July 2004 - Posts
Humm, interesting - MSN toolbar; anti-virus software
Source: http://news.bbc.co.uk/2/hi/technology/3939273.stm
Microsoft is looking beyond Windows for technologies to fuel the future growth of the company.
Talking to financial analysts Bill Gates said search software, games, consumer goodies and lab research would all help Microsoft grow.
During his speech Mr Gates showed off early versions of programs designed to compete with arch-rival Google.
He said novel technologies had to fuel expansion because markets for other Microsoft products were saturated.
Strong competition
At its annual analyst meeting Microsoft unveiled a prototype of an MSN toolbar that works with the Internet Explorer browser.
As well as letting people search the net, it also lets them query the documents, images, e-mails or spreadsheets stored on their PC.
The add-on is squarely pitched at the efforts of Google and Lycos, standalone search software from firms such as Enfish and newcomers such as Blinkx.
The toolbar is due to be released within 12 months.
Microsoft has also unveiled a new version of its MSN search engine that it hopes will start to wean people off their reliance on Google.
At the meeting Mr Gates showed off software to add more to its mobile phone software, talked about new ways to generate cash from digital entertainment and said consumers were key to this approach.
Microsoft is also expected to unveil its own anti-virus software following its acquisition of a security firm last year.
As evidence that Microsoft was looking for novel technologies to profit from, Mr Gates said that the company was expecting to apply for about 3,000 patents this year.
Despite this Microsoft has long been seen as a follower rather than a starter of trends in technology.
Many of the technologies and innovations it has popularised and profited most from originated outside the company.
Product pressure
But, said Mr Gates, Microsoft would not be relying on its back catalogue to keep it growing.
"If all you think of yourself as doing is basic word processing or basic database, then at some point you saturate the customers out there and simply aren't charging forward achieving new growth," Mr Gates said.
"In fact, your sales don't even maintain their current level because all you're getting is the maintenance from that base," he said.
The speech by Mr Gates was intended to re-assure analysts that Microsoft was not entering a quiet middle-age and still had plenty of markets to expand into.
For some time Microsoft's stock price has stayed broadly static and its decision to increase dividends to shareholders has put it under pressure to expand.
To increase the pressure the next version of Windows, known as Longhorn, is not due to appear in finished form for two years.
Even new versions of the Office software suite may not boost revenues because many customers delay installing updates because of the potential for clashes with existing applications
Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=3768246d-c9ed-45d8-bece-a666143cba4e&DisplayLang=en
This guide is for Exchange Server experts who require detailed information about the architecture and interaction among core components of Microsoft Exchange Server 2003.
This technical reference guide presents a system architect's view of Exchange Server 2003. It includes a general overview of Exchange Server 2003 messaging system design, together with more specific details, such as services dependencies, Active Directory® directory service integration, Exchange System Manager architecture, routing architecture, SMTP transport architecture, X.400 architecture, Exchange store architecture, and cluster architecture. This information will help you design, maintain, and troubleshoot an Exchange organization and also develop custom solutions for administrators.
This detailed reference guide is not for beginning administrators and does not show you how to implement or maintain Exchange Server 2003. Instead, this guide is for Microsoft Certified System Engineers (MSCEs) and Exchange Server experts who want to take their knowledge about Exchange Server 2003 to the next level.
|
Date Published: |
7/29/2004 |
|
Version: |
1.0 |
Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=6a80711f-e5c9-4aef-9a44-504db09b9065&DisplayLang=en
This book guides you through the process of hardening your Exchange 2003 environment, including configuration recommendations and strategies for combating external threats.
This guide is designed to provide you with essential information about how to harden your Microsoft® Exchange Server 2003 environment. In addition to practical, hands-on configuration recommendations, this guide includes strategies for combating spam, viruses, and other external threats to your Exchange 2003 messaging system. While most server administrators can benefit from reading this guide, it is designed to produce maximum benefits for administrators responsible for Exchange messaging, both at the mailbox and architect levels.
This guide is a companion to the Windows Server 2003 Security Guide . Specifically, many of the procedures in this guide are related directly to security recommendations introduced in the Windows Server 2003 Security Guide. Therefore, before you perform the procedures presented in this guide, it is recommended that you first read the Windows Server 2003 Security Guide.
|
Date Published: |
7/29/2004 |
|
Version: |
2.0 |
Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=f7e63d70-ad5c-4ca7-ba21-7752bb0bcc43&DisplayLang=en
The Exchange Server 2003 Glossary contains important terms and definitions for the Exchange Server 2003 product. This is a working document that will be updated and enhanced ongoing
This glossary comprises important terms and definitions for the Microsoft Exchange Server 2003 product. In addition, the following terminology is in the glossary:
- Definitions of key components and processes within Exchange overall.
- Definitions of other processes and components from products that Exchange works with, such as Microsoft Active Directory directory service.
Generally, we have not included industry terms or definitions that would be in standard computer dictionaries, or in other Microsoft product glossaries.
Please refer to the following websites for terminology that might be of interest to Exchange users.
http://go.microsoft.com/fwlink/?LinkId=23146
|
Date Published: |
7/29/2004 |
|
Version: |
2.0 |
I have been on the look for some code that will allow RSS Syndication of a Sharepoint site, so when people add content my feed gets update.
I found these links yesterday:
http://www.devhawk.net/prj_SharePointSynd.aspx
http://www.asaris-matrix.com/sweber/playground/Lists/Announcements/DispForm.aspx?ID=23&Source=http://www.asaris-matrix.com/sweber/playground/default.aspx
http://www.jonathanmalek.com/blog/articles/179.aspx
So far I have the devhawk one working, and I'll look at the other soon and report back
Did you know that today (July 30th, 2004) is the 5th Annual System Administrator Appreciation Day!
It would seem that it is Celebrated annually on last Friday of July
System Administrator Appreciation Day is A special day, once a year, to acknowledge the worthiness and appreciation of the person occupying the role, especially as it is often this person who really keeps the wheels of your company turning.
This appreciation day includes many system administrators:
- Computer Administrators
- Network Administrators
- Internet Administrators (webmaster)
- Telephone (PBX) Administrators
- Voice-Mail Administrators
- Database Administrators (DBA)
- Email System Administrators
- Mainframe Systems Programmers ("sysprogs")
Want to know more, check out http://www.sysadminday.com/
Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=FDA87AA7-42A5-4800-9057-D4E35CE37D9E&displaylang=en
Updates to the ADM template files for group policy that originally shipped with the Office 2003 Resource Kit.
Updates to the Office 2003 Resource Kit for SP1 include all the ADM template files. Corrections to a few registry entries, deletion of policies no longer used by Office 2003, and the addition of new policies to allow for better control of an Office deployment on Active Directory enabled networks, are provided in this update.
|
Date Published: |
7/28/2004 |
|
Version: |
11.6113.5703 |
Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=C092B7A7-9034-4401-949C-B29D47131622&displaylang=en
This guide explains how transport and routing works in Microsoft® Exchange Server 2003, and how you can configure Exchange to enable internal and external mail flow.
Microsoft® Exchange servers use Simple Mail Transfer Protocol (SMTP) to communicate with each other and to send messages. SMTP is part of the Microsoft Windows Server™ 2003 or Windows® 2000 Server operating system. This guide discusses basic components of transport and routing, explains how SMTP works in Exchange Server 2003, provides information on configuring a routing topology, discusses deployment scenarios, suggests ways to help secure your infrastructure, and offers troubleshooting tips.
|
Date Published: |
7/29/2004 |
|
Version: |
2.0 |
Now this is interesting
Source: http://www.nasdaq.com/asp/quotes_news.asp?cpath=20040729\ACQDJON200407291644DOWJONESDJONLINE001058.htm&symbol=MSFT&selected=MSFT&kind=&mode=stock&formtype=&mkttype=&pathname=&page=news
NEW YORK -(Dow Jones)- Microsoft is poised to launch its long-awaited online music store in late August, a move sure to intensify competition in the nascent internet music market currently dominated by Apple Computer's (AAPL) popular iTunes store, the Financial Times reports in an article on its Web site Thursday.
People familiar with Microsoft's music site told the newspaper it would offer an "a la carte" service from which consumers could buy and download digital audio tracks to their personal computers.
It is unclear how much Microsoft would charge per track, but it is understood that major record labels grant the software giant the same terms as they offered Apple, which sells single tracks for 99 cents, the FT said.
People familiar with Microsoft plans told the FT that the music store was slated for a "soft launch" in late August, meaning the software giant won't market its store until it has been operational for several months and the company has been able to iron out any glitches it may discover.
Dow Jones Newswires
07-29-041644ET
Hummm, interesting
Source: http://www.nasdaq.com/asp/quotes_news.asp?cpath=20040729\ACQDJON200407291333DOWJONESDJONLINE000923.htm&symbol;=MSFT&selected;=MSFT&kind;=&mode;=stock&formtype;=&mkttype;=&pathname;=&page;=news
REDMOND, Wash. -(Dow Jones)- Microsoft Corp. (MSFT) plans to apply for 3,000 patents this year and hire up to 7,000 employees in fiscal 2005.
Included in the Webcast are company Chairman and Chief Software Architect Bill Gates and Chief Executive Steve Ballmer.
The company will show demonstrations of some of its newest products and outlined plans for future innovation and growth.
In applying for 3,000 patents this year, Microsoft said it will continue to invest heavily in research and development.
The company also plans to hire up to 7,000 new employees in the coming fiscal year to help fill existing and anticipated vacant positions as well as newly created jobs.
As of Feb. 11, the company had 56,104 employees. The company's fiscal year ends June 30.
In a press release Thursday, the software giant said a financial analyst meeting of its top executives will be Webcast from the company Web site from 8 a.m. to 6 p.m. PDT Thursday.
-Geoffrey Rogow; Dow Jones Newswires; 201-938-5400; AskNewswires@dowjones.com
Now this look likes an interesting KB. I Saw that Neal had an fixed with it (http://www.adminnotes.com/index/2004/07/index.html#a0001872596)
Source: http://support.microsoft.com/default.aspx?scid=kb;en-us;830905
SYMPTOMS
A Domain Name System (DNS) server that is running Microsoft Windows Server 2003 may intermittently stop responding to client requests for certain host names. However, the server responds correctly to client requests for all other host names.
RESOLUTION
Hotfix Information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows Server 2003 service pack that contains this hotfix.
WORKAROUND
To work around this problem, clear the DNS cache. To do this, use one of the following methods.
Using a Command Prompt
Use the Dnscmd.exe command-line tool to clear the DNS cache. To do this, follow these steps.
Note Dnscmd.exe is included in Windows Server 2003 Support Tools. To install Windows Server 2003 Support Tools, right-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD, and then click Install.
- Click Start, click Run, type cmd in the Open box, and then click OK.
- dnscmd /clearcache
You receive the following message:
. completed successfully
Command completed successfully.
Using the DNS Tool
Use the DNS tool to clear the cache. To do this, follow these steps:
- Start the DNS tool. To do this, click Start, point to Administrative Tools, and then click DNS.
- Under DNS, right-click the server where you want to clear the cache, and then click Clear Cache.
Source: http://www.nintendo-europe.com/NOE/en/GB/news/article.do?elementId=56dfe013-0ec3-4138-8cd9-ae8646f3ddf0
More Than 120 Games in Development Worldwide for Nintendo's New Game Platform
July 28, 2004 - In preparation for the launch of Nintendo DS(TM) in North America and Japan later this year and Europe in Q1 2005, Nintendo today announces major global developments for the innovative dual-screen, wireless, hand-held video game system.
Nintendo DS, originally chosen as the code name, has been selected as the official product name. The Nintendo DS name evokes the idea of a portable system with "dual screens," providing the rationale for the final name. The hardware also has been redesigned to sport a slimmer, sharper look. The retooled Nintendo DS features a thinner, black base and an angular platinum flip-top cover. The face buttons and shoulder buttons are larger, and some have been reconfigured for optimum use. The unit includes a new storage slot for the touch screen's stylus, and the speakers now broadcast in stereo sound, with or without headphones.
"The Nintendo DS will change the future of hand-held gaming," says Satoru Iwata, president of Nintendo Co., Ltd. "Dual screens, chat functions, a touch screen, wireless capabilities, voice recognition - these abilities surpass anything attempted before, and consumers will benefit from the creativity and innovation the new features bring to the world of video games."
Software companies worldwide have more than 120 Nintendo DS games in development. Nintendo alone is developing more than 20 titles, and in excess of 100 companies have signed on to create games for the new system.
OneNote 2003 Service Pack 1 provides the latest updates to Microsoft Office OneNote 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=07408348-26C9-43BB-9E7E-6151CF15D415&displaylang=en
OneNote 2003 Service Pack 1 (SP1) contains new features and significant security enhancements, in addition to stability and performance improvements.
You can get specific information about this update in the Microsoft Knowledge Base article (842774): Description of OneNote 2003 Service Pack 1.
Humm this looks good from winnetmag.com
source: http://www.winnetmag.com/Articles/Print.cfm?ArticleID=43151
Deploying Exchange Intelligent Message Filter
Add a free spam filter at your perimeter
Paul Robichaux
InstantDoc #43151
September 2004
At COMDEX last November, Bill Gates spent a portion of his keynote address announcing a new product: Exchange Intelligent Message Filter (IMF). COMDEX might seem like an odd venue for an Exchange Server announcement until you consider that IMF is really a spam filter and that spam is a growing problem and annoyance to users, administrators, and pretty much everyone except the people who send it. After you know what IMF does, how it works, and how to deploy it, you'll realize that IMF might not solve your spam problem all by itself but can be a valuable adjunct to other spam-reduction measures.
Want to see the rest check out: source: http://www.winnetmag.com/Articles/Print.cfm?ArticleID=43151
Found this on another blog and I thought I would share it
Source: http://www.blogger.com/atom/6425504/109059635653726240
Have been doing some reading lately about message jouraling and archiving for compliance purposes, specifically to do with Microsoft Exchange environments. First of all, some definitions.
Journaling - refers to the ability to record all communications.
Archiving - refers to the ability to remove content from native data storage (i.e. Exchange databases) and store it elsewhere (i.e. File system, SQL, Oracle, mySQL, Tape, HSM, nearline/offline storage, etc.) to reduce capacity.
If you're using the built in Exchange journaling functionality, it's always a best practice to specify a mailbox as a target journaling container. In other words, don't use a Public Folder (PF) or Contact/Custom Recipient as the target for journaling. This is because cetrtain types of messages don't survive transport to a Public Folder (by design) including NDRs, etc. It's always a best practice to journal to a mailbox, and if you need to, to use a rule set on the journaling mailbox to forward/redirect journaled messages to another location (such as an archive).
As an aside, note that there is some blurring of nomenclature when in comes to journaling in Exchange 2000 and Exchange 2003. The settings to enable message journaling (at the store level only) allow you to "archive all messages sent or received by mailboxes on this store" to a specified recipient. If you think about what's actually happening here, this is simply journaling and not archival. But I digress ...
To summarize, always use a target mailbox if you're enabling message journaling in Exchange 5.5, Exchange 2000 or Exchange 2003. I'll probably flip this into a Microsoft Community Solutions KB Article when I get a chance.
These look quite cool - but probably only if your a onenote user!
http://office.microsoft.com/officeupdate/category.aspx?CategoryID=CD010798421033&CTT=4&Origin=CD010326601033
OneNote 2003 SP1 Add-in: Send to OneNote from Internet Explorer PowerToy
View a Web page in Internet Explorer and click a toolbar button to send the contents to a new page in OneNote.
Use the Send to OneNote from Internet Explorer PowerToy to send the contents of a Web page from Internet Explorer to a new page in OneNote 2003 SP1 with the click of a button.
OneNote 2003 SP1 Add-in: Send to OneNote from Outlook PowerToy
Send e-mail messages to a OneNote 2003 page from Outlook 2003 with the click of a Toolbar button.
Use the Send to OneNote from Outlook PowerToy to send e-mail messages to a OneNote 2003 SP1 page from Outlook 2003 with the click of a button.
By Ina Fried and Ben Charny
Staff Writer, CNET News.com
http://news.com.com/2100-1041-5282083.html
Story last modified July 25, 2004, 6:05 PM PDT
Hewlett-Packard is introducing its first iPaq handheld that can easily switch between traditional cellular and Wi-Fi networks.
The h6315, which was co-developed with T-Mobile, operates on a traditional cellular network but can automatically hop over onto a faster Wi-Fi connection when one is available. The device also has a built-in camera and a detachable keyboard and can also act as a cell phone using the GSM cellular network.
"This is the ultimate device," said Scott Ballantyne, vice president of business services marketing for T-Mobile USA. "This will play and store MP3s. It takes pictures."
To allow the device to switch networks, T-Mobile had to adjust its network to let devices store a second Internet Protocol connection. Microsoft also had to make changes to its Windows Mobile operating system.
In addition to its Wi-Fi and GPRS data abilities, the h6315 also has short-range Bluetooth wireless for connecting to detached earpieces and other accessories. HP said it will ship versions both with and without the camera feature, as some business prefer to give workers devices that don't have the ability to take pictures.
HP plans to sell the 6315 model exclusively with T-Mobile in North America, although HP will also sell a version of the device in Europe and Asia that can be used with other carriers' networks.
The company said it expects to sell hundreds of thousands of the devices worldwide in the first year. The T-Mobile version will sell for $499 with a 1-year service agreement and is expected to be available Aug. 26 from HP and from T-Mobile and those who sell its products.
T-Mobile's embrace of Wi-Fi devices makes sense, as the company also has one of the largest commercial Wi-Fi hot spot networks in the world in addition to its cellular network. T-Mobile and Japan's NTT DoCoMo, also a cell phone and Wi-Fi hot spot operator and have been keen on such devices, but support from other carriers has been less than enthusiastic.
The Nokia 9500, a foldable phone with a full QWERTY keyboard and oversize horizontal screen, is the only other handheld with the same hat trick of wireless connections. Nokia says the phone will be available in Europe by the fourth quarter.
Among the many challenges with such devices is how to ensure customers are billed properly as devices move between different types of networks, analysts say.
Despite the challenges, such hybrid devices do provide a tantalizing view into the future. Armed with the appropriate software, such gadgets could eventually use a home's Wi-Fi access point to make phone calls using the Internet, technology known as voice over Internet Protocol, or VoIP.
Wi-Fi phone proponents say it makes sense to combine Wi-Fi with traditional cellular abilities. Wi-Fi is fast, has a 300-foot range and can be used for downloading large amounts of information. Meanwhile, cellular networks stretch for hundreds of miles but can usually only manage download speeds of about 50 kilobits per second to 500kbps.
In addition to the wireless product, HP is also introducing three other handheld lines--one high-end line aimed at businesses and two lines that are more consumer oriented.
The iPaq 4700 features HP ProtectTools security software, a 4-inch VGA screen and a 624MHz Intel processor. It also has a touch pad controller to move the cursor around the screen--a departure from the stylus-based navigation that has characterized most other Pocket PC-based handhelds. The device also offers Wi-Fi and Bluetooth wireless capability.
Meanwhile, the consumer-oriented rx3715 is aimed at consumers, allowing people to move music and other media files from a PC throughout a networked house using the iPaq as the controller. The $499 device also has Wi-Fi and Bluetooth wireless abilities, a 1.2 megapixel digital camera, universal remote abilities and new software for printing and sharing digital pictures. The device is slated to be available this fall.
The rz1700 series, also scheduled to be available in the fall, starts at $279 and comes with HP Image Zone software for creating slide shows and viewing photos.
I found this today - thought I would share it with ya ....
Source: http://www.wired.com/news/gizmos/0,1452,64338,00.html
09:04 AM Jul. 25, 2004 PT
NEW YORK -- Even if you didn't make the cut for this year's Olympic Games in Greece, you can train like a world-class athlete with pocket-sized electronics that deliver a pumping music beat while keeping track of your rising pulse rate.
These gadgets, many of which pull double duty as a radio, music player or regular timepiece, can act as part-time coach and motivator shouting out numbers on the distance you have run or cycled, and indicating that your breaststroke needs work.
For decades, joggers have toted portable radios to avoid boredom. Now, between choruses of a digital recording of Paul McCartney's "Band on the Run," the MP3RUN, developed by Nike and Philips Electronics, can report the distance run and the pace through the wearer's headphones.
Due in stores this August, the $300 device uses Bluetooth short-range wireless technology to help a thumb-sized road sensor, attached to a runner's shoe, store data. That day's workout, and up to 200 runs, can then be logged and loaded onto a website operated by Nike, to track progress.
"We put the coach in the product," said Scott Levitan, a general manager at Philips. "Everybody can use some help to motivate themselves to go one step further."
Of course, for thousands of years, fitness-minded folks have been exercising or competing without a battery-powered gadget to speed up their sprint, or juice up their jumping power. But it would be fair to assume that just as technology enhances everyday conveniences like transportation or communications, it can also fine-tune physical fitness.
Perhaps there is no better time for such advances. Diseases linked to unhealthy diet and lack of exercise account for nearly 60 percent of the 56.5 million deaths a year around the world that are deemed preventable, according to the United Nations' World Health Organization.
Another important reason for buying the new devices is that they provide inspiration, says Matthew Swanston, a spokesman for the U.S. Consumer Electronics Association.
"The health benefit of these electronics is anything that gets you off the couch is good," he said. "If you think that the workout experience would be less unpleasant if you are listening to music, then by all means do what ever it takes to get out there."
Ted Schadler, consumer electronics analyst at Forrester Research said that, as a result of these electronic tools, the level of "performance optimization" that athletics enthusiasts can reach rises sharply.
"It gives someone who measures performance a tremendous tool kit," he said "With it, for example, I can say that the next time I bike up that hill, I don't want my heart rate to go up that high, so I'll try a different gear."
Several devices, such as watchmaker Timex's Bodylink System ($300) and Samsung Electronics' YP-60 MP3 player ($200), help athletes keep track of their heart rate, vital data for those who seek to make the most of their workout without submitting to fatigue.
The Olympic marathon wanna-be might feel free to run farther with a Garmin Forerunner watch, which employs GPS data to tell the athlete precisely where in the world they are and how many calories have been burned. It makes a whistle noise when a specified distance or preset duration of activity is reached.
Swimmers looking for an edge can use a waterproof digital camera, such as Concord Camera's inexpensive Eye-Q Splash (under $50), to dive in an take a snapshot or short video of how their bodies move in the pool.
Bicyclists can work toward their Olympic dream with Sony's sports radio, which mounts on a bike's handle bars. The screen displays the distance covered, the speed in miles per hour, including average and maximum speed, all while playing music from a digital radio tuner.
If the heady blend of sweat and semiconductors doesn't get you closer to realizing your Olympic dream, take heart: It might make you smarter. Researchers at Ohio State University recently found that exercising to music can boost brainpower, by influencing stimulating and increasing cognitive arousal while helping to organize cognitive output.
This is a very cool and handy article to know about:
http://www.msexchange.org/articles/Exchange-Blacklisted.html
Additional to this, you should make sure that you are not open for relay. Check out these KB's and http://www.abuse.net/relay.html
Also when have been blacklisted they will normally tell you why, an a very common reason is that you have an easy to guess password that is being used for an authenticated relay .... So make sure you use strong passwords!
A Guy at work discovered this the other day and I thought I would share it will the rest of you. The tool is part of the Windows 2000 reskit and is called ExCtrLst - Extensible Performance Counter List
If you find that some counters are missing in PerfMon such as base Windows counters like Process or Thread or even Exchange counters get them to install this tool. They should then check to see if each Library is enabled. For some reason they can become disabled and this is a painless way of getting them back. You have to make sure you are looking at the right library as some of the names are ambiguous
Source: http://www.microsoft.com/technet/community/columns/secmgmt/sm0604.mspx
Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager, Microsoft Corporation
See other Security Management columns.
On This Page
There Is More to Information Security Than Viruses
Salvaging Data in the Absence of Backups
Recovering After an Attack – What Tools Will Help?
Conclusion
The last few weeks have been very interesting. A lot of people have read the previous article (http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx), and I think almost all of them wrote me to comment on it. In addition, folks from various internal teams at Microsoft have been contacting me about it. There was even a discussion about the article on the “Full Disclosure” mailing list, although, as usual for that list, it quickly deteriorated into a “why I do not like Microsoft” discussion.
The feedback has been great. So great, in fact, that I decided to write a follow-up to the article to further elaborate on some points. The feedback has largely been divided into three categories, which, paraphrased a bit, are the following:
- Finally someone is speaking the truth: There is more to the world than viruses.
- That’s ridiculous: We don’t have enough backups to flatten hacked systems.
- Here’s a product that will help (largely from various product teams here at Microsoft).
Each category merits a bit more elaboration, which is the purpose of this article. The first category of comments is the easiest, and most interesting, to answer. The genuine truth is that there is a lot more to our world than the run-of-the-mill e-mail viruses.
There Is More to Information Security Than Viruses
If you read the first article (http://www.microsoft.com/technet/community/columns/secmgmt/sm0104.mspx) you probably already know that I do not believe a system can ever be completely secure—at least, not if you are interested in actually using it. One additional piece of basic lemma (http://www.britannica.com/ebc/article?eu=405886&query=lemma&ct=) information I accept is that there is a lot more to information security than worms and viruses (while there are differences between worms and viruses, and the experts in the field are still debating exactly what these differences are, we are primarily concerned with general malicious code here, and henceforth I will treat worms and viruses as one type of attack and refer to them collectively as “worms”). Yet we tend to always focus on worms, and why not? Sasser/Blaster/Lion/Trino/Ramen/Slapper and other worms are very disruptive and cost tremendous amounts of money to get rid of. With a few exceptions (such as the Linux Ramen worm and Code Red), however, a worm itself is not destructive. That is not to say that worms cannot be destructive, but that at least when you are dealing with a worm, you basically know what you get. A lot of people got the same worm and at least some of them were able to dissect it, saving you the trouble.
However, some of these worms put back doors into the system—back doors that truly evil people can then use to do much worse things to your system than the worm did. Nimda did this. So did Slapper (another Linux worm). Once a worm puts a back door on your system, the system can be controlled by bad guys across the Internet. In addition, none of these worms created any kind of log file that would tell you what was done through the back door. Once a system is affected with one of these worms, you can no longer trust anything on that system. In fact, if the worm even manages to get on the system it should really be treated as a symptom that the system is untrustworthy. A different attack may very well have already used the same vector (method of attack) as the worm, and may have done much worse things to the system than the worm itself. The key point here is that we need to stop focusing so much on worms and focus more on the vulnerabilities that the worms exploited.
E-mail worms are a slightly different problem; essentially, they are a layer 8 problem—a problem exploiting users, not technology. That means we need to treat e-mail worms differently—if users stopped double-clicking on e-mail attachments, these problems would go away. Conversely, if management would let us just block all e-mail attachments, at least for those users who won’t learn not to double-click on suspicious attachments, the problems would also go away. You can do this pretty easily with any relatively recent version of Microsoft Exchange and Outlook. Of course, any of those users would also double-click on a malicious Trojan, but that is an orthogonal issue. The mere fact that an e-mail worm got on the system is not a strong indication that the system is compromised by an active attacker in the same way it is when a network worm, like Sasser, gets on the system.
At the end of the day, I am considerably more worried about active attackers than I am about worms—and active attackers can use a lot of different vectors to get into your systems and your network. The worm problem can be solved with some relatively simple (to enumerate, not necessarily to implement) steps:
- Make sure all the relevant patches are deployed as soon as they are released.
- Use a firewall.
- Use an antivirus program. If you do not have one, go to http://www.microsoft.com/protect and you can get one for free. For more information on how to deploy antivirus solutions across a larger environment, see the new Microsoft Antivirus Defense-in-Depth Guide at http://go.microsoft.com/fwlink/?LinkId=28734.
- Teach users not to double-click unsolicited attachments without checking first whether they are legitimate, or block them from doing so.
Preventing active, determined attackers from getting into the system is not always that simple. In addition, as some readers pointed out, we do not always have enough backups to reliably recover a system. Therefore, it becomes very important to detect whether a system has been compromised, and, if so, what was done to it. There are some ways to do that.
Salvaging Data in the Absence of Backups
One of the things that keeps me awake at night (other than small children and engine noise from the airplane I’m on) is not the possibility that the barbarians are at the gate but that they are already inside the gates and we do not know it. We know there are a lot of bad people out there. During Microsoft’s recent Tech-Ed conference some criminal group put a “bounty” out, awarding $50,000 to whoever could destroy the network at the conference. How can we tell whether these people are inside the system? If they are not very good, they will leave tracks, such as new accounts, strange files, and potentially unstable systems. The majority of attackers today probably fall into that category; at least I hope they do. Then there are the really good ones. These are the ones who disappear into the OS as soon as they get on the box. They install a rootkit on the system that makes the system no longer trustworthy. Windows Explorer and the command line will no longer show you the files that are actually on the system. The registry editor is now lying. Account manager tools will not show you all the users. At this stage of an intrusion, you can no longer trust the system to tell you about itself. That’s where you get into a flatten and rebuild (some people call it “nuke and pave”) scenario. The system is now completely compromised. Can you detect that this has happened, and what was done?
There are some tricks for detecting this type of intrusion. One is to use a network-based intrusion detection system (IDS), which will track traffic coming into and going out of your network. A network-based IDS is neutral and can, assuming it has not been compromised, give you a good idea of what is going into and out of a suspect system. A thorough discussion of IDS systems is beyond the scope of this article, and, for most of us, IDS systems are beyond our immediate need anyway. In many cases, we would get more value from actually securing the network than from spending the time it takes to implement an IDS. Most of our networks can use a lot of additional security work, and if we do not do that first, we will simply ensure that we get a lot of interesting IDS logs.
You can also detect that a system has been compromised by analyzing the system itself, but it involves some in-depth forensics. For example, since you cannot trust the system itself, you must boot it to neutral media, preferably read-only media. One option is to boot to Windows PE, which is a command-line only, CD-bootable version of Windows XP or Windows Server 2003. Windows PE is not generally available, however. Another option is to get a copy of Winternals ERD Commander or System Restore (http://www.winternals.com). Both tools are based on WinPE. ERD Commander is essentially a GUI on top of WinPE that gives you a great set of tools for resurrecting a crashed system. Since it is a neutral installation, you can trust the commands on that disk to tell you what is actually going on with the suspect machine. System Restore is a superset of ERD Commander that also includes the ability to check a system against a baseline. For example, let’s say you build a Web server. As soon as it is built, you create a baseline for what the system looks like. At some point after you enter the system into production, you suspect it has been hacked. You may, for instance, detect odd network traffic emanating from the system and decide to analyze it. You can take the system offline, boot it to a recovery disk, and run a comparison against the latest snapshot. This will tell you exactly what has changed. Whether those changes actually reflect an intrusion is not clear, though. You have to make that call.
One final note on forensic work: If you really do believe an intrusion has happened and you want to take legal action, you probably should not do forensics on your own. Disconnect the system to prevent the compromise from spreading, but after that, call in a forensics expert. The risk is simply too great that you will destroy the evidence and make it inadmissible in court. If you have a need to preserve the evidence, use a professional to gather it.
Recovering After an Attack – What Tools Will Help?
Finally, the most important step: a system has been hacked, how do you get service up and running? It depends on the type of system. First, I do not believe in backing up clients. Clients in a network should be storing their data on servers; then we back up servers. If the client gets compromised, we rebuild it. It is complicated enough to back up servers. We do not need to make it much worse by including clients in the backup plan.
Obviously, however, this statement is not true in a home environment or on a very small network. In those environments I use a few built-in tools to generate minimal backups of the data (not the programs). Windows XP and Windows 2000 have a decent backup tool built in. You can use it to generate backups of the system to arbitrary media. A somewhat simpler option, in my opinion, is to use the Files and Settings Transfer Wizard. Every few weeks, I run the Files and Settings Transfer Wizard in Windows XP to create a copy of all my data and my entire profile. The backup then gets burned to CD or copied to another hard drive. If the system should fail, it is a matter of a few hours to rebuild it, reinstall all the patches, and then restore the data and profile using the Files and Settings Transfer Wizard. As an additional safety measure, I also configure my home systems with roaming profiles. The profile is only roaming to another hard drive in the same system, but at least this protects me in the case of hard drive failure. But if all you have is a run-of-the-mill virus, restoring a system from backup may be overkill. If you are simply trying to clean off a virus, refer to chapter 4 of the Microsoft Antivirus Defense-in-Depth Guide (http://go.microsoft.com/fwlink/?LinkId=28734) for details on how to proceed.
On a larger network, we need server backups. The complete backup plan and process is beyond the scope of this article. However, as many of the comments from the previous article mentioned, no matter how we plan our backups we often do not have enough backups and therefore have to try to reconstruct data from the compromised system. There are some tricks for doing this. First, identify the last trusted backup and restore the data from that to an isolated replacement system. Then copy the data off the compromised system to the isolated replacement system. Next, use a differencing tool, such as Windiff, to run a diff of the backup comparing it to what you found on the compromised system. Keep in mind that this must be done with the compromised system booted to neutral media, as was explained earlier, otherwise you run the risk of compromising the backup as well. For each item that has changed, identify the data owner. Now task each data owner with certifying the differences. If the differences are accepted, reverse integrate them into the trusted backup. This is a complicated and time-consuming process, but it is the only way to be sure that you are getting what you should back to the new system and are not simply restoring compromised information to a new system. If you just restore from a compromised backup, at best, you will have untrustworthy data. At worst, you will just have created another compromised system.
Conclusion
The process I have outlined above is definitely painful. No doubt about it. The only thing I can say is “don’t shoot the messenger.” This is why we spend so much effort on figuring out how to prevent getting your systems hacked. Getting back in service is painful. By comparison, preventing yourself from getting hacked is a lot less painful in the long run, and a lot less likely to turn into a resume-generating event. In future columns, we will return to more prescriptive guidance to help you minimize your dependency on recovery.
Source: http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
Published: May 7, 2004
Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I
Security Program Manager
Microsoft Corporation
See other Security Management columns.
Welcome back. After the very long Patch Management article last month, this months article is much shorter and to the point. Let’s just say you did not install the patches like we discussed last month. Now you got hacked. What to do?
Cleaning a Compromised System
So, you didn’t patch the system and it got hacked. What to do? Well, let’s see:
- You can’t clean a compromised system by patching it. Patching only removes the vulnerability. Upon getting into your system, the attacker probably ensured that there were several other ways to get back in.
- You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.
- You can’t clean a compromised system by using some “vulnerability remover.” Let’s say you had a system hit by Blaster. A number of vendors (including Microsoft) published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn’t. If the system was vulnerable to Blaster, it was also vulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn’t think so.
- You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it. Note that if you can guarantee that the only thing that compromised the system was a particular virus or worm and you know that this virus has no back doors associated with it, and the vulnerability used by the virus was not available remotely, then a virus scanner can be used to clean the system. For example, the vast majority of e-mail worms rely on a user opening an attachment. In this particular case, it is possible that the only infection on the system is the one that came from the attachment containing the worm. However, if the vulnerability used by the worm was available remotely without user action, then you can’t guarantee that the worm was the only thing that used that vulnerability. It is entirely possible that something else used the same vulnerability. In this case, you can’t just patch the system.
- You can’t clean a compromised system by reinstalling the operating system over the existing installation. Again, the attacker may very well have tools in place that tell the installer lies. If that happens, the installer may not actually remove the compromised files. In addition, the attacker may also have put back doors in non-operating system components.
- You can’t trust any data copied from a compromised system. Once an attacker gets into a system, all the data on it may be modified. In the best-case scenario, copying data off a compromised system and putting it on a clean system will give you potentially untrustworthy data. In the worst-case scenario, you may actually have copied a back door hidden in the data.
- You can’t trust the event logs on a compromised system. Upon gaining full access to a system, it is simple for an attacker to modify the event logs on that system to cover any tracks. If you rely on the event logs to tell you what has been done to your system, you may just be reading what the attacker wants you to read.
- You may not be able to trust your latest backup. How can you tell when the original attack took place? The event logs cannot be trusted to tell you. Without that knowledge, your latest backup is useless. It may be a backup that includes all the back doors currently on the system.
- The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I don’t want to see you doing that.
This list makes patching look not so bad, yes? We may hate patches, but the alternative is decidedly worse.
I think I have mentioned this before, but with the Exchange 2003 Intelligent Message Filter you can Archive spam messages. This is a cool 3rd party app that lets you manage those message.
Here is the introduction from http://www.gotdotnet.com/Community/Workspaces/UploadedHtmlPage.aspx?FileID=98105ee0-e43a-4675-aef8-f40adfc1bfc4&id;=e8728572-3a4e-425a-9b26-a3fda0d06fee
IMFAM is a C# GUI tool released as shared source on GotDotNet that provides a tree view of the archive directory and the eml files in it. It also has a preview pane that displays decoded P2 mail message properties as well as the entire raw message. There are 5 actions: Refresh, Delete, Resubmit, Copy to Clip, and Report. Refresh reloads the tree view as well as the raw message. Delete deletes the selected message. Resubmit moves the message to the pickup directory where it is resubmitted to the MTA and delivered. Copy to Clip copies the entire raw message to the clipboard in case you want to paste it in another window. Report creates a new message, attaches the selected message as an attachment, and then sends it to the recipient listed in the report settings. In addition it optionally strips P1 headers, x-SCL header, and deletes the message if so configured in the report settings. The report feature is useful if you want to send the UCE to reporting organizations such as http://www.spamcop.net.
Check out the latest version here: http://www.gotdotnet.com/community/workspaces/newsitem.aspx?id=e8728572-3a4e-425a-9b26-a3fda0d06fee&newsId;=3057
New for 2.0.2:
- Support for fr-FR, de-DE, and zh-TW (French, German, and Tradition Chinese)
Fixes for 2.0.2:
- PopulateNode error when trying to decode in
I'll let the version bake for two weeks. If I don't have any more bugs/requests, then this will be re-released as Version 2.0.
Thanks to all that helped provide feedback and bug reports.
Source: http://support.microsoft.com/?id=834431
SYMPTOMS
When you change the address space of a Microsoft Exchange Server 5.5 Internet Mail Connector on an Exchange 5.5 computer that is part of an Exchange 5.5-based routing group, the information is not replicated to the link state table of a Microsoft Exchange 2000 Server computer that is in a different routing group. Therefore, although Exchange System Manager shows the correct updated address space information, e-mail messages are not correctly routed.
CAUSE
This problem may occur if the following conditions are true:
- The bridgehead server in the routing group that contains the Exchange 2000 computer that does not receive the updated link state table information is running Exchange Server 5.5. Because of this, the Exchange 2000 computer creates the link state table from the information that is in the Active Directory directory service.
- A routing group is deleted.
When the Exchange 2000 computer tries to obtain updated routing group information, it iterates through all the Exchange 5.5-based routing groups. However, if the update process encounters an error with any one of the routing groups during the update process, the iteration process stops. For example, the iteration process stops if the update process encounters a deleted routing group. Therefore, new routing information from functional routing groups is not correctly updated.
RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Exchange 2000 Server service pack that contains this hotfix.
Source: http://www.f-secure.com/weblog/#00000239
One of the hot topics over the last months has been the continuing DDoS & extortion attacks against mostly UK-based gambling sites.
According to a recent article in The Financial Times (titled "Internet gambling extortion racket broken up"), three men in their early 20s were arrested in raids in Russia.
Apparently they were launching big DDoS attacks from botnets against gambling sites, then emailing them and asking $50,000 for not doing it again.
The extortion money was rerouted to Russia via Caribbean and Latvia, but nevertheless the UK police was able to trace it, leading eventually to the arrests.
So...so far, the year looks pretty good:
Month Country
July Russia: Three DDoS hackers arrested
June Hungary: Magold virus author sentenced
June Finland: VBS/Lasku virus author arrested
May Taiwan: Peep backdoor author arrested
May Canada: Randex variant author arrested
May Germany: Agobot variant author arrested
May Germany: Sasser & Netsky author arrested
Well that wasn't as hard at I thought it would be. The software is written by Scott Water and it's really does rock. Check out his blog: http://scottwater.com/blog/
Basically you need to have a box with SQL or MSDE on it. The go here to download the software:
http://workspaces.gotdotnet.com/dottext / http://www.gotdotnet.com/Community/Workspaces/viewUploads.aspx?id=e99fccb3-1a8c-42b5-90ee-348f6b77c407
You need to choose between a single or multiple blog site.
Once you have downloaded it, check out the readme.txt files. If you need any more help check out the installation guide here: http://dottextwiki.scottwater.com/default.aspx/Dottext.InstallationWalkThrough
Finally if you have any issue, a help forum exists here: http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=149
Happy Blogging and let me know if you get stuck or when you have your site
Quick survey time, what blogs do you read and would you recommend to others. Just reply with some feedback to this post and i'll create a list of them all
I dont know if anyone is tuned in to this "channel" :-| but I'm planning on upgrading to .95 version of .text, so you may notice a small outage for a couple of hours later.
I'll let you know how I get on, and I'll give you all the details about .text and how easy it is to setup your own blog
Dunno if this is supposed to be up here but you can download it from microsoft.com :-|
http://www.microsoft.com/downloads/details.aspx?FamilyID=09b835ee-16e5-4961-91b8-2200ba31ea37&DisplayLang;=en
In case you dont know, Lookout is an addin to Outlook to quickly search all of your email, contacts, calendar, and filesystem
Lookout is lightning-fast search for your email, files, and desktop integrated with Microsoft Outlook™. Built on top of a powerful search engine, Lookout is the only personal search engine that can search all of your email from directly within Outlook - in seconds...
You can use Lookout to search your:
- Email messages
- Contacts, calendar, notes, tasks, etc.
- Data from exchange, POP, IMAP, PST files, Public Folders
- Files on your computer or other computers ...
- Very soul (okay, not true)
Just enter your search and press enter. Results are instant. Lookout will find your search terms hiding nearly anywhere in your Outlook mailbox - subjects, bodies, phone numbers, addresses, etc.
Rob showed me this today ..... it's cool!
MaxiVista turns any Laptop, desktop or Tablet PC into a second monitor of your primary PC. Program windows can be moved across both screens as it would be one big display
http://www.maxivista.com/
Source: This Is Money, 21/07/2004 - Full story: http://www.thisismoney.com/20040721/mh80628.html
This is excellent - Experts have drawn up a list of DIY jobs that will slash the value of your home
- Not dealing with a structural disaster:
Subsidence can often be fixed but if nothing is done buyers will flee.
Loss in value: £100,000
- Bad extensions
Ugly lean-to and breeze block protrusions often end up being demolished.
Loss in value: £20,000
- Smoking
Smell and stains can put off buyers.
Loss in value: £16,000
- Outdoor swimming pools
Too big, £600 a year to maintain, families with children will worry about safety.
Loss in value: £15,000
- X-rated additions
From 'humorous' gnomes to stone cladding - costing up to £2,000 to be removed.
Loss in value: £15,000
- Textured finish
The ceiling swirls are difficult to remove - and there's a fear of what lies beneath.
Loss in value: £14,000
- UPVC windows
Alright in moderation for modern homes, a big mistake in period properties.
Loss in value: £12,500
- Animals
One in 10 people won't see the home due to allergies. the rest will worry about smells.
Loss in value: £10,000
- Poor DIY
Poor paint jobs, badly fitted kitchens, shoddy wiring and plumbing must be replaced.
Loss in value: £10,000
- Avocado bathroom suite
Simply age the bathroom - many stockists now only supply white.
Loss in value: £8,000
- Nightmare neighbours
Buyers take fright at signs such as unkempt gardens and abandoned cars.
Loss in value: £7,500
- Toilet in the wrong place
Unattractive and unhygienic if too near kitchen.
Loss in value: £6,000
- Pine
Sellers end up paying for removal of the Seventies-style orangey wood.
Loss in value: £5,000
- Gigantic sofa
Buyers can't visualise space. Should be no longer than 5ft in a 12ftx10ft room.
Loss in value: £4,000
- Overgrown garden
Cost of hiring gardeners will be taken off asking price.
Loss in value: £3,500
- Fake period features
Cheap beams, ill-suited fireplaces and ornate chandeliers scream 'naffî.
Loss in value: £3,000
- Floral/flock patterns
Often hideous and make rooms seem smaller.
Loss in value: £2,500
- Laminate flooring
Never in a period home, always use sparingly.
Loss in value: £2,000
- Themed rooms
Moroccan bedrooms, Caesar's Palace lounges - they'll all be ripped out.
Loss in value: £1,500
- Carpet in the bathroom
If you like bugs, dead skin, hair and nasty stains.
Loss in value £1,000
Using Exchange 2000 Server and Exchange Server 2003 Front-End Servers Replaces "Using Microsoft Exchange 2000 Front-End Servers"
Microsoft® Exchange 2000 Server and Exchange Server 2003 support the deployment of Exchange Server in a manner that distributes server tasks among front-end and back-end servers. A front-end server accepts requests from clients and proxies them to the appropriate back-end server for processing. This preliminary version (preview) of a revised online book (Using Microsoft Exchange 2000 Front-End Servers), discusses how Exchange Server supports front-end and back-end architecture, as shown by several front-end and back-end scenarios, It also includes recommendations for configuration.
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F7937E4-AB7C-42D1-BB8D-04B8E64F7EAC&displaylang=en
This will give you a 95 page word document
Preview: Managing Free/Busy Folders
This chapter describes how Microsoft Exchange clients generate and retrieve free/busy data, and how Exchange stores the data. It recommends three basic ways to deploy free/busy servers for maximum efficiency. It describes the behavior of free/busy folders when you replicate free/busy data between Exchange organizations or between an Exchange organization and a messaging system other than Exchange. Finally, this chapter also provides some recommendations for cleaning up free/busy data
http://www.microsoft.com/downloads/details.aspx?FamilyId=91E9CC69-A815-42D3-B7D8-88EA54B1AEB1&displaylang=en
Giving you a nice and small 16 page word document
Preview: Configuring Offline Address Books
Working with the Exchange Server 2003 Store is an upcoming addition to the Exchange Server 2003 Technical Documentation Library. "Configuring Offline Address Books" is one chapter planned for the guide. Previewing this chapter gives you advance insight to issues such as:
- How does Exchange generate offline address books?
- How can you configure servers to provide offline address book support to your clients most efficiently?
- What locale information does Exchange use when it generates offline address books?
http://www.microsoft.com/downloads/details.aspx?FamilyId=B1A68E2C-8232-493E-9BD4-C4BF64214E37&displaylang=en
22 pages of word doc
Just incase you DONT subscribe to the exchange feed, this is what you missed:
Source: http://blogs.msdn.com/exchange/archive/2004/07/21/189966.aspx
After completing a migration you may note that replying to emails will cause an NDR. Although sending an email directly to the person works without an NDR. This is most likely caused by the X500 DN changing during the migration. To illustrate this, I will set up a scenario.
You have an Exchange 5.5 environment and it has an Org name of COMPANY and a Site name of DALLAS.
You created an Exchange 200x environment with an Org name of COMPANY and the AG is called First Administrative Group.
You migrated the Exchange 5.5 environment using ExMerge or some equivalent method.
If you open one of the email messages it will look normal. If you get the outlook properties of one of the senders of an old message you’ll note that all of the fields are blank except the Display Name. It will have an X500 address in it, which looks like:
/O=COMPANY/OU=DALLAS/CN=RECIPIENTS/CN=TESTUSER. If you open a new message and type in TESTUSER or grab test user from the address book and look at the outlook properties you will see the fields populated and the Display Name will look normal.
The reason for this is that the message is stored with the X500 address at the time it was processed. The migration wizard should adjust this on the fly for you but ExMerge and some other operations will not (you also could find yourself in this type of situation in some single mailbox recovery or other disaster recovery scenarios). The way to fix this is to add an X500 address to the user object in AD that matches their old LegacyDN.
This can be painful to do by hand. There is a tool available to help do this in bulk to selected users. The tool is called ADModify and is available at:
ftp://ftp.microsoft.com/PSS/Tools/Exchange%20Support%20Tools/ADModify/admodify_1.6.zip
The tool has a help file to guide you through its usage. Once you have your users selected, the X500 address option is on the Email Addresses Continued tab
- Dan Winter
All of you old gits out there ... do you remember the Magic Roundabout - Used to be on before the 6pm news on BBC 1.
Check this out - Made be laugh:
http://partner.mymovies.net/windowsmedia/default.asp?url=/film/fid1429/trailers/trid1420/wm/high.asx&filmid=1429
http://www.rsc.co.uk/zebidee/history.htm
http://www.imdb.com/title/tt0339334/
Credited cast:
Tom Baker.... ZeBadDee (voice)
Jim Broadbent.... Brian (voice)
Joanna Lumley.... Ermintrude (voice)
Kylie Minogue.... Florence (voice)
Bill Nighy.... Dylan (voice)
Richard O'Brien.... Zebedee (voice)
Robbie Williams.... Dougal (voice)
Do you know what CTL means or what Microsoft defines as a BridgeHead Server? Well check this kb and associated word doc out.
Source: http://support.microsoft.com/?id=842753
Downloadable from: http://download.microsoft.com/download/4/9/3/49393264-e0e2-4234-a815-620388450bdd/E2k3Glossary.exe
This will extracts to a 19 page Word Doc
CTL: Certificate Trust List : A signed list of root certification authority certificates that an administrator considers reputable for designated purposes, such as client authentication or secure e-mail.
Bridgehead Server: A computer that connects servers using the same communications protocols so information can be passed from one server to another. In Exchange Server 2003 and Exchange 2000 Server, a bridgehead server is a connection point from a routing group to another routing group, remote system, or other external system.
Now I didn't know this .... You learn something new everyday!
Source: http://blogs.msdn.com/exchange/archive/2004/07/20/188856.aspx
What are badmails?
Badmails are mail that the Exchange server cannot deliver or NDR (non-delivery report). A common source of badmails comes from the unsuccessful attempt to deliver an DSN (delivery status notifiction. NDR is a form of DSN). We keep badmails around primarily for diagnostics.
Badmails accumulate in the Exchange badmail folder (by default Exchsrvr\Mailroot\vsi x\Badmail). Before Exchange 2003 SP1, badmails are written to the folder until the hard disk is full.
What has changed in Exchange 2003 SP1?
In Exchange 2003 SP1, out of the box, we do not write any badmails. Anything that is destined to badmail will disappear by default. Two regkeys are added to adjust the related behavior. They are briefly discussed as follows and there will eventually be a KB with more details on this.
Why did we make the change?
What we found out is that badmails are not commonly used. Many administrators simply delete the contents of the badmail folder periodically. Another reason is that if badmails are allowed to build up unchecked, the server runs out of disk space eventually.
If you do not care and do not want to see badmails, Exchange 2003 SP1 is perfect. Just install Exchange 2003 SP1, and badmails will no longer be an issue. If you want to keep some badmails around, read on...
About the regkeys:
You will need to add these under: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSVC\Queuing
MaxBadMailFolderSize is the maximum number in kilobytes that the system will write badmail to each badmail folder. This setting applies to all badmail folders under the various VSI’s that you may have. Once a badmail folder hits the size, badmail will stop being written. Just to be perfectly clear, this is NOT a circular buffer. Once the badmail folder hits the limit, badmail writing will stop - your old badmails stay in the folder, and you will not get any new badmails. Using a value of -1 will give you the same functionality as in pre Exchange 2003 Sp1 Exchange, that is, badmails grow unbound. When the regkey is not set, it is 0: no badmail written.
BadMailSyncPeriod (in minutes) is how often Exchange looks in the system to see if badmails have been deleted. The server caches of the size of the badmail folder for performance reasons. This is used only when a MaxBadMailFolderSize is specified. The default, if regkey is not set, is 12 hours.
Together with the badmail script released in WR Feb 04, there is a lot of flexibility in dealing with badmails. Alvin Mok has written about the badmail script. You can, for example,
- Set MaxBadMailFolderSize to a number that you want to allocate for badmails.
- Use the badmail script to archive/delete badmails periodically as required.
Doing so will allow you to keep the badmails around for the period of time you desire. With the regkey, you can be sure that the server only writes up to a certain amount of badmails. Having the maximum protects your server when tons of un-expected badmails are generated.
- Philip Chan
Dunno if you have seen this, but I found it today and it was very, very handy
Source: http://support.microsoft.com/?id=839949
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SUMMARY
This article discusses the groups that are used by Exchange 2000 and Exchange Server 2003 for mail distribution and access control lists (ACLs). This article lists the types of groups that are used and contains answers to some frequently-asked questions (FAQ) about how to troubleshoot distribution groups in Exchange 2000 and in Exchange 2003.
IN THIS ARTICLE
- Introduction
- Overview of groups that are used by Exchange 2000 and Exchange 2003
- Distribution groups and global catalog servers
- Distribution groups, the Exchange message categorizer, and expansion servers
- Distribution groups and restrictions
- Restricted distribution groups in Exchange 2003
- Frequently-asked questions about distribution groups in Exchange 2000 and in Exchange 2003
- References
INTRODUCTION
This article contains information about the groups that are used by Microsoft Exchange 2000 and Microsoft Exchange Server 2003 for mail distribution and access control lists (ACLs). This article also lists answers to some frequently-asked questions (FAQ) about how to troubleshoot distribution groups in Exchange 2000 and in Exchange 2003.
Overview of groups that are used by Exchange 2000 and Exchange 2003
The following groups are used by Exchange 2000 and Exchange 2003.
Domain local groups
Domain local groups have the following attributes:
- In a native-mode domain, local groups can contain user accounts, global groups, and universal groups from any domain in the forest and can also contain domain local groups from the same domain.
- In a mixed-mode domain, local groups can contain user accounts and global groups.
- You can assign permissions to local groups only for objects in the domain where the local group exists. You cannot assign permissions to network resources and public folders in other domains.
- You can convert a local group to a universal group when the local group is located in a native-mode domain if there is not another local group nested inside the local group.
- The group object is listed in the global catalog, but the group membership is not listed in the global catalog.
- Microsoft Outlook users in other domains cannot view the full membership of the global group.
- Group membership must be retrieved on demand if expansion occurs in a remote domain.
Domain global groups
Domain global groups limit membership to the local domain where the domain global group is located. Global groups permit one level of nesting. For example, you can have domain global groups that are members of a parent global group. Domain global groups have the following attributes:
- Global groups in native-mode domains can contain user accounts from the same domain and global groups from the same domain.
- Global groups in mixed-mode domains can contain user accounts from the same domain.
- You can assign permissions to global groups for all domains in the forest, regardless of the location of the global group.
- A global group in a native-mode domain can be converted to a universal group if the global group is not a member of any other global group.
- Global groups can contain only recipient objects from the same domain.
- The group object is listed in the global catalog, but the group membership is not listed in the global catalog.
- Outlook users in other domains cannot view the full membership of the global group.
- Group membership must be retrieved on demand if expansion occurs in a remote domain.
Universal distribution groups (UDG)
Universal groups behave most like Microsoft Exchange Server 5.5 distribution lists. Universal groups have the following attributes:
- Universal groups in a native-mode domain can contain user accounts from any domain, global groups from any domain, and universal groups from any domain in the forest.
- Universal groups of the security type, named universal security groups (USGs), can be used only in native-mode domains. Universal groups of the distribution type, named universal distribution groups (UDGs), can be used in mixed-mode and in native-mode domains.
- Outlook users in any domain can view full membership of the distribution group.
- Membership is not retrieved from remote domain controllers.
- Membership modifications incur replication to the global catalog servers.
Query-based distribution groups (QDG)
A query-based distribution group (QDG) is a new feature of Exchange 2003 and is only available in environments where there are only Exchange 2000 servers or only Exchange 2003 servers. A query-based distribution group runs the Lightweight Directory Access Protocol (LDAP) filter on the distribution group every time mail is sent to the distribution group. Query-based distribution groups have the following attributes:
- Query-based distribution groups can have restrictions. You can set restrictions on who can send messages to a query-based distribution group.
- Query-based distribution groups can be nested. You can nest a global group or a universal distribution group in a query-based distribution group.
The membership of the query-based distribution group is formed from an LDAP filter. The following is an example of a filter for a distribution group:
(&(!cn=SystemMailbox{*})(&(&(&(& (mailnickname=*) (| (objectCategory=group) )))(objectCategory=group)(description=Description))))
Note There are limitations to using query-based distribution groups with domain controllers that are running Microsoft Windows 2000 Service Pack 3 (SP3) or earlier.
For additional information about how to troubleshoot query-based distribution groups in Exchange 2003, click the following article number to view the article in the Microsoft Knowledge Base:
822897 How to troubleshoot query-based distribution groups
Distribution groups and global catalog servers
The type of distribution groups that you use is an important consideration. Membership of global group objects is replicated to every domain controller in a forest. However, the membership of global groups can only be visible from domain controllers or global catalogs that are located in the same domain as the group.
Only universal group memberships are replicated across all domains to all global catalog servers in the forest. Microsoft strongly recommends using universal distribution groups for mail distribution in a multi-domain environment.
The following are two examples that demonstrate the use of distribution groups:
- If you create a global group in domain A, the group object and its membership are replicated in domain A, but only the group object (and not the membership) or member attribute is replicated to domain B. The Exchange message categorizer picks a list of global catalog servers from the DsAccess component to use for expansion of the distribution group. The list of global catalog servers is retrieved from an automatic discovery or a manual hard-coding of global catalog servers.
- An Exchange server named Server1 uses a global catalog from domain A. A user on Server1 sends mail to the global group on domain A. The Exchange message categorizer on Server1 can read the membership of the group and successfully deliver the messages. However, the Exchange server named Server2 uses a global catalog from domain B. If a user on Server2 sends a message to the same group (whose object name is replicated to domain B), the Exchange message categorizer cannot read the member attribute of the group and deliver the message.
Distribution groups, the Exchange message categorizer, and expansion servers
You can use an expansion server to work around the limitation that membership in global groups is not visible outside the home domain of that global group. If you specify an expansion server, and the expansion server uses a global catalog from the home domain of the global group, mail is delivered to that global group.
Note To expand a distribution group that is used in the ACL of a connector, message delivery may fail if the global catalog that Exchange server uses to check the restrictions is a global catalog from the local domain. Microsoft strongly recommends using universal distribution groups for mail distribution in a multi-domain environment.
How the Exchange message categorizer expands a distribution list
When a message is sent to a distribution group, the Exchange message categorizer checks if the distribution group must be expanded locally or remotely. If the expansion server is set to “Any” (without the quotation marks), the sending server expands the distribution group. If the expansion server is set to a specific server, one copy of the message is sent by using SMTP to the specific expansion server for expansion.
The message categorizer of the expansion servers retrieves the list of members from the member attribute of the distribution group. To read from the global catalog, the message categorizer uses the security context of the LocalSystem account that the Simple Mail Transfer Protocol (SMTP) service runs under, and that represents the permission that the Domain\Exchange$ account has. The message categorizer retrieves the list of members and converts the distinguished names (DNs) to Relative Distinguished Names (RDNs), and then runs a batched LDAP search on the global catalog server to retrieve attributes that are required to route mail to recipients.
Distribution groups and restrictions
The following is a list of attributes that are used when you configure restrictions on objects to control whether messages can be sent or cannot be sent to a distribution group:
- The authOrig attribute. The authOrig attribute contains a list of DNs of users who have permission to send to the distribution group.
- The unauthOrig attribute. The unauthOrig attribute contains the list of DNs of users who do not have permissions to send to the distribution group.
- The dlMemRejectPerms attribute. The dlMemRejectPerms attribute contains the DNs of groups that do not have permissions to send to the distribution group.
- The dlMemSubmitPerms attribute. The dlMemSubmitPerms attribute contains the DNs of groups that have permissions to send to a specific group. When sending mail to a distribution group that has a restriction, the message categorizer has to expand the membership of the distribution group, obtain the full list of DNs of the members, and then compare the list of DNs to the list sender’s DNs. An access operation or a deny operation occurs when a DN on both lists match. If a distribution group is nested in another distribution group, the nested distribution is also expanded. If you use distribution groups on a connector, every time a message is sent by using that connector, the distribution group is expanded to retrieve the list of DNs, and the list of DNs is compared with the list of senders’ DNs to generate either an access operation or a deny operation.
Restricted distribution groups in Exchange 2003
Exchange 2003 has a new feature that permits mailbox users or distribution groups to receive e-mail messages only from authenticated users. This feature permits you to restrict inbound Internet e-mail for specific users or for distribution groups. The feature is enabled when you click to select the From authenticated users only check box in Message restrictions settings for an individual user or a distribution group.
When Exchange 2003 expands a distribution group that can only receive mail from authenticated users or can only receive mail from distribution groups that have the msExchRequireAuthToSendTo attribute set to true, the Exchange message categorizer does not permit unauthenticated mail that is sent by using SMTP to the distribution group. Mail to restricted distribution groups is accepted only if the messages are submitted by using the store driver or if the messages are authenticated by using SMTP or if the Resolve anonymous e-mail option is turned on in the SMTP virtual server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
827616 How to restrict the users who can send inbound Internet e-mail to another user or to a distribution group in Exchange 2003
Frequently-asked questions about distribution groups in Exchange 2000 and in Exchange 2003
Q1: In what situations is mail not delivered to a global distribution group?
A1: Mail that is sent to a global distribution group is not delivered in a multi-domain environment in any one of the following situations:
- The Exchange server that expands the distribution group is using a global catalog server that is located in a domain that is different from the domain that the distribution group is located in.
- The Exchange server that expands the distribution group is using a global catalog server that does not have the member attribute of that distribution group.
Q2: What if using global groups for mail distribution is the only option in a particular environment?
A2: You can use global groups for mail distribution in a single domain forest or if you specify a particular server as the expansion server for every global group. A global group that has an expansion server that is set to “Any” (without the quotation marks) means that the sending Exchange server expands the global group. This configuration is likely to fail in a multi-domain environment. Additionally, you can also hard-code Exchange to use only the global catalog that has the member attribute of the distribution group.
Q3: When are expansion servers used?
A3: Use expansion servers in environments that have multiple Exchange servers and many distribution groups and nested distribution groups. If a large distribution group contains members that are homed on the same Exchange server, set the expansion server to that local server. By doing so, only one copy of the message is sent to the expansion servers.
Q4: Delivery status notifications or non-delivery reports (NDRs) are not delivered to the distribution group. Why?
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
A4: Exchange server does not send NDRs, read receipts, delivery receipts, or out-of-office messages to members of distribution groups. Delivery status notifications are sent either to the sender of the message or to the owner of the distribution group and NDRs are sent only to the owner of the distribution group. To configure Exchange server to send additional reports to the owner of the distribution group, add the following registry entry, and then set the registry entry to a value of 79:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransport\Parameters\DLUnsuppressedMessageTypes
Q5: Are there possible issues that may occur if a firewall exists between Exchange servers in an organization and the firewall does not permit XEXCH50 Extended Simple Mail Transfer Protocol (ESMTP) functionality?
A5: When an Exchange server expands a distribution group, the XEXCH50 component is used to send a BIFINFO component in the message to determine certain items including as expansion servers, report configurations, and sender properties. If a firewall prevents the XEXCH50 component from transmitting the BIFINFO component, you may experience unexpected behavior when Exchange Server expands the distribution group.
Q6: Why does Exchange 2000 Server use global catalogs from outside the Active Directory site when Exchange 2000 Server expands restrictions on a connector that has restrictions that are based on distribution groups?
A6: Although the Exchange 2000 message categorizer component uses the list of global catalog servers that are obtained from the DsAccess component, the list of global catalog servers that Exchange 2000 routing uses for connector restrictions can span outside the Active Directory site.
Q7: Why do members of a distribution group sometimes receive duplicate copies of a message?
A7: If you send a message to a user and to a distribution group that the user is also a member of, two copies of the message are generated. Exchange uses the duplicate detection mechanism in the store to detect duplicate messages based on the message ID and the date in the header to remove one of the duplicate messages. However, if one of the messages is a MIME message and if the other message is a Transport Neutral Encapsulation Format (TNEF) message, Exchange may not detect the duplicate messages and both messages may be delivered to the recipient.
Q8: Why is a message that is sent to an empty distribution group not returned as undeliverable?
A8: By design, Exchange server works this way. If you want to configure Exchange server so that when a message is not delivered, a delivery report is sent to the distribution group owner, use Exchange System Manager to configure the group to use the Send delivery reports to group owner option or to use the Send delivery reports to message originator option. For more information about how to do so, see the "delivery reports" topic in Exchange Server Help.
Q9: If the Authenticated Users group is removed from the organizational unit where the distribution groups are located, why are NDRs received when messages are sent to that distribution group?
A9: If the Authenticated Users group is removed from organizational group where a distribution group is located, and the Domain\Exchange$ account does not have Read permissions to the organizational unit, the Exchange message categorizer does not have permissions to expand the distribution group and route messages to it.
Q10: What is the purpose of the setting the: HKLM\System\CurrentControlSet\Services\SMTPSVC\Parameters\DynamicDlPageSize registry entry to a value of 31?
A10: The message categorizer generates paged LDAP searches when query-based distribution groups are expanded. Windows 2000 SP3-based domain controllers support only one paged search at a time. However Exchange 2000 sends more than one paged search at a time. You can configure Exchange 2000 on a Windows 2000 SP3-based computer to generate one paged search at a time if you set the DynamicDlPageSize registry entry to a value of 31.
By default, Exchange 2003 on a Windows 2000-based computer or Exchange 2003 on a Microsoft Windows Server 2003-based computer generates one paged search at a time. Windows Server2003-based domain controllers can process up to 10 paged LDAP cookies for searches.
Q11: What are some methods that can be used to troubleshoot messages that are sent to a global distribution list that is expanded in a remote domain?
A11: Using the Regtrace.exe command-line tool to trace the CAT module and look for entries that are similar to the following:
CPhatCat::ExpandItem returning hr 00000000
Sink returned hr 00000000
Attribute name: member
Requested attribute member not found
returning hr c0040550
pIUTF8->BeginUTF8AttributeEnumeration failed hr c0040550
0xc0040550 is NOT retryable
Retrieved address SMTP:SMTPAddress
For additional information about the Regtrace.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:
238614 XCON: How to set up Regtrace for Exchange 2000
It's an old one, but I thought I would publish this ...
Source: http://www.microsoft.com/presspass/press/2004/mar04/03-12ExchangeSupportsStoragePR.asp
KB: 839686 Support for iSCSI technology components in Exchange Server
Responding to Customer Feedback, Microsoft Announces Exchange 2003 Support For iSCSI and NAS Storage Solutions
REDMOND, Wash. -- March 12, 2004 -- Microsoft Corp. today announced support for a broader range of storage solutions for use with Microsoft® Exchange Server 2003, part of Windows Server System (TM) . Customers now will be able to enjoy the benefits of Internet Small Computer Systems Interface (iSCSI) and network attached storage (NAS) storage solutions that have qualified for the Designed for Windows® Logo Program. The Designed for Windows Logo helps customers identify products that deliver a high-quality computing experience with the Microsoft Windows Server (TM) operating system.
"Exchange Server customers have been asking us for the ability to utilize iSCSI and NAS storage devices in an Exchange environment," said Kevin McCuistion, director of Exchange marketing at Microsoft. "These new storage solutions for Exchange 2003 bring exciting benefits to our customers and are especially valuable in small-business and remote-office scenarios."
With iSCSI support in Exchange 2003, customers are able to take advantage of an industry-standard storage protocol that is designed to transport block-level storage traffic over Internet Protocol (IP) networks. iSCSI enables low-cost solutions that provide businesses with performance, reliability and security for their storage area networks. The capabilities announced today also will enable customers to easily deploy and maintain Exchange 2003 database files on qualified NAS devices, providing new opportunities for storage consolidation and user access from a local area network through network-addressable content.
Q: What is iSCSI?
A: iSCSI is a new IETF protocol that encapsulates SCSI commands into TCP/IP packets, enabling block data transport over Internet Protocol (IP) networks. Prior to iSCSI, a fibre channel network had to be used to move block-based storage and IP was used only for file-based storage..
Q: What is a Network Attached Storage Device (“NAS”)?
A: NAS is a function-focused file server that is designed for ease of use and ease of deployment. NAS devices are commonly used to serve storage in file mode (as opposed to block mode) and to make storage accessible to users from the LAN. The storage portion of NAS devices are network addressable.
Q: What is the difference between iSCSI and NAS?
A: iSCSI is a protocol for transporting block level storage and NAS is a storage deployment architecture that is dedicated to file storage only.
Q: What is the difference between file mode storage vs. block mode storage?
A: Files must be written to or read from disk. The binary content of a file is stored on disk as data blocks. The association between the data blocks that compose a file and the file itself is maintained as metadata in the file allocation table or file system in a NAS device. Block mode is the fundamental entity that is being stored on a disk.
The Microsoft Solutions for Small and Medium Business program provides prescriptive guidance on planning, building, operating, and supporting end-to-end integrated information technology (IT) solutions for small and medium businesses. The Small IT Solution is a part of this program.
Download URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=58514EAF-9EB2-4A79-A0FE-54608C268F10&displaylang=en
The Microsoft Solutions for Small and Medium Business program provides prescriptive guidance on planning, building, operating, and supporting end-to-end integrated information technology (IT) solutions for small and medium businesses. Medium IT Solution is a part of this program
Download URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=4082B0CD-7EBB-4179-9E54-F067005943C8&displaylang=en
This is an overview of the Microsoft Solutions for Small and Medium Business program, which provides prescriptive guidance on planning, building, operating, and supporting end-to-end integrated information technology (IT) solutions for small and medium businesses.
Download URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=D82E1888-374C-4DE7-B04A-28CD0EB1BBF7&displaylang=en
Source: http://www.f-secure.com/weblog/
The first PocketPC virus is now known as WinCE.Duts.1520.
This case is very similar to the Symbian Cabir worm which was found a month ago.
This is a new proof-of-concept virus. It has NOT been found in the wild. It's been written by a member of the 29A virus-writing group. The worm is not known to be spreading in the wild at all. It will be never become a problem in the real world.
Unlike Cabir, Duts is a traditional parasitic virus. It infects other programs in the PocketPC PDA, and spreads from one PDA to another when people exchange programs (for example, by beaming a game).
When an infected file is executed the virus asks for permission to infect:
When granted the permission, Duts attempts to infect all EXE files in the current directory.
Duts contains two messages that are not displayed:
One is a reference to the science-fiction book Permutation City by Greg Egan, where the virus got its intended name from:
As usual, virus writers don't get to name their viruses - we do. So we named it Duts instead of Dust.
The other message is:
This is proof of concept code. Also, i wanted to make avers happy.
The situation when Pocket PC antiviruses detect only EICAR file had to end ....
Do note that this virus would also be capable of infecting mobile phones running ARM-based version of PocketPC.
F-Secure have shipped an update for F-Secure Anti-virus for PocketPC to detect WinCE.Duts.1520.
Read eWeek's editorial on the issue.
Source: http://blogs.msdn.com/exchange/archive/2004/07/16/185410.aspx
There are actually 2 different types of delayed message delivery... I believe stemming form the quaintness of X400. The following applies to Exchange2000/Exchange2003.
They have somewhat different behaviors, but both result in getting the message delivered to the intended recipients at some time after the specified time.
The first type is delayed send. This is the typical functionality you see when using Outlook to send email. This functionality is controlled by the MAPI property PR_DEFERRED_SEND_TIME. When this property is set, the the message is kept in the MSExchangeIS SendQ.
To end users, this means that their messages are visible in their Outbox. They can still double-click on them to open them, and will need to click "Send" for them to resubmitted for delivery.
For an administrator, they will need to log into the users mailbox to see the message in that users Outbox. Unless the mailbox is deleted and purged
The second type is deferred delivery (controlled by the MAPI property PR_DEFERRED_DELIVERY_TIME). The key difference is that the delay happens on the "delivery" side once transport "owns" the message. While the phrase "deferred delivery" might make you think that message is held on the destination server, it is in fact held in the queues on the source server.
From the end-users perspective, the message immediately disappears from their mailbox and they cannot modify it if something occurs to them later. This is somewhat moot, as the past several versions of Outlook do not use this feature.
For the email administrator, the message is queued up in the MDB temp tables along with all of the other mail. In Exchange2003, these messages are also exposed through the queues node of the Exchange System Manager. Deleting and purging the mailbox have no effect on these messages, but deleting the MDB they are queued on will make the messages disappear.
- Michael Swafford
TechNet Support WebCast: Mixed-mode site consolidation in Microsoft Exchange Server 2003 Service Pack 1
Just a reminder that I'll be doing an “Exchange 2003 SP1 Site Consolidation“ webcast tomorrow:
Tuesday, July 20, 2004: 10:00 AM Pacific time (Greenwich mean time - 7 hours)
This Support WebCast session introduces the new mixed-mode cross-site move mailbox functionality that is introduced in Microsoft Exchange Server 2003 Service Pack 1 (SP1). Site consolidation includes cross-site mailbox moves and some other cleanup steps. The session provides a walk-through of the process, and includes an introduction to the updated Exchange Deployment tools. The Support WebCast also reviews a number of caveats to know about after the moves are completed.
More information available at: http://support.microsoft.com/?id=838235
Source: http://msmvps.com/bradley/archive/2004/07/19/10357.aspx
SBS
843539 - You cannot use Outlook Web Access with forms-based authentication and you receive a Store.exe e-mail alert message: http://support.microsoft.com/?kbid=843539
Windows
873018 - Download.Ject Payload Detection and Removal Tool: http://support.microsoft.com/?kbid=873018
871242 - After you install Security Update 839645, you may experience sharing violations and increased network traffic under Windows XP: http://support.microsoft.com/?kbid=871242
Server issues
824905 - Event ID 677 and event ID 673 audit failure messages are repeatedly logged to the security log of Windows 2000 and Windows Server 2003 domain controllers: http://support.microsoft.com/?kbid=824905
840655 - You are logged off a Remote Desktop session when you have an NVIDIA video card installed in Windows Server 2003: http://support.microsoft.com/?kbid=840655
As of today, Lookout Software and Microsoft have joined together!
Today we are delighted to announce that Microsoft has acquired Lookout. The reason we're so excited about this is because Microsoft and Lookout are now altering our product plans to build our next product with the best technologies from each camp. This will enable us to take Lookout where we never previously dreamed it could go.
At the heart of Lookout, of course, are the wonderful people that are using it daily. You are welcome to continue using the version of Lookout that you currently have for as long as you like.
Additional Information
More details about Microsoft and Lookout
To read an open letter from Mike & Eric to the Lookout user community
The Press Release
So what is Lookout, anyway?
Lookout is lightning-fast search for your email, files, and desktop integrated with Microsoft Outlook™.
Built on top of a powerful search engine, Lookout is the only personal search engine that can search all of your email from directly within Outlook - in seconds...
You can use Lookout to search your:
- Email messages
- Contacts, calendar, notes, tasks, etc.
- Data from exchange, POP, IMAP, PST files, Public Folders
- Files on your computer or other computers
- ... Very soul (okay, not true)
Just enter your search and press enter. Results are instant. Lookout will find your search terms hiding nearly anywhere in your Outlook mailbox - subjects, bodies, phone numbers, addresses, etc
http://www.lookoutsoft.com/Lookout/
Description: Originally posted May 2004. Reposted June 9, 2004. See Additional Information for details. This guide explains how to back up and restore the critical data in your Exchange organization.
Download URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=A58F49C5-1190-4FBF-AEDE-007A8F366B0E&displaylang=en
MS04-018: Cumulative Security Update for Outlook Express (823353)
This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin. If a user is running Outlook Express and receives a specially crafted e-mail message, Outlook Express would fail. If the preview pane is enabled, the user would have to manually remove the message, and then restart Outlook Express to resume functionality.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-018.mspx
MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526)
This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-019.mspx
MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872)
This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-020.mspx
MS04-021: Security Update for IIS 4.0 (841373)
This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-021.mspx
MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873)
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-022.mspx
MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315)
This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-023.mspx
MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Source: http://www.microsoft.com/technet/security/Bulletin/MS04-024.mspx
Source: http://blogs.msdn.com/canthe/archive/2004/07/13/182740.aspx
The SBS Exchange SP1 QFE is now online and available at http://www.microsoft.com/downloads/details.aspx?FamilyID=0fe89c95-e767-428c-8621-6a586c655ee3&DisplayLang=en (and is now available in all 18 languages - sorry for the delay in that).
The other big update that is in the pipeline is our XP SP2 compatibility fix. This is in testing right now - we're investigating making this update available through Windows Update so all SBS 2003 customers become aware of it. Our plan is to make it available same day (or earlier) than XP SP2 becomes available. The main thing this will do is modify the group policy on the server to allow the ICF firewall on XP and 2000 clients, and to pre-set certain exceptions on clients through group policy.
The first version of MPSREport for Exchange his the streets last week
Version: v1.0.6.0
Build Date: 24th June 2004
You can download the exe from here: http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_Exchange.EXE
The readme can be found here:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_Exchange_Readme.txt
You run the EXE on the server that is having issue and it will gather the following information from the server:
- Event logs - The event logs are captured in both native and CSV format to allow analysis by different tools.
- System Startup and Crash Recovery data - copies of the BOOT.INI, Autoexec.NT and Config.NT are collected as well as the registry settings that control application and system crash handling
- Cluster Information - gathers information about MSCS and WLBS if these services are configured on the system.
- System service configuration and trace settings - registry settings for key system components
- Hotfix information - information about hotfix install history
- System Diagnostics - output from the Windows diagnostics tools
- Network configuration - various network configuration and current state information
- Process Information - inventory of the currently running processes and device drivers on the system
- System File Information - subset inventory of the most important system files
- Setup log files - Log files created by MSI when applications are installed
- Dump of .NET Framework registry keys
- Inventory of Microsoft.NET
- Dump of IIS Registry Keys
Exchange Information - Information about the installation and configuration of Exchange
- List of Exchange Registry Key values
- Inventory of \exchsrvr\*.exe & *.dll
- DIR /s of \exchsrvr
- List of Exchange Diagnostic Setting
- Copy of the Exchange / ADC Setup Progress Log(s)
- Copy of WMI logs
- Exchange 5.5 ONLY
- File list of the database paths
- Exchange 2000 and Exchange 2003 ONLY
- Output from run the exchdump tool
- List of SMTP Bindings
- List of DSAccess configuration
- List of ADC Registry Key values
- Inventory of \MSADC
- Storage Group & Database Information
- Exchange 2003 ONLY
- List of Content Filtering Registry Keys
- Copy of the OMA Browse web.config file
- Exchange Running on Windows 2000
- Output from netdiag /v /debug
- Output from dcdiag /v
- Dump of the metabase
- Output from various nltest commands
- Exchange Running on Windows 2003 and Above
- Output from netdiag /v /debug
- Output from dcdiag /v
- Copy of metabase.xml
- Output from various nltest commands
You can actually find all the MPSreports for different products here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en
http://www.nasdaq.com/asp/quotes_news.asp?cpath=20040712\ACQDJON200407121100DOWJONESDJONLINE000430.htm&symbol=MSFT&selected=MSFT&kind=&mode=stock&formtype=&mkttype=&pathname=&page=news
NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) said Monday it plans to release a key update for its Windows XP operating system in August.
The update, known as Service Pack 2, contains a bundle of new features and security enhancements for Windows XP. It was originally slated to be released to manufacturing in June, but Microsoft pushed back the release and issued a second test version.
Most Windows XP customers will receive Service Pack 2 via a new version of Microsoft's online update service, Windows Update, said Will Poole, a senior vice president for the Windows business. The company will also provide a free CD to those who don't have high-speed Internet connections, Poole said in a press release Monday.
Service Pack 2 is part of a broader effort by the Redmond, Wash., company to address concerns about the security of its products and protect Windows users from viruses and hackers. The update will block unsolicited downloads from Web sites and pop-up ads and turn on the Windows personal firewall, among other things.
Windows XP first went on sale in October 2001. Hackers and virus writers have exploited numerous flaws in the ubiquitous operating system and its accompanying Web browser, Internet Explorer. The next Windows version, code named Longhorn, won't be available until 2006 or later.
Source: http://hellomate.typepad.com/exchange/2004/07/techhit_outlook.html
EZDetach - "Save Attachments - Do you think you could use a little help managing email attachments? EZDetach for Outlook will help you effortlessly extract, remove, save attachments - manually or automatically, from one or multiple messages. It is extremely easy to use, yet very flexible and powerful."
MessageSave - "Save, Archive and Process Messages - Backup, process, share and save Outlook email messages with MessageSave for Outlook."
AutoRead - "Mark as Read, Remove New Mail Icon - Do you receive email that doesn't require immediate attention? AutoRead is an Outlook plugin that will let you automatically mark messages as read and/or remove the Outlook "New Mail" taskbar (tray) notification icon. AutoRead "users report significant productivity gains."
EZDelete - "Purge Messages - EZDelete places a button on the Outlook toolbar which let's you delete messages without moving them to the Deleted Items folder with one click of a mouse."
More info from http://www.techhit.com
Source: http://blogs.msdn.com/mfp2/archive/2004/07/09/178840.aspx
A cool little tool was recently posted called “Performance Monitor Wizard” (a.k.a. PerfWiz). It can be downloaded here.
The Performance Monitor Wizard simplifies the process of gathering performance monitor logs. It configures the correct counters to collect, sample intervals and log file sizes. This wizard can create logs for troubleshooting operating system or Exchange server performance issues.
Additional thoughts... If you have used System Monitor (i.e., Performance Monitor) to collect data, or worse, have had to walk someone over the phone through the steps to do so, or have had to use Q811237, than you know that Perfmon is not the most user-friendly tool. The current version of Perfmon leaves a lot of room for error when trying to collect important data. I can’t begin to tell you how many logs I have looked at over the past couple of years that were missing key objects/counters to solve a problem, or the interval was wrong, or the Perfmon log itself was gigantic and hard to open.
With this tool, you just walk through a series of wizard-based dialog boxes, answer some questions, and then PerfWiz takes care of configuring the Perfmon logs so you never even have to open Perfmon.
Some of you may have already used this tool while troubleshooting an issue with a PSS Support Engineer. It actually has been around for a little while, but up until this point was only used by and available through PSS. Now everyone can have FUN collecting performance counter data! Hehe!
Keep in mind; this tool is only for system performance data collection; it does not analyze the data; that is still up to you (for now). :) For help with analyzing the performance data within the logs make sure to follow the appropriate Troubleshooting whitepapers available on the Exchange Performance Tuning webpage: http://www.microsoft.com/exchange/techinfo/administration/finetune.asp
Oh yeah, I gotta say this about it too... PerfWiz is provided "AS IS" with no warranties. ;)
You just need to Enter the message source and ID in the text field, then click Go
For Exchange 2003 http://www.microsoft.com/exchange/support/2003/ee.asp
For Exchange 2000 http://www.microsoft.com/exchange/support/2000/ee.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/modcore/html/dehowfindingerrorsusingeventviewerpwd.asp