in Palm Beach tomorrow and Tampa on Thursday. Looks like there are still spots open for registration. If you happen to be in either area this week, stop in and say hello! We will also be piloting a new customer registration system that should speed things up when you come in for the events. I would love to hear your feedback on the registration process.
I will be hopping on a plane Thursday evening to come back to SoCal.
Cheers!
Check out Stephen Toulouse information about the WMF/SetAbortProc vulnerability. I hope this puts to rest rumors about it being an intentional backdoor…
Cheers!
Robert Scoble comments on how he doesn’t care for the title of “evangelist”. He believes there is a religious connotation applied to it (and he is right about that). He goes on to explain why he doesn’t want religious customers. He details this along with a link to Guy Kawasaki’s blog entry on the Art of Evangelism which I think is a very good analogy for what we do. I think Scoble is too caught up in the religious meaning of the word which gets reinforced by Guy’s analogy.
I am also an evangelist. I am an ITPro Evangelist and I also have that on my business card. However, I started out not liking the title. I have since changed my mind to embrace it. When my title changed from “Technet Presenter” to “ITPro Evangelist” I didn’t care for it for the exact reason of its religious meaning. But as time has passed, I have realized that what I do as an ITPro Evangelist is exactly what a religious evangelist does – I speak the good word about Microsoft products and technologies to the masses in hope of educating the masses about what we have to offer. Maybe I will convert a few along the way; maybe I will turn some away. But I believe in my company and our products and think they can help a lot of people with their technical problems.
I decided to go check out Webster’s to see how they define evangelist –
Evangelist – 1) Any one of the four authors of the New Testament gospel books – Matthew, Mark, Luke, or John; 2) One who practices evangelism, especially a protestant preacher or missionary.
That led me to look up –
Evangelism – 1) Zealous preaching and dissemination of the gospel, as through missionary work; 2) Militant zeal for a cause
I also looked up the synonyms to see if maybe there was a better word for what we do –
Evangelist - advocate, champion, companion, converter, herald, messenger, missionary, pioneer, propagandist, proponent, proselytizer
I am all of those things for the company. However, none of those synonyms work as a job title as none of them truly convey the depth of what we do. Evangelist is a rather broad word that allows me combine all of those words to champion our products, convert the undecided and be a messenger both for the product team to the customer and for the customer back to the product teams. I think the word is perfectly appropriate in spite of the religious connection. If someone wants to spend all their time debating with me the religiousness of my job title, maybe they have some other non-technical issues I can’t likely help them with anyway.
Scoble doesn’t want “religious customers”. He wants “skeptical, educated, pragmatic” customers. I believe my role is to address the skepticism customers may have about our products, educate them about our products and give them the facts and practical information that allows them to use our products to solve their problems. I choose to do this by talking mainly about our own products where Scoble chooses to talk a lot about competitors.
I agree with Scoble that people should make educated choices about purchasing and implementing based upon a comparison of different products. I don’t think it is my job to educate people on 3rd party products though. The competition has their own evangelists. They don’t need Microsoft employees doing it for them. With so many products out there, it is very difficult for the average consumer and even the hard-core ITPro to know everything there it to know about all products. That is where I come in to make sure that MS products are being evangelized to the masses such that the features and capabilities are known. If we don’t then we become obscure. Without someone letting people know what Microsoft has to offer, we will cease to be relevant. Let the competition figure out how to be heard above the crowd while we focus on making sure we are.
Regardless, we are both evangelists and I believe the word appropriately describes what we should be doing for the company and for our customers.
So…..Hello, I am Chris Avis. I am an ITPro Evangelist for the Microsoft Corporation. What can I tell you about OUR products?
Cheers!
I would like some feedback from those who read (or at least glance at) my blog. I have been struggling with direction since starting up my blog and have finally come to a crossroads where I need to make a change. A couple of things have brought me to this decision – 1) There is a new version of Community Server that I want to migrate to and I am going to improve my hardware for my network. I like rebuilding my home network now and then just to get my hands dirty. 2) I have a tendency to blog about things that are interesting to me that I think others might find interesting as well. I also NEED to blog more about Microsoft products and technologies as I am an IT Pro Evangelist for the company. The problem is, blogging for work and blogging for interest seem to be muddling up the blog (IMO).
I am not trying to increase hits and readership so much as organize and structure what does get posted. I am even considering splitting my blog into two separate blogs – one for work and one for personal. The downside there is maintaining two blogs. The upside is organization and clarity.
Now….I work mostly with our “BackOffice” server products. I tend to gravitate towards Windows 2003, ISA, and Exchange (and all of their predecessors). I even supported the Small Business Server product as a whole from it’s inception through SBS 2000. I also have a passion around the Media Center and other consumer products (am I not a consumer?). Of course there are blogs-a-plenty on all of those items so I want to offer something they don’t, if I can.
So I would like some feedback from you. Do you like it the way it is? Would you like to see it split? And from a Microsoft perspective, is there something missing from other MS Product and Technology blogs that you want filled in? For that matter, is there an MS Product or Technology that isn’t getting enough or the proper “air-time”? What about podcasts and webcasts? What is valuable to you?
What it really comes down to is this – I don’t want to push a corporate agenda, I want to give you what you want. So…..What do YOU want?
Send me an email – chris.avis@microsoft.com or comment on this post about it. You can even, give me a call if you want – 760-695-7838 – if I don’t answer, leave me a message with a number and I will give you a ring back.
Cheers!
I will be delivering some Technet sessions in Florida next week. Jan 17th in Royal Palm Beach and Jan 19th in Tampa. We are going to be covering a rather large set of topics including – New Features of Windows 2003 R2 such as Active Directory Federation Services, better Distributed File System capabilities, and benefits provided for Branch Office deployments. We will also be discussing some new features in Exchange 2003 SP2, and some great information on how to locate resources that every ITPro should know about to help make their day go a lot smoother.
I am looking forward to heading out to Florida next week and hope some of you make it as well.
Cheers!
Ps… I am delivering these same events in SoCal in late February. No registration links have been made available yet.
Presentations and WebCasts –
New Video & Audio based information for developers is located at these links:
http://msdn.microsoft.com/msdntv/archive.aspx
http://channel9.msdn.com/ShowForum.aspx?ForumID=14
http://msdn.microsoft.com/theshow/
http://msdn.microsoft.com/dotnetrocks/
Extending Visual Studio 2005 Team System – Discussion on how Microsoft IT extended Visual Studio 2005 Team System to incorporate software development lifecycle methodology process by modifying the default process template. By modifying the process template developer compliance increased and external tools were eliminated.
Getting Started – Visual Basic Fusion with Visual Basic 6 and Visual Basic .NET – This presentation walks you through the Visual Basic Fusion articles and shows how Microsoft Visual Basic 6 applications can be extended with the Microsoft .NET framework. This video is the second of a two-part presentation by Scott Swigart of Swigart Consulting.
Beta’s, RC’s and CTP’s…Oh My! –
Windows Workflow Foundation Beta 1.2 – Compatible with Office “12” (Beta 1) – Windows Workflow Foundation is the programming model, engine and tools for quickly building workflow-enabled applications on Windows. It consists of a Microsoft® WinFX® name space (System.Workflow), an in-process workflow engine, and designers for Microsoft Visual Studio 2005. Windows Workflow Foundation is available (currently as Beta) for both client and server versions of Windows. Windows Workflow Foundation supports a wide range of scenarios including workflow within line-of-business applications, user interface page flow, document-centric workflow, human workflow, composite workflow for service-oriented applications, business rule-driven workflow and workflow for systems management.
Microsoft Pre-Release Software WinFX Language Packs – December Community Technology Preview (CTP) – The WinFX language packs contain translated text, such as error messages, for languages other than English. Installation of a language pack is not required to run WinFX resources on a non-English operating system; however, it is recommended.
Note: An English WinFX language pack is not available because all text is in English by default. To download a specific language pack, select the target language from the change language drop-down.
Pre-released WinFX Runtime Components Tool – For best results, install on a computer that has not had pre-release versions of WinFX runtime Components 3.0 installed on it. If your computer has a pre-release version on it, follow the Uninstall Instructions below to uninstall these pre-release bits before installing the November CTP. You must remove them in the correct order to ensure a clean uninstall.
If you have a pre-release version of SQL Server 2005, MSDN, Visual Studio 2005, or the .NET Framework, you must uninstall them by following VS pre-RTM Uninstall Instructions.
Microsoft Pre-Release Software WinFX Runtime Components – December Community Technology Preview (CTP) – "Windows Presentation Foundation", "Windows Communication Foundation", and "Windows Workflow Foundation" are the names for three strategic developer technologies that Microsoft plans to ship in 2006 as part of the Windows Vista operating system. In addition, Microsoft is making these technologies available on Windows XP and Windows Server 2003. The WinFX Runtime Components December CTP enables developers to continue experimenting with early builds of these technologies, get acquainted with the development experience, and provide Microsoft with feedback.
Hotfixes, Patches, Updates, Service Packs —
Help for Subsystem for UNIX-based Applications SDK – This help file documents all the POSIX style APIs provided by Subsystem for UNIX-based Applications.
Australian Daylight Savings changes in Microsoft Products for the year 2006 – The Commonwealth Games are scheduled to be held during March 2006 in Melbourne Australia. Several Australian states including New South Wales, Victoria, Australian Capital Territory, South Australia and Tasmania, have changed the Daylight Savings transition end dates to the first Sunday of April 2006.
DirectX End-User Runtimes (December 2005) Full Download – This download provides the DirectX end-user multi-languaged redistributable that developers can include with their product. The redistributable license agreement covers the terms under which developers may use the Redistributable. For full details please review the DirectX SDK EULA.txt and DirectX Redist.txt files located in the license directory.
This package is localized into Chinese (Simplified), Chinese (Traditional), Czech, Dutch, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Russian, Spanish, Swedish, and English.
DirectX End-User Runtime (December 2005) Web Installer – Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio. DirectX includes security and performance updates, along with many new features across all technologies, which can be accessed by applications using the DirectX APIs.
Windows CE 5.0 Platform Builder Update – KB911711 – Fixes made in this update:
Component: Datasync
Description: ActiveSync connection may fail if a user attempts to re-connect to a device after failing to enter a password.
Tools and Apps –
PlaysForSure Portable Device Test Kit – Microsoft has established the PlaysForSure program to establish compatibility between music or video device and online stores that sell digital music and video using Windows Media technologies. If you are designing or manufacturing a portable media player device, you can use the PlaysForSure Portable Device Test Kit to verify that your device is compliant with the requirements of the PlaysForSure logo program. Please note that you must have a fully executed PlaysForSure Logo License Agreement in place with Microsoft prior to using the logo on your products or marketing materials.
Microsoft Domain-Specific Language (DSL) Tools – Using the Microsoft DSL tools you can create your own designer, integrated into Visual Studio, for a visual domain-specific language. The tools help you define the domain-specific language and generate the code of a graphical designer for you. The resulting designer uses the same underlying modeling technology that is used by the Class Designer and Distributed System Designers in Visual Studio 2005.
The Microsoft Tools for Domain-Specific Languages is part of the Visual Studio 2005 SDK.
SQL Server 2005 System View Map – The Microsoft SQL Server 2005 System View Map shows the key system views included in SQL Server 2005, and the relationships between them.
BizTalk Server 2004 Load Generation Tool – This tool is intended for developers and IT professionals to simulate load on a BizTalk Server. Using this tool, you can simulate load to instrument performance and stress against a BizTalk deployment. In addition, this tool may also be extended by developers to simulate load for custom transports. This tool should be used in a test environment only, and should not be used in a production environment. This tool is provided "as-is" and is not supported.
Visual Studio 2005 Tools for Office Sample: Deploying Visual Studio 2005 Tools for Office Solutions using Windows Installer – This download targets developers who want to deploy a Visual Studio 2005 Tools for Office solution using a Visual Studio 2005 Setup project to create a Windows Installer package.
The accompanying article provides the following discussions of Visual Studio 2005 Tools for Office deployment:
- An overview of the main steps required to deploy a Visual Studio 2005 Tools for Office solution.
- An overview of how to deploy a Visual Studio 2005 Tools for Office solution using the Visual Studio Setup project including how you can add the Visual Studio 2005 Tools for Office runtime and the Microsoft Office 2003 primary interop assemblies prerequisites to your setup packages.
- The steps for granting security trust to a solution.
Microsoft Visual Studio 2005 – Update to the Web Project Conversion Wizard – The Web Project Conversion Wizard in Visual Studio 2005 has been updated to handle newly discovered conversion issues. This update will improve the success rate of the wizard and make it easier for developers to convert their Visual Studio .NET 2003 Web projects to the new Visual Studio 2005 Web Site project model.
Case Studies, Guides and Whitepapers –
Moving to SQL Server 2005 at Microsoft – Discussion on how Microsoft IT moved its line-of-business applications to SQL Server 2005. Additionally, this paper also discusses a number of details and best practices that Microsoft adopted to move its applications on SQL Server 2005 that may help other organizations successfully plan and roll out SQL Server 2005.
Upgrading Visual Basic 6.0 to Visual Basic .NET and Visual Basic 2005 – This guide is intended for software technical decision makers, solution architects, and software developers who are involved in Visual Basic 6.0 application or component development. It helps you understand the issues and risks that go along with upgrading to Visual Basic .NET. It also provides steps for preparing your applications for a successful and cost-effective upgrade. Finally, it gives ideas and pointers about how advance your application after you successfully upgrade it to Visual Basic .NET.
SQL Server 2005business Intelligence Metadata Whitepaper – This white paper covers several interesting and unique methods for managing metadata in SQL Server Integration Services, Analysis Services and Reporting Services using built-in features including data lineage, business and technical metadata and impact analysis.
Related Download: The SQL Server 2005 Metadata Samples Toolkit can be downloaded from:
http://www.microsoft.com/downloads/details.aspx?FamilyId=11DAA4D1-196D-4F2A-B18F-891579C364F4&displaylang=en
Cheers!
Presentations and WebCasts –
Deploying SharePoint Products and Technologies for Enterprise Collaboration – Detailed discussion about the design and deployment of the Microsoft IT hosted collaboration platform. The platform supports personal storage, team Web sites, group and division portals, and enterprise services. With server farms centralized in three regional data centers, Microsoft saves both hardware and support costs.
Moving to SQL Server 2005 at Microsoft – Discussion on how Microsoft IT moved its line-of-business applications to SQL Server 2005. Additionally, this paper also discusses a number of details and best practices that Microsoft adopted to move its applications on SQL Server 2005 that may help other organizations successfully plan and roll out SQL Server 2005.
Hotfixes, Patches, Updates, Service Packs —
Update for Windows XP x64 Edition – KB903651 – See Below
Update for Windows Server 2003 – KB903651 – See Below
Update for Windows 2003 for Itanium-based Systems – KB903651– See Below
Update for Windows Server x64 Edition – KB903651 – Install this update to allow more than one domain-based DFS namespace to be created on a computer that is running Windows Server 2003, Standard Edition. After you install this item, you may have to restart your computer.
Australian Daylight Savings changes for Microsoft products for the Year 2006 – The Commonwealth Games are scheduled to be held during March 2006 in Melbourne Australia. Several Australian states including New South Wales, Victoria, Australian Capital Territory, South Australia and Tasmania, have changed the Daylight Savings transition end dates to the first Sunday of April 2006.
Update for Software Update Services – Run this script and follow the instructions in KB912307 to resolve an issue in Software Update Services (SUS) 1.0 Service Pack 1 (SP1) in which all previously approved updates may revert to an unapproved state and the status appears as "updated". This script will reset your approval settings to their previous state. SUS 1.0 SP1 servers that were deployed on or after December 13, 2005 will not encounter this issue.
Tools and Apps –
SQL Server 2005 System View Map – The Microsoft SQL Server 2005 System View Map shows the key system views included in SQL Server 2005, and the relationships between them.
Active Directory Migration Tool v2.0 – The Active Directory Migration Tool (ADMT) version 2.0 provides an easy, secure, and fast way to either upgrade from Windows NT Server 4.0 to Windows Server Active Directory service or restructure Windows Server Active Directory domains between forests or within a forest. The tool migrates users, groups, and computers between domains in a way that allows users to have access to their resources and applications at all times. Version 2.0 includes new features, such as password migration, a scripting interface, and a command line interface, that make migrations easier.
Also available is the Active Directory Migration Tool v3.0, which provides an integrated toolset to facilitate migration and restructuring tasks in an Active Directory infrastructure.
BizTalk Server 2004 Load Generation Tool – This tool is intended for developers and IT professionals to simulate load on a BizTalk Server. Using this tool, you can simulate load to instrument performance and stress against a BizTalk deployment. In addition, this tool may also be extended by developers to simulate load for custom transports. This tool should be used in a test environment only, and should not be used in a production environment. This tool is provided "as-is" and is not supported.
Case Studies, Guides and Whitepapers –
Microsoft CRM 3.0 Implementation Guide – This Implementation Guide provides the information required for a successful Microsoft CRM implementation into your business. This guide addresses the planning, installing (both hardware and software), pre-deployment testing, and operating tasks for the maintenance of the Microsoft CRM system.
This guide is written for the computer system administrator. This guide also assumes that any organization implementing Microsoft CRM software will have the services of an independent software vendor (ISV) or value-added reseller who is partnered with Microsoft and will help you with the entire process of implementing and maintaining your Microsoft CRM installation. Because of this assumption, there are references in this guide to these "partners" who are expected to provide various services to you.
Microsoft Dynamics CRM 3.0 Virtual PC Demonstration – Microsoft Dynamics CRM 3.0 release Virtual PC Demonstration. This demo is a one computer setup with Microsoft CRM 3.0 server and Microsoft CRM 3.0 client for Outlook. This demonstartion also contains Microsoft Exchange Server 2003, Microsoft SQL Server 2005, and Microsoft Visual Studio 2005.
Microsoft File Server Resource Manager – The Microsoft Corporation Information Technology group uses Microsoft Windows Server 2003 R2 File Server Resource Manager as a centralized tool for managing file servers located in branch offices around the world. File Server Resource Manager is a suite of tools that allows administrators to understand, control, and manage the quantity and types of data stored on their servers.
Live Communications Server 2005 Document: Configuring Certificates – This document explains how Live Communications Server 2005 uses certificates and how to configure certificates for each server role using your existing certificate infrastructure.
Terminal Services Scaling and Performance on X64-based versions of Windows Server 2003 – Microsoft Windows Server™ 2003 Terminal Server lets users run Microsoft Windows®-based applications on a remote computer that is running one of the Windows Server 2003 family of operating systems. This white paper contains results, analyses, and sizing guidelines for Terminal Services on x64-based versions of Windows Server 2003. Hewlett Packard worked in cooperation with Microsoft to perform the initial sizing tests and data collection in the Microsoft Enterprise Engineering Center in Redmond, Washington. The tests were performed using Microsoft Windows Server 2003, Enterprise x64 Edition and Windows Server 2003 Enterprise Edition with Service Pack 1 (SP1).
DirectX End-User Runtime – Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio. DirectX includes security and performance updates, along with many new features across all technologies, which can be accessed by applications using the DirectX APIs.
DFS Operations Guide: Using the DFSRAdmin Command-line Tool – The Dfsradmin.exe command line tool is new for the Distributed File System (DFS) in Microsoft® Windows Server™ 2003 R2. Use this tool to administer DFS replication, including creation of replication groups and replicated folders, adding members to replication groups, and managing the location of staging folders. This guide offers step-by-step instructions for performing these common tasks by using DFSRAdmin.
SQL Server 2005 Business Intelligence Metadata Whitepaper – This white paper covers several interesting and unique methods for managing metadata in SQL Server Integration Services, Analysis Services and Reporting Services using built-in features including data lineage, business and technical metadata and impact analysis.
Related Download: The SQL Server 2005 Metadata Samples Toolkit can be downloaded from:
http://www.microsoft.com/downloads/details.aspx?FamilyId=11DAA4D1-196D-4F2A-B18F-891579C364F4&displaylang=en
Security –
Improving Security at Microsoft through Deployment of Windows XP SP2 – Overview of why and how Microsoft IT proactively deployed Windows XP Service Pack 2. Windows XP Service Pack 2 is a critical security release that addresses Internet-based security threats.
Windows Server 2003 PKI Operations Guide – How to configure and operate a Windows certificate authority, with operational scenarios, custom configuration information, sample commands, and best practices.
MBSA 2.0 Scripting Examples – Sample scripts that illustrate how to extend MBSA 2.0 for greater scalability during scanning and report rollup.
Cheers!
Scoble is at CES and linking to gobs of cool stuff. My fave is the 102” Plasma…..drool!
Anandtech has an article on the new ATI OCUR (Open Cable Uni-Directional Reciever) one of the first of I hope several cable and satellite card tuners that will pump HD content to MCE without needing an OTA antenna. I didn’t exactly have fun putting mine up!
ATI’s Press Release for the OCUR.
Windows MCE + DirectTV partnership announced by BillG at CES (Fast Forward to 56:00). Yahoo picked this up as well along with other notes from CES. And finally, DirectTV’s Press Release on this (no mention of MCE though)
Press Release on HD-DVD Support for XBox 360. More on this from GameSpot
Gary Krakow talks about Slingbox gets even better by delivering movie content to mobile devices.
Cheers!
I am delivering Part 1 on Thursday and Part 2 on Friday. We will discuss the challenges an organization faces when dealing with multiple identities and intranet/extranet acess. We will discuss security repurcussions and using Microsoft Identity Information Server. I will update this post in a day or two with the slides I will be using.
Cheers!
As promised, here are some WMV files of the demo sessions that I had to cut from this afternoon’s webcast. The upside is you can download these and view at your own liesure. Please email me if you have questions!
Demo 1 – Introducing System Center
Capacity Planner Pre-Req’s
Installing Capacity Planner 2006
A Brief Introduction
Demo 2 – Creating Architecture Profiles
Creating the Global Topology
Creating Usage Profiles
Creating Hardware Profiles
Demo 3 – Running Model Simulations
Exploring the Topology Viewer
Running the Model Simulator
Viewing Simulation Results
Cheers!
Presentations and WebCasts –
New Video & Audio based information for developers is located at these links:
http://msdn.microsoft.com/msdntv/archive.aspx
http://channel9.msdn.com/ShowForum.aspx?ForumID=14
http://msdn.microsoft.com/theshow/
http://msdn.microsoft.com/dotnetrocks/
MSDN TV: Late Binding in Visual Basic – Paul Vick and Erik Meijer discuss the role that late binding plays in Visual Basic, allowing a more dynamic style of programming than is possible in some other .NET languages. They also show some future ideas for how late binding might make programming against data such as XML radically easier.
Hotfixes, Patches, Updates, Service Packs —
DirectX9.0c Redistributable (October 2005) – Multilingual – This download provides the DirectX 9.0c end-user multi-languaged redistributable that developers can include with their product. The redistributable license agreement covers the terms under which developers may use the Redistributable. For full details please review the DirectX SDK EULA.txt and DirectX Redist.txt files located in the license directory.
This package is localized into Chinese (Simplified), Chinese (Traditional), Czech, Dutch, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Russian, Spanish, Swedish, and English.
Windows CE 5.0 Platform Builder Update – KB910869 – Fixes made in this update:
Component: DirectX
Description: Launching applications after playing video may result in an error.
Windows CE 5.0 Platform Builder Update – KB910643 – Fixes made in this update:
Component: DirectX
Description: Playback of WMA files may consume large amount of memory.
Australian Daylight Savings Changes for Microsoft Products for the Year 2006 – The Commonwealth Games are scheduled to be held during March 2006 in Melbourne Australia. Several Australian states including New South Wales, Victoria, Australian Capital Territory, South Australia and Tasmania, have changed the Daylight Savings transition end dates to the first Sunday of April 2006.
Daylight savings end for 2005/2006
For the Year 2006 only, the published Daylight Savings end transition dates (as at 14th September, 2005) for each of the states of Australia are:
Victoria 27/03/2006 To 2/4/2006
ACT 27/03/2006 To 2/4/2006
NSW 27/03/2006 To 2/4/2006
Tasmania 27/03/2006 To 2/4/2006
South Australia 27/03/2006 To 2/4/2006
Note: Clocks are advanced at 2am by 1 hour on start day to become Summer Time.
Clocks are wound back at 3am by 1 hour at end day to become Standard Time.
The change to Daylight Savings will affect the transition settings for the following time zone rules:
(GMT + 10:00) Canberra, Melbourne, Sydney
(GMT + 10:00) Hobart
(GMT+09:30) Adelaide
Currently supported versions of products shipped by Microsoft have Daylight Savings transition dates that do not cater for the abovementioned change. These products include:
Microsoft Windows ME
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows CE / Mobile
Microsoft Exchange server 2000
Microsoft Exchange Server 2003
Tools and Apps –
Microsoft CRM 3.0 SDK – The Microsoft CRM 3.0 SDK is for developers, system customizers and report writers. It contains the following sections:
· Server Programming Guide – A guide for developers writing server side code, custom business logic, integration modules, workflow assemblies and more. This guide provides an architectural overview of Microsoft CRM, the entity model, security model, Web services, and sample code.
· Client Programming Guide – A guide for developers customizing the Web client or the Microsoft CRM client for Outlook, including scripting, integration of custom Web pages, and sample code.
· Report Writers Guide - A guide for developers writing reports for Microsoft CRM using Microsoft SQL Server Reporting Services Report Designer.
CLR Managed Debugger (mdbg) Sample – To build and run the CLR Managed Debugger (mdbg) sample you will need to have the .NET Framework 2.0 SDK (release build – version 2.0.50727) installed on your system. This is included with Visual Studio 2005 and the Visual Studio Express Editions. If you do not have Visual Studio 2005, you can download and install Visual C# 2005 Express Edition to build the sample. In both Visual Studio 2005 and Visual C# 2005 Express Edition, you can build mdbg using the solution file included with the mdbg source. Additionally, the sample can be built using nmake (included in the .Net Framework SDK) and the makefile script.
Case Studies, Guides and Whitepapers –
Microsoft CRM 3.0 Implementation Guide – This Implementation Guide provides the information required for a successful Microsoft CRM implementation into your business. This guide addresses the planning, installing (both hardware and software), pre-deployment testing, and operating tasks for the maintenance of the Microsoft CRM system.
This guide is written for the computer system administrator. This guide also assumes that any organization implementing Microsoft CRM software will have the services of an independent software vendor (ISV) or value-added reseller who is partnered with Microsoft and will help you with the entire process of implementing and maintaining your Microsoft CRM installation. Because of this assumption, there are references in this guide to these "partners" who are expected to provide various services to you.
Microsoft KPIUtil.exe tool for Microsoft Office Business Scorecard Manager 2005 – KPIUtil.exe is a tool that allows users to connect to both a Microsoft® Office Business Scorecard Manager 2005 server and a Microsoft SQL Server™ 2005 Analysis Services server to do the following:
- Generate SQL Server 2005 Analysis Services key performance indicators (KPIs) from Business Scorecard Manager KPIs.
- Generate Business Scorecard Manager KPIs from SQL Server 2005 Analysis Services KPIs.
- Save a configuration file that contains parameters (including the connection information to the SQL Server 2005 Analysis Services server and the Business Scorecard Manager server) that you entered by using KPIUtil.exe. You can use the saved configuration file either to generate KPIs from a command prompt or to open the configuration file in KPIUtil.exe at a later time.
Cheers!
Virtual Server 2005 R2 Release Notes — These release notes provide information about how to install and use Virtual Server R2. They include information about performing new and upgrade installations, as well as descriptions of the new features and known issues of this release. It is important to note that all information about the new features available in this version is provided in these release notes. This new information is not included in the Virtual Server Administrator’s Guide or Administration Website Help.
Virtual Machine Network Driver for Microsoft Device Emulator — The Virtual Machine Network Driver allows the Device emulator's OS (or even the Virtual PC OS, as the case may be) to emulate its own network connection. Since the physical network interface on the host machine is now "virtualized", you have a way to get two IP Addresses - one for the host PC, and one for the operating system that is running within the Device Emulator (or Virtual PC). Device Emulator users using the VMNet Driver can connect to the host machine over TCP or UDP as the alternative to the standard "Activesync over DMA" solution.
Cheers!
Microsoft Windows AntiSpyware (Beta) – Windows AntiSpyware (Beta) is a security technology that helps protect Windows users from spyware and other potentially unwanted software. Known spyware on your PC can be detected and removed. This helps reduce negative effects caused by spyware including slow PC performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of your private information. Continuous protection improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.
Participants in the worldwide SpyNet™ community play a key role in determining which suspicious programs are classified as spyware. Microsoft researchers quickly develop methods to counteract these threats, and updates are automatically downloaded to your PC so you stay up to date.
Note to users with expired versions of Windows AntiSpyware (Beta)
Did your Windows AntiSpyware (Beta) expire? Download and upgrade to the latest version of Windows AntiSpyware (Beta) today for an extension. If you are unsure of the version or when your Windows AntiSpyware (Beta) will expire, you can follow these instructions on how to check the expiration date and version of your Windows AntiSpyware (Beta).
XP Embedded SP1 Security Update: Microsoft Security Bulletins MS05-041, MS05-042, MS05-044, MS05-045, MS05-046, MS05-047, MS05-048, MS05-049, MS05-051, and MS05-052 – This Microsoft Windows XP Embedded with Service Pack 1 component update addresses ten (10) new or reissued security bulletins. After applying this package to an XP Embedded database, the following issues will be resolved:
XP Embedded SP2 Security Update: Microsoft Security Bulletins MS05-009, MS05-041, MS05-042, MS05-044, MS05-045, MS05-046, MS05-047, MS05-048, MS05-049, MS05-050, MS05-051, and MS05-052 – This Microsoft Windows XP Embedded with Service Pack 2 component update addresses eleven (11) new or reissued security bulletins. After applying this package to an XP Embedded database, the following issues will be resolved:
Update for Windows XP – KB894395 – Install this update to correct an issue where the Japanese Input Method Editor (IME) Composition window or the IME Candidate window remains visible even after that window loses focus. After you install this item, you may have to restart your computer.
Cheers!
Beta’s, RC’s and CTP’s…Oh My! –
Microsoft Management Console (MMC) 3.0 Pre-Release (RC1 Refresh) – Microsoft Management Console 3.0 Pre-Release (Based on Windows Server 2003 R2 RC1).
MMC 3.0 (formerly MMC 2.1) ships as a component in Windows Server 2003 R2 and Windows Vista, and continues to be the host for a variety of OS and 3rd party administrative tools.
DPM Consistency Checker – Because of changes and improvements made to DPM as a result of the beta test after the DPM Beta was released, the upgrade process requires that you run this tool to ensure that replicas created with DPM Beta are compatible with DPM 2006.
Hotfixes, Patches, Updates, Service Packs —
XP Embedded SP1 Security Update: Microsoft Security Bulletins MS05-041, MS05-042, MS05-044, MS05-045, MS05-046, MS05-047, MS05-048, MS05-049, MS05-051, and MS05-052 – This Microsoft Windows XP Embedded with Service Pack 1 component update addresses ten (10) new or reissued security bulletins. After applying this package to an XP Embedded database, the following issues will be resolved:
XP Embedded SP2 Security Update: Microsoft Security Bulletins MS05-009, MS05-041, MS05-042, MS05-044, MS05-045, MS05-046, MS05-047, MS05-048, MS05-049, MS05-050, MS05-051, and MS05-052 – This Microsoft Windows XP Embedded with Service Pack 2 component update addresses eleven (11) new or reissued security bulletins. After applying this package to an XP Embedded database, the following issues will be resolved:
Update for Windows XP – KB894395 – Install this update to correct an issue where the Japanese Input Method Editor (IME) Composition window or the IME Candidate window remains visible even after that window loses focus. After you install this item, you may have to restart your computer.
Update for Windows 2000 – KB894395 – Install this update to correct an issue where the Japanese Input Method Editor (IME) Composition window or the IME Candidate window remains visible even after that window loses focus. After you install this item, you may have to restart your computer.
Office 2003 SP2 for Language Interface Pack – Office 2003 Service Pack 2 (SP2) for Language Interface Pack ensures that Office 2003 performs with complete functionality when you use an Office 2003 Language Interface Pack.
Microsoft AntiSpyware (Beta) – Windows AntiSpyware (Beta) is a security technology that helps protect Windows users from spyware and other potentially unwanted software. Known spyware on your PC can be detected and removed. This helps reduce negative effects caused by spyware including slow PC performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of your private information. Continuous protection improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.
Participants in the worldwide SpyNet™ community play a key role in determining which suspicious programs are classified as spyware. Microsoft researchers quickly develop methods to counteract these threats, and updates are automatically downloaded to your PC so you stay up to date.
Note to users with expired versions of Windows AntiSpyware (Beta)
Did your Windows AntiSpyware (Beta) expire? Download and upgrade to the latest version of Windows AntiSpyware (Beta) today for an extension. If you are unsure of the version or when your Windows AntiSpyware (Beta) will expire, you can follow these instructions on how to check the expiration date and version of your Windows AntiSpyware (Beta).
Tools and Apps –
Microsoft ActiveSync 4.1 – Worldwide English – ActiveSync® 4.1 is the latest sync software release for Windows Mobile 5.0-based devices.
Microsoft ActiveSync provides a great synchronization experience with Windows®-based PCs and Microsoft Outlook right out of the box. ActiveSync acts as the gateway between your Windows-based PC and Windows Mobile-based device, enabling the transfer of Outlook information, Office documents, pictures, music, videos and applications from your desktop to your device. In addition to synchronizing with a desktop PC, ActiveSync can synchronize directly with Microsoft Exchange Server 2003 so that you can keep your e-mail, calendar data, notes and contact information updated wirelessly when you’re away from your PC.
User Profile Hive Cleanup Service – The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending. This can result in problems when using Roaming User Profiles in a server environment or when using locked profiles as implemented through the Shared Computer Toolkit for Windows XP.
Microsoft Availability Reporting Management Pack for MOM 2005 – The Microsoft Operations Manager 2005 Availability Reporting Management Pack collects and analyzes data from the event logs of your servers, and generates reports that you can study to improve server availability and reliability. You can identify the causes for planned and unplanned downtime and take preemptive actions to decrease downtime in the future.
Microsoft Office Business Scorecard Manager 2005 Trial Version – The downloads on this page include a trial version of the product. The trial version is valid for use for 180 days after you install it.
- Microsoft Office Business Scorecard Manager Server 2005 (Business_Scorecard_Manager_Server.exe) The server component is the core of the Business Scorecard Manager performance management system. It is comprised of a web service, a metadata database, and Web parts. The download also includes the Scorecard Manager Server Planning and Administration Guide to aid you in the installation process.
- Business Scorecard Builder (Business_Scorecard_Builder.exe) The Business Scorecard Builder is an application that you use to connect, create, and manage scorecard elements, views, and roles and to publish updates to Business Scorecard Manager Server.
Microsoft Operations manager 2005 SLA Scorecard for Exchange – The Microsoft® Operations Manager (MOM) 2005 SLA Scorecard for Exchange provides you with an executive dashboard to measure and trend service availability and workloads across multiple server roles in an Exchange Server messaging environment. This solution also enables you to define desired service levels and identify the cause of service outages.
With the SLA Scorecard, you can configure service level agreement (SLA) targets by server role. It uses aggregated MOM 2005 data to compare actual availability to SLA targets that you have defined. You can view the data as trends by week, month, and year. You can also export service outage details to Microsoft Office Excel® for detailed analysis.
In addition to reports, several performance and activity measures provide you with detail about messaging infrastructure activity and use. Correlating this data with availability data helps you determine the causes behind SLA targets that aren't achieved. With this information in hand, you can fine-tune your infrastructure components to more effectively achieve the SLA target. Similar to the availability metrics, each measure can be reported as a trend by week, month, or year.
Case Studies, Guides and Whitepapers –
Live Meeting 2005 Document: Live Meeting 2005 Registration User’s Guide – Live Meeting 2005 Registration is a feature set of Live Meeting Professional Edition that allows meeting organizers to schedule meetings, create registration pages and manage the registration process for large scale marketing events, training seminars, or any Live Meeting session where an organization needs to track or control attendance.
This user's guide is designed to provide detailed instruction to users of Live Meeting who will organize and manage registered events. Users can follow instructions to create an event and registration page, to manage registrant information, and to manage event information.
Ensuring Identity Consistency at Microsoft – Learn about how Microsoft IT developed the AutoConsistency Manager application. AutoConsistency Manager moves Microsoft one step further in the long-term roadmap toward an end-to-end identity management service that is built on Microsoft Identity Integration Server (MIIS) 2003. AutoConsistency Manager connects to multiple identity stores, including the Active Directory directory service. Based on a set of business rules and corporate security account policies, it automatically checks for, resolves, and reports discrepancies in identity information. As a result, identities are always consistent with the authoritative source. AutoConsistency Manager provides a greater oversight of identities across the enterprise and helps improve network security and regulatory compliance.
Structured Active Directory Schema Management at Microsoft – Detailed discussion of Microsoft IT’s Active Directory schema change management process. Schema changes are frequent at Microsoft, and require a structured workflow to ensure a consistent, smooth, and successful implementation. The change process that Microsoft IT institutionalized establishes clear standards, expectations, and timelines. The change process mitigates risks and helps to optimize results. The structured workflow normalizes schema changes. It provides clear responsibilities to all involved parties, eliminates schema change issues early in the process, and enables timely, optimized results.
Scorecards Provide a Foundation for Business Performance Management at Microsoft – Learn about how Microsoft IT integrates Microsoft Office Business Scorecard Manager 2005 into its business performance management system, making IT performance information easy to find and deliver, clearly associated with supporting contextual data, and shared across the enterprise. Using scorecards to monitor performance against objectives while facilitating accountability, Microsoft IT enhances the quality of business strategy execution and demonstrates the value of IT across the enterprise.
Software Assurance Benefits Comparison Chart – This chart explains which Software Assurance benefits apply to each Microsoft Volume Licensing program.
If you are not currently a Software Assurance customer, please visit the Microsoft Volume Licensing Web site to learn more about the many benefits of Software Assurance.
Microsoft Content Management Server 2002 Online Help – Note If the topics in this file do not appear as you expect (you see "Page cannot be displayed" or "Action canceled," for example), see the Instructions section on this page.
This download contains information about using Microsoft Content Management Server 2002, including the following:
- What’s new with MCMS 2002, roles and responsibilities, Microsoft Technical Support contact information, and using MCMS Help
- Using the Authoring Connector with Microsoft Word 2002 or Microsoft Office Word 2003 to author and edit documents
- Sample deployment configurations, deployment checklists, and issues to consider before deploying MCMS 2002
- Concepts and architecture for MCMS 2002
- Managing site structure and workflow
- Tools and technologies to help administrators and site developers
- Troubleshooting
- Site Author Tutorial and Site Manager Tutorial
- Authoring content from the Web site using MCMS Web Author.
Routing and Remote Access (RRAS) Registry Entries – The registry entries listed in this document affect Routing and Remote Access and were introduced in the Microsoft® Longhorn operating systems.
Permission Letter for Faculty Participation in Student Select – Microsoft Academic Volume Licensing customers may now obtain Student Select software licenses for faculty and staff employees. If your institution is currently enrolled in the Student Select program in the U.S. or Canada and you would like to allow your employees to participate under your Student Select Enrollment, we are extending permission to do so through the use of an open letter agreement.
Note: This permission applies to customers that are located or reside in the United States (not including U.S. territories such as Puerto Rico, Guam, and the Virgin Islands) and Canada only. Please check with your local Microsoft subsidiary for information regarding availability outside of the U.S. and Canada.
Using Microsoft Windows Compute Cluster Server 2003 Job Scheduler – Microsoft® Windows® Compute Cluster Server 2003 brings high-performance computing (HPC) to industry standard, low-cost servers. Jobs—discrete activities scheduled to perform on the compute cluster—are the key to Windows Compute Cluster Server 2003 operation. Cluster jobs can be as simple as a single task or can include multiple tasks. In some situations, tasks are serial—running one after another; in others, they are parallel—running all at the same time. The structure of the tasks in a job is determined by the dependencies among tasks and the type of application being run. In addition, jobs and tasks can be targeted to specific processors within the cluster. Processors can be reserved exclusively for jobs or can be shared among jobs and tasks.
This paper describes the concepts behind the job lifecycle and provides information on using the Job Scheduler to effectively manage jobs in the compute cluster.
ADFS Step-by-Step Guide – This guide provides instructions for setting up Active Directory Federation Services (ADFS) in a small test lab environment and should take approximately 3 hours to complete. It walks you through how to set up a claims-aware application and a Windows NT token–based application on an ADFS-enabled Web server. It also explains how to configure two federation servers that authenticate and authorize federated access to both types of application. No additional downloads are required, you can simply use the code in the document to create the claims-aware application.
IPv6 Transition Technologies – This article describes IPv6 transition technologies and how these technologies are supported by the IPv6 protocol for the Windows Server 2003 family, Windows XP with Service Pack 1, and Windows XP with Service Pack 2. This article is intended for network engineers and support professionals who are already familiar with basic networking concepts, TCP/IP, and IPv6. This article contains sections on transition mechanisms, tunneling configurations, 6to4, ISATAP, Teredo, PortProxy, migrating to IPv6, IPv6 automatic tunneling, and 6over4.
Updates to Understanding IPv6 – The Microsoft Press book "Understanding IPv6," by Joseph Davies, was published in November 2002. Since then, there have been changes to Internet standards for IPv6 and in Microsoft's support for IPv6 in Windows XP and the Windows Server 2003 family. This white paper describes those changes in detail, referencing chapter and page numbers where needed and providing links to additional technical information.
Understanding Mobile IPv6 – Mobile Internet Protocol version 6 (IPv6) allows an IPv6 node to be mobile—to arbitrarily change its location on the IPv6 Internet—and still maintain existing connections. Connection maintenance for mobile nodes is not done by modifying connection-oriented protocols such as TCP, but by handling the change of addresses at the Internet layer using Mobile IPv6 messages and options and processes that ensure the correct delivery of data regardless of the mobile node's location.
Live Meeting Document: Administrator’s Guide – This guide explains how manage your Live Meeting memberships and account preferences. The topics in this document include:
- Managing roles, members, and groups
- Setting account preferences and templates
- Managing brands
Cheers!
Using iSCSI with Virtual Server 2005 R2 — This paper provides brief background information about iSCSI and describes ways to use iSCSI with Microsoft Virtual Server 2005 R2.
The iSCSI protocol, which unifies the TCP/IP networking protocol with the SCSI storage protocol, defines the rules and processes for transmitting and receiving block storage data over TCP/IP networks. Support for iSCSI is provided with Microsoft® Windows Server™ 2003, Microsoft Windows® 2000, and Microsoft Windows XP, and in Microsoft Virtual Server 2005 R2. With iSCSI, the hardware needed for connecting servers to storage is less expensive and less complex than with the common alternative, Fibre Channel.
Virtual Server Host Clustering Step-by-Step Guide for Virtual Server 2005 R2 — This document provides an introduction to the methods and concepts of Virtual Server host clustering. With Virtual Server host clustering, you can provide a wide variety of services through a small number of physical servers and, at the same time, maintain availability of the services you provide. If one server requires scheduled or unscheduled downtime, another server is ready to quickly begin supporting services. Users experience minimal disruptions in service.
Virtual Server host clustering is a way of combining Microsoft® Virtual Server 2005 R2 with the server cluster feature in Microsoft Windows Server™ 2003. This document describes a simple configuration in which you use Microsoft Virtual Server 2005 R2 to configure one guest operating system, and configure a server cluster that has two servers (nodes), either of which can support the guest if the other server is down. You can create this configuration and then, by carefully following the pattern of the configuration, develop a host cluster with additional guests or additional nodes.
Cheers!
Malicious Software Removal Tool – KB890830 — The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.
IEEE 802.1X for Wired Networks and IPSec with Microsoft Windows — Microsoft® Windows Server™ 2003 and Windows® XP support both the IEEE 802.1X standard for wired networks and the Internet Protocol security (IPsec) Internet standard. The IEEE 802.1X standard for wired networks provides authentication and authorization protection at the network edge where a host attaches to the network. IPsec provides peer authentication and cryptographic protection of IP traffic from end-to-end. This white paper describes the security and capabilities of 802.1X for wired networks and IPsec based on industry standards and their support in Windows Server 2003 and Windows XP, and provides comparison information when evaluating deployment of these security technologies.
Update for Windows Server 2003 – KB907986 — Install this update to correct an issue in which the IIS Manager (UI) stops responding when exiting the Secure Communications dialog box in Windows Server 2003 R2. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 (x64) – KB907986 — Install this update to correct an issue in which the IIS Manager (UI) stops responding when exiting the Secure Communications dialog box in Windows Server 2003 R2. After you install this item, you may have to restart your computer.
Cheers!
Hotfixes, Patches, Updates, Service Packs —
Update for Office 2003 – KB907417 – You can get specific information about this update in the Microsoft Knowledge Base article Description of the Update for Office 2003 (KB907417).
Note: Users of Indonesian, Malay, Urdu, and Vietnamese language versions of Outlook 2003 can download and install office2003-kb904631-fullfile-enu.exe. Refer to the Instructions section below for details.
Update for Outlook 2003 Junk Email Filter – KB907492 – You can get specific information about this update in the Microsoft Knowledge Base article Description of the Update for Outlook 2003 Junk E-mail Filter (KB907492).
Note: Users of Indonesian, Malay, Urdu, and Vietnamese language versions of Outlook 2003 can download and install office2003-kb904631-fullfile-enu.exe. Refer to the Instructions section below for details.
Content Management Server 2002 SP2 – Microsoft® Content Management Server 2002 Service Pack 2 (SP2) provides the latest updates to Content Management Server 2002.
This service pack requires the following previously released update(s):
Content Management Server 2002 SP2 introduces compatibility with Visual Studio 2005 and SQL Server 2005. Service Pack 2 also introduces compatibility with x64-compatible versions of Windows in 32-bit emulation mode. You can get specific information about this update in the Microsoft Knowledge Base article Description of the Content Management Server 2002 Service Pack 2.
Update for Windows Server 2003 – KB907986 – Install this update to correct an issue in which the IIS Manager (UI) stops responding when exiting the Secure Communications dialog box in Windows Server 2003 R2. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 (x64) – KB907986 – Install this update to correct an issue in which the IIS Manager (UI) stops responding when exiting the Secure Communications dialog box in Windows Server 2003 R2. After you install this item, you may have to restart your computer.
Tools and Apps –
Windows User State Migration Tool v2.6.1 – Microsoft® Windows® User State Migration Tool (USMT) version 2.6.1 migrates user files and settings during deployments of Windows 2000 or Microsoft Windows XP. USMT 2.6.1 provides enterprise migration capabilities such as unattended migration, multi-user profile support and compression. USMT 2.6.1 is intended for administrators who are performing automated deployments.
USMT 2.6.1 includes two command-line tools named Scanstate and Loadstate. Scanstate captures an intermediate store with the user files and settings from the source computer. Loadstate restores these files and settings to the destination computer.
USMT 2.6.1 also has five default migration rule (.inf) files named Migapp.inf, Migsys.inf, Miguser.inf, Sysfiles.inf, and ArchiveApp.inf. You can alter the default .inf files and you can create customized .inf files. Depending on what you want to migrate, you can specify all or none of the default .inf files on the command line.
The entire migration process is driven by the .inf rules, which you can modify, and logic that is built-in to the tool. When using USMT for automated migration, in almost all cases you should modify the .inf files to better handle your unique situation.
Mint Source – Mint Source is the unconventional new starter kit for students that enables you to quickly get your hands on the freshest, hottest technology from Microsoft. Think of it as direct line to Microsoft information. We’ll give you samples of what you can do and the tools to do it. Get ahead. Get Mint Source… and be the first to download the latest knowledge and tools. Free ‘n’ easy just got easier.
Case Studies, Guides and Whitepapers –
Deploying and Managing Microsoft Windows Compute Cluster Server 2003 – Microsoft® Windows® Compute Cluster Server 2003 supports several different deployment scenarios based on the different system configurations the administrator selected before deployment. Deployment is simplified by the Compute Cluster Administrator, which provides a wizard interface that guides administrators through the process after deployment decisions are made.
This paper discusses each supported deployment scenario and covers the basics of post-deployment compute cluster administration.
How to Install and Configure Small Business Accounting 2006 on Windows SBS 2003 – Microsoft® Office Small Business Accounting 2006 is a comprehensive financial management program that helps small business owners and office managers handle the financial needs of their business using software that has the look and feel of Microsoft Office and offers great integration with other Microsoft Office programs. It can be installed on a standalone computer, or on a peer-to-peer network environment for multiple users. If you centralize the database to run on Microsoft Windows® Small Business Server 2003 server software, multiple people can use Small Business Accounting 24x7, they can remotely access Small Business Accounting and backups will be performed automatically. To properly configure Small Business Accounting 2006 to run on a Windows Small Business Server 2003 network, follow the steps in this document.
Microsoft IT Academy Program Guide for the North America Region – The Microsoft IT Academy program is a complete technology training solution for faculty and students that includes a coordinated curriculum, courseware and online collaboration tools to help people achieve certification in Microsoft technologies. When institutions become members of the Microsoft IT Academy program, they immediately gain a teaching structure, faculty training program, and marketing materials that help elevate community recognition and attract students. This program guide addresses key programmatic and administrative elements that are essential to achieving and maintaining Microsoft IT Academy status.
Beta 2 Reviewers Guide for DFS Solutions in Windows 2003 R2 – This guide provides system requirements, installation instructions, and step-by-step walkthroughs for deploying namespaces and DFS Replication using the Beta 2 release of Windows Server 2003 R2.
Research Brief: Encouraging Returnds for Microsoft System Center Data Protection Manager – In May 2005, ESG surveyed more than 200 IT professionals to assess their attitudes towards Microsoft’s new System Center Data Protection Manager (DPM) product. Our conclusion? Microsoft is poised to make significant inroads into the market for Windows-based data protection solutions: Close to one-half of all IT professionals surveyed would consider a Microsoft data protection solution and 100 percent of the respondents familiar with DPM believe their organization will evaluate the product. Research findings reveal that users are most interested in a Microsoft data protection solution because of the operational efficiencies they expect to gain by standardizing on Microsoft products. Specifically, users believe that a Microsoft data protection solution would have superior integration with Microsoft applications and server infrastructure compared to other vendors’ offerings, and as a result, would allow them to leverage existing Microsoft skills to more easily manage the data protection process.
Microsoft CRM 3.0 Reaadme – This document provides important late breaking information about Microsoft CRM 3.0 that is supplements the Microsoft CRM documentation.
Cheers!
…via the Anti-Malware Engineering Team.
…and some information on disabling the ActiveX control that was later delivered by Sony that allows you to block this control.
Cheers!
The Anti-Malware Team has posted a blog entry annoucing the availability of the signatures to detect and remove the Sony XCP software.
Find it here….
Cheers!
I wanted to put up a post last night with my findings on my test system. Well…..I didn’t get in till late last night and didn’t have time to get to it. So it is on my plate for this weekend.
I did pick up one of the CD’s that is impacted by this – Our Lady Peace – “Healthy in Paranoid Times”
So look for the post before Monday!
Cheers!
Sony has been hit with it’s first lawsuit (class action even!) regarding it’s DRM rootkit technology….
Mark Russonovich’s blog on how he found it on his system….
Short list of affected CD’s…
Washington Post article…
Slashdot info on the lawsuit…
**Update** – Link to Sony’s “Service Pack” to disable the DRM rootkit (make a backup of your system BEFORE running this. I have read reports that trying to remove thr DRM kit can cause problems. I have not confirmed myself)
The Nun and I buy a LOT of music CD’s which go directly into our Media Center PC. When I first caught wind of of this, I ran RootKitRevealer on my Media Center and thankfully didn’t have anything unusual listed. But that didn’t make me feel any better about it. Especially since I don’t know what it would look like even if I was affected by this.
So today I am going to head out and find one of the CD’s, build a sandbox system, “infect” it with music, and then run the test again.
I will blog about this with screen shots later this evening.
Cheers!
Presentations and WebCasts –
ISV Chalk Talk – Vista user Account Protection – A technical discussion at PDC 2005 on what’s new in Windows Vista User Account Protection
Tools and Apps –
Windows SharePoint Services Applications Template: Employee Activities – The Employee Activities Site application for Windows SharePoint Services is a central site for communicating information to employees about company clubs, teams, and events. With this application, employees can sign up for activities, access contact and schedule information, participate in discussions and surveys, and view activity photos. Now companies can more easily keep employees up to date on activities in which they may participate, and employees can quickly access the information they need to get involved.
User Profile Hive Cleanup Service – On Windows 2000 the service deals with application event log event 1000 from source Userenv where the message indicates that the profile is not unloading and the error is "Access is denied". On Windows XP and Windows 2003 the equivalent events are 1517 and 1524 from source Userenv.
To accomplish this the service monitors for logged off users that still have hives loaded. When that happens the service determines which applications have handles opened to the hives and releases them. It logs the application name and what registry keys where left open. After this the system finishes unloading the profile.
Guides and Whitepapers –
ASP.NET 2.0 Hosting Deployment Guide – The ASP.NET 2.0 Deployment Guide is a reference for web hosters who are interested in adding ASP.NET 2.0 to their existing Windows hosting service. Besides improving developer productivity, ASP.NET 2.0 also provides benefits for hosted environments, including support for shutting down inactive applications and locking down rogue applications. Enhanced health monitoring configuration can be used to set thresholds and severity levels for monitoring the health of ASP.NET.
Application Platform (SQL Server, Visual Studio, and BizTalk Server) White Paper – This paper outlines the Microsoft application platform—the confluence of servers, clients, and devices that can help connect people with business-critical information across the enterprise, thus driving overall business success. This paper focuses on Microsoft’s latest investments in business intelligence, integration, and developer productivity with updated releases of Microsoft SQL Server 2005, Microsoft BizTalk Server 2006, and Microsoft Visual Studio 2005, respectively.
Microsoft CRM Implementation Guide – This Implementation Guide provides the information required for a successful Microsoft CRM implementation into your business. This guide addresses the planning, installing (both hardware and software), pre-deployment testing, and operating tasks for the maintenance of the Microsoft CRM system.
This guide is written for the computer system administrator. This guide also assumes that any organization implementing Microsoft CRM software will have the services of an independent software vendor (ISV) or value-added reseller who is partnered with Microsoft and will help you with the entire process of implementing and maintaining your Microsoft CRM installation. Because of this assumption, there are references in this guide to these "partners" who are expected to provide various services to you.
Microsoft CRM 3.0 Customization Planning Forms – This download includes one file for each customizable entity in Microsoft CRM. Each file includes default forms, views, attributes, and reports for the entity, with tables to add information on what you want to change. These files are designed to be printed and brought to meetings where managers and employees determine how to customize Microsoft CRM for their specific business needs.
Microsoft CRM 3.0 Online Help – This download contains the concepts and procedures from Microsoft CRM 3.0 online Help. You can use this download to view Microsoft CRM 3.0 online Help on a computer that does not have Microsoft CRM installed. The help files are the same as those included in the product.
Because these help files are not being viewed in the context of Microsoft CRM, the form on each topic for sending documentation feedback does not work. To send documentation feedback, e-mail mscrmdf@microsoft.com.
IDC Mission Critical Tracker 2005 (Long Version) – During the spring and summer of 2005, IDC conducted a worldwide survey of the Mission Critical Market for Microsoft. Using their proven, rigorous survey methodology, IDC asked large Enterprises around the world what their Mission Critical IT applications looked like. Questions covered Operating Systems, Application Platforms, Application Servers, Portals, Message Queuing and more. 1918 responses were gathered from 9 Countries, in order to put together a comprehesive picture of the Mission Critical Application Software Market. This document contains the results of that survey.
Microsoft Office Business Scorecard Manager 2005 Technical White Papers – Microsoft Office Business Scorecard Manager 2005 empowers users to optimize business performance through strategic decision making. These downloads include white papers for developers.
- Installing and Managing Alerts Using Business Scorecard Manager (Business_Scorecard_Manager_Alerts_WP.doc) This white paper explains the detailed steps required to install and manage alerts using Business Scorecard Manager 2005.
- Building Custom Report Views for Microsoft Business Scorecard Manager 2005 (Business_Scorecard_Builder_Custom_Report_WP.doc) This white paper provides information for building custom report views, by creating a sample custom report view, then developing a configuration component and a Web component.
- Using MSMQ Triggers with Business Scorecard Manager (Business_Scorecard_Manager_MSMQ_WP.doc) This white paper describes how to use Microsoft® Message Queuing Services (MSMQ) 3.0 with Microsoft Office Business Scorecard Manager 2005. Readers should be familiar with MSMQ.
- Passing Parameters in Business Scorecard Manager 2005 (Business_Scorecard_Manager_Passing_Parameters_WP.doc) This white paper is intended for developers who want to create custom views for scorecards by sending data from page filters, row slices and column slices from a scorecard view through a query string to an Office Report View Web Part.
Introduction to Microsoft Identity Integration Server 2003 – This roadmap describes the documentation available for Microsoft® Identity Integration Server (MIIS) 2003 and Identity Integration Feature Pack (IIFP) for Microsoft® Windows Server™ Active Directory. The first section, Common Tasks, allows you to search MIIS 2003 resources for specific information about a task you might want to do.
The second section, Documentation Summary, provides a complete list of the MIIS 2003 documentation sets with a brief summary of each document. The documentation summary is divided into five categories: technical reference, design and planning, walkthroughs, operations, and Resource Tool Kit to make it easier to locate specific documentation.
Step-by-Step Guide for Setting up a PPTP based Site-to-Site VPN Connection in a Test Lab – This guide describes the configuration of a Point-to-Point Tunneling Protocol (PPTP)-based site-to-site virtual private network (VPN) connection using five computers in a test lab. The VPN connection described in this guide enables you to simulate and observe Microsoft® Windows® Server™ 2003 site-to-site VPN functionality. The VPN connection described in this guide is for testing purposes only, and cannot be used in a production environment.
This guide assumes familiarity with Transmission Control Protocol/Internet Protocol (TCP/IP), IP routing, and the capabilities of the Windows Server 2003 Routing and Remote Access service.
Step-by-Step Guide for Setting Up VPN based Remote Access in a Test Lab – This step-by-step guide includes updates to the original guide due to security enhancements in the release of Windows Server 2003 with SP1 and Windows XP Professional with SP2.
This guide provides detailed information about how you can use five computers to create a test lab with which to configure and test virtual private network (VPN) remote access with the Windows XP Professional with Service SP2 and the 32-bit versions of Windows Server 2003 with SP1 operating systems. These instructions are designed to take you step-by-step through the configuration required for a Point-to-Point Tunneling Protocol (PPTP) connection, a Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (L2TP/IPsec) connection, and a VPN connection that uses certificate-based Extensible Authentication Protocol-Transport Level Security (EAP-TLS) authentication.
Creating a Systemized Approach to Regulatory Compliance at Microsoft – Detailed discussion of some of the processes and tools that the Microsoft Information Technology (Microsoft IT) group currently uses to systemize the approach of supporting regulatory compliance activities at Microsoft. Increased governmental oversight in recent years has resulted in new texts and requirements that affect organizations in a wide range of industries. To reduce the overhead of remaining compliant in the constantly evolving regulatory landscape, Microsoft is creating a holistic approach to regulatory compliance. This approach uses a framework of common security controls, unique tools for monitoring, and IT tools for tracking and reporting compliance.
Cheers!
Just a couple of new items this week —
Update for Windows Server 2003 x64 Edition (KB904714) — Install this update to enable client computers to use the Windows Indexing Service when searching for a network-shared file on a Windows Server 2003-based computer. This update resolves an issue in which the Windows Indexing Service cannot not be used if the index is not 100 percent up-to-date. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 (KB904714) — Install this update to enable client computers to use the Windows Indexing Service when searching for a network-shared file on a Windows Server 2003-based computer. This update resolves an issue in which the Windows Indexing Service cannot not be used if the index is not 100 percent up-to-date. After you install this item, you may have to restart your computer.
Windows XP Language Interface Pack — Microsoft Windows XP Language Interface Pack (LIP) is a high-quality, localized "skin" for emerging or minority language markets, such as Catalan, Lithuanian, and Thai. Based on MUI technology, LIP provides the desktop user with an approximately 80% localized user experience by translating a reduced set of user interface elements. LIP is installed on a licensed copy of Windows and a fixed base language.
Synchronizing Images and Files in Windows XP using Microsft SyncToy — Increasingly, computer users are using different folders, drives, and even different computers (such as a laptop and a desktop) to store and retrieve files. There are new sources of files coming from every direction: digital cameras, e-mail, cell phones, portable media players, camcorders, PDAs, and laptops. Yet managing hundreds or thousands of files is still largely a manual operation. In some cases it is necessary to move files from one place to another; in other cases there is a need to keep two storage locations exactly in sync. Some users manage files manually, dragging and dropping from one place to another and keeping a mental card catalog in their heads. Others use one or more applications of one sort or another to provide this functionality for them.
Microsoft Color Control Panel Applet for Windows XP — The Microsoft Color Control Panel Applet adds a new 'Color' item to the Windows control panel, providing a single place to view and edit color management settings in Windows XP. Using it, you can install and uninstall color profiles, change color profile associations for displays, printers and scanners, view detailed properties for color profiles (including a 3D rendering of the color space gamut), and rename color profiles, keeping the filenames and "internal" names consistent.
This tool also enables Windows to automatically adjust the gamut curve of the display when a color profile containing gamut table information is set as the default profile for the display. Typically, such profiles are created by custom monitor calibration tools, such as those available from ColorVision, GretagMacbeth, and X-Rite. If a color profile has this information, it is shown with an asterisk (*) in the user interface.
Using the Microsoft Color Control Panel Applet, you can:
- Install and uninstall ICC color profiles
- Inspect, rename, and compare two different color profiles
- View a 3D graphics plot of color profile color gamuts
- Associate color profiles with devices such as printers, monitors, and scanners
- Apply custom color gamut adjustments to one or more displays “on the fly”
- Set up display calibration reminders at intervals you specify
Cheers!
c|net reported yesterday on our new name for our anti-spyware efforts. My buddy Kevin reported as well on his blog.
While I don’t want to be negative (I think the product kicks ass), I have never understood how Microsoft comes up with the names for our products. With a name like “Windows Defender”, it damn sure better defend my Windows install, and my Office install, and all my 3rd party apps, and anything else on my PC or it doesn’t do what it’s name implies. That is also the perception I think the public will have – even though the name is WINDOWS defender, the public will see it as MY-ENTIRE-COMPUTER Defender.
To be clear – I love the product but I don’t like the name. I have been using the Anti-Spyware beta (formerly Giant Anti-Spyware) since just after the acquisition. It is a solid product and will benefit millions of users in it’s final form. But that name basically states, “I am a product that will defend (read this as ‘protect’) your system from harm”. If there is ever an issue with this app and some damage is done, the press (read this as ‘bloggers’) will have a hey day with us based on the name alone.
But, even though I don’t like the name, I don’t there will be a major (bad) event as a result of a breakdown in Windows Defender. There will be growing pains, there will be some issues, but the product rocks. I think we have raised the bar for the bad guys. They will of course start taking jumps at that bar and someone will clear it eventually. Then the collective “we” of good guys across the industry will roll out some new protection app/mechanism and the race starts again.
If you haven’t loaded up the Anti-Spyware Beta/Windows Defender, go check it out. I run it side-by-side with SpyBot Search and Destroy and between the two of them my system (heavily used all over the web) has been spyware free since doing so months and months and months ago.
Cheers!
Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks – This whitepaper presents two deployment methods for secure wireless access, one for small office/home office (SOHO) networks and one for small organization that are domain-based networks, built using Windows Server 2003 technologies. This paper contains information you can be use to determine the preferred method for deploying secure wireless access in existing SOHO networks or small organization networks. The topic also provides step-by-step instructions for setting up secure wireless connections, after the preferred deployment method has been determined. Additionally, if you are planning a new network with wireless access or considering changing to a different type of network with wireless access, this paper provides information that can assist you in determining which type of deployment best suits your needs.
Update for Windows Server 2003 for Itanium based Systems – KB904639 – Install this update to address an issue that will keep some applications from running in a 64-bit environment. When you try to run a 64-bit application that uses an Interface Remoting component of Microsoft Data Access Components (MDAC) 2.8, you may receive an "access violation" error message, or the dllhost.exe process may display 100% CPU utilization when viewed with Task Manager. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 (x64) – KB904639 – Install this update to address an issue that will keep some applications from running in a 64-bit environment. When you try to run a 64-bit application that uses an Interface Remoting component of Microsoft Data Access Components (MDAC) 2.8, you may receive an "access violation" error message, or the dllhost.exe process may display 100% CPU utilization when viewed with Task Manager. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 (32bit x86) – KB905639 – Install this update to address an issue that will keep some applications from running in a 64-bit environment. When you try to run a 64-bit application that uses an Interface Remoting component of Microsoft Data Access Components (MDAC) 2.8, you may receive an "access violation" error message, or the dllhost.exe process may display 100% CPU utilization when viewed with Task Manager. After you install this item, you may have to restart your computer.
Cheers!
Patterns and Practices Security Engineering Explained — This download describes the patterns & practices Security Engineering approach that can be used to integrate security into your application development life cycle. The Security Engineering approach contains activities for identifying security objectives, applying secure design guidelines, creating threat models, conducting security architecture and design reviews, performing security code reviews, security testing, and conducting security deployment reviews.
Windows XP Security Guide — The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with Service Pack 2 (SP2) in three distinct environments:
- Enterprise Client (EC). Client computers in this environment are located in an Active Directory directory service domain.
- Stand-Alone (SA). Client computers in this environment are not members of an Active Directory domain.
- Specialized Security - Limited Functionality (SSLF). Client computers in this environment are subject to extraordinary security concerns. These concerns are so great that a significant loss of functionality and manageability is acceptable.
Information about the security features in SP2 was included as an appendix to the previous version of this guide. This information has now been integrated throughout the guide, and thoroughly tested templates for Windows Firewall security settings (Windows Firewall replaced the Internet Connection Firewall in SP2) are provided. Information is also provided about closing ports, Remote Procedure Call (RPC) communications, memory protection, e-mail handling, Web download controls, spyware controls, and much more.
This guide is primarily intended for consultants, security specialists, systems architects, and IT planners who plan application or infrastructure development and the deployment of Windows XP workstations in an enterprise environment.
Windows Server Update Services Operations Guide — Comprehensive guidance on the major tasks involved in administering and troubleshooting Microsoft Windows Server Update Services (WSUS), including synchronization and managing computers and computer groups, as well as viewing, approving, testing, and storing updates, and running reports.
Update for Windows Server x64 – KB907639 — Install this High-performance Computing (HPC) update to Microsoft Windows Remote Installation Services (RIS) to obtain changes to RIS specifically designed to operate in the Windows 2003 Compute Cluster Server environment.
Update for Windows Server 2003 – KB907639 — Install this High-performance Computing (HPC) update to Microsoft Windows Remote Installation Services (RIS) to obtain changes to RIS specifically designed to operate in the Windows 2003 Compute Cluster Server environment.
Update for Windows Server 2003 Itanium – KB907639 — Install this High-performance Computing (HPC) update to Microsoft Windows Remote Installation Services (RIS) to obtain changes to RIS specifically designed to operate in the Windows 2003 Compute Cluster Server environment.
Update for Windows Server 2003 – KB897616 — Install this update to correct an issue in which Internet Connection Sharing does not appear in the properties of the active network connection after you install Active Directory to configure a computer that is running Windows Server 2003 with Service Pack 1 as a domain controller. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 Itanium – KB897616 — Install this update to correct an issue in which Internet Connection Sharing does not appear in the properties of the active network connection after you install Active Directory to configure a computer that is running Windows Server 2003 with Service Pack 1 as a domain controller. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 x64 – KB897616 — Install this update to correct an issue in which Internet Connection Sharing does not appear in the properties of the active network connection after you install Active Directory to configure a computer that is running Windows Server 2003 with Service Pack 1 as a domain controller. After you install this item, you may have to restart your computer.
Update for Windows 2000 – KB908506 — Install this update to address an issue on computers running Windows 2000 Service Pack 4 in which clients accessing a print device attached to a print server are no longer able to print when using the Lexmark Monolithic PCL driver after installing security bulletin MS05-043 (KB896423). After you install this item, you may have to restart your computer.
Implementing WSUS with ISA Server 2004 to manage Remote Clients — Today’s companies have a growing mobile workforce. Keeping these assets up to date with current patches is extremely important to ensure continued productivity and decreased security risk. Many organizations are finding it more and more difficult to keep these mobile devices patched as the need for VPN decreases as the number of applications utilizing Internet protocols such as HTTP and HTTPS grows. Using Windows Server Update Services (WSUS) in combination with Internet Security and Acceleration Server 2004 (ISA 2004) organizations can extend their existing Intranet based patch management to their growing number of mobile devices. The purpose of this document is to detail the implementation planning and steps needed to create an Internet based patch management solution using WSUS and ISA 2004.
Exchange Server 2003 SP2 — Exchange Server 2003 Service Pack 2 (SP2) offers new features and improvements to Exchange Server 2003. New features include support for mobility and message hygiene. Improvements have been made to address performance and reliability with public folders and with database size restrictions.
New for mobility is direct push, which is an Exchange technology that maintains an open connection between the mobile device and the server. Remote wipe is another new feature, and it enables administrators to delete sensitive data from a lost or stolen mobile device. Other features include global address list (GAL) lookup, policy provisioning whereby administrators can make supported policies more secure, support for certificate-based authentication, use of S/MIME to sign and encrypt mail, and server-based synchronization of Tasks.
Anti-spam improvements are included in the release of the integrated version 2 of Microsoft Exchange Intelligent Message Filter, and Sender ID, which is an industry-standard framework. Version 2 of Intelligent Message Filter contains significant improvements in the anti-spam area for SP2.
For Exchange Server 2003 Standard Edition, the hard-coded licensing database size limit has been increased from 16 GB to 75 GB. The administrator can set a protective database size limit (prevent unintentional database size growth). The default value will be 18 GB in SP2 for Standard Edition and the default can be changed.
Public folders are now more manageable. Administrators can now track who deleted public folders, stop and resume public folder replication, synchronize the public folder hierarchy, propagate access control list (ACL) changes through public folder hierarchy, and propagate replica list changes through the public hierarchy. Many of the improvements work toward minimizing the effect of replication storms.
There is a new version of the offline address book (OAB 4.0) that features the reduction in the OAB size, differential OAB update files, indexing based on locale setting, and improved diagnostic logging.
Deploying Microsoft Windows Server Update Services — Comprehensive guidance on deploying Microsoft Windows Server Update Services (WSUS), including a description of how WSUS functions, and descriptions of WSUS scalability and bandwidth management features, as well as step-by-step procedures for installation and configuration of the WSUS server. You will find how to update and configure Automatic Updates on client workstations and servers that will be updated by WSUS, steps for migrating from Microsoft Software Update Services (SUS) to WSUS, and steps for setting up a WSUS server on an isolated segment of your network and manually importing updates.
Cheers!
User Profile Hive Cleabup Service — On Windows 2000 the service deals with application event log event 1000 from source Userenv where the message indicates that the profile is not unloading and the error is "Access is denied". On Windows XP and Windows 2003 the equivalent events are 1517 and 1524 from source Userenv.
To accomplish this the service monitors for logged off users that still have hives loaded. When that happens the service determines which applications have handles opened to the hives and releases them. It logs the application name and what registry keys where left open. After this the system finishes unloading the profile.
Scripting Week 3 Samples — Sample scripts presented during the Scripting Week 3 webcast series (held October 24-28, 2005) on TechNet. All of the scripts demonstrated during the week-long series are included in this download.
Structured Active Directory Schema Management at Microsoft — Detailed discussion of Microsoft IT’s Active Directory schema change management process. Schema changes are frequent at Microsoft, and require a structured workflow to ensure a consistent, smooth, and successful implementation. The change process that Microsoft IT institutionalized establishes clear standards, expectations, and timelines. The change process mitigates risks and helps to optimize results. The structured workflow normalizes schema changes. It provides clear responsibilities to all involved parties, eliminates schema change issues early in the process, and enables timely, optimized results.
Storage manager for SANs Quick Start Guide — The Storage Manager for SANs component of the Microsoft Windows Server™ 2003 R2 operating system enables you to provision storage on one or more storage subsystems on a storage area network (SAN). Based on Microsoft Virtual Disk Service (VDS) technology, Storage Manager for SANs allows provisioning on Fibre Channel and Internet SCSI (iSCSI) storage subsystems.
ADFS Step-by-Step Guide — This guide provides instructions for setting up Active Directory Federation Services (ADFS) in a small test lab environment and should take approximately 3 hours to complete. It walks you through how to set up a claims-aware application and a Windows NT token–based application on an ADFS-enabled Web server. It also explains how to configure two federation servers that authenticate and authorize federated access to both types of application. No additional downloads are required, you can simply use the code in the document to create the claims-aware application.
Step-by-Step Guide to Setting up Server for NIS — Microsoft® Windows Server for NIS enables a Microsoft Windows–based Active Directory domain controller to administer UNIX Network Information Service (NIS) networks. This guide describes installation and NIS migration tasks required to configure Server for NIS on your network.
Beta 2 Step-by-Step Guide for Storage Resource Manager — The Storage Resource Manager component of the Microsoft® Windows Server™ 2003 R2 operating system enables system administrators to understand how storage is being used and to manage the use of their storage by generating storage reports, applying quotas to volumes and folders, and screening files on the server. This guide provides installation instructions and step-by-step walkthroughs for creating quotas, creating file screens, and scheduling storage reports.
Print Management Step-by-Step Guide — Print Management provides up-to-the-minute details about the status of printers and print servers on the network. You can use Print Management to install printer connections to a group of client computers simultaneously. Print Management can help you find printers that have an error condition by using filters. It can also send e-mail notifications or run scripts when a printer or print server needs attention. On printer models that provide a printer Web page, Print Management has access to more data, such as toner and paper levels, which you can manage from remote locations, if needed.
Windows Server Update Services Operations Guide — Comprehensive guidance on the major tasks involved in administering and troubleshooting Microsoft Windows Server Update Services (WSUS), including synchronization and managing computers and computer groups, as well as viewing, approving, testing, and storing updates, and running reports.
MSN Messenger 7.5 for Windows — Chat online, in real time, with friends, family, and colleagues. It's faster than e-mail, more discreet than a phone call, and best of all – it's free! MSN Messenger is more than just text, it’s a great way to collaborate with co-workers or touch base with family and friends. You can even send an instant message to a contact’s mobile phone. Customization features help you personalize your chats and make your connections even more meaningful.
ADAM Step-by-Step Guide — The Active Directory directory service in Microsoft Windows 2000 and in Microsoft Windows®Server 2003 is the fastest growing directory service for intranets and extranets, as a result of its rich integration of directory support and security, scalability, and native Lightweight Directory Access Protocol (LDAP) support. Active Directory in Windows Server 2003 builds on that success by supporting a number of new LDAP capabilities that are targeted for information technology (IT) professionals and applications developers. Active Directory Application Mode is one of these new capabilities. Organizations, independent software vendors (ISVs), and developers who want to integrate their applications with a directory service now have an additional capability in Active Directory that provides numerous benefits.
Overview of ADFS in Windows Server 2003 R2 — Federated identity management is a standards-based technology and information technology process that enables distributed identification, authentication, and authorization across organizational and platform boundaries. Federated systems need to interoperate across organizational boundaries and connect processes utilizing different technologies, identity storage, security approaches, and programming models. Within a federated system, an organization needs a standardized and secure way of expressing not only the services it makes available to trusted partners and customers but also the policies by which it runs its business, such as which other organizations and users it trusts, what types of credentials and requests it accepts, and its privacy policies.
The Active Directory Federation Services (ADFS) solution in Windows Server 2003 R2 helps administrators address these challenges by enabling organizations to securely share a user's identity information.
Internet Explorer 7 Beta 1 Technology Overview — Internet Explorer 7 Beta 1 includes advancements in security and browsing experience for end users, functionality and compatibility for developers and manageability for corporate network administrators. Beta 1 is intended to enable developers to begin to test the new browser for compatibility with their applications and Web sites. Read the Technology Overview to learn more.
Cheers!
837115: How to diagnose and fix user profile unloading problems -->
Migrating from SBS 2000 or Windows 2000 Server to Windows SBS 2003 Server — To upgrade to Microsoft® Windows® Small Business Server 2003 from Microsoft Small Business Server 2000 or Windows 2000 Server, you must perform a server migration. A server migration includes installing Windows Small Business Server 2003 on a new computer, and then migrating data and settings. You can complete a server migration to either a retail installation of Windows Small Business Server 2003 or to a computer purchased from an original equipment manufacturer (OEM) that was preinstalled with Windows Small Business Server 2003.
Cheers!
Scripting Week 3 Program — Get a sneak peek at Scripting Week 3, a series of five webcasts on system administration scripting to be held October 24-28, 2005 on TechNet. The program includes a detailed description of each webcast, biographies of the presenters, even a Scripting Week trivia quiz. And don't miss the special offer from Microsoft Press, featuring 40% off on selected MS Press books.
Microsoft Management Console (MMC) 3.0 Pre-Release (RC1) — Microsoft Management Console 3.0 Pre-Release (Based on Windows Server 2003 R2 RC1).
MMC 3.0 (formerly MMC 2.1) ships as a component in Windows Server 2003 R2 and Windows Vista, and continues to be the host for a variety of OS and 3rd party administrative tools.
Cumulative Help for Microsoft Windows Server 2003 Multilingual User Interface Pack — Many enterprise customers have deployed the Windows Server 2003 Multilingual User Interface Pack in their corporations in order to enable network administrators to administer the server in their native language and reduce server management costs in multilingual computing environments.
Microsoft has provided an update to the MUI Help system that includes important new information for customers who have deployed MUI with the Windows Server 2003 operating system. This update contains important security information and updates as well as documentation for new features that ship with Windows Server 2003 Service Pack 1.
Cheers!
Ocober 11th 2005 Enterprise Update Scan Tool (standalone version) — Microsoft has released a new tool designed to help enterprises detect updates provided with the Microsoft Security Bulletins released October 11, 2005. This tool is a command line scanning tool built for the sole purpose of helping customers determine systems that may need security updates provided with the released bulletins. Users of this tool should have experience in deploying software to corporate environments and with using command line tools. More information on this tool can be found in the readme.rtf documentation packaged with the tool download.
Extended Security Update Inventory Tool — The SMS Extended Security Update Inventory tool is a scan tool built for the sole purpose of helping customers determine SMS client computers that may need security updates that are not detectable using the existing SMS Security Update Inventory Tool built on MBSA. Like the SMS Software Update Inventory tool, this tool also has the instructions for locating each applicable update, downloading it from Microsoft, and deploying it using SMS . The SMS Extended Security Update Inventory Tool is built on Enterprise Scan Tool (EST) detection technology. For more information about the exact detection capabilities of EST and how it differs from MBSA, see Microsoft Knowledge Base Article 894193. For more information on the SMS Extended Security Update Inventory Tool, please see the included user guide and release notes.
Microsoft Windows malicious Software Removal Tool – KB890830 — The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
Cheers!
Deployment of IEEE 802.1x for Wired Networks Using Microsoft Windows — This article describes how to deploy IEEE 802.1X authentication for wired networks using authenticating switches, wired client computers running Microsoft Windows XP, Windows Server 2003, or Windows 2000, and a wired authentication infrastructure consisting of Windows Server 2003 or Windows 2000 Active Directory directory service domain controllers, certification authorities, and Internet Authentication Service servers.
Cheers!
Windows Server Update Services Operations Guide — Comprehensive guidance on the major tasks involved in administering and troubleshooting Microsoft Windows Server Update Services (WSUS), including synchronization and managing computers and computer groups, as well as viewing, approving, testing, and storing updates, and running reports.
Cheers!
Windows Sharepoint Services Admin Guide — This version of the Administrator's Guide includes updates for Windows SharePoint Services Service Pack 2 (SP2). The following topics are new:
- What's New in Windows SharePoint Services Service Pack 2
- Allowing Web Applications to Coexist with Windows SharePoint Services
- Preparing Front-End Web Servers for Windows SharePoint Services
Update for Windows XP x64 Edition – KB907865 — Install this update to address multiple issues in the IPSec Policy Agent. The IPSec Policy Agent (IPsecsvc.dll) manages Internet Protocol security policy. After you install this item, you may have to restart your computer.
Update for Windows XP – KB907865 — Install this update to address multiple issues in the IPSec Policy Agent. The IPSec Policy Agent (IPsecsvc.dll) manages Internet Protocol security policy. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 64–bit Itanium – KB907865 — Install this update to address multiple issues in the IPSec Policy Agent. The IPSec Policy Agent (IPsecsvc.dll) manages Internet Protocol security policy. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 – KB907865 — Install this update to address multiple issues in the IPSec Policy Agent. The IPSec Policy Agent (IPsecsvc.dll) manages Internet Protocol security policy. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 x64 Edition – KB907865 — Install this update to address multiple issues in the IPSec Policy Agent. The IPSec Policy Agent (IPsecsvc.dll) manages Internet Protocol security policy. After you install this item, you may have to restart your computer.
MSN Messenger 7.5 for Windows — Chat online, in real time, with friends, family, and colleagues. It's faster than e-mail, more discreet than a phone call, and best of all – it's free! MSN Messenger is more than just text, it’s a great way to collaborate with co-workers or touch base with family and friends. You can even send an instant message to a contact’s mobile phone. Customization features help you personalize your chats and make your connections even more meaningful.
Active Directory Migration Tool v3.0 — The Active Directory Migration Tool version 3 (ADMT v3) simplifies the process of restructuring your operating environment to meet the needs of your organization. You can use ADMT v3 to migrate users, groups, and computers from Microsoft® Windows NT® 4.0 domains to Active Directory® directory service domains; between Active Directory domains in different forests (interforest migration); and between Active Directory domains in the same forest (intraforest migration). ADMT v3 also performs security translation from Windows NT 4.0 domains to Active Directory domains and between Active Directory domains in different forests.
Microsoft Application Compatability Toolkit v4.1 — The Microsoft Application Compatibility Toolkit (ACT) for Windows XP, including Service Pack 2, and Windows Server 2003 contains the tools and documentation you need to evaluate and mitigate application compatibility issues before deploying on these platforms. Tools include the latest versions of the Microsoft Application Analyzer that simplifies application inventory and compatibility reporting, the Internet Explorer Compatibility Evaluator that assists testers in locating compatibility issues with Internet Explorer on Windows XP Service Pack 2, and the Compatibility Administrator that provides access to the necessary compatibility fixes to support legacy applications in Windows.
Windows Sharepoint Services with SP2 — Windows SharePoint Services with Service Pack 2 is the Windows Server 2003 component that helps organizations increase individual and team productivity by enabling them to create Web sites for information sharing and document collaboration.
Important This download is an updated version of Windows SharePoint Services and contains all updates included in Windows SharePoint Services Service Pack 2 (SP2). After installing this software you do not need to install the SP2 update. If you previously installed Windows SharePoint Services and only need SP2, you can download Windows SharePoint Services SP2 separately.
Overview: Windows Sharepoint Services 2.0 SP2 Beta in Windows 2003 R2 — This document details the new features available in Windows SharePoint Services 2.0 SP2 beta, which is part of Windows Server 2003 R2. This version of Windows SharePoint Services 2.0 SP2 is available in Windows Server 2003 R2 Beta2, RC0, RC1 and RTM. The document describes how to configure and test the new features, as well as any workarounds which are required to enable them.
Windows Sharepoint Services SP2 — Windows SharePoint Services Service Pack 2 (SP2) contains stability and performance improvements. Some of the fixes included with SP2 have been previously released as separate updates. This service pack combines them into one update.
This service pack includes updates previously released for Windows SharePoint Services:
Office Communicator 2005 Planning and Deployment Guide — This document defines an important point in the evolution of instant messaging at Microsoft. Microsoft views instant messaging and presence as critical pillars in enabling new customer business experiences. This document guides you through the steps in evaluating and deploying Communicator 2005.
Data Protection Manager 2006 Operations Guide — Microsoft System Center Data Protection Manager 2006 (DPM) is a server software application that enables disk-based data protection and recovery for file servers in your network. The DPM Operations Guide includes recommendations for monitoring and managing DPM operations. The guide also provides instructions for troubleshooting issues with data protection and recovery.
Data Protection Manager 2006 Planning and Deployment Guide — This guide provides an introduction to Microsoft System Center Data Protection Manager 2006 (DPM), specifies requirements and recommendations for preparing the deployment environment, and offers strategies for setting up data protection. The guide also provides step-by-step instructions for installing and configuring DPM, and includes an introduction to the DPM user interface.
Cheers!
I am delivering a webcast next Wednesday on AD Remote Admin. We will talk about remote deployments of AD, using WMI for remote admin, as well as a variety of tools from the resource kit and some that are shipped on the Windows 2003 media.
Cheers!
Security Fix for DirectX 8 — DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.
There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it would be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged on user.
Internet Explorer 6 Spervice Pack 1 — Internet Explorer 6 SP1, the latest version of Internet Explorer for users not running Windows XP, provides a flexible and reliable browsing experience with enhanced Web privacy features for all Windows users. This version includes a full installation of the Web browser and the most recent version of Outlook Express, the e-mail client that is included with Internet Explorer.
Anti-phishing White Paper — The focus of this white paper is to describe the basic workings of a new capability, the Microsoft® Phishing Filter, which will be included in the upcoming release of Internet Explorer 7, and as an add-in to the MSN Search Toolbar. The Microsoft Phishing Filter will not only help provide consumers with a dynamic system of warning and protection against potential phishing attacks, but — more important — it will also benefit legitimate ISPs and Web commerce site developers that want to try to ensure that their brands are not being “spoofed” to propagate scams and that their legitimate outreach to customers is not confusing or misinterpreted by filtering software.
Mobile Vista Inrtroduction — Mobile Vista Introduction
Microsoft Identity and Access Management Series — The overview describes the series, how it is structured and provides information about the following:
- How to access the Tools and Templates
- Style conventions in the papers
- Consulting services and system integrators
- Independent hardware and software vendors
Setting up IPSec Domain and Server Isolation in a Test Lab — The objective of setting up domain isolation in a test lab is to configure a test lab network in which isolated domain member computers accept only authenticated communications initiated from other domain member computers, while ignoring communications initiated from non-isolated computers outside the isolated domain. The objective of setting up group-specific server isolation in a test lab is to configure a test lab network in which a server computer accepts only authenticated communications initiated from domain member computers that are members of a specific security group, while ignoring communications initiated from non-isolated computers outside the isolated domain and isolated computers that are not members of a specific security group.
Multilingual Interface Package for Windows Messenger 5.1 — For Windows XP Multilingual User Interface users, the Multilingual UI Pack for Windows Messenger 5.1 is available from this page. Windows Messenger allows real-time communication with other contacts who are using instant messaging (IM) services including those provided by the Session Initiation Protocol (SIP) as offered by Microsoft Office Live Communications Server. Windows Messenger also provides connectivity to the Microsoft .NET Messenger service and is the IM client of choice for businesses in managed environments.
Federated Identity and Access Resource Kit for Sept 2005 CTP — Microsoft Federated Identity and Access Resource Kit Sept 2005 Community Technology Preview includes samples of Security Token Services and step by step instructions on how to build WCF applications/services that integrate with "InfoCard".
Microsoft Shared Computer Toolkit for Windows XP — The Microsoft Shared Computer Toolkit for Windows XP provides a simple and effective way to defend shared computers from untrusted users and malicious software, safeguard system resources, and enhance and simplify the user experience. The Toolkit runs on genuine copies of Windows XP Professional, Windows XP Home Edition, and Windows XP Tablet PC Edition.
Cheers!
TechMemeorandum links to an interesting article at A List Apart on a new CSS spec that allows for the easy implementation of columnized text. I am NOT a web designer, but have certainly felt the pain of trying to get text formatted properly in browsers. *Amazing* it has taken 10 years to do something that newspapers figured out a centrury ago!
Cheers!
I picked up this webcast for tomorrow. I am placing some supporting information online now, and will update this post over the next week with anything I find that is interesting. if you have suggestions, hit the comments (I am still waiting to hear from the CS Forums on the remember me function).
For those of you new to AD or if you want a quick refresher – Intro to AD in Win 2003 whitepaper
I will briefly mention a nice Excel spreadsheet you can download that has all of the available GP settings as of 2003 SP1. I posted about this after Part 2.
The Group Policy Management Console (GPMC) is here.
Excellent whitepaper on Admin of GP with GPMC.
If you work for an enterprise this page links out to some more detailed management information when using the GPMC.
For you scripters out there, you have to bookmark the Scripting Guys and the Technet Script Center. From here you can grab the Scriptomatic tool, learn about scripting, and automate your daily rigor.
WMI Information can be found here.
For some free support on Group Policy, try the Microsoft Group Policy Newsgroup – peer-to-peer support and MVP’s hang out there. MS People too.
Cheers!
Release Notes for SBS 2003 Service Pack 1 — Welcome to the Release Notes for the Microsoft® Windows® Small Business Server 2003 with Service Pack 1 server software. These release notes contain information that will help ensure proper installation and use of the product. They are the most current version of the release notes, and contain additional information that was not available when the CDs were released to manufacturing.
Before installing these updates, you should read the release notes to familiarize yourself with any known issues.
Cheers!
Cululative Help Update for Windows 2003 Multilingual User Interface Pack — Many enterprise customers have deployed the Windows Server 2003 Multilingual User Interface Pack in their corporations in order to enable network administrators to administer the server in their native language and reduce server management costs in multilingual computing environments.
Microsoft has provided an update to the MUI Help system that includes important new information for customers who have deployed MUI with the Windows Server 2003 operating system. This update contains important security information and updates as well as documentation for new features that ship with Windows Server 2003 Service Pack 1.
Windows Messenger 5.1 — Windows Messenger allows real-time communication with other contacts who are using instant messaging (IM) services including those provided by the Session Initiation Protocol (SIP) as offered by Microsoft Office Live Communications Server. Windows Messenger also provides connectivity to the Microsoft .NET Messenger service and Exchange 2000 Server Instant Messaging Service.
Windows Messenger 5.1 replaces Windows Messenger 5.0 and is the required version of Windows Messenger to take advantage of certain new features in Microsoft Office Live Communications Server 2005:
- Federation (sharing IM and presence between two or more organizations)
- Advanced architecture (higher availability and failover support)
Internet Explorer Toolbar Beta — The IE Developer Toolbar provides several features for deeply exploring and understanding Web pages.
-- Explore and modify the document object model (DOM) of a web page.
-- Locate and select specific elements on a web page through a variety of techniques.
-- Selectively disable Internet Explorer settings.
-- View HTML object class names, ID's, and details such as link paths, tab index values, and access keys.
-- Outline tables, table cells, images, or selected tags.
-- Validate HTML, CSS, WAI, and RSS web feed links.
-- Display image dimensions, file sizes, path information, and alternate (ALT) text.
-- Immediately resize the browser window to 800x600 or a custom size.
-- Selectively clear the browser cache and saved cookies. Choose from all objects or those associated with a given domain.
-- Choose direct links to W3C specification references, the Internet Explorer team weblog (blog), and other resources.
-- Display a fully featured design ruler to help accurately align objects on your pages.
Automated Deployment Services (ADS) 1.1 — With Windows Server 2003, Microsoft extends the platform to make it easier for administrators to build and administer very large, scaled out deployments of Windows servers. Automated Deployment Services (ADS) includes a new set of imaging tools developed by Microsoft and a more secure, remote-able infrastructure for rapidly deploying both Windows 2000 Server and Windows Server 2003 onto bare metal servers. In addition, ADS offers a more secure, reliable script execution framework that lets administrators perform script-based administration on 1,000 servers as easily as they once did on a single server.
MSN Screen Saver Beta —
Personalize with background photos and news and weather information from MSN® or any RSS feeds from websites you choose.
Search the Web and click news headlines directly from the Screen Saver.
Stay connected with MSN Hotmail®, MSN Messenger, and MSN Spaces. Track how many unread Hotmail messages and current Messenger conversations you have, and display blogs and photos from your friends’ MSN Spaces.
Update Rollup 1 for Windows 2000 SP4 – KB891861 — This update consists of previously released recommended, critical and security updates for Windows 2000, rolled into one convenient package. Installing this item provides you the same results as installing the individual updates. After you install this item, you may have to restart your computer.
Malicious Software Removal Tool – KB890830 — The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.
Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on Microsoft.com.
Cheers!
I wish I could say I had been on this bandwagon before now. But I thought it would take longer than this for me to really want to give up on keyboard based authentication. I like having to remember a series of keystrokes and entering them in proper order to gain access to my machine. Sure, Mondays usually mean I have more backspaces in my passphrase than on other days. I like my keyboard based authentication. Passphrases are the last thing I really HAVE to remember these days thanks to Google, Robo-Form, Credit-Card swipers, proximity sensors, Voice-Command, Media Center, and any number of techno-memory-sucking-ology devices I have.
No More.
Ken Young over at vnunet.com reports “'Acoustic spying' can crack passwords simply by listening to keystrokes”
I imagine it will take some time before the spy shop down the street that sells the mini-cameras, micro-cams, and other eavesdropping devices will have the “Super Remote Keyboard Password Cracker” that will record keystrokes “from as far away as 20 feet!”. The fact is it is just a matter of time. It will happen and it will become common place over time.
That means it is time to seriously consider other authentication options. What does that leave us? We are already seeing bio-metrics in the form of finger-print readers (which are already appearing on some laptops and other devices…..I predict 3 years they are standard unless we find them completely insecurable) and iris scanning. Voice Recogition has been touted for years but is still not a reality and has no chance of ever bing viable unless we can develop a means of properly filtering background noise.
My fear is this speeds up the development of technologies that can do quick DNA analysis using a sample of just about any kind of biological material left behind a la Gattaca. Maybe we refine it such that no physical need be taken from a subject. Even if a physical sample is required I imagine the time in which we can get a result will continue to be reduced to “on the spot analysis”. I could literally sneeze and get sampled by everyone around me. Oh, let’s not forget the black-market in body parts to be stolen, borrowed, grown for use to circumvent biometrics (okay….maybe that is a little over the top….but we should all know by now that ANYTHING is possible…..read some old science fiction from 50 years ago and look at how much USE to be fantastical and how much of it is now reality. Everything written in Science Fiction will come to pass. Mark My Words! I will prove this one day when I travel back in time from the future after being cloned from some DNA samples take from an archeological dig 1000 years in the future….”When found….the subject was gripping what appeared to be an ancient communications device called a laptop……it appears the subject died while working on a rambling, disconnected blog entry….”)
I don’t want my DNA on file. That is just too much information to have on me anywhere. I think during my lifetime we might manage to maintain the right to keep our DNA private. But sometime after I am gone, that will change. We will lose one of the last remaining rights of ownership – ownership of ourselves – only to be cataloged somewhere and brought up at a moments notice to check the ability to get on public transportation, verify that I am the same Chris E. Avis that bought tickets to the football game (or even movies), and of course, if the Chris E. Avis you know has any odd genetic traits that you should become prejudiced about upon gaining that previously unknowable and decidedly unimportant knowledge.
Only a hop skip and a jump till this….
I am holding onto my keyboard as long as I can…….just going to turn the desktop radio up louder…
Cheers!
I mentioned this in a Group Policy webcast the other day. This is an Excel spreadsheet that has all of the Group Policy Objects and their settings – updated for 2003 SP1. It is nicely broken out by tabs for different ADM templates and Security Settings by O/S.
Cheers!
Step by Step Guide for setting up Server for NIS — Microsoft® Windows Server for NIS enables a Microsoft Windows–based Active Directory domain controller to administer UNIX Network Information Service (NIS) networks. This guide describes installation and NIS migration tasks required to configure Server for NIS on your network.
Update for Windows Server 2003 for Itanium-Based Systems (KB903081) — Install this driver update (version 5.2.3790.2497) to address multiple possible issues associated with using the Microsoft Storport storage driver for your host bus adaptor (HBA) removable storage device in Windows Server 2003. After you install this item, you may have to restart your computer.
Update for Windows Server x64 (KB903081) — Install this driver update (version 5.2.3790.2497) to address multiple possible issues associated with using the Microsoft Storport storage driver for your host bus adaptor (HBA) removable storage device in Windows Server 2003. After you install this item, you may have to restart your computer.
Update for Windows Server 2003 (KB903081) — Install this driver update (version 5.2.3790.2497) to address multiple possible issues associated with using the Microsoft Storport storage driver for your host bus adaptor (HBA) removable storage device in Windows Server 2003. After you install this item, you may have to restart your computer.
Unix Side Components for Identify Mgmt if UNIX – Shipped with Windows Server 2003 R2 — Identity Management for UNIX -> Password Synchronization for Windows Server 2003 R2 RC0 helps integrate Windows and UNIX networks by simplifying the process of maintaining secure passwords in both environments. Users are freed of the difficulty of maintaining separate passwords for their Windows and UNIX accounts or having to remember to change the password wherever it is used. With Password Synchronization, whenever a user's password is changed on a Windows-based computer or domain, the password can also be automatically changed on every UNIX host for which the user has an account. Password Synchronization can also be configured to change the user's Windows password when the user's UNIX password is changed.
Update for Identity Integration Feature Pack 1a for Windows AD (KB884192) — This update resolves several issues as outlined in Knowledge Base Article 884192.
Update for Identity Integration Server 2003 SP1 (KB842531) — The following software is required for an installation of this update to Microsoft Identity Integration Server 2003:
- Microsoft® Windows® Server 2003, Enterprise Edition
- Microsoft® SQL Server™ 2000, Standard or Enterprise Edition, Service Pack 3 (SP3) or later
- Microsoft® Identity Integration Server 2003, Enterprise Edition SP1
Beta 2 Reviewers Guide for Microsoft Services for Network File System in Windows 2003 R2 — Microsoft Services for Network File System (MSNFS) is a component of Windows Server 2003 R2 that provides a file-sharing solution for enterprises that have a mixed Windows and UNIX environment. MSNFS allows users to transfer files between Windows Server 2003 R2–based and UNIX–based computers using the Network File System (NFS) protocol.
This document describes MSNFS for Beta 2 and provides information about setting up a test environment to evaluate the functionality of MSNFS with respect to the requirements of your enterprise.
Microsoft Password Change Notification Service — The Microsoft Password Change Notification Service enables synchronization of password changes in Active Directory to Microsoft Identity Integration Server Service Pack 1 (MIIS) or the Microsoft Enterprise Single Sign-On (ENTSSO) service. These components simplify password management in organizations with multiple user identity repositories.
Cheers!
Cumulative Help Update for Windows 2003 Multilingual UI Pack — Many enterprise customers have deployed the Windows Server 2003 Multilingual User Interface Pack in their corporations in order to enable network administrators to administer the server in their native language and reduce server management costs in multilingual computing environments.
Beta 2 Reviewers Guide for DFS Solutions in Windows 2003 R2 — This guide provides system requirements, installation instructions, and step-by-step walkthroughs for deploying namespaces and DFS Replication using the Beta 2 release of Windows Server 2003 R2.
Beta 2 Step-by-Step for Storage Resource Manager — The Storage Resource Manager component of the Microsoft® Windows Server™ 2003 R2 operating system enables system administrators to understand how storage is being used and to manage the use of their storage by generating storage reports, applying quotas to volumes and folders, and screening files on the server. This guide provides installation instructions and step-by-step walkthroughs for creating quotas, creating file screens, and scheduling storage reports.
Overview of Active Directory Federation Services (ADFS) in Windows 2003 R2 — Federated identity management is a standards-based technology and information technology process that enables distributed identification, authentication, and authorization across organizational and platform boundaries. Federated systems need to interoperate across organizational boundaries and connect processes utilizing different technologies, identity storage, security approaches, and programming models. Within a federated system, an organization needs a standardized and secure way of expressing not only the services it makes available to trusted partners and customers but also the policies by which it runs its business, such as which other organizations and users it trusts, what types of credentials and requests it accepts, and its privacy policies.
Cheers!
Microsoft System Center Data Protection Manager 2006 MP for MOM 2005 — Microsoft System Center Data Protection Manager (DPM) is a server software application that enables disk-based data protection and recovery for file servers within an Active Directory domain. DPM performs replication, synchronization, and shadow copy creation to provide reliable protection and rapid recovery of data by both system administrators and end users.
Windows Server 2003 Performance Advisor MP for MOM 2005 — Microsoft Windows Server 2003 Performance Advisor (short name: Server Performance Advisor 2.0) is a simple but robust tool that helps you diagnose the root causes of performance problems in a Windows Server 2003 operating system deployment. Server Performance Advisor (SPA) 2.0 collects performance data and generates comprehensive diagnostic reports that give you the information you need to analyze problems and develop corrective actions.
Cheers!
SharePoint Portal Server 2003 Word Breaker Update — This update includes seven word breakers for use with SharePoint Portal Server 2003. The word breakers are used to word break documents in the following languages:
- Czech
- Danish
- Greek
- Hebrew
- Hungarian
- Norwegian
- Portuguese
Windows SharePoint Services Applications Template: Performance Review — This application for Windows SharePoint Services is to be used by human resource managers to manage the performance review process across an organization. It is a central site for organizing performance review forms, employee performance history, and related information.
Microsoft Office SharePoint Portal Server 2003 Discovery Kit — The SharePoint Portal Server 2003 Discovery Kit includes a series of discovery labs that go beyond learning about a particular component of SharePoint Portal Server 2003 to understanding how to build a divisional portal site solution, how to deploy Web applications that integrate tightly with the portal site environment, how to use SQL Server 2000 Reporting Services to track and analyze portal site usage, and lastly, how to customize the portal site user interface.
Cheers!
Introduction to Server and Domain Isolation with Microsoft Windows — You can mitigate some of the risks associated with unauthorized and potentially unfriendly access to your network and its resources by creating an isolated network. There are different ways to create an isolated network. With the Microsoft® Windows® operating systems, you can create an isolated network by using the Active Directory® directory service and Group Policy settings to isolate both your domain and domain member servers that store sensitive data, thus limiting access to only authenticated and authorized users.
Server Isolation with Microsoft Windows Explained — This paper provides a detailed overview of server isolation in the Microsoft® Windows® operating systems. It explains how server isolation protects isolated servers and describes the benefits of deploying server isolation in your IT environment. It also provides a brief overview of how to deploy server isolation. This paper is intended for IT professionals in organizations that are investigating using the Microsoft implementation of Internet Protocol security (IPsec) in Windows to deploy server isolation.
Domain Isolation with Microsoft Windows Explained — This paper provides a detailed overview of domain isolation in the Microsoft® Windows® operating systems. It explains how domain isolation protects domain member computers and describes the benefits of deploying domain isolation in your IT environment. It also provides a brief overview of how to deploy domain isolation. This paper is intended for IT professionals in organizations that are investigating using the Microsoft implementation of Internet Protocol security (IPsec) in Windows to deploy domain isolation.
Windows Server 2003 Internet Authentication Service (IAS) Operations Guide — The Internet Authentication Service (IAS) Operations Guide provides administration information for IAS in the Windows Server 2003 and Windows Server 2003 with Service Pack 1 (SP1) operating systems. IAS is the Microsoft implementation of the Remote Authentication Dial-In User Service (RADIUS) protocol, and can be configured to act as a RADIUS server and proxy, providing centralized network access management. You can also configure IAS to perform authorization locally while forwarding authentication requests to a remote RADIUS server group. In addition, you can customize the processing of accounting requests, processing them locally or forwarding them to other RADIUS servers.
Configuring Internet Authentication Service (IAS) for Network Access Protection (NAP) in Windows Server “Longhorn” Beta 1 — A network administrator configures Network Access Protection (NAP) health policies and enforcement behavior on an Internet Authentication Service (IAS) server running Microsoft® Windows Server™ Longhorn Beta 1. NAP health policies and enforcement behavior settings consist of connection request policies, Network Access Protection settings, and remote access policies. Each of these sets of settings plays a role in determining the health state of a client and limiting the access of noncompliant computers. This white paper describes the configuration of IAS for NAP and how the different sets of settings interact to create a customized health determination and enforcement solution.
XP Embedded SP1 Security Update – This Microsoft Windows XP Embedded with Service Pack 1 component update addresses seven (7) new or reissued security bulletins. After applying this package to an XP Embedded database, the following issues will be resolved:
XP Embedded SP2 Security Update — This Microsoft Windows XP Embedded with Service Pack 2 component update addresses five (5) new or reissued security bulletins. After applying this package to an XP Embedded database, the following issues will be resolved:
Cheers!
Storage Manager for SANS Quick Start Guide — The Storage Manager for SANs component of the Microsoft Windows Server™ 2003 R2 operating system enables you to provision storage on one or more storage subsystems on a storage area network (SAN). Based on Microsoft Virtual Disk Service (VDS) technology, Storage Manager for SANs allows provisioning on Fibre Channel and Internet SCSI (iSCSI) storage subsystems.
Print Management Step-by-Step Guide — Print Management provides up-to-the-minute details about the status of printers and print servers on the network. You can use Print Management to install printer connections to a group of client computers simultaneously. Print Management can help you find printers that have an error condition by using filters. It can also send e-mail notifications or run scripts when a printer or print server needs attention. On printer models that provide a printer Web page, Print Management has access to more data, such as toner and paper levels, which you can manage from remote locations, if needed.
Overview of DFS Solution in Windows Server 2003 R2 — As organizations expand to include more users and servers—whether they are located in one site or in geographically distributed sites—administrators find it increasingly difficult to provide users with intuitive, fast access to the files they need. Administrators who manage remote or branch offices face additional challenges, such as limiting network traffic over slow WAN connections, ensuring the availability of files during WAN outages or server failures, and ensuring that branch servers are backed up correctly. To help administrators address these challenges, the Distributed File System solution in Microsoft® Windows Server™ 2003 R2 provides two technologies, DFS Namespaces and DFS Replication, which, when used together, offer simplified, fault-tolerant access to files and WAN-friendly replication.
Step-by-Step Guide to Deploying AD Federation Services for Windows Server 2003 R2 Beta 2 — This guide provides step-by-step instructions for deploying Active Directory Federation Services (ADFS) on servers running the Microsoft® Windows Server™ 2003 R2 operating system. The current version of this document for Windows Server 2003 R2 Beta 2 provides instructions for deploying ADFS in a Federated Web single sign on (SSO) scenario. Future versions of this document will provide instructions for deploying ADFS in additional scenarios.
Cheers!
As promised on my webcast from this morning, here are some resources on the Security enhancements to SP1 as well as some specific docs around Quarantine Services.
These documents are VERY high level. Overviews really. No meat, just gravy. Oh yeah, we can do Quarantine Control on the LAN as well.
What is Remote Access Quarantine Control?
Planning for Network Access Quarantine Control
Configuring Network Access Quarantine Control
This Document adds some potatoes to the Quarantine meal…..
Implementing Quarantine Services with VPN Guide
Now the Meat!!!!
Step-By-Step Guide for setting up Quarantine services in a LAB
Step-Bt-Step Guide for deploy Remote Access Policies with RRAS
VPN Quarantine Sample Scripts I used in the demo
VPN Quarantine and ISA 2004
I believe Paul (or was it Raul?) asked about using RSA SecureID and VPN – Here ya go!
Cheers!
Update for Windows 2003 x64 Edition – KB899656 — On some multi-processor x64 systems, Windows Server 2003 SP1 does not correctly recognize all configured processors when hyper-threading is enabled. This occurs when the BIOS has been designed to reprogram the APIC (advanced programmable interrupt controllers) ID’s at boot time. Most x64 systems are not affected. Do not install this update unless you are experiencing the stated problem.
Cheers!
I recently did a webcast on Windows 2003 Remote Administration and ran into a few issues (mainly me being long winded) and wasn’t able to complete some of the demos. As a result, I have received a number of requests for information on specific tools and a number of “How Do I…?” emails. One of the emails I received was this —
Is there a way to run a report on all of the shared folders on our network to find out who has access? (this person is running Windows 2000)
Well yes there is……sort of….
In the Windows 2000 and Windows 2003 Resource Kits (and going all the way back to NT4.0) there is a tool called SRVCHECK.EXE. This is a simple command line tool that can enumerate what shares are on a local or remote machine and list the permissions on those shares. Since it is a command line tool, we can easily create a batch file that will list all the shares on all the file servers in the network……let’s do it!
I am going to work this from a Windows 2003 server but all the information is accurate going all the back back to NT4.
First, get the resource kit installed. The installation of the Res Kit tools does NOT require a reboot. However, the PATH= statement in the System Variables gets updated so you can run the tools from anywhere at the CMD line and that change DOES require a reboot to register. Otherwise you will get “path not found…” when trying to execute tools from the CMD line.
Now that we are installed, we have access to a virtual cornucopia of tools that can assist us with everyday administrative tasks. The SRVCHECK tool allows us to retrieve information about shares on a machine and what permissions are assigned to those shares. So if we drop to a command prompt now and run SRVCHECK we should get some info……..wrong. Unfortunately SRVCHECK *requires* you supply a machine name. It does not default to the local machine if there are no parameters supplied.
So even for the local machine shares you will need to supply a machine name in the syntax:
srvcheck \\computername
On my machine (lonestar) we find a number of shared folders. SYSVOL, NETLOGON, LONESTAR.LOG – because this is a Domain Controller……..Address and Resources$ – Because this is also an Exchange Server and finally…….Storage-Lonestar – Which is a public file repository on the network. We also see a list of accounts or groups as well as their permissions listed.
Now….this tool is only supposed to show “non-hidden” shares. Staring right at us is a hidden share – Resources$ – from Exchange. (hidden shares will have a trailing “$” character)
If we compare this to our Shared Folder properties from Computer Management we do see there are other hidden shares on the system that are NOT displayed by SRVCHECK. Most of these are the administrative shares
Okie…..back to the permissions. It should be noted that the SRVCHECK tool is NOT enumerating NTFS permissions – only the share permissions. You can change the NTFS permissions all you want but when you run the tool, you will only see the resulting share permissions.
So….two pictures up….where we see \\lonestar\Storage-Lonestar Everyone Full Control this means Everyone that connects to the share over the network has Full Control over the folder and files in the share UNLESS there is an NTFS permission they have or obtain through group membership that limits them in some other way.
To demonstrate, I will change some permissions around…we will add a test group called Goobers with Share Permissions of Full Control and leave Everyone as Full Control. But we will set NTFS Permissions for Goobers to READ.
Now when we run the SRVCHECK tool….
We see that Goobers does have Full Control as a share permission even though they only have READ at the NTFS level.
Remember – Share permissions only apply when accessing the object over the network. NTFS permissions apply when accessing the machine locally AND over the network.
Okie…..now that we have shown we can pull the shares and permissions from any machine we name with SRVCHECK, how do we use it to generate a report of ALL the shares on our network? It does require some leg work since the tool can’t scan for shares. You MUST supply a machine name for SRVCHECK to search against. So you will need to collect the names of the machines on your network you wish to scan. For my test network, those machines are -
lonestar, godzilla, wallofvoodoo, vidtopia, and sleestak
We will need to create a batch file (shareperms.bat for my demo) that has the SRVCHECK \\computername parameters….
….save this to wherever you save your system utilities (we all have a folder we save tools in…..) and then run!
You will notice a failure on my setup because wallofvoodoo is offline. We obviously can’t pull information from a box that is offline so it errors out. If you have a similar situation on your network, you will see a pause while the batch file runs and attempts to locate the offline machine.
Now this is all great……but the output is to the screen only. You can pipe the output to a file though. This requires modifying our batch file just slightly. I am going to add the “>” character which is a near universal means of redirecting the screen output to a file you specify. Check the screen shot below….
Now when we run the batch file, the screen output is dumped to the files we specified after the pipe character. We end up with a report of each machine we specify in our batch file in a handy text file format.
If you open each of the resulting output files, the results are identical to what you would see on the screen.
Now the downside to this tool is there is no way to combine all of the machines queried to a single file. Nor is there an easy way to append the files over time. Each time you run the batch file it will over write the results. So if you decide to schedule these, you will need to add some logic to the batch file to modify the file name stored. I would suggest adding a date stamp for easy identification. You may wish to keep each machine queried in its own path as well especially if you have a LARGE network you are running this against.
I pinged a few internal aliases for some ways to do this with other methods of scripting as well. I have a couple of responses which I am going to evaluate and may post here at a later time if you want something a little fancier.
Cheers!