E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Monday, August 01, 2005

Monday, August 01, 2005 - Posts

..and 100% of Quickbooks users...

http://blogs.technet.com/tonyso/archive/2005/08/01/408487.aspx

This article says that Microsoft's research indicates that 85% of corporate users and 97% of consumers are running their machines as administrators, according to Neil Charney, a director of product management at the software vendor. Charney said the company is hoping those percentages will decline as a result of the User Account Protection feature.
Read up on UAP here.

And I would argue 100% of Quickbooks users.....

www.threatcode.com Get your vendors on the LUA/UAP wagon...and get them on it NOW...

..okay make that 99.99999% of Quickbooks users because I know a few that have indeed taken the time to wack the hives and gotten it to run a bit more in restricted user.

posted Monday, August 01, 2005 9:09 PM by bradley with 0 Comments

Dr. Tom, ISA, Amy and ...oh did I say there's a new forum for SBS and ISA?

On ISAServer.org, Dr. Tom Shinder opened up a ISA 2004 on SBS message board... wooohooo ...an SBSized place on ISAserver.org in addition to Amy's excellent articles.

Here are some other resources for ISA 2004 on SBS:

And while not SBSized... another good resource for ISA info is Tristan's blog

Pretty cool to have more and more resources for ISA 2004 on SBS 2003!

posted Monday, August 01, 2005 8:57 PM by bradley with 1 Comments

I have a secret...

Come here... psstt.... I have a secret.... I haven't used VPN in ages... I pretty much use Remote Web Workplace for all my access needs. Personally I still would argue ...even with the Terminal Server Denial of Service advisory out there that I actually feel a bit safer with Remote Web Workplace than a full VPN connection.

Just like in Paul's post about Outlook over http, Remote Web Workplace is 'just the right amount of connectivity'. Not too much, not too little. It's extremely rare that I check the option to 'map drives' between my computer and the remote one.

Now if Bruce Schneier knew about Remote Web Workplace...would he consider it a 'security bypass'? Not sure.

Steve Riley [sorry to sound like a broken record on Steve Riley tonight] but he said in that series of webcasts I mentioned that sometimes you go through your environment and say “I'm not going to spend money on that because it's a risk I'm willing to take or will accept“...and then for this one over here you say “I am going to spend money on that one“.

And that's what's hard, isn't it? Knowing just the right amount for your needs. A network cannot be secure. If it's secure..it's turned off an not working. What you want is the balance between a healthy...protected network.

Aiming for security is probably something we should stop aiming for... aiming for a protected network...well that's another matter.

posted Monday, August 01, 2005 8:47 PM by bradley with 0 Comments

I hate ClassesRoot

Steve Riley in an ITShowtime says that most programs that can't run restricted user write gunk to local machine or user or whatever he said ... [it's a great series...I'd strongly urge you to watch/listen]...so here I am fighting with a workstation ...not with Quickbooks restricted user..but our Time and Billing program.

Practice Solution 3027Cannot Update. Database or object is read-only.

Grrr... and when I go through the registry looking for places where this writes.. man almightly is this sucker all over the ClassesRoot hive just like Quickbooks is.

3027 is an Access error message and yes, this is running on an Access 2000 runtime program... so I'm off to hack the hive some more and let you know what it turned out to be...

Well no wonder this sucker is all over classesroot.... “It is primarily intended for compatibility with the registry in 16-bit Windows.” I love that we get updates on a yearly basis for these line of business applications and they are coded like I'm running Windows 9X. I hope someone tells them there's a new operating system in beta and do plan to code for it in the next century or so....

Update: I had to open up permissions to C:\WinCSI.NET folder on the local drive and to get rid of all the Windows\System32 funky dll errors that would pop up after booting, I had to remove each item from the startup menu with the exception of the ISA 2004 firewall client.

Someone, I'm not sure who, said this process takes ten minutes to figure out what programs need to run in restricted user.... I guess my clock is slow or something as I've yet to figure these suckers out in less than an hour....

One more restricted user/LUAized workstation... more to come...

posted Monday, August 01, 2005 7:37 PM by bradley with 0 Comments

SANS webcast - Network Security for Small-Midsized Companies

Hey you know when Small business is making the inroads ..when SANS does a web cast specifically for Small and Medium businesses. Coming up this Wednesday...should be interesting.

First Wednesday Webcast: "Network Security for Small-Midsized Companies"Featuring: Johannes UllrichWednesday, August 03 at 1:00 PM EDT (1700 UTC) https://www.sans.org/webcasts/show.php?webcastid=9055

Now is that “small to mid sized companies” or “small mid-sized companies” I wonder? One is from SBS land to Medium server land...the other is just middle sized companies...

We'll see.

posted Monday, August 01, 2005 12:14 PM by bradley with 0 Comments

E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Search

Archives

News

Navigation

Post Categories

Article Categories

Sharepoint

Exchange

Security

Microsoft Downloads

SBS - Blogs

ISA Server

SBS Team Blogs

Interesting Small Business Blogs

SBS - CRM