David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  

Browse by Tags

  • How to configure SQL Server 2005 to allow remote connections on Windows Server 2008 (Longhorn) / Windows Vista

    Just a quick one - I was playing around with SQL2005 on my Longhorn server and I could not connect from a remote machine - Ahh I thought, the firewall is in the way, but it turned out I had to do 3 or 4 things to get things working. The Microsoft KB article that pointed to the light was How to configure SQL Server 2005 to allow remote connections which covers how to enable the firewall for the 2 programs you need and so on. When you try to connect to an instance of Microsoft SQL Server 2005 from a remote computer, you may receive an error message. This problem may occur when you use any program to connect to SQL Server. For example, you receive the following error message when you use the SQLCMD utility to connect to SQL Server: Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. This problem may occur...
  • Changing the way that Vista User Access Control (UAC) works in Vista by group policy

    James gave me some hassle the other day for not referencing his blog (which is a valid thing to do), so I thought I would point out this post as it will end some of the gripes of people out there. Using Group Policy you can change the following: User Account Control: Behavior of the elevation prompt for administrators User Account Control: Behavior of the elevation prompt for standard users User Account Control: Elevate on application installs User Account Control: Run all users, including administrators, as standard users User Account Control: Validate signatures of executables that require elevation User Account Control: Virtualize file and registry write failures to per-user locations More information from James Blog at Views on Windows Vista : Can I customise UAC? . ttfn David Technorati Tags: Vista , Group Policy , UAC , Security
  • Windows Hacktivation (or Activation) Trojan Horse / Phishing scam

    I saw this and for a change decided I needed to blog on something about Symantec. The story is simple - a program pretends to be Windows Activation and asks for a credit card to prove ID. IT IS OBVIOUSLY NOT A MICROSOFT TOOL, but I am sure some people might presume it is. For more information, have a look at the eWeek and Symantec sites: Symantec is reporting on a Trojan horse that mimics the Windows activation interface. Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don't enter the credit card information it shuts down the PC. How to clean it - Symantec writeup Source: Top Threat: Windows Hacktivation ttfn David Technorati tags: Security , Activation , Phishing
  • May security updates for Server DNS and Office 2003/2007 and IE7. Also Quicktime needs an update

    I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution...
  • From the The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

    I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store. 1. Connect to your OWA site by going to https://host.domainname.com/exchange FOR THE REST OF THE INSTRUCTIONS PLEASE FOLLOW THE LINK TO THE SOURCE BELOW Source: The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista ttfn David Technorati Tags: Vista , Certificate , SBS
  • Installing WSUS 3.0 on SBS White Paper Released, including when you already got WSUS on there, or need to upgrade

    I thought you should be aware of this WSUS 3.0 on SBS White Paper Released [Today's post comes to us courtesy of Chris Puckett] WSUS 3.0 has released. You can download it here . For information on installing WSUS 3.0 on your SBS 2003 SP1 or R2 server, check out the Installing WSUS 3.0 on SBS 2003 whitepaper. The issue blogged in February 2007 regarding Vista updates not synching in SBS 2003 R2 has been fixed in WSUS 3.0. If you experienced performance issues like high cpu usage by svchost, a UI hang and long scan times, the new new WUA client included with WSUS 3.0 addresses these issues in combination with the MSI update in KB 927891 . It’s important to note that the new client is only a partial solution for the svchost/msi issue and clients must have both KB 927891 and the new 3.0 client installed for a full solution. Source: The Official SBS Blog : WSUS 3.0 on SBS White Paper Released Having looked at the whitepaper it seems it covers the following areas: Install WSUS v3 on 2003 SBS SP1 and R2 (when to...
  • Got SBS Premium (or an ISA firewall) and Vista customers - you will need the updated ISA Server Firewall Client

    Just a quick note to say that if you have a SBS customer who has some PCs with Vista then you will need the updated ISA firewall client. You will need to go to this page - ISA Server Firewall Client Firewall Client for ISA Server Brief Description Firewall Client for ISA Server installs the Firewall Client software on 32-bit and 64-bit computers running supported Windows operating systems. It is also worth noting that the install script will look something like this \\Servername\shared folder\SETUP.EXE /Q /P "SERVER_NAME_OR_IP=Servername ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1" Note this will almost certainly force a reboot due to the changes in the Winsock stack. ttfn David Technorati Tags: ISA , ISA Firewall client , SBS , SBS Premium
  • Changing Vista boot screens and opening yourself up to rootkits (or not)

    I love people who want to customise WIndows Vista and some of my previous posts have covered this, however you can go too far - you can hack the OS. While I understand the desire to "hack" the OS to get customisations, there are better ways. This particular example is where people want to change the boot screen in Vista. The ability to do this will be coming from StarDock soon, but until then people have taken to modifying the existing OS files. THERE IS ALWAYS a change that by downloading someones customised file to your PC and it being loaded so early on in the boot process that it could do nasty things, especially since these files are in now way certified by Microsoft. A classic example of this can be found here when people want to change the boot logo - this could easily be a social engineering attack. The instructions tell someone to remove the access and security permissions from a core system file, overwrite it with one that might make the system look prettier during boot, but who knows what else will...
  • Symantec "Microsoft Listed as Most Secure OS"

    Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it is out there then the more likely it is that it will be used, however always nice to see that MS is trying hard and while not perfect, is doing better than other people who throw stones at MS. Of course, Windows also has more in it, so being better with more features in the box is even nicer and this is across all versions of Windows, not just the latest (Vista) for example. I think it shows that the IT industry has more work to do in this area - as Ed the Fed said - "this is a journey." Surprise, Microsoft Listed as Most Secure OS By Andy Patrizio UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec ( Quote ), no friend of Microsoft, said in its...
  • BBC News Online | Technology | Decoys fix quantum key swapping

    As some of you might know, my background was in Security for a while and I studied how Quantium keys and security could be used while at University (RHUL for those who want to look it up, although for me it used to be called Royal Holloway and Bedford New College, University of London). Anyway, quantum keys and entanglement were the talk of the days and how bullet proof they were. Well now it appears that they might not be quite so amazing, or at least our ability to use them without leakage. Anyway, I saw this at the BBC technology site and it is nice to see that there is a light at the end of the tunnel :-) Decoys fix quantum key swapping British scientists have found a way to fix a vulnerability in quantum cryptographic systems. If left unpatched, the flaw would make it possible to grab information about the keys used to scramble information without being detected. The flaw emerges because of the way that laser diodes emit the photons of light used to carry quantum key data. Using decoy photons, researchers...
  • How to start an administrative (or elevated) command prompt and tell if you got it right (in Vista)

    I have had a few people tell me that they have had problems getting an administrative command prompt up and running in Vista. If you have done it correctly then a windows will open just like the one to the left. Notice that it has opened into the X:\windows\system32 directory and that it has the title "Administrator: X:\windows\system32\cmd.exe. Anything else and I would be suspicious. The process is simple - do either of these Click Start , click All Programs , and then click Accessories . Right-click Command Prompt , click Run as administrator or Click Start Type cmd into the search box and wait for Command Prompt or cmd.exe to appear in the list Press CTRL-Shift-Enter Either way, you should get an User Account Control (UAC) prompt appear with a BLUE banner on the top - press Continue here. For more information on User Account Control go to here ttfn David Technorati tags: Windows Vista , Elevate , run as Administrator , Vista Ultimate , Security
  • Help us to shape next-generation 64-bit technology - from Microsoft Partner Newsletter

    Help us to shape next-generation 64-bit technology We are shipping a private beta of our upcoming 64-bit server for medium-size businesses, codenamed 'Centro', and we're looking for partners to test the technology and give us feedback. The server, which is an x64-only version of Longhorn targeted at smaller enterprises, will integrate Exchange 2007, System Centre Essentials, SQL Server 2005 and ISA Server. To sign up to the beta programme, go to http://connect.microsoft.com/ , click on 'Invitations' (in the left-hand navigation) and sign in with your Windows Live ID (Passport ID). Then enter the following invite ID; Extr-GHBC-JCJM. You will be asked to take a short survey. When you have completed the survey you will receive an email from MsftConn@microsoft.com . If you don't already trust this address, please add it to your trusted email addresses. More information on the beta programme More information on Centro Technorati tags: Centro , Beta , Exchange 2007 , System Center Essentials , SQL Server 2005
  • Windows Vista Security "Guide", why Jim Allchin doesn't use Anti-Virus software for his son and why some people just don't want to have improved security unless you pay them for it.

    OK, so I saw that the Vista Security Guide ( http://blogs.msdn.com/windowsvistasecurity/archive/2007/01/05/windows-vista-security-guide-1-2-released.aspx ) had been updated - it is worth knowing more about the security model in Vista, how we protect against some threats and how it might impact your applications (eg if a non-admin application wants to send UI information to an admin one), Group Policy, Settings etc. Now, while security is important, so are the basics, like turning on the auto-updates, firewalls and anti-malware software. Well, MS now supplies a great anti-spyware product built into Windows in the form of Defender and the firewall can now be configured on outbound comms as well as inbound if you want, but no AV in the product. So, you need a 3rd party AV product (or Windows OneCare)... well, Jill Allchin, who delivered the Vista project for all of us does not use one for his son's machine.... http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/19/windows-vista-and-protection-from-malware...
  • What do Small Businesses worry about in IT?

    I just saw this re-sent internally and the data is quite UK centric, so: 63% of small businesses put data back and privacy as a top priority 7.6% of UK small business software spending was on Anti-Virus, in 2006 they planned to spend 10% more on data security - Source AMI 2006 50% of small businesses have as a priority to deploy in house or hosting data back up and disaster recovery (AMI) ttfn David
  • Do you want to beta test Centro, the big brother to SBS based on Longhorn by becoming a TAP partner?

    It is strange how some things are so different and yet so similar. If I was to talk to you about a product from Microsoft that ran Windows, Exchange, SQL and ISA and had some management capability then you might think I was talking about SBS, but this time, that is not so. This time I am talking about the grown up brother - codename "Centro". We are looking for a few good men (or women) to test this and potentially even roll this out with some customers. This is not something to just say yes to without actually being able to test it somehow, but if you think this is you, then here are the details: Windows Server "Centro" Technical Beta and Technology Adopter Programme Microsoft are shipping a private beta of its upcoming 64-bit server product for midsize businesses, codenamed "Centro. The server, which is an x64-only version of Longhorn targeted at smaller enterprises will integrate together Exchange 2007, System Centre Essentials, SQL Server 2005 and ISA Server. We are urgently looking for Partners to give us...
  • The SBS Diva spots why your workstations (and sometimes your SBS servers) are spiking at 100% CPU this month after the patches (yes, it is the Update services)

    Updated 08:07am 12th January - the blog title used to suggest this was a server issue - Susan pointed out that this is a client / workstation issue much more I had to blog this one - if you are seeing CPU spiking when patches are being installed, go look at http://msmvps.com/blogs/bradley/archive/2007/01/10/on-patch-tuesday-if-you-are-seeing-a-spike-in-cpu.aspx ttfn David
  • ISA 2004, meet Vista, Vista, meet ISA 2004 client so that you can now work!!

    If you are using Vista and ISA, you will be used to getting a compatibility warning when the client loads. Well, this KB and download gives you a time when that is no longer the truth :-) From the joys of Susan B's blog View article... .. How to obtain the version of Firewall Client for ISA Server (December 2006) that includes Windows Vista support: http://support.microsoft.com/kb/929556 Finally the ISA firewall client that will support Vista is out today and there's a new WSUS category to boot! As always, be careful when playing with your systems ttfn David
  • Need Norton Anti Virus for Vista - get the beta then

    I have just seen that the beta for AV and security software from Symantec is now available for download . As one would hope, it comes with the following information: What is a Beta? A “beta” is a pre-release version of a Symantec product that is available for public testing before the final version is released. Through public testing, we can evaluate how the product performs in “real world” environments and collect valuable feedback from you. We want you to tell us what you like and don’t like about the product and report any problems to us directly. Be among the first to experience the new features and functionality of our latest products. Current betas: Norton Internet Security 2007 Vista Public Beta Norton AntiVirus 2007 Vista Public Beta Norton 360 All-In-One Security Learn More
  • Need a machine to practice or simulate Windows Server, Exchange 2007, SQL 2005 or ISA 2006? Download the pre-configured VHDs for these virtual machines

    I am sure you have seen these already, but if not, these are great tools to help when you quickly need a machine to test something on, or spend longer learning about a product. I know you can get the disks in the action pack, but then you have to load it up on a PC or VPC - this saves you all the trouble. Windows Server 2003 R2 Windows Server 2003 R2 helps to simplify branch server management, can improve identity and access management, helps to reduce storage management costs, provides a rich Web platform, and offers cost-effective server virtualization. In this VHD, you'll have the opportunity to road-test new and improved features and functionality of Windows Server 2003, including management and usability enhancements to Active Directory. Exchange Server 2007 Learn how to take advantage of key features of Exchange Server 2007. This VHD provides an exploration of Active Directory and the new features in Exchange Server 2007, new features in Outlook Web Access 2007, enforcing compliance and retention policies...
  • Windows Defender released to market - free Anti-Spyware product

    Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected and minimizes interruptions and helps you stay productive. Now with 2 free support incidents for Windows XP and Windows Server 2003. Source: Windows Defender home The product has the following features: A redesigned and simplified user interface – Incorporating feedback from our customers, the Windows Defender UI has been redesigned to make common tasks easier to accomplish with a warning system that adapts alert levels according to the severity of a threat so that it is less intrusive overall, but still ensures the user does not miss the most urgent alerts. Improved detection and removal – Based on a new engine, Windows Defender is able to detect and remove more threats posed by spyware and other potentially unwanted software. Real...
  • Microsoft blocks 'Black Hat' Vista hack

    I remember when this story 1st broke - that someone had found a way to use cpu virtualisation technology to provide the ultimate "root kit" to steal information from Vista (although this would work for any / every operating system). One little niggle was that the user had to install the nasty, which required admin access, so a UAC security prompt was part of the "process" of the seamless install. Then came the uproar about the 2-yr old technology of PatchGuard, which stops the hooking and replacing of certain x64 kernel APIs to make it harder to attack the system and blocks another set of routes for non-virtualisation based root kits. The noise about this was because some Anti-Virus vendors felt it was their right to modify the kernel in anyway they wanted and this access would obviously be used by both good and bad people. A compromise has been reached, so hopefully systems will be protected and AV vendors will be happy. The final piece is the changes that have been made to stop the virtualisation attack. Once...
  • IE7 Installation and Anti-Malware Applications - why you should turn them off for the install!!

    I saw this and because IE is coming soon, thought you might like to read this! IE7 Installation and Anti-Malware Applications A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation. Along with copying IE7 files to your system, IE7’s setup writes a large number of registry keys. A common way anti-malware applications protect your computer is by preventing writes to certain registry keys used by IE. Any registry key write that fails during setup will cause setup to fail and rollback changes. We work around the problem in most instances by checking permissions at the beginning of setup, but many anti-malware programs monitor the key rather than change permissions. Therefore, setup thinks it has access when it starts, but then fails when it later attempts to write the key. The majority of users likely haven’t seen any such problems even with anti-malware...
  • Windows Live OneCare safety scanner: Free online tool for PC health and safety

    This has been around for a while, but it is no longet in beta - scan a PC to see how it is doing! Get a free PC safety scan Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC. Check for and remove viruses Get rid of junk on your hard disk Improve your PC's performance Fix specific PC issues Use the full service scan to check everything. To help fix particular problems on your PC, turn to the individual scanners below. Protection Clean up Tune up Source: Windows Live OneCare safety scanner: Free online tool for PC health and safety
  • E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Now remind me again why it's a bad thing to exclude other vendors from the Kernel?

    There was me ranting on security yesterday and then I spot this post by Susan that says it all Link to E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Now remind me again why it's a bad thing to exclude other vendors from the Kernel? enjoy David
  • Vista and security - are Microsoft doing the right thing?

    This is something I have thought long and hard about and as such I have to caveat things by saying this is my opinion and that I am no more informed than any other member of the public or IT community. Having said that, I have done my time as a Windows Developer and even once worked on emulation systems such as Wine. These protections will be coming to all OSs - so Vista, Longhorn, SBS - all of them! I really think this is some of the worst mud slinging I have seen in a long time and much is wrong! So what have I seen in the Press. McAfee and Symantec have complained that they want the ability to ignore the APIs in Vista and bash at the Kernel directly for security services. However, Kernel code has to be signed for the integrity of the system. Microsoft will not stick to the rules above and will gain advantage by using unknown APIs That the security prompts and center can not be turned off That Microsoft is right to make these changes and want to increase the integrity of the system As someone who once worked...

(c)David Overton 2006-18