By coincidence I found a important issue with GPO processing today, concering ICMP traffic. Situation: when a client is able to contact the domain controller and download the group policy, but cannot ping it (ie: ICMP is disabled by a firewall), GPO processing will fail! Here is the official text from MS:
Networking Make sure that your network meets the requirements for change and configuration management technologies. Because Group Policy works with fully qualified domain names, you must have DNS running in your forest in order to correctly process Group Policy; you cannot use NETBIOS only. Also, because client or destination computers must be able to contact your network’s domain controllers, do not turn off the ICMP protocol. If destination computers cannot ping the domain controllers, Group Policy processing will fail. (url)
A Seattle labor group claims to have evidence that Microsoft is shifting mission-critical work--including parts of Longhorn, Microsoft's epic next-generation Windows project--to overseas contract workers. Microsoft denies the charges, maintaining that company employees still produce its core products.
Source: Winnetmag
Microsoft officials say the company is prepping a patch for its Internet Explorer browser to plug the vulnerability exploited by the Download.Ject attacks in June. The patch is expected sometime next week, several weeks before the next scheduled batch release of security fixes.
More...
An executive of Microsoft in France divulged on Wednesday some of the software maker's plans for its highly anticipated entry into the antivirus software market. A standalone antivirus product will be built from tools the company inherited through its 2003 acquisitions of GeCad and Pelican Software, according to a report published in CNET News.com's sister publication, ZDNet France, citing the technical head of Microsoft's security project in that country, Nicolas Mirail. Microsoft representatives in the United States refused to comment on functional elements or a potential production time frame for the antivirus package.
(more)
Microsoft confirmed that the company will delay Windows Server 2003 Service Pack 1 (SP1) until the first half of 2005. The long-expected schedule change comes in the wake of delays to Windows XP SP2, which is now due in early August. Development of Windows 2003 SP1 can take place in earnest only after XP SP2 is completed, sources at Microsoft told me. "We now anticipate that Windows Server 2003 SP1 and Windows Server 2003 for 64-bit Extended Systems will ship in the first half of 2005, whereas we previously estimated the release timing for both to be the end of 2004," a Microsoft representative told me. "Additionally, given that Windows XP 64-bit for 64-bit Extended Systems is also tied to Windows Server 2003 SP1, it will also ship the first half of 2005. As is the case with all Microsoft product schedules, the development cycle is driven by quality, with a focus on the needs of our customers rather than an arbitrary date." Windows 2003 SP1, like XP SP2, will include multiple security-oriented changes, such as a Security Configuration Wizard that will use the roles-based infrastructure in Windows 2003 to automatically shut down unnecessary ports and services. According to Microsoft, the release will also include any relevant security changes from XP SP2.
MSSQL Migration Toolkit is a software pack to convert any data source to Microsoft SQL Server and vice versa. Among other it can convert databases from and to MySQL, Excel, Access and even Oracle! This is a great tool for migrating your favorite database back to Microsoft SQL server. It was today released to MSDN customers and downloadable via MSDN online.
People often want to know how we manage patch deployments here at Microsoft. What tools do we use, how do we verify patch installation, etc. To get the inside scoop, listen to the TechNet Radio broadcast by Paul Thomsen and Brian Keogh which you can download
here.
Some interesting facts about the Microsoft environment:
8,000 Servers
150,000 Desktops
Over 50,000 employees
160 sites world wide
450 buildings
You might also be interested in knowing that our IT department does not get an advanced heads up on patches we are about to release. They get the same notifications that our customers do on patch Tuesday's and must respond accordingly.
For more cool broadcasts, see
www.microsoft.com/technet/radio
Today Microsoft released several servicepacks for several Office System products:
Office 2003 Service Pack 1More info in knowledgebase article
842532
Project 2003 and
Project Server 2003 Service Pack 1
More info in knowledgebase article
837240 and
837241
OneNote 2003 Service Pack 1More info in knowledgebase article
842774
Visio 2003 Service Pack 1More info in knowledgebase article
840663
Tired of checking each morning if the SUS server has updates download and ready to approve? I wrote a VBS script that checks the status and sends an email when there are updates ready to approve. You need W2000 or above to run it and the user account running the scripts needs access to C:\Inetpub \wwwroot \autoupdate \administration \history-sync.xml. Use the script by scheduling it with the MS Task Scheduler.
(more)
"Welcome to the Microsoft Operations Manager 2005 Preview! Through these exclusive labs, you’ll see first-hand how Microsoft Windows Server System, , through its Management products, technology, and services, can help IT professionals create and maintain a well-managed Windows infrastructure. Microsoft Operations Manager (MOM) 2005 delivers a open and scalable enterprise-class operational management by providing comprehensive event management, proactive monitoring and alerting, reporting and trend analysis, and system and application specific knowledge and tasks to improve the manageability of Windows Server System environments.
These labs are free and allow you to get structured, step-by-step experience without even leaving your desk!"
Goto
MOM 2005 Preview
Microsoft today shipped its oft-delayed SQL Server 2005 (codenamed Yukon) Beta 2 today, with the company adding a host of previously announced features to the product. SQL Server 2005 will ship in both 32-bit and 64-bit versions, the company says, and will support the Direct Connect Architecture feature in AMD's Opteron chips.
SQL Server 2005 Beta 2 is available through
MSDN subscriber download (more)
When you add a mailbox in Exchange and when first connecting, the language Outlook is using is setting the folder names for e-mail and calender folders. For instance, if you are using a dutch Outlook you will get "Postvak IN" and "Agenda" instead of "Inbox" and "Calender". When you login to your mailbox afterwards with a different language of Outlook, the folder names stay.
With the introduction of Outlook 2002 Microsoft has introduced a new command-line option (
/resetfoldernames) with which you can rename those folder names back to the language of Outlook that is currently used. Microsoft has published a KB article about it:
325625.
MSN Web Messenger lets you talk online and in real-time with friends and family using just a web browser! Use it on any shared computer - at school, at work, at a friend's house or anywhere you can't install the MSN Messenger software.
Goto
MSN Web Messenger Beta (more)
Last week (the 14th to be precise), Microsoft released Windows XP SP2 build 2162 to beta testers to collect last-minute feedback before Windows XP's biggest update hits RTM sometime in the first half of August.
Thanks to Rudi1 from the MSFN forums, who revealed the link to build 2162 on the Windows Update servers, and is confirmed by MSFN to be the correct build that was released to testers earlier this week. This is the Network Install version and can be downloaded from the link provided below.
Please note that this is a beta product and does not reflect in any way the final RTM product will be. Use caution if installing on production systems
Download:
Windows XP SP2 Build 2162
The IE Team started their own blog to get comments on this wonderfull product. This is their first entry:
We’ve heard loud and clear that many people want a better connection with the IE Team. We’re happy to do something about it.
Our goal in this blog is to be a good place, direct from the source, for information about IE. What are we working on? How do we make decisions? Why does some part of IE work the way it does? What keeps us up late at night? What are we thinking of around security, extensibility, and other key areas? Hey, any good tips and tricks?
Some people on the team have already been doing this on their own (see the links to the left), and I expect them to continue. We’ll do our best to round up information from other sites as well as providing original content. We’ll also do our best to make this useful and enjoyable. At any time, please tell us how we’re doing.
The Windows Server 2003 Security Guide provides guidance to assist in hardening Domain Controllers, Infrastructure servers, File servers, Print servers, IIS servers, IAS servers.Certificate Services, and bastion hosts.
Download
here (more)
The Performance Monitor Wizard is a free cool tool to simplify the process of gathering performance monitor logs. The wizard creates log files you can analyse 'off line' and you can also use the .blg file it creates to monitor the specific counters in real time.
You can download the
Performance Monitor Wizard from the Microsoft download site.
Dear beta tester:
The MOM team is pleased to announce we have just published a computer based training course for MOM 2005 on Beta Place. This course provides an overview of MOM 2005 and a technical walkthrough of Architecture and Security, Planning and Deployment, Administration, Operations and Extending MOM. A specific course on MOM Workgroup Edition (a.k.a. Express) is also included.
You can download this new resource from the Beta Place site (http://beta.microsoft.com). Simply sign in with your ORIGINAL passport account and navigate to the File Download section. The link is titled "MOM 2005 Computer Based Training Course". Please provide feedback on this course via the Beta Newsgroups main "Discussion" forum. The MOM team is on track for our Q3 2004 delivery of MOM 2005.
Thank you, The MOM Beta Team!
Dear Microsoft Beta Tester,
If you are receiving this email, you were accepted into the Systems Management Server 2003 Open Beta program, which includes Service Pack 1, the Operating System Deployment Feature Pack, the Device Management Feature Pack, and the Software Development Kit. Thank you for your continued interest in helping the Microsoft Systems Management Server ("SMS") product group to deliver a customer tested enterprise solution.
(more)
Lookout is lightning-fast search for your email, files, and desktop integrated with Microsoft Outlook™. Built on top of a powerful search engine, Lookout is the only personal search engine that can search all of your email from directly within Outlook - in seconds...
You can use Lookout to search your:
Email messages
Contacts, calendar, notes, tasks, etc.
Data from exchange, POP, IMAP, PST files, Public Folders
Files on your computer or other computers
... Very soul (okay, not true)
You can download lookout
here
There have been a great number of questions inquiring how to go about removing all notifications to users and doing silent installs. Although this functionality doesn't exist in the current version of the Automatic Update client, there is a policy setting that can be used in conjunction with AU/SUS in order to accomplish some of the things that many of you have asked about. There are certain pros and cons to using this policy setting, and I'll try to cover as many as I can. Try this out in a test environment and make sure that you understand the consequences before deploying it to a production environment!
(more)
Wasting no time with its fight with SPAM Microsoft plans on rolling out its own antispam plan called Sender ID. Microsoft announced that it will incorporate Sender ID into Hotmail, MSN, and its Microsoft.com mail accounts. It's true that Microsoft didn't create the idea behind Sender ID, but Microsoft has been making the greatest strides with it. Sender ID is used in verifying an e-mail message's source. With this technique the amount of SPAM can be greatly reduced. (more)
A new build of Windows Server 2003 SP1 has been released to beta testers this evening. It seems springboard is now becoming a part of Server 2003 finally. There is a major update to the Security Configuration Wizard (SCW) in this release.
Download:
Windows Server 2003 Service Pack 1 Build 1218 Login Required (more)
Now you can recover deleted Active Directory objects in minutes – FREE! Quest Object Restore for Active Directory is a utility that empowers Active Directory administrators to rapidly recover deleted Active Directory objects. If you have even one Windows Server 2003 domain controller, Object Restore will be of benefit to you. Through its user-friendly interface, this freeware utility delivers the capabilities you need to restore Active Directory objects quickly, online, and without system downtime:
View tombstoned objects in Active Directory
Reanimate deleted items
Eliminate the need to reboot domain controllers
Take advantage of Microsoft’s tombstone reanimation capabilities
Eliminate the need to write complicated scripts
Download Object Restore for Active Directory now. It's FREE.
Microsoft has released on July 13th a revised edition of the
Exchange Server 2003 Disaster Recovery Operations Guide.
Some of the things covered in this document are:
What not to backup when doing a full computer backup.
How to backup and restore Databases, SRS, Connectors, and Certificate Authorities.
How to backup and restore Cluster Servers (individually or the entire cluster).
How to restore Windows 2003.
What information about the server you should record before a server fails.
In this tutorial I'll give you some insight into hacking your way into Windows. In Windows XP (all recent Microsoft OS's actually), on boot up you are presented with a logon screen. After a default timeout (approximately 10 to 15 minutes), if there is no interaction with the mouse or keyboard, the kernel executes the logon screensaver. Knowing this, it is possible to use this code execution path to gain elevated privileges if we can trick Windows into executing our code.
(more)
During the first 6 months of 2004, Microsoft has run a considerable amount of free security training around the world. The program, "Broad Customer Connection", set out to train 500,000 people around the world in the basics of IT security. We reviewed this material (clinics, summits, one day events, evening events, web casts, etc) and found the material of very, very high quality.
The BCC (04) programme is now over - but the material lives on. Microsoft have now released this material in e-learning format. If you navigate to the Security Clinics elearining page on
http://www.microsoftelearning.com, you can get FREE access to this material.
But to make matters even better - Microsoft have now added security to the individual assessments to their set of assessments. These assessments are at
http://www.msmeasureup.com/test/home.asp#1. Great stuff!
To avoid activating your Windows XP license again after a fresh installation you can backup your Windows XP activation
Go to your _:\WINDOWS\System32\ and find a file called "wpa.dbl" and "wpa.bak" back those files up to a floppy, CD or whatever you want to put it on.
When you want to restore these files go into safe mode and put them into your windows\system32 directory. When you reboot you should be activated without going through Microsoft.
TechConnect Magazine got their hands on the new Windows XP Servicepack 2 Express 2162 installer.
Not supported by Microsoft, use it at your own risk!!
Download
David Tschanz has written a great article for Microsoft Certified Professional Magazine Online, called Taming Kerberos.
This article describes how Kerberos works on Windows 2000 and later. It also provides some troubleshooting techniques. For more Kerberos information please also see Microsoft KB
266080, which has answers to frequently asked Kerberos questions.
With
this add-in you can permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files. When you distribute an Office document electronically, the document might contain information that you do not want to share publicly, such as information you’ve designated as “hidden” or information that allows you to collaborate on writing and editing the document with others. The Remove Hidden Data add-in is a tool that you can use to remove personal or hidden data that might not be immediately apparent when you view the document in your Microsoft Office application.
If you are into scripting Active Directory,
MS KB 246530 - Scripting Functions Provided by Iadstools.dll may be of some interest, which I just found out about. IadsTools, while a little buggy, has some very useful functions. Many of them are scripting versions of the
MS DS API functions.
The help doc that comes with IADsTools doesn't provide a simple list of all the IADsTools functions. It is a large Word doc that you have to scroll through to see what is available. This KB article gives you a list and short summary of each function.
Companies expecting a new patch management tool from Microsoft this summer will have to wait a little longer.
Microsoft said Tuesday that Windows Update Services, a new tool designed to let system administrators keep PCs and servers up to date with the latest patches and bug fixes, won't ship until sometime in the first half of next year. The tool, which entered testing in March, was supposed to debut this year.
The company said the delay will allow developers to incorporate changes suggested by people who tested the product. Also, Microsoft developers are busy with a new Automatic Updates agent that will be incorporated into Windows XP Service Pack 2 (SP2), a long-awaited revamp of Windows XP. The necessary integration of Automatic Updates into SP2, and required testing, in part contributed to the delay, according to the company.
(full story)
Today microsoft announced that ISA 2004 standard is available. ISA 2004 standard is available from the MSDN subscribers download site. For more product information, see:
Microsoft ISA Server product page.
Part of the Microsoft Windows Server System, ISA Server 2004 is particularly well suited to helping to safeguard Microsoft applications, such as Microsoft Exchange Server with Microsoft Outlook Web Access, Microsoft Internet Information Services, and Microsoft Office SharePoint Portal Server.
"We are incredibly excited about this release," says Jonathan Perera, senior director of product management for Microsoft's Security Business and Technology Unit. "Our customers have asked for ways to better control the cost of network security while also enabling them to share critical business applications over the Internet. ISA Server 2004 provides the advanced application protection and ease-of-use that make it possible for companies to achieve both goals."
Update: See
this press release from Microsoft for more information.
The previous poll was already online for some weeks and made absolutely clear that 50% of the companies still use Windows NT 4.0 as their primary operating system. Windows 2000 and 2003 together have a market share of about 30%. On the left you will find a new poll which should tell us how many people are using alternative browsers. So, your votes please! And below you will find the result of the previous poll:
At the Tech-Ed 2004 in Amsterdam I visited the presentation from Gary Henderson with the title "Introduction to Windows Update Services". Windows Update Services (WUS) is formerly now as Software Update Services (SUS) 2.0. Furthermore I did a hands-on lab of WUS. I have some experience with SUS in a small environment. In this item I take a look at the new features of WUS.
(more)
WinUpdatesList displays the list of all Windows updates (Service Packs and Hotfixes) installed on your local computer. For hotfix updates, this utility also displays the list of files updated with these hotfixes. In addition, it allows you to instantly open the Web link in Microsoft Web site that provides more information about the selected update, uninstall an update, copy the update information to the clipboard, or save it to text/HTML/XML file.
(more)
I’ve been looking at a new tweaking program for Windows called
XSetup Pro. Like Microsoft’s Tweak UI Power Toy and a host of third-party freeware and shareware tools, XSetup Pro exposes controls for many Windows settings that are not available in the standard UI, providing a much higher degree control over how Windows works and looks. And best of all, it's freeware!
If you want to manually crash your Windows XP or windows 2000 machine, navigate to:
HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Insert a value with the following details:
Data Type: DWORD
Value Name: CrashOnCtrlScroll
Value: 1
After reboot hold down the right CTRL key en press Scroll lock key twice.
After being berated by Microsoft for attempting to sell Linux on some
of the company's desktop systems, Dell has decided to stop selling
Windows altogether. CEO Michael Dell said, in a fictional conference
call with reporters, "Microsoft is in no position to push us around. By
selling Linux, we will save each customer nearly $200 per computer. If
Microsoft would like to continue selling Windows through Dell, it will
need to ask very nicely and accept that we have the right to sell other
operating systems."
Mr. Dell says Dell is going further and will be switching all its
internal computers to Linux with a deadline of November 1st, 2004. "We
realise this is a very ambitious goal, but the internal license cost
savings alone will allow me to buy a new Ferrari every month."
HP-Compaq, the world's #2 seller of desktop computers - behind Dell -
is expected to follow Dell's lead on Monday and cease selling any
Windows operating systems on their desktop computers.
Source:
NewsForge
On this page you can find a tool which is called Net Transport. Net Transport (shareware) can help you to download Microsoft Webcasts for offline viewing.
Howto:
1. Open a Webcast as you would normally do.
2. When you get to the live meeting wrapper, Right-click and View Source in notepad to find the line of code containing the mms url:
For example: mms://streaming.placeware.com/.../placeware.wmv
3. Copy this URL and paste it as a new job URL into NetTransport.
As it faces a more serious threat from Linux on the desktop, Microsoft will invest $50 million during its next fiscal year to accelerate more corporate deployment of Windows XP and Office 2003.
The Redmond, Wash.-based software giant will announce at its Worldwide Partner Conference in Toronto a revamped "Desktop Deployment Initiative" that provides partners with
more business investment funds, resources and personnel to help get customers upgraded to Microsoft's latest fleet of desktop software.
Source:
crn.com
Are you having trouble to get FTP working through a firewall? Your problem could be that you are using a wrong type of FTP. There are two kinds of FTP:
Active FTP
Passive FTP
A complete description what the differences are between those two and much more can be found here:
http://slacksite.com/other/ftp.html
After a message on the Windows Update V5 newsgroups regarding a possible interim build being released, Microsoft have back tracked and denied that there will be another interim release. Mike Brannigan (MSFT) called the posting "Untrue and inaccurate" and stated that the next public release is the RTM.According to reliable sources at Microsoft the scroll build (RTM) is due to be finished as early as next week or within the next 2 weeks. Current builds stand at 2161.
Source:Neowin.net
(more)
After all the designing, planning, and implementation work is done and the high-priced consultants have done their work, it's time for you to serve as a network administrator. Logically following last month's column, in which we discussed how to maintain a happy and healthy network through daily maintenance tasks, I follow it up this time with ten of the most important monthly and annual tasks. Here's a list of 10 that I consider to be the most important.
(more)
According to a post from the Windows Update Beta Team a new build of Windows XP SP2 will be released soon via the Windows Update V5 site. This build includes many fixes for reported issues. The build may be installed on Windows XP RTM, SP1, SP2 RC1 build 2096, or SP2 RC2 build 2149. Installing the new SP2 build onto any other SP2 build is not supported.
The build is expected to be posted today and Microsoft will send out emails to Windows Update V5 testers as soon as it's released. A good guess would indicate the build released will be 2161 unless further builds have met the requirements for public release.
Source: Neowin.net
VSPlus is a tool to help system administrators to manage multiple virtual machines on different virtual servers.
You can download VSPlus here.
(more)
With Windows Server 2003 comes a new DNS feature called Extension Mechanisms for DNS (EDNS0). This is implemented according to
rfc 2671
and allows UDP packets to be larger than the default 512 bytes. Of
course under 'normal' circumstances this is no problem. But in some
cases where there are firewalls and/or routers in your network not
allowing UDP packets larger than 512 bytes... you may experience
problems.
(more)
Always a big pain for sysadmins who do not regularly calculate this. In this article we will give two tricks on how to make the job easy. For instance, you want to know to which subnet 192.168.1.118 belongs when the subnet mask is 255.255.255.224. You take each octect of the ip number and the subnet mask and "AND" them with your scientific calculator:
(more)
This is the tool we use to gather system information to assist in trouble shooting customer support issues. There are different tools for different scenarios. Check out the readme files for details on all the information that a given tool collects.
These tools are only supported for reporting information to Microsoft during a support incident but you may find the results handy for your own analysis of your systems. Get the tools
here.
