Browse Blog Posts by Tags

We had this question circulate around at work, so I wanted to share.  Window Intune needs access to the internet.  This means that the services need unhindered access to the internet.  While for most of us, once we are connected, we are connected, some firewall / proxy devices require...

Today's post covers what to do when SBS says it no longer can change the WSUS settings from the console.  The exact message is "Windows Small Business Server Update Service is not running because it automatically turns off if you customize Windows Server Update Services (WSUS)". One...

My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront. I either had errors or at best warnings all the time about the scan engines. I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop. When I looked in the event...

This is another question I was recently asked. One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN. The certificate looked something like this: This was a little strange as when the system was accessed...

The Console setup process ( Once SBS is set up, how to do the basic configuration through the management console ) sets up SBS 2008 for use. OneCare for Servers provide anti-malware capabilities and is an important part of the system integrity. SBS 2008 comes with a trial of OneCare and so far I’ve found...

I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to...

Each month the TRM blog product this great summary of the Microsoft world in various product areas. The blog can be found here http://blogs.technet.com/trm/ News Help your customers securely deploy Windows Server 2008 with the Windows Server 2008 Security Guide! http://go.microsoft.com/fwlink/?LinkId...

Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also...

My background covers security and I've started reading this blog ( Security Vulnerability Research & Defense ) - it is excellent and definitely worth a read to understand how vulnerabilities work and how to mitigate them!! MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities...

It is funny. As people get more used to patching operating systems they seem to think that makes them bullet proof on the whole system, yet this is simply not the case. With Microsoft products people are used to patching them as needed to reduce the security risks on their systems. Others will sight...

Ahh, once again the joys of lessening the security on a device to enable modification or easier use shows its dark side. Once upon a time geeks could open and hack the software they bought and make their own world a better place. Now, more people do this without the knowledge of the risks they are taking...

I saw this go around on a thread at work and I have seen it requested for those security conscious partners, so here is the answer (courtesy of Eric Ellis): 1) Via the Office Customisation Tool (OCT) and a custom MSP: — or — 2) Via Group Policy: The difference between the two is that using the OCT will...

I'm sure you have heard that the Office 2007 Service Pack is here. Darren Strange has documented what is in it and how to get it at Office 2007 sp1 ready for download today and OfficeRocker! : More detail about sp1 . In answer to Susanne's post at here , hopefully this post has some more info...

You've heard it before, well this seems to suggest that the password or AD based auth is just too wrong! So SharePoint is going as open as possible!! Microsoft switching SharePoint to claims-based authentication By John Fontana , Network World, 10/16/07 Microsoft is replacing the authentication system...

I have heard many times how Windows is the big target for virus and phishing nasty people in general, but more and more people are showing that Windows is just too hard to hack when applications and other platforms offer so much more opportunity. From the article at eBay: Phishers getting better organized...

I saw this on good old X (part of the GUI stuff for Unix and Linux systems) and it reminded me that although these codebases have had millions of hours of review (I worked on X systems from 1992-1995 inside a security project) they still have holes in them. Anyone who thinks security is something that...

Building Secure ASP.NET Applications: Data Access Security http://go.microsoft.com/?linkid=7243611 This MSDN article presents recommendations and guidance that will help you develop a secure data access strategy. Topics covered include using Windows authentication from ASP.NET to the database, securing...

According to the article at MSNBC, 25 years ago a 9th grader let loose a virus on his friends because they didn't like his practical jokes. It was the 1st wild boot sector virus and started a whole industry of security watching. The whole article is worth reading as it discusses the whole business...

I am one of those people who always leaves UAC enabled - I like to see when something (*cough* - Adobe Update - *cough*) wants to execute with admin privilege on my system and then get the choice as to whether to allow it or not. However, not everyone likes the choices that are presented by default with...

This applies to the UK as well as the US, however recent surveys which showed that people in the UK were prepared to give up their password for chocolate. Anyway, the rules are: If it seems to be too good to be true, it probably is You have not : won the lottery failed a bank security test had someone...

I've hung up my architecting gloves, but I still get the e-mails. I saw this and thought there were a few partners out there who would want to take advantage of the events. As a practising or aspiring architect, it's vital to keep up to date with the latest news and technological developments...

Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that...

I saw on the OneCare blog that a new beta is out this can be signed up for at Windows Live OneCare 2.0 Beta . I like OneCare - while it has it cranky moments (like I have to manually remove the old product to install the beta) it works better than some others I could mention without killing my machine...

I love Vlad's straight talking. If you get a chance read the whole of the blog entry Vlad Mazek - Vladville Blog » Blog Archive » Windows Server 2003 SP2 EEULA & CYA because as far as I am concerned he is preaching to the converted. I will stand by my view that Service Packs are tested as much...

I was browsing Vijay's blog and notices a link to Sean Daniel's blog discussing Cougar. While there are many details of Cougar still to be released and some I would imagine still to be decided, here are some of the most interesting things he said: There will be a migration too that will take...

Just a quick one - I was playing around with SQL2005 on my Longhorn server and I could not connect from a remote machine - Ahh I thought, the firewall is in the way, but it turned out I had to do 3 or 4 things to get things working. The Microsoft KB article that pointed to the light was How to configure...

I saw this and for a change decided I needed to blog on something about Symantec. The story is simple - a program pretends to be Windows Activation and asks for a credit card to prove ID. IT IS OBVIOUSLY NOT A MICROSOFT TOOL, but I am sure some people might presume it is. For more information, have a...

I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed...

Just a quick note to say that if you have a SBS customer who has some PCs with Vista then you will need the updated ISA firewall client. You will need to go to this page - ISA Server Firewall Client Firewall Client for ISA Server Brief Description Firewall Client for ISA Server installs the Firewall...

Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it...

I have had a few people tell me that they have had problems getting an administrative command prompt up and running in Vista. If you have done it correctly then a windows will open just like the one to the left. Notice that it has opened into the X:\windows\system32 directory and that it has the title...

OK, so I saw that the Vista Security Guide ( http://blogs.msdn.com/windowsvistasecurity/archive/2007/01/05/windows-vista-security-guide-1-2-released.aspx ) had been updated - it is worth knowing more about the security model in Vista, how we protect against some threats and how it might impact your applications...

It is strange how some things are so different and yet so similar. If I was to talk to you about a product from Microsoft that ran Windows, Exchange, SQL and ISA and had some management capability then you might think I was talking about SBS, but this time, that is not so. This time I am talking about...

If you are using Vista and ISA, you will be used to getting a compatibility warning when the client loads. Well, this KB and download gives you a time when that is no longer the truth :-) From the joys of Susan B's blog View article... .. How to obtain the version of Firewall Client for ISA Server (December...

I am sure you have seen these already, but if not, these are great tools to help when you quickly need a machine to test something on, or spend longer learning about a product. I know you can get the disks in the action pack, but then you have to load it up on a PC or VPC - this saves you all the trouble...

I remember when this story 1st broke - that someone had found a way to use cpu virtualisation technology to provide the ultimate "root kit" to steal information from Vista (although this would work for any / every operating system). One little niggle was that the user had to install the nasty, which...

This has been around for a while, but it is no longet in beta - scan a PC to see how it is doing! Get a free PC safety scan Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC. Check for and remove viruses Get rid of junk on your hard disk Improve your...

This is something I have thought long and hard about and as such I have to caveat things by saying this is my opinion and that I am no more informed than any other member of the public or IT community. Having said that, I have done my time as a Windows Developer and even once worked on emulation systems...

This simple guide covers what you need to know to install the Premium Technologies. Installing SQL Server 2005 Workgroup Edition You can install SQL Server 2005 Workgroup Edition as your database for a business application. Additionally, you can upgrade the instance of Microsoft SQL Server Desktop Engine...

I still fear Susan and what she would do if I ever made a serious security blunder. Luckily for me, I haven't yet. I also love the way she tells you the way it should be and makes it easy. I went through the process of evaluating my patches and then installing those I thought were needed (I do have some...

This tool has been made over, simplified and is now far less confusing. While the full capability to re-partition the disk if required is not automated, the info at BitLocker™ Drive Encryption Team Blog : BitLocker Makeover also provides RC1 step by step instructions too. ttfn David

These documents are slightly old, as in published in late July 2006, but very much worth a read and a potentially useful as a checklist for those customers without servers in their environment. Protecting Client Computers from Network Attacks.doc Securing Remote Clients and Portable Computers.doc Securing...

Recently there has been discussion about Vista in Europe around security - some to-ing and fro-ing around if there will be a requirement to ship a version without security features. While all this stuff has been going on, there has also been some discussion around the impact of Vista on the European...

http://www.microsoft.com/presspass/press/2006/jul06/07-18WinternalsPR.mspx This is a bit of old news, but I have not reported it. There has always been a set of amazing tools that were usable to diagnose inside Windows, they were sold from a company called WinInternals, who then produced a set of free...

11 September 2006, London: Windows Vista System Integrity Technologies Windows Vista will ship with several new system integrity technologies, including code integrity, secure start-up, service hardening, mandatory integrity control and Internet Explorer protected mode. In this session, Steve Lamb explores...

The Vista Security Guide will be released to Beta on September 6 th exclusively through Microsoft Connect. It will be available to anyone who signs in at https://connect.microsoft.com/InvitationUse.aspx?ProgramID=820&InvitationID=VSG-P74P-BFTH&SiteID=14 . The Beta period will extend for just...

As many of you know, I have always argued that MS online services only serve to complement our other solutions. One classic example of this is the Hosted Exchange Services - now before you run around with your fingers in your ears shouting "LALALA", have a look to see what they are. These services...

One again I was scanning the news when this article caught my eye. It discusses the complexity of trying to make a more secure OS for Vista while also trying to enable application compatibility. I once discovered that we had over 10,000 "fixes" in previous OSs to cover for bad applications...

I read about this internally yesterday and then on the blog posts today - IE7 will become part of the core OS when it is released. What does this mean - simple, unless you load a " blocking tool " similar to the XP SP2 blocking tool, then IE7 will ship down to your PC as a security update....

One of the bad things about the monthly patch cycle is that a reboot is often required. Now while 10-15 minutes of downtime is not a great price to pay for good security, this does work out at a system performance of 99.97% availability for 24x7 systems, so not exactly shabby. With Server 2003 SP1 came...