David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small. I specialise in Windows Intune and SBS 2008.
This blog is purely the personal opinions of David Overton. If you can't find the information you were looking for e-mail me at admin@davidoverton.com.

To find out more about my Windows Intune BOOK - Microsoft Windows Intune 2.0: Quickstart Administration click here

To find out more about my SBS 2008 BOOK - Small Business Server 2008, Installation, Migration and Configuration click here

Browse by Tags

David Overton's Blog

Buy my books

Windows Intune:Quickstart Administration


This is the RAW book (Read as Written).
Click here for more information
Buy or pre-order today

SBS 2008 - Installation, Migration and Configuration

Small Business Server 2008 – Installation, Migration, and Configuration

Buy today in book or e-book form

Request a Review Copy

Twitter

Syndication

  • Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

    I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to update you on the Advance Notification of security update MS08-078 which will address a new vulnerability allowing remote code execution in all affected versions of Internet Explorer products. We plan to release this update on December 17th, around 10 a.m. Pacific Time (6pm UK time) through Automatic Updates and Microsoft Update. We encourage you to test and deploy this update as soon as possible. Our investigations of the known attacks have verified that they are not successful against customers who have applied the security update. You may be interested to know, that in response to the threat we mobilized security engineering teams worldwide right away to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight days. We also published the Microsoft Security Advisory 961051 . Microsoft's teams worked constantly to identify more options for customers and updated this advisory 5 times in six days. We remain committed to building secure...
  • Important Microsoft security update – update your machines now!

    DavidOverton.com rebooted today due to an emergency security update – an “out of band” release from the normal “patch Tuesday” process.  It is worth considering updating and reboot your computers and servers asap.   More information on this can be found at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx .  Impacted systems below:   Operating System Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update Microsoft Windows 2000 Service Pack 4 Remote Code Execution Critical MS06-040 Windows XP Service Pack 2 Remote Code Execution Critical MS06-040 Windows XP Service Pack 3 Remote Code Execution Critical None Windows XP Professional x64 Edition Remote Code Execution Critical MS06-040 Windows XP Professional x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 Service Pack 1 Remote Code Execution Critical MS06-040 Windows Server 2003 Service Pack 2 Remote Code Execution Critical None Windows Server 2003 x64 Edition Remote Code Execution Critical MS06-040 Windows Server 2003 x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 with SP1 for Itanium-based Systems Remote Code Execution Critical MS06-040 Windows Server 2003 with SP2 for Itanium-based Systems Remote Code Execution Critical None Windows Vista and Windows Vista Service Pack 1 Remote Code Execution Important None Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Remote Code Execution Important None Windows Server 2008 for 32-bit Systems * Remote Code Execution Important None Windows Server 2008 for x64-based Systems * Remote Code Execution Important None Windows Server 2008 for Itanium-based Systems Remote Code Execution Important None ttfn   David
  • How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall

    I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security. A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too: Windows Firewall Settings: Optional Components Windows Firewall Settings: Remote Administration Tools Windows Firewall Settings: Server Roles Windows Firewall Settings: Services The two key entries for me are below – DHCP and DNS. Note that the DHCP entry has a wonderful tip saying that you will need to ensure 0.0.0.0 is included in the scope of the acceptable ports – i.e. you can not just set the scope to local network only. This was my 1st mistake Windows Firewall: DHCP server Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server. Important: When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet . If you leave it set to My network (subnet) only , all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is 0.0.0.0 , which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses. Windows Firewall: DHCP server On the DNS entry the thing which grabbed me was the ports other than 53 that were needed...
  • Windows Small Business Server 2003 at risk from critical flaw

    Hopefully everyone has seen this, but if not: Windows Small Business Server at risk from critical flaw Microsoft initially omitted Small Business Server from its list of critically affected OSes, but is now offering patches via its automatic update services In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows' networking software. The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product's users were being offered patches via Microsoft's various automatic update services. "Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure," Microsoft said in its updated bulletin. The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim's machine, which could then allow the attacker to run unauthorized code on a system. Windows Small Business Server at risk from critical flaw | InfoWorld | News | 2008-01-24 | By Robert McMillan, IDG News Service ttfn David Technorati Tags: SBS 2003 , SBS 2003 R2 , SBS , Security , System Updates
  • From the Official SBS Blog - SBS now has a Best Practices Analyzer!

    You have seen the Exchange, SQL, Security and Windows best practice scanners, well now we have all that SBS expertise wrapped up into an SBS scanner - enjoy!! SBS now has a Best Practices Analyzer! The Microsoft Windows Small Business Server 2003 Best Practices Analyzer examines a server that is running Windows Small Business Server 2003 (Windows SBS) and presents a list of information and errors that administrators should review. The Windows SBS Best Practices Analyzer examines the server and collects configuration information from many sources including: Active Directory Windows Management Instrumentation (WMI) Registry Metabase After collecting information about server configuration, the Windows SBS Best Practices Analyzer verifies that the information is correct and then presents administrators with a list of issues sorted by severity. The list describes each issue and provides a recommendation or possible solution. System Requirements Supported Operating Systems: Windows Small Business Server 2003 (Any version of Microsoft Windows Small Business Server 2003) Links KB article http://support.microsoft.com/kb/940439 Download http://www.microsoft.com/downloads/details.aspx?FamilyId=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en So take a look and let us know what you think about it! (Feedback email address is in the KB article). The Official SBS Blog : SBS now has a Best Practices Analyzer! ttfn David Technorati Tags: SBS 2003 R2 , Best practices , If you only read one post today
  • WSUS on SBS and helping clients that think they are up to date, but WSUS does not

    I saw this posted internally and thought I would share. If you have clients that think they are up to date, but WSUS does not, have a look at this KB and also try these commands: 940357 An update is available to enable automatic approval of definition updates and to fix two problems in the Update Services component of Windows Small Business Server 2003 R2 - http://support.microsoft.com/default.aspx?scid=kb;EN-US;940357 and Wuauclt /detectnow /resetauthorization or wuauclt /reportnow from a cmd prompt on the client box (elevated if running on Vista) ttfn David Technorati Tags: SBS 2003 R2 , WSUS , Security
  • SharePoint User Group Meetings in UK (Newcastle and Reading) in September

    I got this e-mail today from the UK SharePoint User Group. They have two meetings coming up, one in Reading and one in Newcastle. Since SBS includes WSS and you can easily load WSS v3 onto it too, here are the details: Newcastle - 10th September MOSS MVP and general all round nice guy Spencer Harbar will be presenting an evening of goodness for all that attend. Arrive 6:30 for a 7pm start 1st Presentation: MOSS Server Farm Architecture & Design. This session introduces the fundamentals of MOSS Farm design including server roles, topology constraints and design goals which are paramount for delivery of a secure, available and scalable MOSS hosting platform. Each server roles’ unique characteristics will be covered with their associated trade-offs. In addition, three common models will be presented with a discussion of their strengths and weaknesses. 20 minute food and drinks break 2nd Presentatoin: Top 10 Tips for your SharePoint Development Environment. This session will present 10 essential tips, tricks, tweaks or utilities for making your SharePoint Development easier and quicker. All tips can be used equally in a Virtual Machine or on a “real” server. Many of the tips are also useful for systems administrators working with SharePoint 2007 location: BT, Unit 7, room 3, Innovation Place , Delta Bank, Newcastle upon Tyne, NE11 9DJ Please post your full name here if you with to attend. Reading - 17th September The famous Patrick Tisseghem is over from Belgium so it seemed like a great opportunity to arrange a meeting. 1800 - 1830 arrive 1830 - 1930 - OBA, Office Business Applications Explained - Patrick Tissegham This talk provides an overview of Office Business Applications. OBAs connect Line of Business (LOB) systems with the people that use them through the familiar user interface of Microsoft Office. They enable businesses to extend the Microsoft Office clients and servers into business processes running in LOB applications such as Enterprise Resource Planning (ERP), Customer Relationship Management (CRM),...
  • Vlad Mazek - "What is service management" and "how to avoid being hit by a truck when it is most inconvenient"

    I love Vlad's straight talking. If you get a chance read the whole of the blog entry Vlad Mazek - Vladville Blog » Blog Archive » Windows Server 2003 SP2 EEULA & CYA because as far as I am concerned he is preaching to the converted. I will stand by my view that Service Packs are tested as much as possible, but you need to do your own validation (see Who should test software and service packs - I think vendors,customers and partners - others thi ) to ensure that your application vendor is also happy to support their products on that service pack. If you only have MS products, check the release notes AND SUPPORT.MICROSOFT.COM as both may well have important information. I've extracted part of Vlads process to avoid a bloody head - read his post for more as people like Susan Bradley wishes she had :-) However, a part of me wonders just how heavy the rock was. You know, the one that he was under since Microsoft started releasing service packs. As painful as the above is to read, and as painful as this process has been for him, this outlines the fundamental lack of respect for change management we have in the IT industry. First , where is the full backup of the server that this was done on. At the very least this would have allowed him to take the server back to the last known good configuration. Second , where is the test system on which he checked Act 6.0 for compatibility? Third , never change more than one thing. If you installed the Service Pack and it broke things, do not proceed to install drivers (that likely have not been tested with the said service pack) and do more exotic changes. Fourth , test, test, test, test. Forget about the stuff you should have done before you patched, too late to setup a test vm, too late to do a full backup, too late to check the app vendor for advisories related to the patch, too late. You’re patched, there is a whole new world on your network. Isn’t the first thing to check all the workstations and rerun MBSA, performance testing, reset the performance counter on both...
  • May security updates for Server DNS and Office 2003/2007 and IE7. Also Quicktime needs an update

    I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution MS07-029 Critical Windows 2000 (server), Windows Server 2003 Remote Code Execution Summaries for these new security bulletins may be found at the following pages: http://www.microsoft.com/technet/security/bulletin/ms07-May.mspx Customers are advised to review the information in the bulletins, test and deploy the updates immediately in their environments, if applicable. Microsoft Windows Malicious Software Removal Tool Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://go.microsoft.com/fwlink/?LinkId=40573 High-Priority Non-Security Updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS) Microsoft is also releasing High-Priority...
  • From the The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

    I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store. 1. Connect to your OWA site by going to https://host.domainname.com/exchange FOR THE REST OF THE INSTRUCTIONS PLEASE FOLLOW THE LINK TO THE SOURCE BELOW Source: The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista ttfn David Technorati Tags: Vista , Certificate , SBS
  • Installing WSUS 3.0 on SBS White Paper Released, including when you already got WSUS on there, or need to upgrade

    I thought you should be aware of this WSUS 3.0 on SBS White Paper Released [Today's post comes to us courtesy of Chris Puckett] WSUS 3.0 has released. You can download it here . For information on installing WSUS 3.0 on your SBS 2003 SP1 or R2 server, check out the Installing WSUS 3.0 on SBS 2003 whitepaper. The issue blogged in February 2007 regarding Vista updates not synching in SBS 2003 R2 has been fixed in WSUS 3.0. If you experienced performance issues like high cpu usage by svchost, a UI hang and long scan times, the new new WUA client included with WSUS 3.0 addresses these issues in combination with the MSI update in KB 927891 . It’s important to note that the new client is only a partial solution for the svchost/msi issue and clients must have both KB 927891 and the new 3.0 client installed for a full solution. Source: The Official SBS Blog : WSUS 3.0 on SBS White Paper Released Having looked at the whitepaper it seems it covers the following areas: Install WSUS v3 on 2003 SBS SP1 and R2 (when to press cancel) Upgrading Windows Small Business Server 2003 with Service Pack 1 to Windows Small Business Server 2003 R2 while running Windows Server Update Services 3.0 (uninstall WSUS 1st and then re-install the database) Uninstalling and reinstalling Windows Small Business Server 2003 R2 components on a server that is running WSUS 3.0 (uninstall WSUS 1st and then re-install the database) ttfn David Technorati tags: SBS 2003 , SBS 2003 R2 , WSUS v3
  • Got SBS Premium (or an ISA firewall) and Vista customers - you will need the updated ISA Server Firewall Client

    Just a quick note to say that if you have a SBS customer who has some PCs with Vista then you will need the updated ISA firewall client. You will need to go to this page - ISA Server Firewall Client Firewall Client for ISA Server Brief Description Firewall Client for ISA Server installs the Firewall Client software on 32-bit and 64-bit computers running supported Windows operating systems. It is also worth noting that the install script will look something like this \\Servername\shared folder\SETUP.EXE /Q /P "SERVER_NAME_OR_IP=Servername ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1" Note this will almost certainly force a reboot due to the changes in the Winsock stack. ttfn David Technorati Tags: ISA , ISA Firewall client , SBS , SBS Premium
  • Symantec "Microsoft Listed as Most Secure OS"

    Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it is out there then the more likely it is that it will be used, however always nice to see that MS is trying hard and while not perfect, is doing better than other people who throw stones at MS. Of course, Windows also has more in it, so being better with more features in the box is even nicer and this is across all versions of Windows, not just the latest (Vista) for example. I think it shows that the IT industry has more work to do in this area - as Ed the Fed said - "this is a journey." Surprise, Microsoft Listed as Most Secure OS By Andy Patrizio UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec ( Quote ), no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors. The information was a part of Symantec's 11th Internet Security Threat Report . The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems. The report found that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006. <snip> During this period, 39 vulnerabilities , 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them . It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily. <snip> Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix ...
  • The SBS Diva spots why your workstations (and sometimes your SBS servers) are spiking at 100% CPU this month after the patches (yes, it is the Update services)

    Updated 08:07am 12th January - the blog title used to suggest this was a server issue - Susan pointed out that this is a client / workstation issue much more I had to blog this one - if you are seeing CPU spiking when patches are being installed, go look at http://msmvps.com/blogs/bradley/archive/2007/01/10/on-patch-tuesday-if-you-are-seeing-a-spike-in-cpu.aspx ttfn David
  • ISA 2004, meet Vista, Vista, meet ISA 2004 client so that you can now work!!

    If you are using Vista and ISA, you will be used to getting a compatibility warning when the client loads. Well, this KB and download gives you a time when that is no longer the truth :-) From the joys of Susan B's blog View article... .. How to obtain the version of Firewall Client for ISA Server (December 2006) that includes Windows Vista support: http://support.microsoft.com/kb/929556 Finally the ISA firewall client that will support Vista is out today and there's a new WSUS category to boot! As always, be careful when playing with your systems ttfn David
  • Need a machine to practice or simulate Windows Server, Exchange 2007, SQL 2005 or ISA 2006? Download the pre-configured VHDs for these virtual machines

    I am sure you have seen these already, but if not, these are great tools to help when you quickly need a machine to test something on, or spend longer learning about a product. I know you can get the disks in the action pack, but then you have to load it up on a PC or VPC - this saves you all the trouble. Windows Server 2003 R2 Windows Server 2003 R2 helps to simplify branch server management, can improve identity and access management, helps to reduce storage management costs, provides a rich Web platform, and offers cost-effective server virtualization. In this VHD, you'll have the opportunity to road-test new and improved features and functionality of Windows Server 2003, including management and usability enhancements to Active Directory. Exchange Server 2007 Learn how to take advantage of key features of Exchange Server 2007. This VHD provides an exploration of Active Directory and the new features in Exchange Server 2007, new features in Outlook Web Access 2007, enforcing compliance and retention policies in Exchange Server 2007, and more. SQL Server 2005 SQL Server 2005 is data management and analysis software that helps deliver increased scalability, availability, and security to enterprise data and analytical applications while helping to make them easier to create, deploy, and manage. In this VHD, you will get to experience many of the new features in SQL Server 2005. ISA Server 2006 VHD This download comes as a pre-configured VHD. ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing users with fast and secure remote access to applications and data. For a complete list of Microsoft products and technologies in a VHD, visit the VHD Download Center . Source: Run IT on a Virtual Hard Disk
  • IE7 Installation and Anti-Malware Applications - why you should turn them off for the install!!

    I saw this and because IE is coming soon, thought you might like to read this! IE7 Installation and Anti-Malware Applications A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation. Along with copying IE7 files to your system, IE7’s setup writes a large number of registry keys. A common way anti-malware applications protect your computer is by preventing writes to certain registry keys used by IE. Any registry key write that fails during setup will cause setup to fail and rollback changes. We work around the problem in most instances by checking permissions at the beginning of setup, but many anti-malware programs monitor the key rather than change permissions. Therefore, setup thinks it has access when it starts, but then fails when it later attempts to write the key. The majority of users likely haven’t seen any such problems even with anti-malware enabled because we work with third-party vendors to identify IE7 setup as ‘safe’ based on something like digital signatures or file hashes. While this could lead us to remove the recommendation to disable anti-malware apps, we’ve decided to leave it in setup because a number of factors may still cause some customers to have this problem. Specifically: With all the anti-malware apps available, we don’t want to assume all of them work just because we haven’t heard of a problem yet. Even anti-malware apps we’ve tested sometimes require the latest definition updates. If a user doesn’t have the latest definitions, he or she may still hit a problem even though we consider the issue resolved. Failed installation is an awful user experience so we take every step to reduce the chances of setup failing. I hope this helps answer some of your questions. John Hrvatin Program Manager Source: IEBlog : IE7 Installation and Anti-Malware Applications
  • Vista and security - are Microsoft doing the right thing?

    This is something I have thought long and hard about and as such I have to caveat things by saying this is my opinion and that I am no more informed than any other member of the public or IT community. Having said that, I have done my time as a Windows Developer and even once worked on emulation systems such as Wine. These protections will be coming to all OSs - so Vista, Longhorn, SBS - all of them! I really think this is some of the worst mud slinging I have seen in a long time and much is wrong! So what have I seen in the Press. McAfee and Symantec have complained that they want the ability to ignore the APIs in Vista and bash at the Kernel directly for security services. However, Kernel code has to be signed for the integrity of the system. Microsoft will not stick to the rules above and will gain advantage by using unknown APIs That the security prompts and center can not be turned off That Microsoft is right to make these changes and want to increase the integrity of the system As someone who once worked on a large secure project I recognise the types of controls Microsoft wants/has to put in place on the Kernel - something that has been around since Windows XP 64-bit addition based on Server SP1 (yes it was). When you have a look at all the nasties out there, some (rootkits often) place drivers on the system to do the "hiding" from you. A driver sits in the kernel and can see and change almost anything that goes on in there - if you are compromised in the Kernel, they you are hosed!! You will never know it and your tools will tell you everything is fine. If you allow some people to not obey these rules, then the dishonest ones will not be hindered by it. Yes it can be disabled, but why would you as a user want to turn it off? I even saw someone say that the Kernel is where the holes are, so it is important that rather than fixing the issues, MS was better off leaving it to others. Well, why not have Ms produce a better kernel and then most users would be happy. Second, long, long before I worked for Microsoft...
  • KB for SBS and your customers - MS06-055: Vulnerability in Vector Markup Language could allow remote code execution

    I almost feel that I don't need to publish this, but even though the next round of patches is just a day away, you need to think about this one too. MS06-055: Vulnerability in Vector Markup Language could allow remote code execution View products that this article applies to. Article ID: 925486 Microsoft has released security bulletin MS06-055. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: IT professionals: http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx Source: MS06-055: Vulnerability in Vector Markup Language could allow remote code execution ttfn David
  • Installing the Windows SBS 2003 R2 Premium Technologies

    This simple guide covers what you need to know to install the Premium Technologies. Installing SQL Server 2005 Workgroup Edition You can install SQL Server 2005 Workgroup Edition as your database for a business application. Additionally, you can upgrade the instance of Microsoft SQL Server Desktop Engine (Windows) (MSDE) that is used by Microsoft Windows SharePoint Services if you want to be able to search document libraries in your company's internal Web site. For step-by-step instructions about how to install SQL Server 2005, download the file sqlinstallsteps.htm below. Installing ISA Server 2004 You can install ISA Server 2004 as the firewall for your local network. For step-by-step instructions about how to install ISA Server 2004 with Service Pack 1, download the file isainstallsteps.htm below. Installing FrontPage 2003 You can install FrontPage 2003 on one computer in your Windows SBS network and then use FrontPage to create or modify your Internet Web site. Note It is recommended that you do not install FrontPage on your computer that is running Windows SBS 2003 R2. You should install it on another computer in your network instead. Download details: Installing the Windows SBS 2003 R2 Premium Technologies ttfn David
  • How patching should be done for all servers and clients - by Susan Bradley (super Jedi)

    I still fear Susan and what she would do if I ever made a serious security blunder. Luckily for me, I haven't yet. I also love the way she tells you the way it should be and makes it easy. I went through the process of evaluating my patches and then installing those I thought were needed (I do have some Office components on my test server, but I am hoping she will let me off for that). I was thinking on how to write this up when I say Susan's entry The risk evaluation of patching and saw she put it exactly how I would have done. What is my message - use her process and your customers will be as safe as can be expected. In fact, I applied the IMF patch immediately, which resulted in Exchange being offline for a few minutes, which when using Outlook 2003 or 2007 is no biggie at all. ttfn David
  • Small Business Security Guidance (via Group Policy)

    These are a little old, as in published on 21st July 2006, but still great step by step guides on how to ensure that servers and clients connected to them are secure. They do not just look at SBS 2003, but also Windows 2000 & Windows Server 2003 server environments too. How to Configure Windows Firewall in a Small Business Environment using Group Policy.doc How to Configure Windows XP SP2 Network Protection Technologies in a Small Business Environment.doc Securing Internet Information Services 6.0.doc Link to Download details: Small Business Security Guidance ttfn David
  • Microsoft acquired Win Internals (SysInternals.com)

    http://www.microsoft.com/presspass/press/2006/jul06/07-18WinternalsPR.mspx This is a bit of old news, but I have not reported it. There has always been a set of amazing tools that were usable to diagnose inside Windows, they were sold from a company called WinInternals, who then produced a set of free tools on the web site http://www.sysinternals.com . These tools I normally use are below. I use them for those questions like "what file is failing to load", or "where is it looking in the registry" or "what process is using all the CPU". Filemon This monitoring tool lets you see all file system activity in real-time. MoveFile Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files. PageDefrag Defragment your paging files and Registry hives! PendMove See what files are scheduled for delete or rename the next time the system boots. Autoruns See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings. Process Explorer Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process TCPView See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView even displays the name of the process that owns each endpoint. Includes a command-line version, tcpvcon. Regmon This monitoring tool lets you see all Registry activity in real-time. Winobj The ultimate Object Manager namespace viewer is here. Enjoy the tools and expect to see more as these become MS items. ttfn David
  • Do you use Business Critical Support - did you know you need to re-register each year now?

    This one was a bit of a surprise to me, but my Dad, who is an IT Consultant phoned me up to explain that when he range business critical support for a customer down situation he was told that his registration had lapsed. He then had to go through a process to re-register before his call could be processed - and this all took valuable time. I put this down to my Dad's unique way of finding problems with systems, however the very next day I got a mail from another partner who hit exactly the same thing, so think of this as a warning, go give yourself the ability to call MS Support without them charging you when your customers are "down". To get more information and registration information (it is not a long process honest), go to Register for free- Business Critical Telephone Support for registration and http://www.microsoft.com/uk/partner/tech_support/b... for information. Once you are set up, you MUST note your Support ID - this is the magic that will make it work when you need it. ttfn David
  • USATODAY.com - Cybercrooks constantly find new ways into PCs

    I was reading this article and it reminded me of a few things. Sometimes when sitting in the Microsoft camp we say how good / bad others are at security, but rarely reflect on what people need to do and why. When there is a known issue with a package, I suspect many don't go to a test environment and pull the patch apart, many just do a quick test on 1 pc and then deploy wider. Obviously SBS 2003 R2 makes this process easier as you can now control the deployment and retraction of patches via the console. It also reminds me that it a patch is needed, it is really a mute discussion on how many issues it fixes, reboots or any other aspect - if your systems are vulnerable, you need to patch of mitigate. To do neither is inviting huge issues - and I have seen plenty of customers with issues. What I did also see was a comparison table showing that systems often thought to not be at risk, such as those by Apple, can still be very susceptible. When a security issue exists on a system, it does not matter if 1 or a 100 people are gunning for you, you will be got. It is a bit like the human body - just because you have some medicine and some vaccinations, if you miss a preventative medicine and then get exposed to the illness, you will get ill. If each month there are 1 or 100 issues with your security, they will all be tested, so you need to patch them all, on any system from any organization. It is nice to see that MS does not top the list, even when including Office, Windows, Media Player and IE all in 1 go. Obviously for info on R2 go to the SBS website , for Security patches, visit the security site and finally, for general advice, try the http://www.getsafeonline.org . ttfn David
  • How to get content filtering (anti-virus, anti-spam, anti-malware), archival services, DR / Continuity and Encryption services for your SBS box at a great price

    As many of you know, I have always argued that MS online services only serve to complement our other solutions. One classic example of this is the Hosted Exchange Services - now before you run around with your fingers in your ears shouting "LALALA", have a look to see what they are. These services work with an existing Exchange server - ala SBS, so there is no threat to the SBS system at all. We then offer 4 services which includes those listed below, but the nice thing is the price. On the How to buy page is lists the prices - these are per user and you can start at 5 users - oh, and this is real per user, so if you have 20 aliases for 5 users (eg sales, support etc) - that is 5 users: Estimated Pricing All prices below are based on estimated retail pricing (per user, per month licensing). This pricing would apply to a small business with as few as 5 users. Services Prices Comments Microsoft Exchange Hosted Filtering $1.75 US Exchange Hosted Filtering is a fully managed service that employs multiple technologies to help prevent spam, viruses, and phishing scams from reaching corporate networks and to help enforce corporate email-use policies. Microsoft Exchange Hosted Encryption $1.90 US Exchange Hosted Encryption is a policy-based email encryption service that uses customizable policies based on users, keywords, character patterns, attachment types, and more to identify messages that require encryption. Microsoft Exchange Hosted Continuity $2.50 US Exchange Hosted Continuity is an email continuity service that is always on, providing your user community with access to the last 30 days of email and the ability to send and receive email in real time, even when the primary email system is unavailable. Microsoft Exchange Hosted Archive $17.25 US Exchange Hosted Archive is a managed service that captures and archives external and internal mail, IM and Bloomberg mail according to your contracted retention period. When the retention period is met, messages are automatically destroyed. Hosted Archive includes...
  • Microsoft's Anti-virus and Anti-spam technologies for an Exchange Server - ForeFront

    This is not something for every Exchange / SBS user, but it might be interesting to some. We have released our "ForeFront" security technologies that includes mail clensing as an option. CNet gave it a small amoutn of coverage, but you can get more information from the Microsoft web site . It is worth noting that to buy ForeFront you need a volume license agreement, hence why I said it *might* not be ideal for smaller businesses. For most SBS customers, the Hosted Exchange Services may well be the right answer at the right price. ttfn David
  • David Overton moving to a solution / revenue based role (it means I need to help partners sell)

    Many people ask me what I do and sometimes they are amazed with the answer "I help Microsoft Partners build solutions that deliver value to their small business partners – for free". This is a great job and part of it is to engage with as many partners as possible to improve the quality and knowledge around the solutions that can be built upon Microsoft technology. This year my role has a slightly different focus, but the way I achieve it will have many similarities. It has becoming important for me to ensure that partners are not just technically capable, but also selling solutions, sometimes even offering their customers alternative licensing options to suit their business needs. Some may see this as me selling out in some way, but while I love technology, if it is not applied correctly and you and I can't make money out of it, then there is a limit to the business value of the technology. I will still be blogging, posting on both business and technical ideas, but also be discussing how to sell solutions, what the licensing options truly mean, what extras you can add to a sale to add value for you and the customer. I'll even be discussing how online services are an opportunity for you, but more on this later. On this note, is there more I should do to help you sell more, have more customers and make more money? If so, let me know what is needed, whether it is something from Microsoft or David. Comments are open on this one, so fire a comment onto the blog. Expect to see a post on the work we are doing with the Technet team to get you even more technical resources and the process for access to all those nice betas, hosted services and where they fit as part of a solution and the options on licensing to make it easier for your customer to understand the value of technology and even buy earlier. Ttfn David
  • How to patch your SBS 2003 system using hotpatching and not have to reboot this month (July)

    One of the bad things about the monthly patch cycle is that a reboot is often required. Now while 10-15 minutes of downtime is not a great price to pay for good security, this does work out at a system performance of 99.97% availability for 24x7 systems, so not exactly shabby. With Server 2003 SP1 came a technology that not many people have noticed, called HOT PATCHING - where an OS patch is applied without having to reboot the system, even though a normal patch would require a reboot. Not every patch can work in this scenario, but if you can reduce the issues, so be it. Looking at this month, many of the patches are for office etc, but there are 3 for Windows Server, of which 2 can be applied as hot patches. Teh one which can not is the DHCP one, so if your server is not using DHCP client, i.e. is using static IP addresses, then you do not have to rush to patch this. In this case, you can use hotpatching. Simple download the two downloads and run as below: http://www.microsoft.com/downloads/details.aspx?familyid=48f03ad7-38f9-48f4-bbfc-14c52e9c942a&displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=c5e274a8-f962-4944-8878-6b88b1592bbf&displaylang=en WindowsServer2003-KB917159-x86-ENU.exe /hotpatch:enable Windowsserver2003-kb917537-x86-enu /norestart /hotpatch:enable that is it - your system will update and not need a reboot. Amazing ttfn David
  • Summary of Worldwide Partner Conference (WPC) just before I leave

    so, I have about 5 mins to write this, so it will be short & sweet. From the Small Business pre-day: event was sold out people told us licensing was still not up to scratch, but Eric Ligman's lessthancoffee.com site was very useful Much of the information for people was how to run a small business as it 1) enables us all to understand what is going on in the minds of our customers and 2) since many SBSC members are small businesses, hopefully gives them some ideas on how to be more successful as a business The Sloan Brothers were the highlight for me in advice ( http://startupnation.com ) - they said Got for 10% of the Watermelon, not 90% of the grape - this basically meant get funding and help to grow your business - keeping ownership of your business is more than just the number of shares - it is being there, so even if other people own 90% of the equity, you are still in charge. Outsource non-core skills Hitch your wagon to a star - eg Microsoft, but also someone local who will recommend you - so you get business by the power of recommendation from someone your customers will trust Harness the eye of PR - basically, PR is whatever you do for it, but use it, write it yourself or outsource, but make it have impact Manage your burn rate - know at all times how much cash you have and balance needs vs this my favourite - Know thy end game - to help you make decisions about all of the above you need to know what you want to achieve - is it to sell the business, to chair, to work until you are 90.... what is it - know this and many decisions canbe done on does it help me achieve this or not. There were many other announcements at WPC, which can be found at http://www.microsoft.com/presspass/events/wwpc/materials.mspx One other key thing that James Akrigg said to me: "Why are we always talking to people about their pain points? We also need to find out about their aspirations. " This was a key thing for me. ttfn David
  • Skype vs Windows Messenger

    As a rule I use my mobile to make calls - I know this makes me very 20th Century, but since I still listen to some 80's music, I guess we'll all just have to live with this. When I have used various VoIP solutions I often find the mike on my PC has let me down (I often forget the headset) or the comms is just not up to it in the hotel I am staying in. Having said that, many people use skpye. When looking at this option again, I came across these blog entries which I thought game interesting food for thought. Do you read the EULAs?? Why Skype is Bad Why Skype is Bad (part 2) Unified Communications and more about Microsoft ttfn David
  • Off to Partner Conference in Boston - see you blogging from there

    Hello, just a quick note to say that I am due to fly today @ 11am to Boston for the Partner Conference - if you are going then I will see you there, if not, you can read about it here. ttfn David
  • UK Managing Director Leaves the UK bound for Microsoft Corp - welcome to Gordon Frazer from South Africa

    Today we had a bit of a kick of for FY07 (Financial Year 07 in Microsoft) and a review of FY 06. We had a healthy year with excellent growth (this is no way a prediction of the MS Company results) and we also did a bit of sweeping a few things out. It has been speculated for a little while that Alistair Baker would be moving on and today we had it confirmed. As of 31st July, the new MD of MS UK will be Gordon Frazer from the South African Sub. He did seem like a very positive and fired up person, so I think this will be nothing but goodness, as will having another Brit in the power halls at MS in the States. For the press release, have a look at http://www.microsoft.com/uk/press/content/presscentre/releases/2006/07/PR03662.mspx ttfn David
  • Livemeeting today @4:30pm for SBSC members on Vista and Office - by Jo Carpenter and David Overton - ask us the hard questions

    Howdy folks, I thought I would remind all those SBSC members about the Office and Vista webcast happening today - as it is a livemeeting it will be mainly demos, plus some nuggets on positioning the technology. This is one of my monthly technology webcasts that you are welcom to join. To register (you need to do this a little in advance to get the final link via e-mail), go to http://msevents-eu.microsoft.com/cui/eventdetail.aspx?EventID=118771191&Culture=en-GB and sign up. This is one of the perks of being an SBSC member. ttfn David
  • 70-282 Exam - what has changed, what has not and how it stands now after all the feedback

    Howdy. There has been a lot of discussion recently about the huge changes to the 70-282 exam, especially following people helping us with the 71-282 beta exam work. Having worked many hours as an investagtive reporter (at least 2) and searched many a rubbish bin, I now have a pretty good answer to what happened. I managed to get this statement from the "right people" inside Microsoft. In short - 71-282 was a beta which had some things in it that did not make it into the final revised 70-282 exam. "70-282 Clarification around the introduction of a new version of the exam In Early 2006 Microsoft felt that exam "70-282 Designing, Deploying and Managing Network Solutions for Small and Medium-Sized Businesses" had not been performing at the Microsoft standard. Microsoft constantly reviews customer feedback and exam statistics, and determines if exam item changes or additions are required. To keep this exam current and valued by our customers and partners, Microsoft revised the questions and carried out testing of the new exam with a cross-section of Microsoft Partners and internal staff. This group was made up of people who had sat the previous 70-282 exam and of people who had not yet sat the exam all coming from the Small Business Specialist Community or SBS MVPs. The beta exam was coded 71-282. Candidates who sat and passed 71-282 will be given credit for the 70-282 exam. In March 2006, once testing was complete, the revised 70-282 exam was launched. The exam format has changed slightly, but the content continues to reflect the required knowledge for designing, deploying and managing network solutions for the small and mid-sized business. To be successful, you will need adequate knowledge of Microsoft Small Business Server, Microsoft Windows Server and Active Directory. All existing training and prep materials contain information to prepare candidates for the current exam questions. There are several preparation options available depending on your experience and current knowledge levels. Details of training courses...
  • Bad links now fixed

    Sooo many of you clicked the links in the posts from the last two days, but got an OWA screen that I had to go back and edit about 16 posts. All fixed now - thanks to Rob for pointing it out. ttfn David
  • Draft release of my web log analyser tool (using IIS Log files)

    People have asked for my tools I use to produce my site statistics, so I have released a draft cut. It should all work. To get the best out of it you need a $20 subscription to http://www.maxmind.com/app/web_services_guide#city and MapPoint , but otherwise it works - without both these it is fully functional, but no maps. The source can be found at http://uksbsguy.com/files/11/files/entry735.aspx and the exes at http://uksbsguy.com/files/11/files/entry736.aspx . ttfn David
  • ISA 2006 Release Candidate available

    This has been discussed in a few places - ISA 2006 is perhaps not going to offer enough to SBS customers , but if you want to have a look, then this is what you need: Download ISA Server 2006 Release Candidate Trial Software Test drive the new features and functionality by downloading the free trial of ISA Server 2006 Release Candidate Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition Release Candidate http://www.microsoft.com/downloads/details.aspx?FamilyID=a7fd89a0-2f8f-4b71-8a37-efc05724c136&DisplayLang=en Internet Security and Acceleration (ISA) Server 2006 Standard Edition Release Candidate http://www.microsoft.com/downloads/details.aspx?FamilyID=7b040fed-64b0-4de9-9d99-bbcfa5779fa2&DisplayLang=en ttfn David
  • Reading and storing everyone's e-mail and why I am glad I work for a small business

    I just saw this article at Wired and realised one of the benefits of working for a smaller organisation - this is not me I'm talking about, but you. One of the worrying quotes was: The survey gathered responses concerning e-mail security from 406 companies in the United States and the United Kingdom with more than 1,000 employees. In both regions, 38 percent of respondents said they employed staff to read or otherwise analyze outbound e-mail . In the United States, 44 percent of companies with more than 20,000 employees said they hire workers to snoop on workers' e-mail. Wow, not just the US, but the UK too. Now, should your customer be in the business where they do need to analyze mail, then of course SBS can help - for details on how to set it up, go have a look at the forum entry - http://uksbsguy.com/forums/thread/334.aspx for the answer - simple and effective. ttfn David
  • Microsoft AntiGen Products - could these be for SBS customers - only if they have one of the Volume License types, but that is becoming easier too

    AntiGen is a great set of products for providing security technologies. Some of these come in very price competative and feature rich. For example, for spam, smtp and a/v filtering the US price is $1.25 per user per month. For more info see below Microsoft Releases Antigen E-Mail Security Products http://go.microsoft.com/?linkid=5049691 On June 6, Microsoft announced the release of Microsoft Antigen e-mail security products -- including Antigen for Exchange, Antigen for SMTP Gateways, Antigen Spam Manager, and Antigen Enterprise Manager -- available to customers July 1, 2006. Microsoft Antigen products help business protect their Exchange, Windows-based SMTP gateway, Live Communications Server, and SharePoint servers from viruses, worms, spam, and inappropriate content. Read about new product features http://go.microsoft.com/?linkid=5049723 or download the new 90-day trials http://go.microsoft.com/?linkid=5049724 to see how Antigen can help protect your messaging and collaboration servers. ttfn David

(c)David Overton 2006-13