David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  

Browse by Tags

  • Windows Intune and firewalls / proxies

    We had this question circulate around at work, so I wanted to share.  Window Intune needs access to the internet.  This means that the services need unhindered access to the internet.  While for most of us, once we are connected, we are connected, some firewall / proxy devices require extra information to be entered into a browser and this is something that Windows Intune cannot deal with. Luckily, Richard at Windows Intunepedia has written about this and quite some time ago .  The key elements are: Ports 80,443 will be needed for outgoing communications and the firewall / proxy must be as follows: If the client computers exist behind an authenticating proxy server, you must configure the proxy server as follows: 1. Confirm that the proxy server supports HTTP and HTTPS. 2. Enable either Non-auth or Negotiate (Kerberos) authentication methods on the proxy. If your proxy server is using the Negotiate (Kerberos) authentication method then you must configure it to allow authentication using computer...
  • Windows Intune Case Study - Ontario Systems, helping to prove Card Industry (PCI) Data Security Standard certification PC update reporting

    Ontario Systems is a larger Windows Intune reference with 350 employee PC’s to manage. They needed a better way to manage mobile computers and Windows Intune was the answer to their problems as it enabled them to manage these computers providing they were connected to the Internet and verify this management to enable PCI certification. The two most notable benefits (besides saving money) were: More control, better insight. With the ability to monitor PCs, distribute software and updates, and perform remote tasks from a single console, Ontario Systems has more control and better insight into its PC environment. The IT department will save up to an hour each time it delivers the software updates that employees need to work productively and securely. “Being able to use Windows Intune to issue a security update or remotely initiate a malware scan without interrupting our employees’ workday saves time for the IT staff and helps avoid hours of PC down time,” says Hughes. Better security compliance. By using Windows...
  • How to get SBS 2008 to "fix" managing WSUS after you have manually upset it

    Today's post covers what to do when SBS says it no longer can change the WSUS settings from the console.  The exact message is "Windows Small Business Server Update Service is not running because it automatically turns off if you customize Windows Server Update Services (WSUS)". One way round this problem is to manually change all the settings in the WSUS console (from Administrator Tools, select Microsoft Windows Update Services 3.0 SP1) and change the settings as per instructions found at http://blogs.technet.com/sbs/archive/2006/07/13/441594.aspx .  I'm a sort of "quick fix" kind of guy, so the easier way is to go to the same tool, but then run the wizard.  The steps are: Start the Wizard   Click through the first two screens and set the updates to come from Microsoft Update Configure the proxy if required and press next.  Then press Start Connecting.  When done, press Next again. Select the language(s) you want to download Make sure "All Products"...
  • How to encrypt backups and optionally the system disks on Windows Server 2008 and SBS 2008 and Windows Vista too

    Hi, someone asked in the forums how if the backups on SBS 2008 and Windows Server 2008 were encrypted and the answer is no, even if the drives being backed up are BitLocker protected ( more details here ). However you can get encrypted backups with a bit of effort. To do this you will need to at least BitLocker enable your removable drives and optionally your system disk. I used the information at http://blogs.msdn.com/askdavid/archive/2007/06/08/enabling-bitlocker-on-removable-drives-usb-flash-drives-usb-hard-drives.aspx as a guide to putting together what I needed to do, so many thanks David Chandra for this. This same process can also be used on Windows Vista There are a couple of snags however and you need to work out which scenario you wish to have (if you have a TPM chip then option 2 & 3 can be replaced with entering a key into the TPM prompt: encrypt just the backup disks you will need to run a script each time a volume is added back to the system encrypt the system disk and the backup disks and you...
  • SBS 2008 Forefront Virus protection for e-mail Errors or Warnings - “At least one of the engines enabled for update has not been updated in the last week” – how to solve

    My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront. I either had errors or at best warnings all the time about the scan engines. I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop. When I looked in the event log I could see errors like these below. Searching the internet delivered me the KB article http://support.microsoft.com/kb/939411/en-us which talks about timeout issues, however even with the recommended change things did not resolve themselves. Source: GetEngineFiles Event ID: 6014 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: AhnLab Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab Proxy Settings: Disabled Error Code: 0xC0001F58 Description: The operation timed out. Source: Microsoft Forefront Security Event ID: 7003 Level: Warning Description: Not all of the selected engines enabled for updates...
  • Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

    I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to...
  • Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC

    This is another question I was recently asked. One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN. The certificate looked something like this: This was a little strange as when the system was accessed from the intranet, all things appeared fine. The culprit for them was the SBS 2003 self signed certificate on the same machine. By removing the certificate and then installing the correct new one things got better. To remove the old certificate, start MMC.exe and accept the UAC prompt. Now press Ctrl+M to add a new snap-in and select Certificates and when asked, add for the user account . The do the same again, but select Certificates and Computer Account and hit OK to accept the current computer. Now expand out Personal Certificates and remove any SBS 2003 self signed certificates. To load the new certificates open a browser inside your SBS 2008 network and point to http://companyweb/Lists/Announcements/DispForm.aspx...
  • Important Microsoft security update – update your machines now!

    DavidOverton.com rebooted today due to an emergency security update – an “out of band” release from the normal “patch Tuesday” process.  It is worth considering updating and reboot your computers and servers asap.   More information on this can be found at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx .  Impacted systems below:   Operating System Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update Microsoft Windows 2000 Service Pack 4 Remote Code Execution Critical MS06-040 Windows XP Service Pack 2 Remote Code Execution Critical MS06-040 Windows XP Service Pack 3 Remote Code Execution Critical None Windows XP Professional x64 Edition Remote Code Execution Critical MS06-040 Windows XP Professional x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 Service Pack 1 Remote Code Execution Critical MS06-040 Windows Server 2003 Service Pack 2 Remote Code Execution Critical None Windows Server 2003 x64 Edition Remote...
  • Configuring OneCare for Servers in SBS 2008

    The Console setup process ( Once SBS is set up, how to do the basic configuration through the management console ) sets up SBS 2008 for use. OneCare for Servers provide anti-malware capabilities and is an important part of the system integrity. SBS 2008 comes with a trial of OneCare and so far I’ve found it very effective. Setup today requires two updates that it downloads and applies itself: Notice that the initial configuration immediately informs you that you need to update Start the process, tell OneCare which country you are in and and accept the EULA. The download starts, updates and finishes If you have an activation key, or wish to purchase one you carry on through the process, switching to a web site to complete the process Note, DO NOT try to activate your trial in the Technical Preview unless you have already been provided with a key If you have been going through the Console in order then this is it baring the enabling of Office Live. Finally, all the SBS 2008 entries can be found at http://davidoverton...
  • Why those Mac OS X vs Windows adverts are just so wrong … and so would the Linux vs Windows if they ran them

    What an amazing graphic … it talks about security issues and fixes. The nice “Apple” man seems to be hiding how many problems he has on his adverts :-) What is also interesting is how many issues are stilling being found on the various implementations of Linux. Obviously there is still more detail around this, so for the full rundown have a look at http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx . ttfn David Technorati Tags: Apple , Microsoft , Redhat , Ubuntu , Security , Updates
  • How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall

    I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security. A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too: Windows Firewall Settings: Optional Components Windows Firewall Settings: Remote Administration Tools Windows Firewall Settings: Server Roles Windows Firewall Settings: Services...
  • Understand the key security engineering activities that you need to be aware of in application development. Written by a Microsoft UK employee - "The Developer Highway code" as a download or a traditional book

    It you write code then you need to understand how to write secure code. If you want to understand how to write code that is secure by design then you need to seek the help of people who "have been there". Microsoft has helped thousands of people write applications that do not leak information and Paul's book has helped even more. The Developer Highway Code , written by Paul Maher of Microsoft, is a concise handbook that captures and summarises the key security engineering activities that should be an integral part of the software development process. This companion guide should be a must for any Developer, Architect, Tester etc. undertaking software development...The book is presented in easy to read checklist form, covering essential guidance on writing and releasing secure code. The book has been downloaded by over 100,000 people and over 20,000 actual books are out there ... and now it has been updated!! In case you are still not convinced, please read the following endorsements: “The developer...
  • Small Business Server 2008 (formally known as Cougar) announcement

    Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also confirmation of some of the rumours around there. I've sliced the press release made today into 3 sections. This blog entry is based on the SBS 2008 section of which there is an extract below of some key points. The whole press release can be found at http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx . Windows Small Business Server 2008 Multiplies Business Growth Windows Small Business Server 2008,previously known by the code name “Cougar,” is ideal for organizations with up to 50 PCs, helping them protect business data, expand business productivity and present a professional image to customers. The new version adds a range of features and capabilities to the current, award-winning Small...
  • Windows Essential Business Server announcement

    Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also confirmation of some of the rumours around there. I've sliced the press release made today into 3 sections. This blog entry is based on the Essential Business Server 2008 section of which there is an extract below of some key points. The whole press release can be found at http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx . <snipped> Windows Essential Business Server 2008 for Midsize Companies Windows Essential Business Server 2008 is designed for the needs of midsize organizations with up to 250 desktops, helping IT professionals take control of their systems, reduce time spent “fighting fires” and focus more on strategic efforts to drive business growth. The solution includes built...
  • "Windows Essential Server Solutions family of products" announcement

    Today is the start of the Server 2008 PR ramp up. I can today tell you a bit more about Cougar, as was, or SBS 2008 as it will be, the new "family" that SBS is part of and a bit more on Windows Essential Business Server 2008 (aka Centro). Hopefully there will be a couple of surprises and also confirmation of some of the rumours around there. I've sliced the press release made today into 3 sections. This blog entry is based on the "family" section of which there is an extract below of some key points. The whole press release can be found at http://www.microsoft.com/presspass/press/2008/feb08/02-20EBFamilyPR.mspx . To help small and midsize organizations improve business efficiency, increase productivity and drive growth, Microsoft Corp. introduced the Windows Essential Server Solutions family of products, built on Windows Server 2008 and the newest Microsoft server technologies and services. The company also unveiled details about the newly named Windows Small Business Server 2008. The Windows...
  • Microsoft switching SharePoint to claims-based authentication - The Password is changing

    You've heard it before, well this seems to suggest that the password or AD based auth is just too wrong! So SharePoint is going as open as possible!! Microsoft switching SharePoint to claims-based authentication By John Fontana , Network World, 10/16/07 Microsoft is replacing the authentication system for SharePoint Server and plans to make the collaboration platform one of the first of the company’s marquee applications to rely on a new claims-based identity model . The goal is to have SharePoint incorporate an authentication model that works with any corporate identity system, including Active Directory, LDAPv3-based directories, application-specific databases and new user-centric identity models, such as LiveID, OpenID and InfoCard systems, including Microsoft’s CardSpace and Novell ’s Digital Me. Microsoft switching SharePoint to claims-based authentication - Network World ttfn David Technorati Tags: SharePoint , Claims-Based Authentication , Security

(c)David Overton 2006-18