"Winternals, a leading provider of Microsoft systems infrastructure availability and performance solutions, today announced the public beta program for Insight for Active Directory 2.0, a real-time, Active Directory (AD) diagnostic solution. Insight for Active Directory is the first diagnostic product capable of pinpointing the precise causes of application and service failures resulting from AD configuration, corruption, and communication issues."
(more)
The marketing folks in Redmond have put together a pretty nice Windows Server System Evaluation DVD which is available for free at the link below. The kit, beyond containing all sorts of technical whitepapers and case studies, also includes a client and server Virtual PC 2004 image of the following products:
Client - Windows XP, Office 2003
Server - WinSvr2003, Exchange 2003, SMS, MOM 2005, ISA, SQL 2000 and SharePoint Portal Server
Click Here To SignUp For The Evaluation DVD
There is a new book out that I want to talk about which discripe Active Directory and is written by people who know what they're talking about. Addison-Wesley has just shipped the second edition of "Inside Active Directory," which has been updated to reflect all of the changes in Active Directory that came with Windows Server 2003.
Co-authors Sakari Kouti and Mika Seitsonen have made good use of the long winter nights in their native Finland to come up with what might be called the definitive guide (might be called, but isn't as someone else uses that series name) to Active Directory.
The 1,200-page tome is divided into three sections: background skills, core skills and advanced skills. There's such a range, in fact, that the book is appropriate for the novice and the directory guru alike. They won't read the same sections, of course, but neither would feel cheated.
Topics covered include the design, architecture, topology, installation and management of Active Directory. Thus, it's appropriate not only for the network manager and administrator but also provides a valuable reference for the programmer looking to directory-enable a Windows application or service. The table of contents as well as a sample chapter are available online for your perusal at the publisher's
Web site.
These walkthrough documents provide procedures used to implement MIIS 2003 in following solutions:
- Implementing a classic metadirectory
- Global Address List synchronization
- Global Address List synchronization step-by-step
- Simple account provisioning
- Group creation and provisioning
- Password management
The purpose of these walkthroughs is to help the reader become familiar with the decisions and procedures involved in deploying MIIS 2003 for a given solution. These documents do not include detailed technical reference information or in-depth troubleshooting information. They are not intended for use as the basis of deployment planning or troubleshooting an MIIS 2003 deployment. For this type of information, see the MIIS 2003 Design and Planning Collection.
Download
here
More information about
Microsoft Identity Integration Server 2003 (more)
Microsoft® Windows® XP Service Pack 2 (SP2) introduces a set of security technologies that improve the ability of Windows XP systems to withstand malicious attacks, and provides the IT administrator with system wide security configuration capabilities.
SP2 is more secure by default, and thus automatically provides Windows XP systems with improved protection. However, because system security becomes more restrictive upon initial installation, SP2 may also expose application compatibility issues. It is important that an investigation into possible application compatibility issues takes place prior to full deployment.
This guidance discusses the security technologies, an application testing process, incompatibility symptoms, mitigation techniques, and deployment scenarios. It makes no assumption about the size or complexity of the network, and is as relevant to peer-to-peer environments as it is to Active Directory environments.
Download
here
The SMS 2003 Client Health Monitoring Tool provides up-to-date information on the manageability of installed clients in an SMS 2003 SP1 site database. By monitoring client activities, The Client Health Monitoring Tool allows SMS administrators to identify potential SMS 2003 site system problems, individual client problems, maintain a more accurate site database, and ultimately predict and increase software distribution success rates.
Download
here
There's been quite a bit of talk recently about the security risk posed by portable USB devices. I saw a
neat entry over on
Jerry Bryant's security blog which describes a new features that was added to SP2. Basically, there's a new registry key that will turn USB storage devices into Read Only! So I thought it would be fun to see if I could write an ADM file to deploy this via group policy. It turned out to be an interesting learning exercise!
(more)
This white paper describes how to deploy Windows XP Service Pack 2 (SP2) with Microsoft® Systems Management Server (SMS) 2003 and Systems Management Server 2.0, using software distribution features. This paper also includes information about how to configure Windows XP SP2 after deployment with SMS.
Download the white paper
here
Windows has an VLK encryption feature for unattended setups of Windows XP(SP1 +) and Windows Server 2003 installations. This feature is applicable to customers with volume licensing agreements with Microsoft such as Microsoft Select, Microsoft Enterprise Agreement, and Microsoft Open License. Customers who place a VLK in an unattended setup file (unattend.txt) will be able to encrypt the VLK such that it will be time-limited (in increments of 5–60 days) and not visible as plain text. This feature provides customers deploying Windows XP and Windows Server 2003 with an additional layer of protection by obscuring the VLKs in unattended installations.
(more)
Microsoft has been reticent to commit publicly on how, when and whether it would make the browser-specific security fixes that it delivered as part of Windows XP Service Pack 2 available to users of older versions of Windows. But this week, the Redmond software vendor issued a definitive statement regarding its back-porting intentions. The decision: No SP2 fixes—not even ones such as the SP2 pop-up blocker or the ActiveX control blocker—will be offered for users of older versions of Windows and IE (Internet Explorer).
Microsoft's message is that if you want any of these features, you must upgrade to Windows XP and/or Windows XP Tablet Edition running SP2. Next year, Microsoft will make the appropriate SP2 security fixes, including some of the IE ones, available to Windows Server 2003 users via Service Pack 1.
(more)
On September 20, 2004 VMWare introduced VMware ACE, a new product that moves enterprise desktop management and security forward. VMware ACE allows IT desktop managers to provision secure, standardized PC environments throughout the extended enterprise.
One interesting feature of VMWare ACE is Rules-based network access. Rules-based network access identifies and quarantines unauthorized or out-of-date VMware ACE environments. Enable access to the network once the VMware ACE environment complies with IT policies. This feature is expetected to also become available in Windows Server 2003 'R2' where the feature is called "Quarantining"
Quarantining is the process of parking remote computers in a safe zone when they attempt to make a Virtual Private Network connection. Rather than giving computers direct access, the idea is to first ensure that the computer is running anti-virus software and is adequately patched. In some scenarios, it is possible to either limit the user's access or push patches to a machine.
Read more on VMWare ACE
here
This knowledge base article describes how to use the Burflags registry value to rebuild each domain controller's copy of the system volume (SYSVOL) tree on all domain controllers in a common Active Directory directory service domain. Microsoft recommends using this procedure as a last resort to restore a domain's SYSVOL tree and its contents. Use this procedure only if you cannot make the FRS functional on individual domain controllers in the domain. Use this procedure only if the bulk restart can be performed more quickly than troubleshooting and resolving replication inconsistencies, and time to resolution is a critical factor.
KB315457
The Exchange Server Best Practices Analyzer programmatically collects settings and values from data repositories such as Active Directory, registry, metabase and performance monitor. Once collected, a set of comprehensive ‘best practice’ rules are applied to the topology. Administrators running this tool will get a detailed report listing the recommendations that can be made to the environment to achieve greater performance, scalability and uptime.
See also MS press release:
Microsoft Unveils Diagnostic Tool for End-to-End Health Checks in Exchange Server Deployments (download)
Microsoft Corp. today announced that together with imaging industry leaders at Photokina 2004 in Cologne, Germany, it will unveil new technologies that use the capabilities of Windows XP to make digital photography easier for all users, from hobbyists to professionals.
These new technologies will include the new Microsoft Media Transfer Protocol (MTP), which Canon will support in its future digital camera offerings. A variety of other demonstrations for consumers, professional photographers, and hardware and software vendors will be on display at the Microsoft booth: Hall 10.1, stand A‑010. Photokina 2004 runs from Sept. 28 to Oct. 3.
(more)
Robert Scoble works at Microsoft and has a great post today were he asks users to comment on their favorite IE addins.
I want to write a review here on my blog of the best IE addons. Things like Maxthon or Optimal Desktop. But I want to make sure I know about the best ones. Which are the ones that you use? (more)
This package contains all the Exchange tools packaged together in a single download.
Tools that have been updated since the release of this package are noted with an asterisk and can be downloaded separately from
http://www.microsoft.com/exchange/downloads.
Download the
All-in-one package (more)
Today at the Storage Decisions 2004 conference, Microsoft Corp. announced it is entering the disk-based backup and recovery industry with Microsoft® Data Protection Server (DPS), a low-cost, continuous, disk-based backup and recovery solution. Designed to address the growing need for businesses of all sizes to easily recover data, Data Protection Server will simplify and reduce the backup and recovery process. DPS is designed to provide robust data protection for the Windows Server System (TM) family, reducing complexity and improving operational efficiency for Windows® customers. More than 20 storage industry partners today announced their support for Data Protection Server and their intent to work with Microsoft to provide customers with a broad choice of Windows-based storage solutions.
"Customers are telling us that backing up and recovering their data is labor-intensive and complex. Exponential growth of business-critical data and new government regulations are increasing the cost and complexity of backup and recovery, forcing companies to rethink their data protection planning," said Bob Muglia, senior vice president of the Windows Server (TM) Division at Microsoft. "Data Protection Server has garnered broad industry support because it will help customers of all sizes shrink their recovery time from hours to minutes and drive down the cost of maintaining storage infrastructures."
More at
the Microsoft Data Protection Server Website (more)
This update helps resolve an issue on computers running Windows XP Service Pack 2. Programs that connect to IP addresses in the loopback address range may not work as expected and you may receive an error message indicating you cannot establish a connection. After you install this item, you may have to restart your computer.
Download:
Update for Windows XP Service Pack 2
View:
Knowledge Base Article (KB884020)
Software Distribution and Patch Management
This guide explains the processes for both software distribution and software updates. Software update management is the process of keeping computers and servers that are running Microsoft Windows® operating systems updated with security updates or patches. SMS 2003 builds on the software distribution features of SMS to provide an integrated software update management solution.
Planning and Deployment
This download includes a document and two planning worksheets that provide an end-to-end solution for planning and deploying Microsoft Systems Management Server 2003. This document has been updated to reflect changes in Microsoft Systems Management Server Service Pack 1.
Security
Follow these established best practices to create the most secure SMS environment possible, and then follow the guidance to maintain the most secure environment possible. This document has been updated to reflect changes in Microsoft Systems Management Server Service Pack 1.
The Microsoft Download Centre has been updated with some graphical improvements on both the search, listings and item pages. Crucially in the new look download centre many application downloads are now being flagged with a "Genuine Users Symbol" Clicking the link takes you off to read about the new validation system:
"The validation process also determines if you have activated your copy of Windows. If you have not activated Windows, you will be asked to enter the 25-character product key printed on the Certificate of Authenticity (COA) you received with your PC or software purchase.
Windows Activation is not required. You may access genuine Windows downloads with either an activated Windows client, or by using a Windows services activation key. Activation is, however, the quickest and easiest way to receive genuine Windows downloads from the Download Centre. Activation is also the best way to let Microsoft know that you are a Windows Genuine Advantage customer, and that you are ready to receive the service and support you that expect and deserve from Microsoft. Read more about the Windows activation process."
The document implies that is checking product activation, something only applicable to Windows XP and Windows Server 2003. So for it to still be present on other Microsoft operating systems implies that it's also checking keys as well. Although that is pure speculation on my part. The checker is an ActiveX control and is not mandatory to complete the download process.
URL:
Download Center Validation Example
URL:
About Validation
Microsoft have decided to not make available Virtual Server 2005 for MSDN subscribers. Instead, the company has arranged a special promotion:
The VS and MSDN teams have collaborated to create a special offer for Virtual Server 2005 Standard and Enterprise Editions which are being made available only to MSDN Universal and MSDN Enterprise subscribers between October 1, 2004 and March 31, 2005. This is a special promotional offer.
MSDN Universal and Enterprise level subscribers are being granted special access to Virtual Server 2005 Standard and Enterprise Editions as downloads from MSDN Subscriber Downloads only. Virtual Server 2005 Standard and Enterprise Editions will not be made available by fulfillment or in the monthly subscription shipments.
This is the full retail, production version of the product and does not include the typical MSDN restrictions of running only in dev/test environments and can be run in production (except on XP Pro).
Microsoft this week said that is looking for ways to work more closely with developers of the Open Office open source project, while at the same time, apparently reserving the right to sue them, according to a legal agreement between Microsoft and Open Office's major sponsor, Sun Microsystems, made public this week. The agreement in question was signed in April of this year as part of Sun and Microsoft's landmark multibillion dollar settlement. It was released as part of Sun's annual U.S. Securities and Exchange Commission filings this week.
The April agreement says that Microsoft can seek damages from Open Office users or distributors for any copy of Open Office installed after April 1, 2004. However, users of Sun's commercial distribution of Open Office, called StarOffice, are protected from legal liabilities under the agreement, says Russ Castronovo, a spokesperson for Sun. Open Office includes a word processor, spreadsheet, and presentation software based on technology Sun acquired in its 1999 purchase of Germany's Star Division. Sun released the code under an open-source license in 2000.
(more)
Microsoft Windows Internet Information Services Management Pack Guide
This guide provides information about the Microsoft Windows Internet Information Services Management Pack, including monitoring scenarios, deployment steps, operations tasks, and reference content.
Microsoft Windows DNS Server Management Pack Guide
This guide provides information about the Microsoft Windows DNS Server Management Pack, including monitoring scenarios, deployment steps, operations tasks, and reference content.
Microsoft Baseline Security Analyzer (MBSA) Management Pack Guide
This guide provides information about the Microsoft Baseline Security Analyzer (MBSA) Management Pack, including monitoring scenarios, deployment steps, operations tasks, and reference content.
It's not really the first patch day of the Windows XP Service Pack 2 era. Last month's, Aug. 10, was a few days after the initial release of the massive security-focused update. But the initial day was anticlimactic, yielding only a single Exchange Server issue, and for an old version at that. But now we're over a month since Microsoft finalized the "gold" SP2 code, and we may be about to see how they will handle patches in the post-SP2 era.
We expect that for some time Microsoft will have to keep Windows XP SP1 and SP2 tracks for security vulnerabilities. In a very important sense, the SP1 track is more similar to the Windows 2000 track than SP2, because Internet Explorer is so different in Windows XP SP2.
(more)
Attempts to fight spam by identifying e-mails have hit problems over Microsoft's involvement in the process. The Internet Engineering Task Force, an international standards body, has rejected Microsoft's contribution to the so-called Sender ID proposal. The proposal, which would identify where e-mail has come from, could lead to better filters to siphon out spam. But Microsoft's decision to impose restrictions on the use of the system has angered some.
The working group charged by the IETF with looking at the standard has decided that Microsoft's decision to keep a possible patent application secret was unacceptable. It was also concerned with possible incompatibilities with open source software. Microsoft remains hopeful that the Sender ID system can be kept alive.
(more)
A new worm whose payload includes the SDBot trojan tries to install a "sniffer," seeking to use infected computers to capture login and banking information for other computers on the same network. While sniffers are hardly new, the bundling of a sniffer with an auto-propagating worm is a new wrinkle, according to security firms.
Sniffers are devices that monitor network traffic, and are a useful network administration tool. They can also be useful to hackers, who install them on compromised computers to monitor and intercept packets flowing through a network. This in turn enables the attacker to capture unencrypted usernames and passwords, which can be used to compromise additional machines on the network.
(more)
ORLANDO, Fla. -- Sept. 13, 2004 Microsoft Corp. today announced Visual Studio® 2005 Standard Edition, a flexible development tool for line-of-business application developers building Windows®, Web or mobile applications. During his keynote address at Fawcette Technical Publications' VSLive! Orlando, Microsoft Developer Division Corporate Vice President S. Somasegar explained how the full Visual Studio 2005 product line -- including the Visual Studio 2005 Express products, Visual Studio 2005 Standard Edition, Visual Studio 2005 Professional Edition and Visual Studio 2005 Team System -- meets the needs of developers of all levels. The keynote speech and announcements made at the show underscored the fact that .NET developers are realizing enormous return on Visual Studio and the .NET Framework today, and are positioned to lead the industry forward in the Visual Studio 2005 time frame.
More at
Microsoft PressPass
Newssource: Steven
Microsoft Corp. today announced the general availability and pricing of Microsoft Virtual Server 2005. Available in both Standard and Enterprise editions, Virtual Server 2005 helps customers reduce hardware costs and increase operational efficiency in three key scenarios: automation of software test and development environments; rehosting of legacy applications; and consolidation of production server workloads such as networking, directory infrastructure or departmental applications.
As a key deliverable of the Dynamic Systems Initiative, Microsoft's vision for simplifying and automating the way customers design, deploy and operate distributed systems, Virtual Server 2005 provides customers with more flexibility and control in the provisioning of data center resources.
Virtual Server 2005 Standard Edition supports up to four processors, with an estimated retail price of $499 (U.S.). Virtual Server 2005 Enterprise Edition supports up to 32 processors, with an estimated retail price of $999 (U.S.). Both versions will be available within 30 days through retail and volume licensing and will be licensed on a per-physical server basis.
Read More at
Microsoft Presspass
Newssource:
The Tweaking Experience
The Microsoft® Windows Server Clusters Management Pack monitors server clusters running on Windows® 2000 or on Windows Server™ 2003. By monitoring the cluster server, reporting state, and sending alerts, this Management Pack helps you maintain or increase the availability of services you provide through server clusters.
The Clustering Services Management Pack monitors the health and availability of the server clustering technology, the clustered servers, and the Resource Groups on a server, including the resources inside each resource group.
This guide was developed with the September, 2004 version of the Microsoft Windows Server Clusters Management Pack. Ensure that you are using the most recent version of the Management Pack by going to
http://www.microsoft.com/mom/managementpacks (
http://go.microsoft.com/fwlink/?LinkId=33752).
Download the
Windows 2000 Server Cluster Management Pack
The Microsoft® Windows® Base Operating System Management Pack monitors the performance, health, and availability of Microsoft Windows operating systems versions 4.0 and later.
By detecting, alerting on, and automatically responding to critical events and performance indicators, this Management Pack reduces resolution times for issues and increases the overall availability and performance of your Microsoft Windows operating systems. As a result, the Base Operating System Management Pack reduces the total cost of ownership of Microsoft Windows Server™ computers.
This guide was developed with the September, 2004 version of the Microsoft Windows Servers Base Operating System Management Pack. Ensure that you are using the most recent version of the Management Pack by going to
http://www.microsoft.com/mom/managementpacks(
http://go.microsoft.com/fwlink/?LinkId=33752).
Download the
Windows Servers Base OS Management Pack
All other Management Packs depend on the health and availability of the Microsoft® Operations Manager (MOM) server components and agents, as well as successful forwarding of monitoring data.
The MOM Management Pack monitors problems with agent deployment and configuration, communications failures, security issues, and the MOM Connector Framework.
Automated tasks provide easy access to common network administration and diagnostic tools. Reports call attention to performance bottlenecks and provide data for capacity planning.
This guide was developed with the September, 2004 version of the MOM Management Pack. Ensure that you are using the most recent version of the Management Pack by going to
http://www.microsoft.com/mom/managementpacks (
http://go.microsoft.com/fwlink/?LinkId=33752).
Download the
MOM 2005 Management Pack
Safe Mode has been a component of the Windows operating system since the days of Windows 95. The basic idea is to allow the user (or technical support worker) access to the windows interface without loading any unnecessary drivers or software.
The thinking is that if device drivers or auto loading software (broswer hijackers for example) are causing problems with your Windows installation, the easiest way to fix things is to load a version of Windows that bypasses all but the most basic drivers and will not run any additional software. Windows XP safe mode provides you with a basic graphics driver (enough to display the user interface), access to your drives and windows configuration, and very little else.
(more)
On a Windows 2003 server configured with an NLB cluster in the internal and external interfaces with multiple virtual IP addresses on the internal interface, where the following registry value is used, the IP that you use to send traffic to the published server may be one of the virtual IP addresses and not the dedicated IP address. This is typically true when only one IP address is used in the virtual IP address. As a result, the reply traffic is load balanced and may land on a firewall server that does not have context for this traffic. Such traffic does not return to the remote client, so the client does not connect. To enable the translation of the client source address in server publishing:
Obtain and install ISA Server 2000 Service Pack 1
Add UseISAAddressInPublishing (dword: 0x1) to HKLM\SYSTEM\CurrentControlSet\Services\Fwsrv\Parameters
More information can be found in Microsoft Knowledgebase article
311777.
Microsoft Corp. is counting on next week's release of its Virtual Server 2005 to entice users of older versions of Windows Server to migrate to Windows Server 2003. Microsoft set Sept. 13 as the date for taking the wraps off of Virtual Server 2005, which is designed to allow customers to run multiple operating systems, including Linux and Unix, concurrently on a single Intel-based Windows Server 2003 system.
As company officials said earlier this year, MVS 2005 will come in two flavors: Standard and Enterprise. Microsoft revealed on Wednesday that Standard Edition, which will support up to four processors, will sell for an estimated retail price of $499.
(more)
Microsoft plans to announce next week that it is at last ready to ship Virtual Server, a product that allows a server to run multiple operating systems, or multiple copies of the same operating system at a single time. The software maker has finished development work on Virtual Server 2005 and a representative said the final version should be generally available by Oct. 1. The company is pitching the program as a way for companies to reduce the number of servers they have to maintain, noting that companies typically use just a fraction of their servers' capacity.
There will be two flavors: Standard ($499), and an Enterprise Edition, at $999. Redmond said the license is per physical server.
Source:
news.com
This guide describes the process of hardening networks and computers that run earlier versions of the Windows operating system. Organizations may have a variety of combinations of computers running Windows NT 4.0 (Workstation, Server, and Advanced Server) and Windows 98, with or without later versions of Windows clients or servers. This guidance focuses on the protective measures you can apply to Windows NT 4.0 Workstation and Windows 98 clients and Windows NT 4.0 member servers in an Active Directory directory service domain environment to improve their security.
More at
Microsoft
If you're running Intelligent Message Filter (IMF) on an Exchange server with a 15 character servername (for instance, if your gateway with IMF installed is called ABCDEFGHIJKLMNO), you may have noticed that IMF doesn't process the inbound messages. This is because IMF does not bind properly to a server where the NetBIOS name is 15 characters in length. There is now a hotfix available for this issue. Please see
KB.873434 for more information on this problem and how to get the hotfix from Microsoft PSS.
Administrative Template files are used to populate user interface settings in the Group Policy Object Editor, enabling administrators to manage registry-based policy settings. Each successive Windows operating system and service pack includes a newer version of these .adm files.
Previously, customers could only obtain the most recent .adm files by obtaining the latest service pack or operating system. Now, these .adm files are available directly from
this page.
The Microsoft SQL Server Health and History Tool (SQLH2) collects information from instances of SQL Server and stores this information. In order to view the information, we have created reports that you can download here. These reports require Microsoft's SQL Server Reporting Services to display.
Download
here
Port Reporter logs TCP and UDP port activity on a local Windows system. Port Reporter is a small application that runs as a service on Windows 2000, Windows XP, and Windows Server 2003.
On Windows XP and Windows Server 2003 this service is able to log which ports are used, which process is using the port, if the process is a service, which modules the process has loaded and which user account is running the process.
On Windows 2000 systems, this service is limited to logging which ports are used and when. In both cases the information that the service provides can be helpful for security purposes, troubleshooting scenarios, and profiling systems’ port usage.
download
here
Also read this
knowledgebase article about the tool.
After installing Windows XP Service Pack 2, the pop-up blocker that is installed may interfere with the Microsoft Windows Update Site. Visit there and you may see this error in Internet Explorer HTTP Error 500 - Internal Server Error, Error 0x8ddd0010. To work around this behavior, use one of the following methods that is appropriate for your situation. If you are using the Windows XP SP2 pop-up blocker, configure the pop-up blocker to enable pop-ups from the Windows Update Web site. To do this, follow these steps:
1. Start Internet Explorer.
2. On the Tools menu, point to Pop-up Blocker, and then click Pop-up Blocker Settings.
3. In the Address of Web site to allow box, type http://v5.windowsupdate.microsoft.com, and then click Add.
4. Click Close to close the Pop-up Blocker Settings dialog box.
View:
Microsoft Knowledge Base Article - 883820
Has Microsoft blinked on its licensing requirements for Sender ID, making it more acceptable to the open-source community? Some open-source leaders and companies think that it has, while others vehemently disagree.
Although Microsoft hasn't officially changed its Sender ID license, Harry Katz, program manager for Microsoft Exchange, has made three points about how it will be interpreted in a message to a standards group of the Internet Engineering Task Force named MTA Authorization Records in DNS, or MARID, which is working on Sender ID. "At this time, Microsoft is only aware of pending patent-application claims that cover its submission of the Sender ID specification," Katz said. "Because Microsoft is not aware of any issued patent claims, Microsoft does not require anyone to sign a license with Microsoft to implement the Sender ID specification or any part of it that is incorporated into IETF [Internet Engineering Task Force] working drafts."
(more)
"Abstract: Active Directory (AD) is the backbone of a Windows Server 2003 or Windows 2000 Server domain infrastructure, providing a channel for security implementation and maintenance in the forest. Secure AD and you have advanced the protection of all forest elements. Ignoring AD security can put your entire infrastructure at risk.
Securing AD, however, is not a trivial task. Many Windows security subsystems are integrated with it, and many of them can be used to secure it. The account database, Kerberos authentication protocol, password policy, definition of user rights and system controls, assignment of object permissions—all are contained in or managed with AD. You must also consider the distribution of its elements and the nature of the people who interact with it. AD is not some entity that can be localized on a single machine but spans multiple computers and networks. It presents a broad attack surface and many threats must be evaluated. There are literally hundreds of steps that should be at least considered when designing, implementing, and maintaining AD security.
This e-book can help you with that task. "
This whitepaper includes tips on hardening domain controllers, among other types of servers. The download also has numerous security templates for various types of servers including domain controllers.
Microsoft has just made a graphical interface available for their PortQry command-line tool. It is pretty cool.
Check it out.
Microsoft recently
announced the release of MOM 2005 and now they've made the Active Directory
Management Pack (ADMP) for MOM 2005 available for download. If you want an overview of what ADMP can do, check out the
ADMP Guide.
Today, customers using Microsoft® SharePoint® Products and Technologies began applying two new Service Pack 1 (SP1) releases, which provide performance improvements for Microsoft Office SharePoint Portal Server 2003 and Microsoft Windows® SharePoint Services. Available separately, the two SP1 downloads enable customers to build powerful and reliable collaborative work spaces for intranet and extranet communities.
Full press release
here
HAI Home Control (they make security and home automation products) has put built software that snaps into Windows MCE and allows the user to control their products directly from the MCE interface on your TV:
This is a very cool idea indeed! Let's hope more companies will supply add-ons to Windows Media Center. Source:
Roudybob.net
As an evolutionary product, WMP 10 is immediately recognizable as a member of Microsoft's Windows Media Player product family, and yet it also offers a fresh face to what has always been an overly complicated product. WMP 10, if you can believe it, actually offers a lot more functionality than previous versions of the player, but it presents much of that functionality in far simpler ways.
For example, in addition to aggregating music and video files like previous versions, WMP 10 can aggregate pictures, Recorded TV shows, and other media, though that ability might be limited by the kind of PC you have, and which portable devices you interact with.
(more)
Microsoft was a bit late to the game in the online music download market. Apple managed to grab a sizable chunk of the market with their popular music service, iTunes. However, this could very well change with the launch of MSN Music.
The new site (currently in preview, expected to be launched live with WMP 10) allows users to download music from a variety of artists for 99 cents per song, $9.90 per album. Content wise, the site does not pass the infamous Beatles test (context: neither do any others), yet a notice can be seen suggesting that the Beatles will soon be added. They claim to have licensed over 1 million songs, substantially more than other online outfits, from “major music labels, independents, and even undiscovered artists". When Apple came to the UK, they had (and still are) problems securing contracts with Independent labels. Microsoft appears to have used its significantly larger financial clout to solve these issues; The Beatles, for example, were only going online with a company that would offer them a lot of money.
(more)
Microsoft Corp. is adding new 64-bit business intelligence and management enhancements to its SQL Server database product.
The company yesterday announced the availability of Beta 2 of its SQL Server 2005 database, which will include support for the 64-bit Opteron CPU from Advanced Micro Devices Inc. as well as the 64-bit Itanium chip from Intel Corp. That means customers will get a 64-bit boost at a lower cost, said Tom Rizzo, director of product management for SQL Server.
SQL Server 2005, also known as Yukon, succeeds SQL Server 2000, which was released in late 2000. Enhancements in the release focus on data management, developer productivity and business intelligence and are designed to help Microsoft compete in the database market against IBM and Oracle Corp. A third beta version of SQL Server 2005 is expected by the end of the year.
(more)
Upgrading to Windows XP Service Pack 2 will cause problems with about one in every 10 PCs running the operating system, according to research published Tuesday by a Canadian asset-monitoring service provider.
AssetMetrix probed more than 44,000 Windows XP systems housed in nearly 350 companies to come up with its numbers, matching what it found on the PCs against various lists that Microsoft has posted of programs that have, or may have, compatibility issues with the massive update.
But don't let the one-in-10 PC with compatibility problems spook you, said O'Halloran. "Even through you're seeing this quantified, don't use that as an excuse to skirt the issue," he said. "Deploy SP2 now. It's for the greater good of the organization, even if some systems and applications won't work without work."
(more)
The Microsoft Operations Manager 2005 Deployment Guide provides detailed instructions and best practices for installing Microsoft Operations Manager (MOM) 2005 components and for upgrading MOM 2000 SP1 to MOM 2005. This guide explains how to install all MOM components on a single computer and how to install MOM components across multiple computers. This guide also covers installing MOM 2005 in advanced configurations, such as those involving multitiering, firewalls, multihoming, or on clustered servers.
Download here
(more)
This spreadsheet (updated aug 31) lists the full set of Group Policy settings described in Administrative Template (.adm) files that shipped with Windows XP SP2. This includes all policy settings supported on the following operating systems: Microsoft Windows Server™ 2003, Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with Service Pack 4 or earlier service packs. The spreadsheet includes separate worksheets for each of the .adm files that shipped in Windows XP SP2 , a consolidated worksheet for easy searching, and an Update History worksheet that lists policy settings that have been added since the Windows Server 2003 operating systems were released. Using column filters, you can easily filter the information in the spreadsheet by operating system, component, or machine/user configuration. You can also search for information by using text or keywords.
Download
here
