E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Sunday, August 14, 2005

Sunday, August 14, 2005 - Posts

Ripping out Sharepoint from it's roots

I bought a Dell the other day that has SBS 2003 preinstalled. Comes in a tower sized unit. Looks like a Desktop. My real baby at the office is a big overgrown tower unit as well. I think that's the problem right there.... they look like a normal desktop. But they are not.

On a regular basis in the newsgroup I see folks ready to reinstall, flatten, rebuild, yank out. Heck, even the other day I posted up for later saving ['cause I'm lazy and this is in a way my own personal filing cabinet] a street map to basically go shoot yourself in the foot and rip out Sharepoint and start over.

Somehow I get this feeling if we had some sort of GUI that would show Sharepoint in a flat file database we'd stop a lot more than we do now and stop ripping the dang thing out by it's roots and starting over again.

If your Sharepoint isn't working...check the following... [stealing a post from Chad]... and let's stop ripping out quite so quickly 'eh? Let's make sure you have backups, you aren't ripping out multiple web sites, you aren't ... just really mucking up big time and instead figure out the real reason why things aren't working. Here's just one suggestion....

Before you do a complete re-install of the companyweb, check to make sure that your MSSQL\Sharepoint service is running. Just to be safe, make sure you can stop & restart it successfully.

If the service cannot start - change the logon credentials for that service to use a domain account, then try to start the service. If the service starts, change the startup credentials back to the default (Local System), then stop & restart the service and you should be good to go . . .

How about we dig around a bit before we go yanking, okay?

posted Sunday, August 14, 2005 7:54 PM by bradley with 3 Comments

Getting RID of that annoying wallpaper

I was remoting into a Dell OEM to test Sean's instructions [and yes, the work but I'd recommend that you put the data files on a D: or other drive] and got majorly slowed down by that annoying Dell wallpaper that takes forrrevver to resolve while you are remoting in.... UGGGHHHHH and remembered that Eriq Neale had the info on taking that sucker off...

Courtesy Eriq Neale

To remove the Dell wallpaper image:

1. Open Regedit on the server.

2. Go to HKEY_USERS\.DEFAULT\Control Panel\Desktop.

3. Look for the Wallpaper value in the right-hand pane. It will
probably point to C:\WINDOWS\system32\DELLWALL.BMP.

4. Double-click on the Wallpaper value.

5. Delete the contents and click OK.

6. Close Regedit.

posted Sunday, August 14, 2005 1:43 PM by bradley with 1 Comments

Worm:Win32/Zotob.A advisory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 14, 2005
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Security Advisory (899588)

- Title:    Vulnerability in Plug and Play Could Allow Remote Code
Execution and Elevation of Privilege (899588)

- Reason For Update: Advisory has been updated to advise customers
    that Microsoft is actively analyzing and providing guidance on
    a malicious worm identified as the "Worm:Win32/Zotob.A".

- Advisory Web site: http://go.microsoft.com/fwlink/?LinkId=51237

- Bulletin Web site: http://go.microsoft.com/fwlink/?LinkId=48900

Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

posted Sunday, August 14, 2005 1:25 PM by bradley with 0 Comments

Seventeen percent, ten percent, 1.2 million

Seventeen percent, ten percent, 1.2 million... that's what is continuing to fund Spyware, Adware, Viruses and what not....

• Seventeen percent of our survey respondents weren’t using antivirus software.

• Ten percent of those with high-speed broadband access--prime targets for hackers--said they didn’t have firewall protection that would block online intruders. Nationally, that’s the equivalent of 3.6 million unprotected households.

• About 1.2 million online households helped keep spammers in business by purchasing a product or service advertised through spam.

Source: Consumer Reports

posted Sunday, August 14, 2005 10:44 AM by bradley with 0 Comments

MS05-039: Zotob.A Internet Worm -- In-the-wild

Fellow MVP Harry Waldron reports that first sightings of a virus/worm bundled up to take advantage of the recent security patches on Tuesday have been sighted:

MS05-039: Zotob.A Internet Worm -- In-the-wild:
http://msmvps.com/harrywaldron/archive/2005/08/14/62663.aspx

From the Fsecure write up....http://www.f-secure.com/weblog
"However, Zotob is not going to become another Sasser. First of all, it will not infect Windows XP SP2 machines. It also won't infect machines that have 445/TCP blocked at the firewall. As a result, majority of Windows boxes in the net won't be hit by it."

More info...

MS05-039: Zotob.A Internet Worm
http://forums.mcafeehelp.com/viewtopic.php?t=52307

ISC information
http://isc.sans.org/diary.php?date=2005-08-14

Important facts so far from the ISC write up:

- Patch MS05-039 will protect you
- Windows XP SP2 and Windows 2003 can not be exploited by this worm, as the worm does not use a valid logon.
- Blocking port 445 will protect you (but watch for internal infected systems)
- The FTP server does not run on port 21. It appears to pick a random high port.

----------------------------------------------------------------------
                      FrSIRT / Security Alerts
----------------------------------------------------------------------
      The French Security Incident Response Team 24/24 & 7/7
----------------------------------------------------------------------
                         - 14 August 2005 -
----------------------------------------------------------------------

- A worm (Zotob.A) exploiting the MS05-039 flaw discovered in the wild

Zotob.A is a worm that exploits the recent Plug-and-Play vulnerability
(MS05-039) using TCP port 445. The worm targets only Windows 2000
machines [...]

http://www.frsirt.com/english/advisories/20050814.ZotobA.php

SBSized translation:

Your Windows 2000 machines are most vulnerable. While port 445 [a file and printer sharing port] is not open from the outside, it is fully open on the inside [inner goo]. Most SBS networks were not too typically nailed by Sasser and Blaster because at that time we were not doing a lot of remoting in. I think we're doing a lot more. Your remoting-in machines that you or your consultant do not monitor the patch status on are your weak spots. I'm still not in panic mode... but then again... I'm fully patched via the use of Shavlik at the office and WSUS here at home so I can type this up all high and mighty and not care a twit.

Want to be 'twit-carefree' like me? Turn on that automatic updates on workstations. Install WSUS. Buy Shavlik. Do something .....but get a tool so that patch Tuesday is actually the 'control thrill of the month' in your network. I use it as my 'check my network day'. Automate it. Blonde it. But get 'twit-carefree' like me about patching.

posted Sunday, August 14, 2005 10:15 AM by bradley with 0 Comments

Where should your WSUS be installed?

Not on your member server if you are running Terminal Services on that member server....

ReadMe for Windows Server Update Services:

Issue 5: WSUS is not supported on servers running Terminal Services

For this Windows Server Update Services release, it is recommended that you do not install WSUS on a server running Terminal Services.

Well that settles that question we were discussing the other day..bottom line put WSUS on the SBS box if your second/member server is a TS box.

posted Sunday, August 14, 2005 12:31 AM by bradley with 0 Comments

E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Search

Archives

News

Navigation

Post Categories

Article Categories

Sharepoint

Exchange

Security

Microsoft Downloads

SBS - Blogs

ISA Server

SBS Team Blogs

Interesting Small Business Blogs

SBS - CRM

Interesting People I know

Patches