DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » All Tags » Security » Documentation (RSS)

Browse by Tags

  • How to encrypt backups and optionally the system disks on Windows Server 2008 and SBS 2008 and Windows Vista too

    Hi, someone asked in the forums how if the backups on SBS 2008 and Windows Server 2008 were encrypted and the answer is no, even if the drives being backed up are BitLocker protected ( more details here ). However you can get encrypted backups with a bit of effort. To do this you will need to at least BitLocker enable your removable drives and optionally your system disk. I used the information at http://blogs.msdn.com/askdavid/archive/2007/06/08/enabling-bitlocker-on-removable-drives-usb-flash-drives-usb-hard-drives.aspx as a guide to putting together what I needed to do, so many thanks David Chandra for this. This same process can also be used on Windows Vista There are a couple of snags however and you need to work out which scenario you wish to have (if you have a TPM chip then option 2 & 3 can be replaced with entering a key into the TPM prompt: encrypt just the backup disks you will need to run a script each time a volume is added back to the system encrypt the system disk and the backup disks and you...

  • Configuring OneCare for Servers in SBS 2008

    The Console setup process ( Once SBS is set up, how to do the basic configuration through the management console ) sets up SBS 2008 for use. OneCare for Servers provide anti-malware capabilities and is an important part of the system integrity. SBS 2008 comes with a trial of OneCare and so far I’ve found it very effective. Setup today requires two updates that it downloads and applies itself: Notice that the initial configuration immediately informs you that you need to update Start the process, tell OneCare which country you are in and and accept the EULA. The download starts, updates and finishes If you have an activation key, or wish to purchase one you carry on through the process, switching to a web site to complete the process Note, DO NOT try to activate your trial in the Technical Preview unless you have already been provided with a key If you have been going through the Console in order then this is it baring the enabling of Office Live. Finally, all the SBS 2008 entries can be found at http://davidoverton...

  • Understand the key security engineering activities that you need to be aware of in application development. Written by a Microsoft UK employee - "The Developer Highway code" as a download or a traditional book

    It you write code then you need to understand how to write secure code. If you want to understand how to write code that is secure by design then you need to seek the help of people who "have been there". Microsoft has helped thousands of people write applications that do not leak information and Paul's book has helped even more. The Developer Highway Code , written by Paul Maher of Microsoft, is a concise handbook that captures and summarises the key security engineering activities that should be an integral part of the software development process. This companion guide should be a must for any Developer, Architect, Tester etc. undertaking software development...The book is presented in easy to read checklist form, covering essential guidance on writing and releasing secure code. The book has been downloaded by over 100,000 people and over 20,000 actual books are out there ... and now it has been updated!! In case you are still not convinced, please read the following endorsements: “The developer...

  • Latest news, events and downloads in the Security world from Microsoft - Windows Server 2008, Mobile, employee habits, Antigen, IPSEC, ForeFront, NAP, XP Firewall, System Center

    Each month the TRM blog product this great summary of the Microsoft world in various product areas. The blog can be found here http://blogs.technet.com/trm/ News Help your customers securely deploy Windows Server 2008 with the Windows Server 2008 Security Guide! http://go.microsoft.com/fwlink/?LinkId=92550 Every day, adversaries attempt to invade your customers’ networks and access their servers—to bring them down, infect them with viruses, or steal information about customers or employees. Your customers are looking to Microsoft and Windows Server® 2008 to help them address these threats. To assist customers in taking full advantage of the rich security features in Windows Server 2008, Microsoft has developed the Windows Server 2008 Security Guide. The Windows Server 2008 Security Guide provides IT professionals with best practices, predefined security templates, and an automated deployment tool to help strengthen the security of servers running Windows Server 2008. Supporting Your Family, Friends, and Neighbours...

  • How to Disable Internet features of Office 2007

    I saw this go around on a thread at work and I have seen it requested for those security conscious partners, so here is the answer (courtesy of Eric Ellis): 1) Via the Office Customisation Tool (OCT) and a custom MSP: — or — 2) Via Group Policy: The difference between the two is that using the OCT will preset the desired configuration during the initial installation (or in a maintenance mode change), but users can change the settings if they desire. Group policy enforces the desired configuration, and if a user makes a change to the setting, they will revert back to the settings defined in the policy during the next application session. ttfn David Technorati Tags: Office 2007 , Security , Internet , Group Policy , Office Customisation Tool , OCT

  • If you are a developer, what can Windows 2008 do for your developments... lots maybe

    Sorry to sound so vague, but I have to start by saying that Windows Server 2008 is a server platform, not a cure for cancer, so lets put it in perspective and set our expectations high, but not stupidly high expecting it to be revolution. Server 2008 is a quality evolution of Windows Server 2003 and extends and enhanced the Server 2003 offerings. However, if you plan on building applications for the future then Server 2008 will be the place to be. Microsoft have released a document called the "Windows Server 2008 Developer Story" that has a wealth of information on Server 2008 developer directions and how they combine to offer something greater than the sum of the parts. The download site describes itself as: Windows Server 2008 Developer Story An executable containing the Windows Server 2008 Developer Story The Windows Server 2008 Developer Story introduces users to new features of the Windows Server 2008 operating system by providing a cohesive story about how the features fit together to make a compelling...

  • Office 2007 SP1 is here and it does more than just update the desktop - SharePoint gets AJAX for example

    I'm sure you have heard that the Office 2007 Service Pack is here. Darren Strange has documented what is in it and how to get it at Office 2007 sp1 ready for download today and OfficeRocker! : More detail about sp1 . In answer to Susanne's post at here , hopefully this post has some more info in it One of the little things he puts that I like is: Some other factoids about sp1 There are roughly 2500 fixes in SP1. This an average size for a service pack, but the issues fixed are very important to our customers. Almost 20% of those fixes are direct result of customer requests. Over 500 of those fixes focused on security. There are a total of 24 different releases in 38 languages. There are 683 distinct packages. All have released simultaneously today. If you get the whitepaper then you would be keen to see the information below. Notice that SharePoint amongst other things a developer update to support Ajax and that other server products (Groove and Project Server) are also updated. Stability Microsoft continues...

  • Security for Windows Vista (understanding more about UAC), Networks, plus advice and guidance

    Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that User Account Control (UAC) is one of the most misunderstood new features in Windows Vista. But its goal -- to enable users to run with standard user rights -- can solve many security issues. Get an inside look at the problems UAC addresses and see exactly how this new feature works. http://go.microsoft.com/?linkid=6803653 Network Security Internet Protocol Security Enforcement in the Network Access Protection Platform This white paper describes the Network Access Protection (NAP) platform, how IPsec protects traffic, and how IPsec Enforcement in NAP provides system health policy enforcement for IPsec-secured communication. http://www.microsoft.com/downloads/details.aspx?FamilyID=144cc69f-790f-4f52-8846-3f3b8584d7cd&DisplayLang...

  • Microsoft Security products - Forefront and the next version codename Stirling

    I have grabbed these security tit-bits from Technet this month and thought I would share them with you. Expect to be playing with Forefront in one form or another with a year, so might as well see what it does now :-) Microsoft Unveils Next-Generation Forefront Business Security Solution Codename "Stirling" http://go.microsoft.com/?linkid=6951832 Announced this month, the new Microsoft Forefront solution, codename "Stirling," is a single product that will deliver unified security management and reporting with comprehensive, coordinated protection across client, server applications, and network edge. "Stirling" acts as a distributed system, sharing and correlating information to identify complex threats, and dynamically responding to protect the organization. Microsoft Forefront Client Security 120-Day Trial Is Available http://go.microsoft.com/?linkid=6959785 Microsoft Forefront Client Security 120-day trial version is available for evaluation, a security solution that helps protect...

  • "Vista, XP Users Equally At Peril To Viruses, Exploits" and then a lengthy retort from Roger A Grimes including the comment that the number of vulnerabilities over a given time for OSs were XP-28, Vista-11, Max OSX-101

    I have been RSS feed and news hunting and found this review in IT Channel News stating that Vista was no more secure than Windows XP. Then I read how things seemless slipped onto the system and I started to get frustrated that they must have turned off every security feature in Vista to get the results. There I was about to write a WTF reply when I found a HUGE one by Roger. There also seemed to be some confusion that Microsoft also still recommends anti-virus software for Vista. I tell people to buy AV software and not some complete "take over everything on your system" suite. Rogers reply is worth reading for sure - Microsoft is far from perfect, but turning off all the security features and then saying it is no more secure is just a little bit silly too. If you look at the number of found vulnerabilities in Windows XP (28) vs. Vista (11) this year, Vista wins again. If that seems like a lot, don't forget Mac OS X has had 101 in the same time period. Cute commercials, but not necessarily a stellar...

  • Changing the way that Vista User Access Control (UAC) works in Vista by group policy

    James gave me some hassle the other day for not referencing his blog (which is a valid thing to do), so I thought I would point out this post as it will end some of the gripes of people out there. Using Group Policy you can change the following: User Account Control: Behavior of the elevation prompt for administrators User Account Control: Behavior of the elevation prompt for standard users User Account Control: Elevate on application installs User Account Control: Run all users, including administrators, as standard users User Account Control: Validate signatures of executables that require elevation User Account Control: Virtualize file and registry write failures to per-user locations More information from James Blog at Views on Windows Vista : Can I customise UAC? . ttfn David Technorati Tags: Vista , Group Policy , UAC , Security

  • From the The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

    I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store. 1. Connect to your OWA site by going to https://host.domainname.com/exchange FOR THE REST OF THE INSTRUCTIONS PLEASE FOLLOW THE LINK TO THE SOURCE BELOW Source: The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista ttfn David Technorati Tags: Vista , Certificate , SBS

  • Installing WSUS 3.0 on SBS White Paper Released, including when you already got WSUS on there, or need to upgrade

    I thought you should be aware of this WSUS 3.0 on SBS White Paper Released [Today's post comes to us courtesy of Chris Puckett] WSUS 3.0 has released. You can download it here . For information on installing WSUS 3.0 on your SBS 2003 SP1 or R2 server, check out the Installing WSUS 3.0 on SBS 2003 whitepaper. The issue blogged in February 2007 regarding Vista updates not synching in SBS 2003 R2 has been fixed in WSUS 3.0. If you experienced performance issues like high cpu usage by svchost, a UI hang and long scan times, the new new WUA client included with WSUS 3.0 addresses these issues in combination with the MSI update in KB 927891 . It’s important to note that the new client is only a partial solution for the svchost/msi issue and clients must have both KB 927891 and the new 3.0 client installed for a full solution. Source: The Official SBS Blog : WSUS 3.0 on SBS White Paper Released Having looked at the whitepaper it seems it covers the following areas: Install WSUS v3 on 2003 SBS SP1 and R2 (when to...

  • How to start an administrative (or elevated) command prompt and tell if you got it right (in Vista)

    I have had a few people tell me that they have had problems getting an administrative command prompt up and running in Vista. If you have done it correctly then a windows will open just like the one to the left. Notice that it has opened into the X:\windows\system32 directory and that it has the title "Administrator: X:\windows\system32\cmd.exe. Anything else and I would be suspicious. The process is simple - do either of these Click Start , click All Programs , and then click Accessories . Right-click Command Prompt , click Run as administrator or Click Start Type cmd into the search box and wait for Command Prompt or cmd.exe to appear in the list Press CTRL-Shift-Enter Either way, you should get an User Account Control (UAC) prompt appear with a BLUE banner on the top - press Continue here. For more information on User Account Control go to here ttfn David Technorati tags: Windows Vista , Elevate , run as Administrator , Vista Ultimate , Security

(c)David Overton 2006-23