Monday, January 21, 2019
  • Home
  •             

Want to join the “Centro” beta program?

June 30th, 2007 by Jabez Gan [MVP]

“Centro” is built on Windows Server 2008 and provides an integrated server and management system for midsize businesses. The CTP includes many new Windows Server 2008 Beta 3 based components, as well as updates to the server applications that shipped in “Centro” Beta 1 (updated versions of System Center Essentials 2007, Exchange Server 2007 and ISA, as well as new updates to setup, Active Directory domain join functionality and a host of other improvements).

Please take a moment to read through the hardware requirements below. If you meet these requirements, go to http://connect.microsoft.com, click on Invitations, sign in with your Windows Live ID (Passport ID) and enter the following invite ID; Extr-GHBC-JCJM.

Visit source for more information.

Posted in Beta News, Windows Server System | Comments Off on Want to join the “Centro” beta program?

Security Configuration Wizard doesn’t work after installing SP2 on Windows Server 2003

June 12th, 2007 by Jabez Gan [MVP]

Background: Running Windows Server 2003 SP1, with Security Configuration Wizard working.

Problem: After installing SP2 on top of Windows Server 2003 SP1, Security Configuration Wizard fails to run with error that Security Configuration Wizard can only work on a machine with SP1.

Resolution: Uninstall Security Configuration Wizard (SCW) and reinstall it using Add/Remove Windows Component.

Credits to Baboon who posted this tip in Microsoft.public.Windows.Server.General newsgroup.

Posted in Windows Server System | Comments Off on Security Configuration Wizard doesn’t work after installing SP2 on Windows Server 2003

Book review: Professional Windows Desktop and Server Hardening by Wrox

June 5th, 2007 by Jabez Gan [MVP]

I am currently reading the book Professional Windows Desktop and Server Hardening by publisher Wrox (http://www.wrox.com/WileyCDA/WroxTitle/productCd-0764599909.html), and will be posting tips that administrators missed out most of the time.

Today, I’ll be giving some quick tips about Conventional and Unconventional Defences. I won’t be surprised that some of you already know about them, but just don’t remember about these defences when you implement a network.

1. To Linux fans out there: Whatever is Popular Gets Hacked. How true is this statement? You might be saying that Windows is full of exploits because it is unstable and vunerable. If it’s the days of Windows 9x/NT, I would agree with you that Windows isn’t that secure. However things have changed, thus vunerabilities have decreased tremendously.

If you think about Apache, you’ll notice that it has more vunerabilities than IIS. (Since Apache is more widely used).

2. Don’t Let End Users Make Security Decisions. Heck I don’t even trust end users myself, so why should we let them make security decisions? They will only increase our workload when they submit support tickets!

3. Security-by-Obscurity Works! Change to some random port for our RDP (remote desktop protocol) instead of the usual 3389. Change to some random port for our HTTP instead of the default port 80 (do this only for internal users, not external users).

4. Assume Firewalls and Antivirus Software Will Fail. I’ve been doing some consulting for a few companies, and this statement is true. Updated antivirus software with properly configured firewall isn’t enough. Malware nowadays comes through port 80 and Antivirus doesn’t work as great when it comes to detecting new viruses.

5. Minimize Potential Attack Vectors, Decrease Attack Space. Everybody knows this. Disable services or programs that you do not need. Close the ports you do not need. Use IPSec for communications between machines.

6. RunAs. Remember the long forgotten RunAs? Administrators should provide users (and themselves) with limited user accounts (LUA) and use the RunAs if they want to install applications. Also, I’ve learnt not to provide users with the permission to install new applications. It must be done by an administrator.

7. Keep Patches Updated. To cut things short, Keep Patches Updated. All of you know why.

8. Use a Host-Based Firewall. Who said Windows XP SP2’s firewall isn’t good? It is a host based firewall… Nah, it doesn’t provide Outgoing firewall monitoring. So use a 3rd party instead. 😉

9. Rename Admin and Highly Privileged Accounts. Scripts or hackers will try to hack through the system through the default administrator account. So on every installation of Windows (or any OS or applications), rename the default high privileged accounts.

10. Install High-Risk Software (IIS) to Non-Default Folders.  I know lots of you out there will just install everything to the default folder, but here’s a tip: Don’t! Take the hassle to reconfigure things if you have IIS installed to the default folder. I know it will break some web app (if you have any) but do you want to fix your web app or secure your server?

Here’s 10 tips from the book and has been forgotten by most IT Pros out there.  Stay tuned! There’s more coming in the coming days/weeks!

Posted in Reviews, Windows Server System | 1 Comment »

Windows Server 2008 announced

May 15th, 2007 by Zack Whittaker

Check out this video and the official website. I’ve told you all before, I got there ages ago (way before it was officially announced) by placing the name on VistaBase. Did anyone listen? Nope… *sigh*
Check Out the New Windows Server 2008 Website: http://www.microsoft.com/windowsserver2008/default.mspx

winserver2008.jpg

Posted in Windows Server System | 1 Comment »

Longhorn Server Beta 3 release!!!

April 26th, 2007 by Patrick S

Windows Server Code Name Longhorn has been released to beta testers today (five separate editions!!), with some of the most important changes coming to Longhorn Server Core. Core will support a grand total of 8 roles, double the 4 roles it had back in mid 2005. The grand total of roles available to Server Core includes:

  • Active Directory
  • Active Directory Lightweight Directory Services
  • DNS
  • DHCP
  • File/Print
  • Windows Media Services
  • Terminal Services (gets TS Easy Print and the new TS RemoteApp management interface)
  • Virtualization (configuring a server as a dedicated host for virtual servers.) (won’t be available immediately.)
  •  Network Access Protection (has greatly improved setup and integration)
  • IIS7 (does XCOPY deployment; and lots, lots more…)

PowerShell is also included in the 3rd beta release of Longhorn Server, as well as the Windows Firewall being enabled by default.

And what if you want to try this great os and dont know how to run it? The folks at Microsoft have launched a new Windows Server “Longhorn” Technical Library on the Windows Server Tech Center, they have a detailed Reviewers’ Guide available to download and read, and perhaps coolest of all, they have teamed up with the folks in our Microsoft Learning group to develop free self-paced e-learning clinics. These interactive, multimedia-based clinics provide eight hours of training on topics like server management, centralized application access, branch office management, and security and policy enforcement. They keep track of which sections you’ve completed, so you can start and stop them whenever you like, and you can even download them for offline use to keep you company on transatlantic flights.

So-All-in-all its been a Massive day for Windows Server! I cant wait to download it give it a test run…
… I love you windows server 😛

Source: AeroXP and The folks at the Windows Server Blog 

Check it out – http://www.microsoft.com/getbeta3 (now live-so go grab yourself a copy)

Posted in Beta News, MS News, Testing, Windows Server System | 4 Comments »

Server DNS vulnerability attacks

April 14th, 2007 by Patrick S

Microsoft confirmed yesterday that it has uncovered targeted attacks exploiting a new vulnerability in the Windows Server DNS Service.

Microsoft immediately mobilised its Software Security Incident Response Process (SSIRP) to investigate.

Due to a stack-based buffer overrun that exists in the Windows DNS Server’s remote procedure call (RPC) interface, attackers can send an RPC packet to the interface enabling them to run malicious code on the system. This vulnerability could allow a criminal to run code in the security context of the Domain Name System Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2, which by default runs as Local SYSTEM.

Users are encouraged to follow its “Protect Your PC” guidance of enabling a firewall, applying all security updates and installing anti-virus and spyware software to help minimise the possibility of a successful attack.

Microsoft is also urging customers to disable remote management over RPC capability for DNS Servers through the registry key setting, as well as block unsolicited inbound traffic on ports between 1024 and 5000 and enable advanced TCP/IP filtering, which will act as a workaround and stop attackers exploiting this vulnerability.

Details and workarounds can be found in Microsoft’s Technet Security Advisory 935964.

Source vnunet.com

Posted in Security, Windows Server System | Comments Off on Server DNS vulnerability attacks

Microsoft changes mind on Vista and Thin-Client computing…

April 3rd, 2007 by Patrick S

Spring is in the air, and like many of us, Microsoft is looking to slim down for summer. Despite its former reluctance to support thin-client computing, it looks like Microsoft has loosened up and clarified its licensing when it comes to thin clients. MSFT has claimed that it will loosen the strings that it currently has on thin-client licensing a more “supported” feature in its Windows OS rather than the gray area it currently is now.

First, they are going to permit streaming Vista directly to thin clients, allowing it to boot from the network instead of a local hard drive-until now it was only really a Unix/Linux (and MacOS) concept. This means that any updates/program installs made on the server will be applied to the Thin-clients as soon as the next user ‘logs on’. This is because the OS resides on the server itself.
The use of this technology is all well and good but impractical in some instances because the use of Thin-clients chews up huge amounts of bandwidth!

The other change is a new subscription license called Windows Vista Enterprise Centralized Desktops (VECD).VECD lets you host Vista as virtual machines on something like VMware or Virtual PC. Currently, in my environment we do something along these lines. VPN users connect to a farm of VMware ESX servers running multiple copies of Windows via RDP. Since they are just using RDP, we only need one port open on our firewall, which keeps home PC cooties off our network. Since it’s to a PC that’s actually a virtual machine on ESX it’s simple to expand the number to meet increased demand.

Until now, this has been a gray area as far as licensing is concerned; with VECD it is now legitimate, although there is supposed to be a fee schedule based on the number of devices you are using it with. The cost will be different for full PCs and thin clients, but Microsoft’s announcement does not go into much detail.

Only time will tell…

Microsoft Press Pass: Found HERE
Info Sourced from: http://arstechnica.com/

Posted in Computing, MS News, Products, Windows Server System, Windows Vista | Comments Off on Microsoft changes mind on Vista and Thin-Client computing…

Windows Server 2003 SP2 and WinXP x64 SP2 have released!

March 15th, 2007 by Jabez Gan [MVP]

Windows Serviceability is pleased to announce the broad availability of Windows Server 2003 Service Pack 2 and Windows XP Professional x64 Edition Service Pack 2. This release includes the following standalone builds of Service Pack 2:

  • Windows Server 2003 Service Pack 2 (32-bit x86)
  • Windows Server 2003 R2 Service Pack 2 for x64 Editions
  • Windows Server 2003 Service Pack 2 for Itanium-based Systems

Service Pack 2 for Windows XP Professional x64 Edition will also be available integrated with the operating system. Today’s release includes editions for English and German. Other languages will be released in the coming weeks.

You may visit http://www.microsoft.com/technet/windowsserver/sp2.mspx to get official builds, tools and documentation related to this release.

Posted in Windows Server System, Windows XP | Comments Off on Windows Server 2003 SP2 and WinXP x64 SP2 have released!

How to get rid of that pesky Windows Welcome Center at FIRST boot

January 21st, 2007 by Patrick Elliott
If you’re like me, you have custom scripts you run after you install Windows to get everything “just right”.
You may have noticed, you don’t see a checkbox to “Show Windows Welcome Center” until you’ve logged on twice, and that’s by design.
With a simple .reg file though, you can kill Windows Welcome Center dead on first boot — simply put the following into your .reg file and save it, run it, or add it to your scripts:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=-
  

And like magic, it will not bother you again 🙂
-Patrick

Posted in Windows Server System, Windows Vista | 1 Comment »

Server 2003 Critical Patch KB929969=Critical Problems!

January 18th, 2007 by Patrick S

Lets bring it on back to a Windows Server them, I was reading the Windows Server Public news-groups today and stumbled accross a post from a one bpacman regarding Microsofts latest Windows Server update that also applys to XP and Windows 2000 (KB929969-Security Bulitin MS07-004)

The fact of the matter is that many Server 2003 System Admins are in for a surprise when they reboot their servers after 1/12/2007, if they have automated updates enabled.

Why?:
On that date Microsoft pushed a critical patch KB929969.  The patch did not require a reboot, so your system will work fine for days, weeks or even months, but once you reboot…well lets just get into the symptoms:

Your first clue is that your Manage My Server screen will not work and you will get a Script Error complaining about the mys.dll/mys.hta.

Any attempt to open Computer Management, Enterprise Management, DeviceManagement…etc… will result in an error saying that mmc cannot find the *.msc file.

IIS and SQL server will fail.  Any time you hit Cntl F or Search, it will fail.

So what did this patch do to your server?  It removed a file. C:\Windows\System32\msxml3.dll was replaced by msxml4.dll, but this file doesn’t replace the msxml3.dll file effectively.

So what can we do to resolve the problem?:

Resolution:

Break out your Install CD and extract the following two files:

\i386\msxml3.dl_
\i386\msxml3r.dl_

from a DOS prompt you will need to expand these files and install them
in the system32 directory

c:> expand -r msxml3.dl_ c:\Windows\system32
c:> expand -r msxml3r.dl_ c:\Windows\system32

Then you need to register the msxml3.dll file

c:> regsvr32 c:\Windows\system32\msxml3.dll

Reboot the system and your server should be fine.
It seems like this Update from Microsoft has caused System admins all around the world nothing bug problems. But until this update is less buggy it looks as though a lot of servers will remain MS07-004 unpatched.

-Although-the article states that the patch causes all sorts of confusion on a Windows Server (due to msxml3.dll being replaced) it seems that the patch has nothing to do with MS XML only VML [Vector Markup Language] (as shown in C:\WINDOWS\$NtUninstallKB929969$)

So either bpacman is wrong about msxml3.dll being replaced along with the VML update or right I didn’t do enough research-sorry

-Patrick 🙂

Posted in Bugs, MS News, Windows Server System | 6 Comments »

Longhorn Server to Be Named Windows Server 2007

January 16th, 2007 by Patrick S

An unnamed Microsoft official just confirmed to ActiveWin.com that the new Windows server succeeding Windows Server 2003 will be named Windows Server 2007, now known in its beta form as Windows Server “Longhorn”. Windows Server 2007 is currently slated to be released in the second half of 2007, culminating a long beta process which began in early 2005. In addition, development has begun on the next series of MSCE certification tests geared for Windows Server 2007.

Zack: Here at MSBLOG, we can’t validate other articles on neighbouring websites. At the moment the final name of the next Windows Server product is purely speculation and cannot be confirmed as yet. We’ll just have to wait and see. The final name is expected to be revealed in March 2007.

Source: ActiveWin

Posted in Beta News, MS News, Windows Server System | 1 Comment »

What Windows Server Home is all about

January 8th, 2007 by Zack Whittaker

Windows Home Server is certainly going to be a highlight for Microsoft in the home-user department. It’s going to be based loosely on Windows Vista but with some server addition’s thrown in which make it easier for the standard home user to administrate and sort out their files and networking.

It’s not clear however whether Windows Live Drive will have anything to do with Windows Home Server or not. What we’ve managed to establish so far:

  • Windows Home Server will be released sometime this year as a product for home users to centralize their files, media and folders.
  • Storage will be easily expandable so you can have gigabytes, terabytes and even petabytes of storage as long as your hardware supports it.
  • You’ll be able to access your files from anywhere on the web.
  • Windows Home Server will be an operating system similar to Windows Vista and not so similar to Windows Server 2003 or Windows Server “Longhorn”.
  • Windows Live will be involved in making remote access possible.
  • Server backups will be optional but installed as standard, and each file will be backed up incrementally online saving your bandwidth and online storage space*

Read full story at source.

Posted in Windows Live, Windows Server System | Comments Off on What Windows Server Home is all about

The digital decade

January 8th, 2007 by Zack Whittaker

Bill Gates was speaking his keynote speech earlier on, and some things are to be taken from that which are quite interesting.

Microsoft are really keen on getting media anywhere and everywhere it seems, with IPTV (internet protocol television) on any number of devices, and having access to your media from any other device you might have. It’s already clear that by this time next year, partners will be offering live and on-demand

I don’t know where the post has gone… but I told you I was right about Windows Home Server 😉 Partnering with HP, home users will be able to access and store all their data on a central device from any number of Windows powered products, from the Zune to the Xbox 360, PC’s and mobile phones.

Windows Home Server is expected to arrive sometime this year – from what I believe it’ll be more of a home-user-friendly product rather than it being targetted at Windows Server administrators. My guess it’ll probably look at lot like Vista but with a few dashboard options to easily guide a user through storing their content on the server.

Posted in Windows Server System, Windows Vista, Xbox and Gaming | Comments Off on The digital decade

Administering Windows Server 2003 from Windows Vista

December 25th, 2006 by Patrick Elliott

Want to know how to get the Admin Tools to work on Windows Vista?  Thanks to the Windows Server guys, there is a KB article here!  — http://support.microsoft.com/default.aspx/kb/930056

From the Windows Server Weblog:

“One of the more popular questions on our Windows Server “Longhorn” discussion forums is around the Windows Server 2003 Administration Tools Pack. In particular, people have been asking why they can’t use the Admin Pack on Windows Vista. It can be installed, but it gives error messages and many of the administration tools seem to be missing or are not properly configured. Some of these issues are related to User Account Control and not having the necessary administrative privileges when attempting to install the pack.

Well help is at hand! We’ve just released a new Knowledge Base article describing how to get the Admin Pack working on Windows Vista, and describing some of the limitations that will still exist.

Note that this does not address managing Windows Server “Longhorn” from a client machine (either Windows XP or Windows Vista). We are working on a new version of the Admin Pack for Windows Server “Longhorn” and we will provide an update on our progress with this in the Beta 3 timeframe.”

Merry Christmas and Happy New Year!

– Patrick Elliott

Posted in Testing, Windows Server System, Windows Vista | 1 Comment »

Just in time for the holidays another Microsoft 0-Day

December 24th, 2006 by Patrick S

Microsoft has received and acknowledged that a new 0-Day exploit is public, and the proof-of-concept code announced for it is valid today on their Security Blog.

The proof-of-concept code targets the CSRSS (Client/Server Runtime Server Subsystem) the part of windows that launches and closes applications, the exploit affects all versions of Windows including the (un)released Windows Vista.
Tested on XP Service Pack 2 the proof-of-concept will cause the computer to crash resulting in a system lockup, system failure (Blue Screen of Death), or simple hard reboot.

Microsoft SRC said today “Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers.”

This is good news for users, as a patch is coming. The potential for attack, rated less critical by Secunia is still problematic if the system is infected by rootkits, or applications designed to allow remote access to a PC. The method of attack, and the way this exploit works, means there is no real protection for end users, other than to ensure you are fully patched, and your malware, spyware, and virus scanning software is running and up to date.

Info Sourced from monstersandcritics.com

Posted in Bugs, MS News, Products, Security, Windows Server System, Windows Vista, Windows XP | Comments Off on Just in time for the holidays another Microsoft 0-Day

« Previous Entries Next Entries »