DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » All Tags » Security » Support and Tools (RSS)

Browse by Tags

  • How to get SBS 2008 to "fix" managing WSUS after you have manually upset it

    Today's post covers what to do when SBS says it no longer can change the WSUS settings from the console.  The exact message is "Windows Small Business Server Update Service is not running because it automatically turns off if you customize Windows Server Update Services (WSUS)". One way round this problem is to manually change all the settings in the WSUS console (from Administrator Tools, select Microsoft Windows Update Services 3.0 SP1) and change the settings as per instructions found at http://blogs.technet.com/sbs/archive/2006/07/13/441594.aspx .  I'm a sort of "quick fix" kind of guy, so the easier way is to go to the same tool, but then run the wizard.  The steps are: Start the Wizard   Click through the first two screens and set the updates to come from Microsoft Update Configure the proxy if required and press next.  Then press Start Connecting.  When done, press Next again. Select the language(s) you want to download Make sure "All Products"...

  • SBS 2008 Forefront Virus protection for e-mail Errors or Warnings - “At least one of the engines enabled for update has not been updated in the last week” – how to solve

    My SBS 2008 installation is pretty good, but one area I’ve noticed some problems was with ForeFront. I either had errors or at best warnings all the time about the scan engines. I would go and hit a manual update, but the bar would be 30-90% across and suddenly stop. When I looked in the event log I could see errors like these below. Searching the internet delivered me the KB article http://support.microsoft.com/kb/939411/en-us which talks about timeout issues, however even with the recommended change things did not resolve themselves. Source: GetEngineFiles Event ID: 6014 Level: Error Description: Microsoft Forefront Server Security encountered an error while performing a scan engine update. Scan Engine: AhnLab Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab Proxy Settings: Disabled Error Code: 0xC0001F58 Description: The operation timed out. Source: Microsoft Forefront Security Event ID: 7003 Level: Warning Description: Not all of the selected engines enabled for updates...

  • Configuring OneCare for Servers in SBS 2008

    The Console setup process ( Once SBS is set up, how to do the basic configuration through the management console ) sets up SBS 2008 for use. OneCare for Servers provide anti-malware capabilities and is an important part of the system integrity. SBS 2008 comes with a trial of OneCare and so far I’ve found it very effective. Setup today requires two updates that it downloads and applies itself: Notice that the initial configuration immediately informs you that you need to update Start the process, tell OneCare which country you are in and and accept the EULA. The download starts, updates and finishes If you have an activation key, or wish to purchase one you carry on through the process, switching to a web site to complete the process Note, DO NOT try to activate your trial in the Technical Preview unless you have already been provided with a key If you have been going through the Console in order then this is it baring the enabling of Office Live. Finally, all the SBS 2008 entries can be found at http://davidoverton...

  • How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall

    I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security. A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too: Windows Firewall Settings: Optional Components Windows Firewall Settings: Remote Administration Tools Windows Firewall Settings: Server Roles Windows Firewall Settings: Services...

  • Latest news, events and downloads in the Security world from Microsoft - Windows Server 2008, Mobile, employee habits, Antigen, IPSEC, ForeFront, NAP, XP Firewall, System Center

    Each month the TRM blog product this great summary of the Microsoft world in various product areas. The blog can be found here http://blogs.technet.com/trm/ News Help your customers securely deploy Windows Server 2008 with the Windows Server 2008 Security Guide! http://go.microsoft.com/fwlink/?LinkId=92550 Every day, adversaries attempt to invade your customers’ networks and access their servers—to bring them down, infect them with viruses, or steal information about customers or employees. Your customers are looking to Microsoft and Windows Server® 2008 to help them address these threats. To assist customers in taking full advantage of the rich security features in Windows Server 2008, Microsoft has developed the Windows Server 2008 Security Guide. The Windows Server 2008 Security Guide provides IT professionals with best practices, predefined security templates, and an automated deployment tool to help strengthen the security of servers running Windows Server 2008. Supporting Your Family, Friends, and Neighbours...

  • Security Vulnerability Research & Defence blog - worth a read for sure - eg MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities

    My background covers security and I've started reading this blog ( Security Vulnerability Research & Defense ) - it is excellent and definitely worth a read to understand how vulnerabilities work and how to mitigate them!! MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities Security bulletin MS08-001 addresses vulnerabilities described by two separate CVE numbers, as you can see in the bulletin. This post provides an overview of the two issues, the affected platforms and notes on the severity. We’ll be following this post up with two further entries that look at each issue in more detail. CVE-2007-0066 describes a vulnerability in parsing ICMP router advertisement packets. These packets are not processed by default on any supported version of Windows. If a computer is configured to process router discovery protocol packets and encounters this type of malformed packet, the Windows kernel will bugcheck (blue screen of death) and reboot. A separate blog post goes into more...

  • Windows Small Business Server 2003 at risk from critical flaw

    Hopefully everyone has seen this, but if not: Windows Small Business Server at risk from critical flaw Microsoft initially omitted Small Business Server from its list of critically affected OSes, but is now offering patches via its automatic update services In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows' networking software. The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product's users were being offered patches via Microsoft's various automatic update services. "Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure," Microsoft said in its updated bulletin. The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group...

  • How to Disable Internet features of Office 2007

    I saw this go around on a thread at work and I have seen it requested for those security conscious partners, so here is the answer (courtesy of Eric Ellis): 1) Via the Office Customisation Tool (OCT) and a custom MSP: — or — 2) Via Group Policy: The difference between the two is that using the OCT will preset the desired configuration during the initial installation (or in a maintenance mode change), but users can change the settings if they desire. Group policy enforces the desired configuration, and if a user makes a change to the setting, they will revert back to the settings defined in the policy during the next application session. ttfn David Technorati Tags: Office 2007 , Security , Internet , Group Policy , Office Customisation Tool , OCT

  • If you are a developer, what can Windows 2008 do for your developments... lots maybe

    Sorry to sound so vague, but I have to start by saying that Windows Server 2008 is a server platform, not a cure for cancer, so lets put it in perspective and set our expectations high, but not stupidly high expecting it to be revolution. Server 2008 is a quality evolution of Windows Server 2003 and extends and enhanced the Server 2003 offerings. However, if you plan on building applications for the future then Server 2008 will be the place to be. Microsoft have released a document called the "Windows Server 2008 Developer Story" that has a wealth of information on Server 2008 developer directions and how they combine to offer something greater than the sum of the parts. The download site describes itself as: Windows Server 2008 Developer Story An executable containing the Windows Server 2008 Developer Story The Windows Server 2008 Developer Story introduces users to new features of the Windows Server 2008 operating system by providing a cohesive story about how the features fit together to make a compelling...

  • Office 2007 SP1 is here and it does more than just update the desktop - SharePoint gets AJAX for example

    I'm sure you have heard that the Office 2007 Service Pack is here. Darren Strange has documented what is in it and how to get it at Office 2007 sp1 ready for download today and OfficeRocker! : More detail about sp1 . In answer to Susanne's post at here , hopefully this post has some more info in it One of the little things he puts that I like is: Some other factoids about sp1 There are roughly 2500 fixes in SP1. This an average size for a service pack, but the issues fixed are very important to our customers. Almost 20% of those fixes are direct result of customer requests. Over 500 of those fixes focused on security. There are a total of 24 different releases in 38 languages. There are 683 distinct packages. All have released simultaneously today. If you get the whitepaper then you would be keen to see the information below. Notice that SharePoint amongst other things a developer update to support Ajax and that other server products (Groove and Project Server) are also updated. Stability Microsoft continues...

  • A comprehensive list of Microsoft Blogs and Web Resources about Security

    Ed Gibson pointed this out today - a "to be continually updated" list of Microsoft security blogs that relate to various products from Microsoft - Security Blog di Feliciano Intini : Microsoft Blogs and Web Resources about Security 1.0 Network Security 1.1 ISA Server ISA Server Product Team Blog 1.1.1 ISA 2000 1.1.2 ISA 2004 1.1.3 ISA 2006 1.2 Remote Access & Quarantine Services Routing and Remote Access Blog 1.2.1 ISA 2006 QS 1.2.2 Win2003 QS 1.2.3 Win2003 RAS/IAS 1.3 NAP Solution Network Access Protection Blog 1.4 VPN Solutions ISA Server Product Team Blog Routing and Remote Access Blog 1.4.1 Win2003 RRAS VPN 1.4.2 ISA 2006 VPN 1.4.3 Internet Application Gateway 2007 1.5 Wireless Security Windows Core Networking Blog 1.6 IPSEC Windows Core Networking Blog 1.6.1 Win2003 IPSEC 1.6.2 Server & Domain Isolation Solution 2.0 Host Security 2.1 Client OS Security 2.1.1 Windows 2000 client security 2.1.2 Windows XP security 2.1.3 Windows Vista security Windows Vista Security Blog Windows Genuine Advantage...

  • From the Official SBS Blog - SBS now has a Best Practices Analyzer!

    You have seen the Exchange, SQL, Security and Windows best practice scanners, well now we have all that SBS expertise wrapped up into an SBS scanner - enjoy!! SBS now has a Best Practices Analyzer! The Microsoft Windows Small Business Server 2003 Best Practices Analyzer examines a server that is running Windows Small Business Server 2003 (Windows SBS) and presents a list of information and errors that administrators should review. The Windows SBS Best Practices Analyzer examines the server and collects configuration information from many sources including: Active Directory Windows Management Instrumentation (WMI) Registry Metabase After collecting information about server configuration, the Windows SBS Best Practices Analyzer verifies that the information is correct and then presents administrators with a list of issues sorted by severity. The list describes each issue and provides a recommendation or possible solution. System Requirements Supported Operating Systems: Windows Small Business Server 2003 (Any version...

  • Are you an IT related architect (Office Business Application, Windows Server Security or Services Revolution aka SaaS) - if so then one of these events could be for you

    I've hung up my architecting gloves, but I still get the e-mails. I saw this and thought there were a few partners out there who would want to take advantage of the events. As a practising or aspiring architect, it's vital to keep up to date with the latest news and technological developments to make sure your work remains at the cutting edge. By attending a free Microsoft Architect Forum you'll learn how to get the most from your architecture and gain information to aid your architectural decisions. The Architect Forum series gives you free access to one-day events providing an expert overview of a specific topic as well as fantastic networking opportunities. To register for one of these events, follow the relevant link below: Office Business Applications Architect Forum - 13 September 2007, London Office Business Applications are an emerging class of application that helps businesses unlock the value of their line-of-business (LOB) systems and turn document-based processes into real applications...

  • Windows Client (Vista and XP) - Active X installer service, Volume Activation Tool, Diagnosing XP crashes, modifying the boot configuration parameters

    If you use volume licensing with Windows Vista then you need to be aware of the tools to manage them - it is not as simple as it used to be as you now need a management tool inside the business. VAMT answers this as does Desktop Management. Then we have some webcasts on slow networks, diagnosing crashes in Windows XP (although many of the techniques work for Vista too), backup and restore in Vista, using the ActiveX installer Service and Boot config parameters VAMT 1.0 (x86) The Volume Activation Management Tool enables IT professionals to automate and centrally manage the volume activation process using a Multiple Activation Key (MAK). VAMT v1.0 is only available as a US-EN (x86) release. Best Practices on Managing Windows Vista Desktops Get best practice guidance for managing Windows Vista desktop operations. Windows Vista Service Life-Cycle Management (WVSLM) provides concise guidance to help minimise the total cost of ownership of desktop infrastructure. Process guidance and document templates help make service...

  • Security for Windows Vista (understanding more about UAC), Networks, plus advice and guidance

    Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that User Account Control (UAC) is one of the most misunderstood new features in Windows Vista. But its goal -- to enable users to run with standard user rights -- can solve many security issues. Get an inside look at the problems UAC addresses and see exactly how this new feature works. http://go.microsoft.com/?linkid=6803653 Network Security Internet Protocol Security Enforcement in the Network Access Protection Platform This white paper describes the Network Access Protection (NAP) platform, how IPsec protects traffic, and how IPsec Enforcement in NAP provides system health policy enforcement for IPsec-secured communication. http://www.microsoft.com/downloads/details.aspx?FamilyID=144cc69f-790f-4f52-8846-3f3b8584d7cd&DisplayLang...

  • Malware Removal Kit from Microsoft, including a boot from CD solution

    Malware Removal Kit The Malware Removal Kit is a download from TechNet that provides you with excellent guidance and tools to help you restore PCs infected with malware. The newest Solution Accelerator from Microsoft, it provides free, tested guidance to help you combat malware attacks and restore infected systems - so users can safely get back to work. The kit shows you how to use the Windows Preinstallation Environment (Windows PE) to discover malware by performing a thorough offline scan of your computers, uncovering malware that may be hiding in the operating system. And once malware is located and identified, it can be quickly removed from infected PCs with a number of free anti-malware tools, like the Malicious Software Removal Tool from Microsoft. ttfn David Technorati Tags: Malware Removal , WinPE , Security

  • Microsoft Security products - Forefront and the next version codename Stirling

    I have grabbed these security tit-bits from Technet this month and thought I would share them with you. Expect to be playing with Forefront in one form or another with a year, so might as well see what it does now :-) Microsoft Unveils Next-Generation Forefront Business Security Solution Codename "Stirling" http://go.microsoft.com/?linkid=6951832 Announced this month, the new Microsoft Forefront solution, codename "Stirling," is a single product that will deliver unified security management and reporting with comprehensive, coordinated protection across client, server applications, and network edge. "Stirling" acts as a distributed system, sharing and correlating information to identify complex threats, and dynamically responding to protect the organization. Microsoft Forefront Client Security 120-Day Trial Is Available http://go.microsoft.com/?linkid=6959785 Microsoft Forefront Client Security 120-day trial version is available for evaluation, a security solution that helps protect...

  • Vlad Mazek - "What is service management" and "how to avoid being hit by a truck when it is most inconvenient"

    I love Vlad's straight talking. If you get a chance read the whole of the blog entry Vlad Mazek - Vladville Blog » Blog Archive » Windows Server 2003 SP2 EEULA & CYA because as far as I am concerned he is preaching to the converted. I will stand by my view that Service Packs are tested as much as possible, but you need to do your own validation (see Who should test software and service packs - I think vendors,customers and partners - others thi ) to ensure that your application vendor is also happy to support their products on that service pack. If you only have MS products, check the release notes AND SUPPORT.MICROSOFT.COM as both may well have important information. I've extracted part of Vlads process to avoid a bloody head - read his post for more as people like Susan Bradley wishes she had :-) However, a part of me wonders just how heavy the rock was. You know, the one that he was under since Microsoft started releasing service packs. As painful as the above is to read, and as painful as this...

  • How to configure SQL Server 2005 to allow remote connections on Windows Server 2008 (Longhorn) / Windows Vista

    Just a quick one - I was playing around with SQL2005 on my Longhorn server and I could not connect from a remote machine - Ahh I thought, the firewall is in the way, but it turned out I had to do 3 or 4 things to get things working. The Microsoft KB article that pointed to the light was How to configure SQL Server 2005 to allow remote connections which covers how to enable the firewall for the 2 programs you need and so on. When you try to connect to an instance of Microsoft SQL Server 2005 from a remote computer, you may receive an error message. This problem may occur when you use any program to connect to SQL Server. For example, you receive the following error message when you use the SQLCMD utility to connect to SQL Server: Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. This problem may occur...

  • Changing the way that Vista User Access Control (UAC) works in Vista by group policy

    James gave me some hassle the other day for not referencing his blog (which is a valid thing to do), so I thought I would point out this post as it will end some of the gripes of people out there. Using Group Policy you can change the following: User Account Control: Behavior of the elevation prompt for administrators User Account Control: Behavior of the elevation prompt for standard users User Account Control: Elevate on application installs User Account Control: Run all users, including administrators, as standard users User Account Control: Validate signatures of executables that require elevation User Account Control: Virtualize file and registry write failures to per-user locations More information from James Blog at Views on Windows Vista : Can I customise UAC? . ttfn David Technorati Tags: Vista , Group Policy , UAC , Security

  • May security updates for Server DNS and Office 2003/2007 and IE7. Also Quicktime needs an update

    I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution...

  • Installing WSUS 3.0 on SBS White Paper Released, including when you already got WSUS on there, or need to upgrade

    I thought you should be aware of this WSUS 3.0 on SBS White Paper Released [Today's post comes to us courtesy of Chris Puckett] WSUS 3.0 has released. You can download it here . For information on installing WSUS 3.0 on your SBS 2003 SP1 or R2 server, check out the Installing WSUS 3.0 on SBS 2003 whitepaper. The issue blogged in February 2007 regarding Vista updates not synching in SBS 2003 R2 has been fixed in WSUS 3.0. If you experienced performance issues like high cpu usage by svchost, a UI hang and long scan times, the new new WUA client included with WSUS 3.0 addresses these issues in combination with the MSI update in KB 927891 . It’s important to note that the new client is only a partial solution for the svchost/msi issue and clients must have both KB 927891 and the new 3.0 client installed for a full solution. Source: The Official SBS Blog : WSUS 3.0 on SBS White Paper Released Having looked at the whitepaper it seems it covers the following areas: Install WSUS v3 on 2003 SBS SP1 and R2 (when to...

  • Got SBS Premium (or an ISA firewall) and Vista customers - you will need the updated ISA Server Firewall Client

    Just a quick note to say that if you have a SBS customer who has some PCs with Vista then you will need the updated ISA firewall client. You will need to go to this page - ISA Server Firewall Client Firewall Client for ISA Server Brief Description Firewall Client for ISA Server installs the Firewall Client software on 32-bit and 64-bit computers running supported Windows operating systems. It is also worth noting that the install script will look something like this \\Servername\shared folder\SETUP.EXE /Q /P "SERVER_NAME_OR_IP=Servername ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1" Note this will almost certainly force a reboot due to the changes in the Winsock stack. ttfn David Technorati Tags: ISA , ISA Firewall client , SBS , SBS Premium

  • Help us to shape next-generation 64-bit technology - from Microsoft Partner Newsletter

    Help us to shape next-generation 64-bit technology We are shipping a private beta of our upcoming 64-bit server for medium-size businesses, codenamed 'Centro', and we're looking for partners to test the technology and give us feedback. The server, which is an x64-only version of Longhorn targeted at smaller enterprises, will integrate Exchange 2007, System Centre Essentials, SQL Server 2005 and ISA Server. To sign up to the beta programme, go to http://connect.microsoft.com/ , click on 'Invitations' (in the left-hand navigation) and sign in with your Windows Live ID (Passport ID). Then enter the following invite ID; Extr-GHBC-JCJM. You will be asked to take a short survey. When you have completed the survey you will receive an email from [email protected] . If you don't already trust this address, please add it to your trusted email addresses. More information on the beta programme More information on Centro Technorati tags: Centro , Beta , Exchange 2007 , System Center Essentials , SQL Server 2005

  • What do Small Businesses worry about in IT?

    I just saw this re-sent internally and the data is quite UK centric, so: 63% of small businesses put data back and privacy as a top priority 7.6% of UK small business software spending was on Anti-Virus, in 2006 they planned to spend 10% more on data security - Source AMI 2006 50% of small businesses have as a priority to deploy in house or hosting data back up and disaster recovery (AMI) ttfn David
1 2 3 Next >

(c)David Overton 2006-23