Thursday, July 7, 2022
  • Home

Want to join the “Centro” beta program?

June 30th, 2007 by Jabez Gan [MVP]

“Centro” is built on Windows Server 2008 and provides an integrated server and management system for midsize businesses. The CTP includes many new Windows Server 2008 Beta 3 based components, as well as updates to the server applications that shipped in “Centro” Beta 1 (updated versions of System Center Essentials 2007, Exchange Server 2007 and ISA, as well as new updates to setup, Active Directory domain join functionality and a host of other improvements).

Please take a moment to read through the hardware requirements below. If you meet these requirements, go to, click on Invitations, sign in with your Windows Live ID (Passport ID) and enter the following invite ID; Extr-GHBC-JCJM.

Visit source for more information.

Posted in Beta News, Windows Server System | Comments Off on Want to join the “Centro” beta program?

Free Microsoft Certification Exam…

June 19th, 2007 by Jabez Gan [MVP]

… for first time test takers, only students and faculty members and only applies to North America.

 Pearson is offering a free exam promotion, which will end on June 30th, 2007. The exam that qualifies for this free exam promotion is all 072 academic exams.

It’s easy to get your FREE exam right now.*

  1. Call Pearson VUE at 800-TEST-REG (800-837-8734) to schedule your free exam over the phone.
  2. Reference promotion code EXAM4FREE while scheduling your exam.
  3. Schedule and take your exam by June 30, 2007.

Visit here for more information.

Posted in Learning | Comments Off on Free Microsoft Certification Exam…

Vista Recovery Command Prompt

June 16th, 2007 by Patrick S

As good as the recovery console in is Windows-it really aint that secure at all. Did you know that the Command Prompt tool found in Vista’s System Recovery Options doesn’t require a User Name or Password? And that the Command Prompt provides Administrator level access to the hard drive? For multiple versions of Windows? All you need is a Vista Install DVD and you’re all set to go.

Just boot from the DVD and select the Repair option:

Then select the Command Prompt:

Here you have full access to this computer, not only as an administrator but also as a system account user. After this you can insert usb-memory and copy any non-encrypted file from this computer to usb-memory and steal information without leaving any marks to the system or event viewer logs.
Also, you could for example copy SAM-file (contains names and passwords of local users) from c:\windows\system32\config to usb-memory and start cracking computer’s user password at  remote computer.

A cracker can:
1. … copy files from hard disk to USB, floppy or network server
2. … create / modify / delete files and folders
3. … use most of the MS-DOS like commands
4. … use this method in Vista, XP, 200x

To protect you computer or workstation, try to:

setup bios boot order so that booting from other media than hard disk is not possible

  • setup startup password from your bios (mainly in home computers)

  • use hard disk encryption software, if possible (such as bit locker)

  • encrypt files and folders using EFS, if mechanisms above are not possible

  • This kind of reminds you of a Windows XP Home feature. The Administrator account password for XP Home is blank by default and is hidden in Normal Mode. But if you select F8 during boot for Safe Mode, you can access the Administrator account and have complete access to the computer.

    For more proof of the concept check out find more details from Mr. Kimmo Rousku and F-Secure

    Posted in MS News, Products, Security, Windows Vista, Windows XP | 5 Comments »

    ATM running on Windows?

    June 13th, 2007 by Jabez Gan [MVP]

    Seen an ATM running Windows? It seems like Russian’s ATM runs Windows… Which hasn’t been activated!

    Russian Windows ATM

    Posted in Humour | 11 Comments »

    Project Shutter on Windows Live – Win Prizes by just taking photos!

    June 13th, 2007 by Jabez Gan [MVP]

    All residents of Singapore, Malaysia, Philippines, Indonesia, Thailand, India, and Mainland China above the age of 21, there’s a photography contest in town!

    Project Shutter – Live In My City is about showing your own city’s uniqueness through your city’s FOOD, CULTURE or ARCHITECTURE. So if you are good, creative and interested in photography, come join this contest and you stand a chance to win prizes which include HP Pavilion or HP Printers!

    What are you waiting for? Submission ends on the 29th June 2007!

    You can find more about it at Project Shutter’s website!

    Posted in Windows Live | Comments Off on Project Shutter on Windows Live – Win Prizes by just taking photos!

    Security Configuration Wizard doesn’t work after installing SP2 on Windows Server 2003

    June 12th, 2007 by Jabez Gan [MVP]

    Background: Running Windows Server 2003 SP1, with Security Configuration Wizard working.

    Problem: After installing SP2 on top of Windows Server 2003 SP1, Security Configuration Wizard fails to run with error that Security Configuration Wizard can only work on a machine with SP1.

    Resolution: Uninstall Security Configuration Wizard (SCW) and reinstall it using Add/Remove Windows Component.

    Credits to Baboon who posted this tip in Microsoft.public.Windows.Server.General newsgroup.

    Posted in Windows Server System | Comments Off on Security Configuration Wizard doesn’t work after installing SP2 on Windows Server 2003

    Integrate SMS 2003 with Microsoft SoftGrid Step by Step Guide!

    June 12th, 2007 by laidaniel

    My latest guide released on the web already.

    Enjoy it.

    Posted in MS News | Comments Off on Integrate SMS 2003 with Microsoft SoftGrid Step by Step Guide!

    Microsoft Office Outlook Connector Beta

    June 12th, 2007 by Jabez Gan [MVP]

    Do you want to check your Live Mail (formerlly known as Hotmail) email using Outlook 2003 or Outlook 2007? You can configure HTTP through native Outlook 2003/2007 but you will need a paid subscription to do it.

    With Microsoft Office Outlook Connector Beta, you will be able to download/read/compose Live Mail emails.

    To download Microsoft Office Outlook Connector Beta, please go to the link:

    Posted in Office 2007 | Comments Off on Microsoft Office Outlook Connector Beta

    Test drive Windows Vista without installing!

    June 11th, 2007 by Jabez Gan [MVP]

    Are you one of the people who hasn’t jump on the migration to Windows Vista? Still having doubts about the stability and usability of Microsoft’s latest operating system, Windows Vista?

    If yes, fear no more as you can test out Windows Vista without even buying/installing on any of your machine!

    To test out Windows Vista, please visit:

    You will be able to choose which edition of Windows Vista to test. 

    The above website will be hosting the virtual machines of Windows Vista and will stream it to your javascript enabled browser running Internet Explorer.

    Note: Currently only US and Canada visitors can run the virtual machines.

    Posted in Windows Vista | 1 Comment »

    What’s HTC way to counterattack iPhone by Apple?

    June 6th, 2007 by Jabez Gan [MVP]

    Remember the announcement by Apple about iPhone ( on January 9th, ’07 ( In the announcement, Apple said iPhone will be launched on June 2007 to US, and iPhone brought a lot of hype to the industry.

    It is now June and HTC has announced that HTC has revealed a new Touch phone, called HTC Touch!

    What do you have to say about HTC Touch? HTC Touch runs on Windows Mobile 6 Professional (Pocket PC + Phone edition), the latest and greatest from Microsoft (Although I don’t quite see much difference compared to Windows Mobile 5). It is just a clone “touch” interface from iPhone. But IMO, I still feel iPhone wins when it comes to the design and style.

    More information can be found here:

    Official website for HTC Touch is over at:

    Posted in Windows Mobile | 2 Comments »

    Book review: Professional Windows Desktop and Server Hardening by Wrox

    June 5th, 2007 by Jabez Gan [MVP]

    I am currently reading the book Professional Windows Desktop and Server Hardening by publisher Wrox (, and will be posting tips that administrators missed out most of the time.

    Today, I’ll be giving some quick tips about Conventional and Unconventional Defences. I won’t be surprised that some of you already know about them, but just don’t remember about these defences when you implement a network.

    1. To Linux fans out there: Whatever is Popular Gets Hacked. How true is this statement? You might be saying that Windows is full of exploits because it is unstable and vunerable. If it’s the days of Windows 9x/NT, I would agree with you that Windows isn’t that secure. However things have changed, thus vunerabilities have decreased tremendously.

    If you think about Apache, you’ll notice that it has more vunerabilities than IIS. (Since Apache is more widely used).

    2. Don’t Let End Users Make Security Decisions. Heck I don’t even trust end users myself, so why should we let them make security decisions? They will only increase our workload when they submit support tickets!

    3. Security-by-Obscurity Works! Change to some random port for our RDP (remote desktop protocol) instead of the usual 3389. Change to some random port for our HTTP instead of the default port 80 (do this only for internal users, not external users).

    4. Assume Firewalls and Antivirus Software Will Fail. I’ve been doing some consulting for a few companies, and this statement is true. Updated antivirus software with properly configured firewall isn’t enough. Malware nowadays comes through port 80 and Antivirus doesn’t work as great when it comes to detecting new viruses.

    5. Minimize Potential Attack Vectors, Decrease Attack Space. Everybody knows this. Disable services or programs that you do not need. Close the ports you do not need. Use IPSec for communications between machines.

    6. RunAs. Remember the long forgotten RunAs? Administrators should provide users (and themselves) with limited user accounts (LUA) and use the RunAs if they want to install applications. Also, I’ve learnt not to provide users with the permission to install new applications. It must be done by an administrator.

    7. Keep Patches Updated. To cut things short, Keep Patches Updated. All of you know why.

    8. Use a Host-Based Firewall. Who said Windows XP SP2’s firewall isn’t good? It is a host based firewall… Nah, it doesn’t provide Outgoing firewall monitoring. So use a 3rd party instead. 😉

    9. Rename Admin and Highly Privileged Accounts. Scripts or hackers will try to hack through the system through the default administrator account. So on every installation of Windows (or any OS or applications), rename the default high privileged accounts.

    10. Install High-Risk Software (IIS) to Non-Default Folders.  I know lots of you out there will just install everything to the default folder, but here’s a tip: Don’t! Take the hassle to reconfigure things if you have IIS installed to the default folder. I know it will break some web app (if you have any) but do you want to fix your web app or secure your server?

    Here’s 10 tips from the book and has been forgotten by most IT Pros out there.  Stay tuned! There’s more coming in the coming days/weeks!

    Posted in Reviews, Windows Server System | 1 Comment »

    Microsoft System Center Data Protection Manager V2 Beta 2 Released

    June 1st, 2007 by Joseph Bittman MCSD .Net

    A lot of people have been waiting months for this day, when sometime in the 9′ clock hour, Beta 2 of Version 2 was released! This groundbreaking release for DPM has so much to offer which hasn’t been previously announced. If you ever thought about DPM and maybe weren’t as impressed in the past, even as recently as Beta 1, you MUST revisit your decision. Some of the brand-new features include file protection support for XP and Vista machines (domain joined), protection of Virtual Server’s configuration AND *running* virtual machines, Windows Sharepoint 2.0 and 3.0 (3.0 natively, 2.0 through SQL backup), SQL 2000 (natively, yes! – not previously going to be supported, but with recent development now is – of course, 2005 was already previously natively supported in beta 1), all kinds of Exchange stuff including CCRs and other things beyond my knowledge, System State, and much more!

     Including, what I want to announce to the whole WORLD!!!!!! You do NOT need to add a whole disk to the DPM storage pool anymore! There is now what is called “Custom Volumes”, where you can create your own seperate partitions for the replica and recovery point areas, which then you specify for each PG/workload. This means you are now able to have 1, count them ONE, hard drive to run DPM! 🙂 I know there are tons of people out there who even wanted to just *test and try* DPM, but couldn’t because they didn’t have the hardware requirement of 2 HDs…. not anymore, test to your hearts content!

     Oh, and BTW, there is a bug bash contest going on for Beta 2 – see Connect for details. Also, the beta is public, so that means anyone can still join the beta on Connect even to this day.

     Look for a lot of posts to come about DPM – most of the content covered in detail you will only find written by me! 🙂

    Posted in DPM, MS News | 1 Comment »

    Top 10 .NET Framework Technologies to Learn in 2007

    June 1st, 2007 by kenlin@HK [MVP]

    Found this interesting topic, i read 2 guys thinking from their blog, and i wanna share with you guys.


    Everybody has an opinion, and yours may differ based on your personal observations and experiences.

    I’ve been working with the .NET Framework since the first BETA in 2000, and I’ve seen a lot of stuff come and go.  The following are what I consider to be my Top 10 List of things about .NET you must learn, going forward with the technology from 2007 on:

    1) WCF (Windows Communication Foundation):  While WCF is certainly less “sexy” than say WPF / Silverlight, it is going to represent the backbone of solving business problems with .NET going forward from here. Big organizations are starting to embrace it, and it provides a cohesive framework for solving business problems in a distributed, integrated way. WCF integrates Remoting, WebServices, EnterpriseServices and Transactions, WSE, MSMQ, and much more into a cohesive programming framework. If you intend to make it your business to study just one new .NET technology this year, make it WCF.

    2) ADO.NET (and LINQ): ADO.NET is how you talk to a data store, and databases are such a ubiquitous part of what you will do as a developer that you have NO CHOICE but to become extremely competent in this area. The next big thing in how to talk to data is LINQ with language extensions and entity objects that “represent” mappings of data and its relationships. If you don’t become at least familiar with all this stuff, somebody else is going to eat your lunch.

    3) WPF (Windows Presentation Foundation): Everything you learned about Windows Forms, pages in a browser, and UI elements is going to go out the window, because Microsoft has already declared that WPF is the new way we’re gonna do this stuff. Its already built in to Windows Vista, and the XPS (XML Paper Specification) is already built into the printer subsystem. Don’t hang on to the old- get with the new just as fast as you can get your little tushy in gear! And besides that, WPF is just so friggin’ cool, it will knock your socks off in hi-def streaming video!

    4) SQL Server 2005 (and on): I understand this isn’t really .NET, but then again it really is. SQL Server 2005 hosts CLR integration of managed code. That’s not only revolutionary, it provides a power to the programmer that you cannot get on other platforms. You have to learn everything you can about SQL Server 2005 including Service Broker, because it will help you to be a better programmer and problem – solver.

    5) ASP.NET 2.0:  Even non “web programmers” need to understand how this works. The feature set has grown and matured, and you are looking at dynamic languages, LINQ, AJAX, and much more being integrated into the ASP.NET Framework (not to forget Silverlight – the sexiest technology of all of them!).

    6) Security. Developers are notoriously weak on security (“Who cares about permission sets – I’m just a Code Monkey”). Unfortunately, we do not live in a perfect world and there are evil people out there who jump with glee when they can mess up your day. The more you become an expert about security, the higher your pay will be: expert security consultants make upwards of $300 / hr.

    7) TDD (Test Driven Development): Unit, regression and integration testing aren’t a luxury – if you want to develop robust systems then you must  have a test protocol. And to do testing right, you need to study how to write tests and what tests to write. There are several excellent books on TDD and at least one that specifically focuses on .NET.

    8) Networking (System.Net and related): Networking — TCP, UDP, HTTP, FTP, and on — are an integral part of what you need to know how to do in order to glue programs together and make them be able to talk with each other and your data. The more you know about this area, the better equipped you’ll be to make the right kind of choices when you are tasked with creating business logic through code.

    9) Threading:  When asked to develop a multi-threaded object or to use a ThreadPool, 95 out of 100 programmers who claim to be professional .NET developers fall flat on their faces! You need to study all the threading primitives, know how they are used, be able to use the .NET or a custom ThreadPool, and manage threads in your applications.

    10) Learning. That’s right, I classify learning as a technology. People need to become smarter about how to learn, and especially, WHAT to learn. Just as you become a better programmer when you learn to use the Google or other search engines more effectively, you become a better programmer when you can detail for yourself what you need to learn to be better at your craft, and write down a plan for implementing that learning process.


    There is an interesting post on the Help.Net blog about the Top 10 .NET Framework Technologies to Learn in 2007. No Sliverlight? No SharePoint? I like the list, but I don’t think it hits the mark for where the money is at. That’s why companies employ developers… to reduce cost or increase revenue. That’s why we write code… that’s how we pay our bills.

    If you haven’t already signed up for our Web Experience Expo events in New York City, Los Angeles, or Denver… there’s still a few registration spots left in each, and most of these 10 technologies are covered. No, I didn’t pick these top 10 in a thinly-veiled attempt to market the event… I picked the top 10 as topics for the regional events. Trust me, these are the topics that customers want to hear about, these are the things that company executives recognize as key value propositions of the Microsoft platform.

    Here’s a recipe for financial success in 2007, in order.

    1. Microsoft Office SharePoint Server 2007. We get so many requests to talk about Windows SharePoint Services and its capabilities that our team at Microsoft cannot keep up. MOSS 2007 finally steps up to the plate in the major leagues and fixes so many of the problems that previous versions of SharePoint had. There is a distinct lack of tools for extending various sections of MOSS, which equates to a somewhat unapproachable API. Be one of the few that can make MOSS dance, and you have big consulting dollars. Create some great add-ins and wizards for common tasks, and make money selling them. There’s a lot left on the table here for developers. And if you know ASP.NET 2.0, your life will be all the easier. I don’t think I can stress this enough, MOSS is the single largest area of opportunity for developers and architects.
    2. Silverlight. The post-MIX buzz wasn’t just on blogs. Some of the largest companies I work with (yep, many of the same ones you saw as MIX demos) are looking hard at Silverlight. Expect some incredibly cool implementations that many other sites are bound to want to imitate. The whole RIA and AJAX thing is just going to get louder, looks like a good wave to ride for awhile. There’s a lot of excitement beyond the developer level, at the executive level, for Silverlight.
    3. ASP.NET. If you can’t recite the Page and Control Lifecycle for ASP.NET, you should start committing it to memory. Reiterating that SharePoint technologies are built upon ASP.NET 2.0. The more I see how companies are making decisions to base their entire infrastructure around SharePoint, the more I think that there will be work for years to come for ASP.NET developers. Re-familiarize yourself with JavaScript, learn what JSON can do for you. Get to know the ASP.NET AJAX 1.0 library, there’s going to be a lot of JSON-related work for awhile to come, especially since this is getting rolled into the next version of ASP.NET. Get to know IIS, especially IIS7.
    4. Windows Workflow Foundation. If you don’t get why this is a game-changer and is near the top in a short list of technologies, then you haven’t spent time really looking at it yet. Look at how MOSS 2007 implements WF with out-of-box workflow templates for approvals. Go look at and look at how WF was used in that solution. Instead of trying to refactor 10-15 ASP.NET pages to make changes to a process, why not just load up the WF designer and encapsulate the process visually? I heard a great explanation this week by Ted Pattison.  The CLR is a boundary for applications because your types can only live within their created AppDomain, within a process.  WF extends the CLR across processes and provides out of box services for persistence and isolation.  This is the stuff that companies are looking for… how to make the hard stuff easier.  Spend the time understanding it, see how the paradigm shift of how to build applications will make your programming life better.
    5. Windows Communication Foundation. We are seeing more and more companies allocating budgets to figure out what SOA means to them and why they care. A big reason is that WCF can be faster than what you are using today. We are seeing a lot of companies that are starting to get the whole loosely coupled, message-based architecture idea. And those same customers are starting to see that if you are going to build an architecture based on WS-* you would be crazy not to use Microsoft’s stack. Yep… another area to focus on for developers and architects. There’s a ton of room for ISV’s and SI’s alike.
    6. SQL Server Integration Services. SQL Server 2005 has a huge surface area to cover, it would be ridiculous to try to say “focus on SQL Server 2005”. And if you are using any of the above technologies, you know how to write TSQL. What you might not have focused on is how to use SSIS to process data visually. I see developers all the time trying to figure out how to move huge amounts of data from one store to another and map values, fields, and columns programmatically. This is what SSIS excels at.
    7. Domain Specific Languages. I will admit, this seemed like a very half-baked concept that Microsoft was limping into. We introduced the DSL Toolkit amidst a ton of blog buzz… and then seemingly nothing. After watching the Patterns & Practices group churn out some incredibly useful software factories, you can’t help but give Software Factories and DSLs a second look. Try baking your company’s architectural approach and tools into a set of reusable designers through the DSL Toolkit. I know it’s got a steep learning curve, but the results can be amazing. We have been working with a partner on a proof of concept that we will be unveiling this week in New York City… I can’t wait to see people’s faces when they see DSL taken past a Hello, World demo.
    8. Identity Metasystem. Spend your time understanding how to use CardSpace to secure your ASP.NET and WCF apps. CardSpace is an identity selector for the Identity Metasystem. The really cool part is how you build a website that accepts Information Cards. The real interesting meat is how you build your own Secure Token Issuing Service. Not straight-forward to implement yet, so getting into this now will put you much farther than everyone else as various solutions continue to introduce themselves into the marketplace. Spend your time figuring out how to leverage CardSpace for your web site, there is starting to be a huge demand for people who understand how to make the end-user’s experience better where security is concerned.
    9. Visual Studio Tools for Office. I’ve never been an Office client developer before, and this one took me awhile to understand. VSTO will be a game-changer for application developers. When you see Office 2007 with MOSS 2007 and its out of box functionality for content types, you might say “hmm, ok, that’s cool.” Once you see how easy it is to use the Ribbon API and create your own task panes in Excel and Word, you might think “OK, I see where that could be useful.” Once you see the whole thing together in a solution with SharePoint, then you will have the a-ha moment. It’s not just about VSTO, it’s about how you can integrate client applications with SharePoint. Get to know SharePoint, get to know VSTO. This is how many companies are seeing the future, and seeing that they can put together solutions much faster than you can with any other platform or technology.
    10. Virtual Earth. There are so many opportunities for Virtual Earth in everything from mashups to blogs to corporate applications that it is just amazing. How about a SharePoint app that surfaces all of your backend data from SAP, provides data visualizations using Silverlight, and enables mapping through Virtual Earth? Just look at the Accruent demo to get a taste of what other companies are seeing.


    Posted in .NET Framework, Reviews | 3 Comments »

    Customizing ASP.NET Membership and Profile: What Goes Where?

    June 1st, 2007 by kenlin@HK [MVP]

    Recent, I start playing the Membership class but not touching the Profile class yet. I search a lot and a question comes up to my mind. The standard Membership and its related table does not fits my DB and application design( as this is usual case I think), so I search around and thinking that i should implement the Profile or extend the Membership. Well, I got an answer after searching, I should implement Profile as itis the easier step.

    The following is copying from Kirk Allen Evans’ Blog in MSDN blog

    I have been working with two separate customers over the past few days on the same problem.  Both have an existing web application that they are migrating to ASP.NET 2.0.  They both wrote their own authentication functionality, and are now considering how to leverage the existing store with ASP.NET 2.0 Membership.

    Consider a table that looks something like this:

    UserID int
    UserName nvarchar(50)
    PasswordHash nvarchar(50)
    OfficePhone nchar(10)
    CellPhone nchar(10)
    Pager nchar(10)

    Obviously, this looks a lot different than the schema for Membership that is created when you run aspnet_regsql.  If you want to retrofit your existing table into the Membership system, do you create a custom MembershipUser type and expose the OfficePhone, CellPhone, and Pager values as public properties, or do you leverage the Profile system instead?

    You could extend the MembershipUser class and expose a few properties, but that ties your application to that specific provider.  For instance, any time you want to access the Pager value, you would need to do something like:

    CustomMembershipUser u = Membership.GetUser("bob",true) As CustomMembershipUser;
    if(null != u)
        TextBox1.Text = u.Pager;

    You would not only have to cast to your custom MembershipUser type, but you also need to check to see if the correct type is returned, lest someone switch to a different provider.  This is the real aversion I have to extending MembershipUser, since your application cannot easily take advantage of new providers later without rework. 

    A better approach would be to split the information into two providers, Membership and Profile.  The Membership API is only concerned with authentication, where the Profile API allows you to access any other characteristic data regarding a user.  Since the attributes OfficePhone, CellPhone, and Pager are not related to Authentication in our system, it makes sense to classify them as attributes of the entity and store them via the Profile API.

    The really interesting part is that you can achieve this without making changes to the backing store, only customizing the internal implementation within your custom Profile provider.  That is, you could create a custom Profile that leverages the same exact store as Membership on the backend, but this is completely transparent to the developer and the end user. 

    Splitting this into the 2 APIs with a common backing store is a good approach because it allows you to swap out the backend providers at a later time, or make changes to the APIs independently of each other.  Suppose you want to move to Active Directory at some later point, leveraging Active Directory Application Mode for application-specific catalog extensions without affecting the global catalog.  Leveraging AD for the backing store would allow you to modify user profile data on a global basis so that it is available across the enterprise (the same properties show up in your Outlook contacts, Office Communicator presence information, Address Book, and your applications) without maintaining it separately in multiple locations.  If you extend MembershipUser as discussed previously, this is going to be a much more difficult migration.  Leverage Profile as suggested, and you will be able to simply swap out providers.

    See Scott Guthrie’s blog entry for an example of implementing a Membership and Profile system.


    Posted in .NET Framework, Reviews | Comments Off on Customizing ASP.NET Membership and Profile: What Goes Where?