Coming from Joe Maddalone:
I, like so many other's, have struggled with ways to test designs, css, etc. in multiple versions of Internet Explorer.
Usually the only solutions were to have multiple OS's installed on multiple partitions, or running some sort of emulation software such as VMWare.
While working on a project recently that I realized at the last second would be running in Internet Explorer 5.5, I had an immediate need to test this application in this browser.
Essentially this whole thing was stumbled upon out of necessity and a lawsuit that Microsoft lost.(continue at source)
Microsoft Watch reports a Virtual PC v2 (codename "Hedgehog") and Virtual Server v2 expected for year 2006 and running on 64 bit architectures as announced by Microsoft talking about its roadmap for 64-bit servers availability.
Microsoft Watch also reports a Virtual PC 2004 Service Pack 2 and a Virtual Server 2005 Service Pack 1 expected within this year.
eWeek reports Virtual PC 2004 Service Pack 2 could run 32-bit virtual machines on WOW64 or native 64-bit architecture.
Microsoft is readying more than just 64-bit Windows releases. It's also developing 64-bit versions of a handful of its key desktop and server apps. Microsoft has made no bones about its plans to release new 64-bit versions of Windows client and server in the next couple of months. But until now, the company has said little about its schedule for porting some of its own applications to 64-bit systems. During the past couple of weeks, Microsoft has begun to inform customers and partners of its 64-bit migration strategy for SQL Server, Exchange Server, BizTalk, Virtual PC and Virtual Server, and other key enterprise applications.
(more)
Release Candidate 2 for Windows Server 2003 SP1 is available to test from microsoft.com, which means RTM can't be that far away!
A new feature in SP1 (at least, present in the RC2 build of SP1) that's been causing some confusion is RDP over SSL - a new option for Terminal Services that should provide server authentication for TS sessions, preventing MITM (man in the middle) attacks while providing a new option for encryption.
Up front - RDP over SSL is not a firewall traversal technology. It doesn't mean you're using Web protocols to do RDP. To rephrase, it's not "RDP over HTTP", it's "RDP with TLS authentication and encryption over TCP" - it still happens over TCP port 3389, as RDP usually does.(
continue at source)
In this article MsExchange.org will give you some information on how to use the Exchange tools ISINTEG and ESEUTIL.
With the help of ESEUTIL you can defragment your Exchange information store offline, check the integrity of the store and repair the information store in case of emergency. ISINTEG is used to perform some tests on the information stores and to fix some errors.(
continue at source)
On February 28, Microsoft® will disable Internet activation for all Microsoft Windows® XP product keys located on the Certificates of Authenticity (COA) labels distributed by large, multinational OEMs.
Direct OEMs of Microsoft (large multinational OEMs that that have a direct signed license agreement with Microsoft) usually preinstall Windows software using System Lock Preinstall (SLP), which is a direct OEM’s method of legitimately bypassing Product Activation on behalf of their customers.
To reduce the illegal trafficking of these OEM product keys Microsoft will “disable” the ability to activate these direct OEM Product Keys over the Internet. When a customer or reseller tries to activate using a Product Key found on the list of “disabled” Keys, the online product activation wizard will instruct them to call Microsoft where a customer service representative can assist them further.
Active Directory, once it is extended by Exchange, provides a scalable solution for looking up contacts using the LDAP protocol. Resolving contact names using Outlook when accessing Active Directory is really fast, even if you have hundreds of contacts, and doesn't slow down the way it does when you have too many contacts in an Outlook contacts public folder.
On the other hand Outlook contacts folders are really easy to use. You can import information from a lot of sources using the Import and Export wizard without much hassle. Any application which supports exports of its contacts to a text file can be exported to Outlook because you can always rearrange the contact field to match those of Outlook.
While Active Directory provides the LDIFDE and CSVDE utilities for importing bulk information, they are not really the easiest conversion utilities that one could hope for.(
continue at source)
In these 2 articles coming from WindowSecurity.com advanced topics when using the PortQry command line tool will be covered. The PortQry utility allows you to select a computer, analyze it and get a report of port status on TCP and/or UDP ports.
Microsoft was kind enough to develop PortQry to aid in the troubleshooting of connectivity issues by allowing for better scanning of ports so let’s learn how it works so we can exploit its benefits in the field. Before you learn the mechanics of using it (it’s actually very easy to use), you should understand how it works because knowing that will show you its strengths.
According to a press release from Microsoft, MSN's Music store had the exclusive premiere of Eminem's New Music Video, "Mockingbird" yesterday. While exclusive premiers won't always win over consumers, it does show the Music Store is in the game for its uphill battle against the iTunes Music Store... the question remains though, will Microsoft release WMP10 for OSX?
Press Release
Now that Microsoft has disclosed plans to release a test version of Internet Explorer 7.0 this summer, only the details remain. What new features will be included? When will a final release be available? Will IE 7 run on older versions of Windows?
When Bill Gates disclosed IE 7 on Tuesday at the RSA conference in San Francisco, he left those questions for others to answer. Microsoft's chairman provided only a general idea of what to expect, saying a beta version would be available early this summer for Windows XP Service Pack 2 and that it would focus on defenses against phishing attacks and malicious software. "Browsing definitely is a point of vulnerability," Gates said.
In an online discussion published on Microsoft's Web site, security VP Mike Nash said IE 7 will also include enhanced "privacy protections." And Neil Charney, director of Windows client, says the upgraded browser will fight off spyware better, too.
(more)
Microsoft Corp., a provider of software, services and solutions, today announced the release to manufacturing of Microsoft Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition, at RSA Conference, with general availability to customers expected in March 2005. "ISA Server 2004 Enterprise Edition provides unique protection for critical business scenarios, such as more-secure remote access to Microsoft Exchange servers through Outlook Web Access and Microsoft Office Outlook 2003 RPC over HTTP." said Rich Kaplan, corporate vice president of the Security Business & Technology Unit at Microsoft.
For customers using Microsoft Operations Manager (MOM) 2005 for event and performance management of Windows Server System, Microsoft also announced immediate availability of the Microsoft ISA Server Management Pack for MOM 2005.
Microsoft's Windows Genuine Advantage (WGA) validation initiative has set off a firestorm of protest throughout the open source community after programmers uncovered a special function in the software dedicated to detecting Wine, a compatibility layer for running Windows programs in non-Windows environments.
WGA authentication is set to become mandatory for all non-critical Windows updates starting in the second half of 2005. Customers must run a program that verifies their Windows license, or they will not have access to Windows Update or the Microsoft Download Center.
(more)
In the wake of Real Software Inc. announcing a new version of its Realbasic application development tool, the company is concerned about a patent application Microsoft Corp. has filed that could affect all BASIC-like programming languages.
Real Software, of Austin, Texas, announced Realbasic 2005 last week at the Demo@15 conference in Scottsdale, Ariz. The new version supports the creation of self-contained executables that run natively on Windows, Mac OS and Linux.
(more)
Getting Windows and Exchange up and running wasn't a problem. Whereas I used to ssh to my BSD machine and read my mail via Pine, I now browse to my Windows machine and read my mail via OWA. The problem was that, upon moving to Exchange, I suddenly had years' worth of messages that I cared about but that weren't accessible to me when reading my mail via OWA.
This blog describes the process of getting all that mail natively into my new Exchange mailbox. By "natively," I just mean that the original timestamps, senders, and recipients were all the same once they landed in Exchange - as though they'd been there in the first place. A lame hack that crossed my mind initially was to forward all my mail to myself, preserving none of those things.
(more)
Intel announced new technology today that embeds TCP/IP Offload Engine functions on a processor instead of a network card. The chipmaking giant said the problem is that CPU performance and network bandwidth have improved, but not the method for moving TCP/IP data.
Dubbed the Intel I/O Acceleration Technology (I/OAT), the chipset add-on speeds up the protocol stack in a CPU, allowing the chip to do its own job and not depend so much on network traffic as it waits for the subsystem. The technology also includes data copying performed in a chipset, parallel processing of data and commands, and direct memory access in network controller. Intel said putting the TOE capabilities inside a chip instead of relying on a separate card increased performance in 90 percent of the applications it tested.(
continue at source)
In Microsoft Windows Server 2003 Service Pack 1, Microsoft is introducing a set of security technologies that will help to improve the ability of computers running Windows Server 2003 to withstand malicious attacks from viruses and worms.
Together, these security technologies will help to make it more difficult to attack Windows Server 2003, even if the latest updates are not applied. These security technologies together are particularly useful in mitigation against worms and viruses.
This document specifically focuses on the changes between earlier versions of Windows Server 2003 and Windows Server 2003 Service Pack 1 and reflects Microsoft’s early thinking about Service Pack 1 and its implications for developers. Examples and details are provided for several of the technologies that are experiencing the biggest changes. Future versions of this document will cover all new and changed technologies.
Download Changes to Functionality in Microsoft Windows Server 2003 Service Pack 1
Ghostbusters is a new innovative CD based checking tool that Microsoft is experimenting with. It works by booting the system a couple of times from the CD, while comparing the current OS settings with the expected baseline controls of what Windows should be. This detailed checking process can help find startup processes or substituted executable code that might point to a hidden root kit.
Security professionals definitely need a tool they can test out a suspicious server or workstation. The ability to actually clean the system is less important, as a server or PC should be rebuilt from the ground up if it is infected with a root kit. Due to the difficulty of detecting rootkits and their expected growth in the Windows environment, I'm hopeful Microsoft will continue their work in this area.
Microsoft continue work in adding a root kit detection tool to their excellent array of security analysis tools. A root kit detection tool would be particually helpful to network administrators in researching suspicious activities, especially if this malicious activity increases in the future. (
continue at source)
There's not much information about Access Based Directory Enumeration (ABDE) yet, but you gotta love this one. In a nutshell, ABDE causes the server to examine access rights to sub-directories on a share, only showing the user those directories to which they have access (Novell, anyone?). If you want to find out how this works in under 4 minutes,
click here to view Johan Howard's blogcast.
Currently there is no capability from the GUI to turn this feature on - unfortunately you'll need to use Win32 APIs. Maybe this will change at a future date, but for now you'll probably need a developer buddy to help you.
The ever watchful Microsoft Watch has a short and sweet snippet this morning, concerning the debut of Longhorn at WinHEC.
Or rather, the non-debut. WinHEC (Windows Hardware Engineering Conference) is in April, and there was speculation that we would see the first Beta release of Longhorn at the show. However, it seems like that speculation has been crushed, since Microsoft is just going to bring more Alpha preview code, according to the report.
(more)
Site links are a critical part of building Networked Windows Networks – How do Domain Controllers speak to each other without having synchronization problems? Network bandwidth being over utilized can play havoc with your network, at the same time affecting your Windows Server 2003 systems by creating errors in your logs seen in the Directory Services Log in the Event Viewer on our Domain Controller (DC).
In this article WindowsNetworking.com discusses things to consider when planning and designing site links.(
continue at source)
Microsoft security researchers are warning about a new generation of powerful system monitoring programs, or "rootkits," that are almost impossible to detect using current security products and that could pose a serious risk to corporations and individuals. The researchers discussed the growing threat posed by kernel root kits at a session at the RSA Security Conference in San Francisco on Tuesday. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.
With names like "Hacker Defender," "FU" and "Vanquish," the programs are the latest generation of remote system monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft's Security Solutions Group.
(more)
Microsoft's anti-piracy efforts have taken a new twist: helping parents better understand their children's online activities, and in turn, keep them from breaking the law. The company has posted a dossier detailing the online slang used by children, which outlines six key points for learning "leetspeek."
Leetspeek, derived from elite speak, may include numbers in place of letters and substitute characters that are similar in appearance. Rules of grammar are rarely obeyed, says Microsoft, and mistakes are often left uncorrected. Microsoft specifically highlights terms related to illegal activity, such as "warez" or "w4r3z," and "pwn3d." "Their use could be an indicator that your teenager is involved in the theft of intellectual property, particularly licensed software," the company says.
(more)
Some new Microsoft Operations Manager 2005 management packs were released to the web:
MOM 2005 Management Pack for ISA Server 2004
The ISA Server Management Pack guards ISA Server events and alerts. The Management Pack for ISA notices performance problems, monitors the disk capacity and checks the ISA Server configuration. The Management Pack is available for download from the Microsoft Download Center.
MOM 2005 Management Pack beschikbaar for HP ProLiant servers
The new HP ProLiant and Integrity Management Packs for MOM 2005 offer advanced possibilities for automated control of these server configurations. The HP management pack for MOM 2005 can be downloaded free of charge from the HP corporate website.
Coming from John Howard:
Following the Virtual Server technical overview event I presented in Manchester yesterday evening, I was asked about Shared Networking (NAT) which is present in Virtual PC 2004, but not in Virtual Server 2005 and whether there was a way to provide this through an alternate mechanism. Here's the answer:
Add a loopback adapter to the host (KB article link) and create a new virtual network under Virtual Server administration bound to the new adapter. You then enable Internet Connection Sharing (ICS) on the host NIC connected to the physical network.
In case you haven't already heard, registrations are now open for TechEd Europe 2005 (5-8 July). Last year we had a record-breaking number of Irish attendees - and this year I hope we have an even better turnout. As usual, the Amterdam line-up includes top international speakers, birds of a feather sessions, hands on labs, panels and, of course, lots of networking opportunities. Early Bird registrations (on or before 20 May 2005) are charged at €1,950. After this date the price increases to €2,250. If you choose to attend a Pre-Conference seminar, these are charged at an additional €150. There are also discounts for groups (5+, 10+ etc.). All prices are subject to local VAT at 19%. Click
here to read more, or click
here for quick online registration.
Redmond is putting its patch service, Microsoft Update, to the test. When will this product really let customers automatically download security and performance patches for Windows enterprise applications? Microsoft Corp. Tuesday confirmed that it will release in March a beta version of what it is calling a unified software update service for consumers and small and midsize businesses.
Called Microsoft Update, the service will provide a single location for users to get security and performance patches for Windows XP, Windows 2000, Windows Server 2003, Office 2003 and Exchange Server 2003. Microsoft Update is designed to be "a superset of Windows Update, which will continue to exist" as a security and performance patch server for system administrators for medium and large enterprises, said Gary Schare, Microsoft's director of security product management in Redmond, Wash.
(more)
"Nokia Licenses Microsoft Exchange Server ActiveSync Protocol for Integration With Nokia's Business-Optimized Devices". As companies look to mobility, e-mail is usually the first application (other than voice/phone) that they look at for empowering mobile users. Nokia knows this of course, as they announced their license agreement for the use of ActiveSync to allow their customers that use Exchange Server 2003 to connect using Nokia Series 60 or Series 80 devices.
(press release)
Appearing on ABC News this evening, Bill Gates was asked about the report that eighty percent of Microsoft employees use iPods as opposed to one of the more Microsoft-friendly MP3 players.
Gates stated that he doubts that the report is true and then went on to predict that the iPod will eventually lose its 92 percent marketshare to Microsoft-compatible players because customers want choice. Gates also said that he himself uses a player from Creative.
(more)
The Microsoft Excel spreadsheets linked below document the Active Directory attributes exposed by the LDAP and WinNT providers. The terms "attribute" and "property" are interchangeable. The name of a property or attribute is similar to the name of a field in a database. The actual value of the attribute is stored in Active Directory. The Active Directory schema can be extended to include additional attributes. The ones documented in the spreadsheets are only the default attributes when Active Directory is installed.
Spreadsheet of User Properties in Active Directory Users & Computers MMC
Spreadsheet of all Active Directory attributes
Spreadsheet of User Object Property Methods
Spreadsheet of attributes exposed by the WinNT provider
Microsoft Corp. Tuesday confirmed that it will release in March a beta version of what it is calling a unified software update service for consumers and small and midsize businesses. Called Microsoft Update, the service will provide a single location for users to get security and performance patches for Windows XP, Windows 2000, Windows Server 2003, Office 2003 and Exchange Server 2003.
Microsoft Update is designed to be "a superset of Windows Update, which will continue to exist" as a security and performance patch server for system administrators for medium and large enterprises, said Gary Schare, Microsoft's director of security product management in Redmond, Wash. Both Microsoft Update and Windows Update are designed to give users and administrators a single place where they can go to get security and performance patches for Microsoft products.
(continue at source)
The ProLiant Essentials Server Migration Pack radically simplifies server consolidation projects. Server Migration Pack (SMP), a companion product to the Virtual Machine Management Pack, automates the manual processes required for a physical server to virtual machine (P2V) migration. SMP raises the bar on P2V automation, so that a typical migration process can be completed in a matter of minutes. The SMP's advanced migration technology also provides the ability to support virtual machine to virtual machine (V2V) conversions. V2V provides the ability to covert Virtual Machines between different underlying virtualization layers including: VMware ESX / GSX and Microsoft Virtual Server.
Systems Insight Manager and the ProLiant Essentials management software provide a complete tool set for server consolidation projects. Using HP SIM and the Performance Management Pack, users can easily identify underutilized servers in the datacenter that are candidates for consolidation. Once these systems are identified, SIM and the Server Migration Pack provide an easy to use physical to virtual (P2V) migration capability.(continue at source)
Coming from Brian Madden:
Citrix released the first public preview versions of MetaFrame Presentation Server 4.0 after their annual iForum show in October 2004. They then released an updated preview version at their Solution Summit show this past January. Since I spent quite of bit of time with the first preview, I wanted to see what the developers had done between these two releases. This article updates my previous findings. (Please read the WI 4.0 and CSG 3.0 if you haven’t done so yet.)(continue at source)
Move mailbox is the best, supported way to move mailbox data between Exchange servers and update the directory object. It’s been around for ages and has been improved with each version. In Exchange 2003, for instance, the mailbox moves can now be scheduled and are multi-threaded to dramatically improve performance. Exchange 2003 SP1 added the ability to move mailboxes cross-site while still in mixed mode.
There are a number of resources on how to do move mailbox between Exchange servers (
KB.224975 and
KB.328810 are two good examples), but what’s missing is a good high-level description of what goes on behind the scenes to make it all happen. This post focuses on Exchange 2003, but much of this applies to earlier versions as well. There’s a bunch of additional steps required for cross-site moves, but those are covered in
other places.(continue at source)
It has long been expected that Microsoft would do something to improve its flailing Internet Explorer and now we know what: Microsoft will soon announce plans to release Internet Explorer 7 for Windows XP SP2 customers. "IE 7 is a major upgrade which focuses on security. IE 7 will build on and broaden the progress made with SP2, while putting in place even stronger defenses against phishing, malware and spyware," Microsoft says. However, security isn't the only focus of the browser. Microsoft promises new features and enhancements to existing features and, while the company might be tight lips about just what those features are, it's easy to speculate on what Microsoft might add. We'll know for sure what some new features are when the first beta ships this summer.
The Administrator user account is by far the number one target for someone trying to gain illegal access to your network and resources. You must protect this account above all other accounts to ensure that you are not left vulnerable to the tools, tricks, and exposure that this account accommodates. There are some basic and advanced options that you can configure within Windows Active Directory to protect this valued account.(continue at source)
In a Windows 2000 or Windows 2003 based forest, every domain automatically trusts all of the other domains in the entire forest. However, there are situations in which this automatic trust relationship constitutes a major security risk. In this article, WindowsNetworking.com will explain what some of these situations are and how you can create the necessary trust relationships without posing a security risk. (continue at source)
Microsoft really backed itself into a corner with Internet Explorer (IE) by holding onto its claim that its browser is an inextricable part of the Windows operating system. The Redmondians have been sorely lacking a compelling story to tell users who are unhappy with the constant barrage of IE security flaws and who are actively seeking IE alternatives. The current line — wait until Longhorn in 2006 — just doesn't cut it. Now, it turns out Microsoft isn't quite as naïve as we thought. Company officials are discussing with partners
ways that Microsoft might update IE before Longhorn.
We're betting we'll see one or more
IE add-ons, delivered via Windows Marketplace, sooner rather than later.
There is a lot of buzz about our new 64-Bit editions of Window Server 2003. Microsoft has been in the 64-Bit game since the launch of Window Server 2003 – with Itanium. One aspect of SP1 that is not getting a lot of attention is how we are still building and developing on the Itanium platform.
One of the features of SP1 for Window Server 2003 will include the IA-32 Execution Layer Driver for Itanium. What is that you ask? The IA-32 Execution Layer (IA-32 EL) is a software driver that improves performance of 32-bit applications running 64-Bit Itanium-based Systems. In short - IA-32 EL works by translating IA-32 code into native Itanium architecture code before it is executed.
It will be included as part of the SP1 for Server 2003 – or you can
download it now. You can also read more about it at the
Intel site.
Microsoft, Paypal, eBay & Visa join WholeSecurity to launched phish report network, the internet's first global anti-phishing aggregation service.
WholeSecurity, the leading provider of behavioral, on-demand endpoint security solutions, today introduced the Phish Report Network (
www.phishreport.net), the Internet industry’s first worldwide anti-phishing aggregation service. Initial participants in the new business service include Microsoft, eBay, PayPal, and Visa. The Phish Report Network allows any company being victimized by phishing attacks to immediately and securely report fraudulent Web sites to a central database operated by WholeSecurity. Other companies subscribing to the Phish Report Network can then access the database or receive real-time notifications of known phishing sites, enabling them to more effectively protect consumers by blocking these sites in their user-facing security applications.
More in
http://www.wholesecurity.com/news/releases/PRN_launch.html
On his blog, Robert Hensing of the Microsoft PSS Security Team makes a really convincing argument for the abolishment of complicated passwords. He argues that precomputed hash tables, network sniffing, and programs like LoftCrack make passwords obsolete and dangerous in the windows environment. What does he recommend in their place?
Passphrases: sentences and quotes that are easy to remember but may be more than 30 or 40 characters in length. With many companies requiring frequent password changes, (and we know exactly where that leads) this is a simple idea I'm surprised more people haven't been doing this more often.
(more)
Microsoft officials acknowledged Thursday that the company has decided to postpone by several months the final release-to-manufacturing date for its next major customer-relationship-management application.
The product, code-named "Microsoft CRM 2.0," originally was set to ship in 2004. Last year, Microsoft said it was delaying the CRM 2.0 release until the early part of 2005. Just a few weeks ago, company officials said the 2.0 release would be released to manufacturing in March 2005. But on Thursday, Microsoft pushed back the RTM (release-to-manufacturing) date to sometime in the fourth calendar quarter of 2005. If the product RTMs late in the year, customers will be unlikely to see the final bits until early 2006.
(more)
Nick McGrath, head of platform strategy for Microsoft in the UK has claimed that 'Linux is not ready for mission critical computing.'
Talking to us recently, McGrath said that the Open Source operating system 'lacks the maturity of the Microsoft application stack. Customers are giving Linux the benefit of the doubt right now, but people's patience with performance issues and so on will wear thin.'
