Just a quick post tonight – Check out this nifty Group Policy reference launched recently by Microsoft over here at http://gps.cloudapp.net/

This reference allows administrators to easily find existing group policies and implement them with relative ease.

All in all GroupPolicySearch is an extremely handy reference with the added coolness of being hosted in the cloud on the Azure platform 🙂 .

One of the most anticipated features for IIS is now available. Yesterday the first preview of the URL re-write module for IIS 7 was launched. It is free for all IIS7 users and available for download x86 and x64.

So what does it do exactly?
The URL Rewrite Module provides a rule-based rewriting mechanism for changing request URL’s before they get processed by IIS. The module supports regular expression based URL rewriting logic or a simpler wildcard-based URL rewriting logic. Rewriting decisions can be based on the URL, HTTP headers and server variables. While the primary purpose of the module is to rewrite URLs, it also has functionality to perform redirects, send custom responses and abort requests based on the logic expressed in the rewrite rules.

Here is a quick feature overview:

• Rules-based URL rewriting engine. Rules are used to compare/match the request URL with and what to do if comparison was successful.
  • Regular expression pattern matching. Rewrite rules can use ECMA-262 compatible regular expression syntax for pattern matching.
  • Wildcard pattern matching. Rewrite rules can use Wildcard syntax for pattern matching
• Back-references to patterns and conditions. Back-references are used to capture parts of a matched URL so that it can be re-used later in a rule when constructing a substitution URL string. Back-references are available with regular expression and wildcards patterns.
• Global and distributed rewrite rules. Global rules are used to define server-wide URL rewriting logic. Global rules cannot be overridden or disabled by lower configuration levels. Distributed rules are used to define URL rewriting logic specific to a particular configuration scope, e.g. an web application.
• Access to server variables and http headers. Server variables and HTTP headers provide additional information about current HTTP request. This information can be used to make rewriting decisions or to compose the output URL.
• Various rule actions. Instead of rewriting a URL, a rule may perform other actions, such as issue an HTTP redirect, abort the request, or send a custom status code to HTTP client.
• Rewrite maps. Rewrite map is an arbitrary collection of name-value pairs that can be used within rewrite rules to generate the substitution URL during rewriting. Rewrite maps are particularly useful when you have a large set of rewrite rules, all of which use static strings (i.e. there is no pattern matching used). In those cases, instead of defining a large set of simple rewrite rules, you can put all the mappings between input URL and substitution URL as keys and values into the rewrite map, and then have one rewrite rule which references this rewrite map to look up substitution URL based on the input URL.
• UI for managing rewrite rules. Rewrite rules can be added, removed and edited by using “URL Rewrite Module” feature in IIS Manager.
• GUI tool for importing of mod_rewrite rules. URL rewrite module includes a GUI tool for converting rewrite rules from mod_rewrite format into IIS format.

Install the URL Rewrite Module today!

Microsoft URL Rewrite Module for IIS 7.0 CTP1 (x86)

Microsoft URL Rewrite Module for IIS 7.0 CTP1 (x64)

Sourced from : Bill & Thomas’s IIS blog’s 

Yep…It’s still going-and its worse than ever it seems. Hundreds of thousands of unsuspecting people are stillstumbling across perfectly legitimate websites that have been compromised by an SQL injection, and as a result are infected with a nastyTrojan.
These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats. (Trend Micro have written a very good post explaining what happens once infected)

Therefore I thought I would take some time to mention a dew domains (courtesy of f-secure) admins should block to avoid any possible chance of infection:

yl18.net

www.bluell.cn

www.kisswow.com.cn

www.ririwow.cn

winzipices.cn

www.wowgm1.cn

www.killwow1.cn

www.wowyeye.cn

vb008.cn

9i5t.cn

computershello.cn

This is a good time to again mention that this not a vulnerability in Microsoft IIS or Microsoft SQL that is used to make this happen. If you are an administrator of a website that is using ASP/ASP.NET, you should make sure that you sanitize all inputs before you allow it to access the database.

There are many articles on how to do this such as this one. You could also have a look at URLScanwhich provides an easy way to filter this particular attack based on the length of the QueryString.

Hi All,

For those of you looking for a list certified hardware for Windows Server 2008 (x64), here’s the current and growing list:

All Hardware Items: http://www.windowsservercatalog.com/results.aspx?&bCatID=1283&cpID=0&avc=11&ava=23&avq=0&OR=1&PGS=25&ready=0

For details:

Product category

Storage (371)
Networking (102)
Servers (102)
Other Hardware (26)
Printers (20)
Bus Controllers and Ports (13)
Cameras and Video (5)
Scanners (2)
Input Devices (1)
Sound (1)

If you would like per Vendors:

Vendor

Intel Corporation (97)
Hewlett-Packard Company (82)
Dell Inc. (64)
NetApp (63)
HITACHI, Ltd. (30)
Fujitsu Siemens Computers (28)
QLogic Corporation (26)
EMC Corporation (21)
IBM (13)
Pioneer Corporation (13)

More…

Sourced from Nick MacKechnie’s MSDN blog

Bill Sisk just wrote an article on the Microsoft Security Response Centre (MSRC) blog:

There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.

To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).

The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application’s database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx  

As outlined in other reports the security flaw seems to be in poor code on websites, hackers a merely taking advantage of it on a massive scale.
Installing updates and blocking any malicious websites is the best method to protect your IIS Server.

HEROES Happen {HERE}

Microsoft have just posted the resources from the Windows Server, SQL Server & Visual Studio Heroes happen {Here}  launch. Check them out they are very informative indeed!

Catergorys include:

• Session 1 | What’s New in Windows Server 2008
• Session 2 | Virtualization and Your Infrastructure
• Session 3 | Securing Your IT Infrastructure with Windows Server 2008
• Session 4 | Exploring Windows Server 2008 Web and Application Technologies

Find the links to the slides here: http://www.technetbriefings.com/2008-launch-resources.aspx

After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.)

The newly found security flaw could potentially allow a malicious local user (who has authentication) to execute specially crafted code to raise his privilege level to LocalSystem. IIS and SQL Server are the main attack vectors. But other vectors are possible, such as Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2003.

The vulnerability looks like it basically allows for any process that has the SeImpersonatePrivilege to execute some code and be able to impersonate LocalSystem (which has the NT AUTHORITY\SYSTEM SID and a wealth of privileges in its token). For Windows 2003 and beyond the users awarded that privilege are in the Network Services, Local Services, Local System, and Administrators groups. On Vista/Server 2008 you additionally won’t have the privilege unless you’ve elevated. That fortunately reduces the scope of this otherwise highly serious vulnerability, though it still isn’t pretty.

It must be noted however  Microsoft stated in its advisory that- “Hosting providers may be at increased risk from this elevation of privilege vulnerability.” However, no exploitation has been observed at this time.
Microsoft Security Advisory 951306

If you are a Microsoft Certified Systems Administrator (MCSA) or a Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003, you can now transfer your skills to achieve multiple Microsoft Certified Technology Specialist (MCTS) certifications or Microsoft Certified IT Professional (MCITP) credentials on Windows Server 2008.

For the first time, the transition path is available before the product release. If you have a Windows Server 2008 certification on your resumé, you have an excellent opportunity to catch the eye of early adopter organizations. Microsoft Learning developed this transition path to recognize the investment and expertise you have demonstrated throughout your certification history—don’t miss your chance to take advantage of these new certifications.

Your path consists of one exam, which allows you to earn multiple Microsoft Certified Technology Specialist (MCTS) certifications on Windows Server 2008.
–First step: Take one exam to earn MCTS certification on Windows Server 2008

From there, you can complete the remaining requirements for one or both of the Microsoft Certified IT Professional (MCITP) certifications for Windows Server 2008.
–Your transition path from MCSA on Windows Server 2003 to MCITP 
–Your transition path from MCSE on Windows Server 2003 to MCITP

Because there is a significant technology gap between Windows 2000 Server and Windows Server 2008, only IT professionals with specific Microsoft Certifications on Windows Server 2003 can utilize these transition or upgrade paths. In addition, there is no upgrade path from messaging or security specializations to Windows Server 2008 certifications.

 Check out all the details here:
Thanks Microsoft 🙂

REDMOND, Wash., Feb. 4, 2008 –Approaching the company’s largest enterprise launch in its history, Microsoft reached another important milestone today with the release to manufacturing (RTM) of Windows Server 2008. The response from IT professionals and developers has been strong as the company moves toward the worldwide launch of Windows Server 2008, SQL Server 2008 and Visual Studio 2008 on February 27.

One indication of the momentum that is building around the latest server operating system is the number of beta and evaluation versions that customers and partners have obtained: more than two million.

IT professionals face increasing pressure from rapidly changing technology, increasing costs and security concerns, and expanding business needs. Windows Server 2008 helps alleviate these pressures by automating daily management tasks, tightening security, improving efficiency and increasing availability. It also offers virtualization solutions that will enable IT professionals to reduce costs, increase hardware utilization, optimize their infrastructure, and improve server availability.

Furthermore, because Windows Server 2008 was developed in tandem with the Windows Vista code base, it has most of that operating system’s advanced management and security features, such as integrated Network Access Protection (NAP) and Group Policy. Customers will also see system-wide performance improvements from an integrated system architecture, including network file sharing, managed quality of service and reduced power consumption. Common tools and processes across both operating systems will result in efficiencies for IT organizations.

“We’ve been working with partners around the world who are creating solutions that take advantage of the new platform’s feature set,” said Bob Visse, senior director, Windows Server Marketing Group at Microsoft. “There’s been tremendous support for the operating system and a lot of excitement around the opportunity it represents for the industry.”

Source: http://www.microsoft.com/presspass/features/2008/feb08/02-04WS2008.mspx

Edit (Patrick S):If you were on the technical beta for Windows Server 08 you can download the RTM images/iso’s from MSFT Connect. No Keys will be provided however-nor will previous Beta issued keys activate the RTM version. These images will only be on Connect for 30 days… So if you wish to keep a permanent copy you must download and save them locally.

One of my favorite documents for Windows Server 2003 is now available in beta form for Windows Server 2008.  If you have never reviewed these guides I strongly recommend them.  The guide makes it easy to tailor the security configuration to accommodate the needs of your organization.  There is also a really cool GPOAccelerator (Group Policy Object Accelerator) tool to help you rapidly setup, test and deploy configurations of Group Policy security settings.  Here are some of the resources for Windows Server 2008 Security Guide:

Check out the Executive Overview.

Join the Windows Server 2008 Security Guide beta.

Would you like to help Microsoft and shape Windows? Do you have a cool idea that you want to see in the next version of Windows? Is there something which is bugging you in the current version of Windows? Or does Windows not work for you?

Now it is the time for you to submit your feedback about what you want to see in the next version of Windows, through the Windows Feedback Program!

Register and join and Submit your feedback now at http://wfp.microsoft.com/

Counting down to Windows Server 2008, SQL Server 2008 and Visual Studio 2008 Global Launch in 185 days!

You can download the Vista Sidebar countdown’s gadget from:

http://www.wedsg.com/winclient/vistasidebargadget/download.htm

 

More information can be found from:

http://www.microsoft.com/windowsserver2008/default.mspx

Just documenting an error:

Error Message: System Cannot Log You on Because Domain <Computername> Is Not Available

SUMMARY

An error “System Cannot Log You on Because Domain <Computername> Is Not Available” appears when you try to log on to Windows.

SYMPTOMS

When the user tries to log on to the computer in the Log On dialog, it will fail with the error “System Cannot Log You on Because Domain <Computername> Is Not Available”. Log on using safe mode will not work either.

For instructions on resolving this issue, please see: http://support.microsoft.com/kb/555939

“Woo-hoo!  We did it. Today we are announcing that Windows Home Server has been released to manufacturing (RTM). We have finalized the software and now handing it off to our OEM partners. The evaluation version (with 120 day evaluation period) and the system builder version are also heading into the distribution channels and will be available in the next couple of months. French, German and Spanish versions will be finalized shortly, and OEM products will hit retail shelves this fall. “We’re also excited to announce Iomega and Fujitsu-Siemens Computers (FSC) as new OEMs planning to ship Windows Home Server products later this year.

“Here’s the toast I gave to the team at our RTM ship party last Friday night.It started with a vision that an always available device on the home network was an essential ingredient of a Microsoft platform for the home. At first there was only one of us, then three, then five… We put together a plan for a plan and executed. The result was an ambitious, yet pragmatic product plan that would deliver real value to consumers. We formed a team of extremely passionate, diverse, and hard working people. Some will say we had great luck but we know the best luck of all is the luck you make for yourself. We had a spirit of getting it done, no matter what. We broke some rules but never any laws. A community of highly enthusiastic customers rose around us. We made them part of the development process and rewarded them and they amplified our efforts.  We made some mistakes…and corrected them. We took a few risks…and they paid off.  In April 2005 we said we’d ship V1 in the first half of 2007. It wasn’t always easy and it wasn’t always fun, but we said what we were going to do and then we did it. You know what they say…the fourth time’s a charm.†  Congratulations and thanks for helping ship the coolest version of Windows ever: Windows Home Server.“The party was a blast and I’m glad to say everyone got home safely :-).”

Source: http://blogs.technet.com/homeserver/archive/2007/07/16/ship-it.aspx (Windows Home Server Blog)

Microsoft will release Windows Server 2008, SQL Server 2008 and Visual Studio 2008 together on Feb. 27, 2008 in what will be the company’s single largest launch ever.

“There is a feeding frenzy out there and we are committed to bringing this innovation to you, our partners and our customers. This will be the single largest product launch ever in the company’s history,” Kevin Turner, Microsoft’s chief operating officer, said at the annual worldwide partner conference here July 10.

The commitment to a final ship date for Windows Server 2008 ends months of speculation about when the product will actually be available to customers. Microsoft has until now only said it would release the code to manufacturing by the end of 2007, leading many to correctly predict that would be in early 2008.

Source: http://www.eweek.com/article2/0,1759,2156451,00.asp?kc=EWRSS03119TX1K0000594