Friday, November 26, 2004

Improvements in Management of Dells

Seems like our job got a little easier.

Microsoft and Dell reports that Dell will deliver management software working with the Dynamic Systems Initiative (DSI) (what we in the real world call SMS and MOM). Read more at Dell Unites with Microsoft to Provide Better Management Solutions and at Dell, Microsoft make a patch pact for servers

Thursday, November 25, 2004

Pass Phrases vs. Passwords - Parts 2 and 3

Or “Why you shouldn't be using passwords of any kind on your Windows networks . . .” as my first blog about this subject was called The discussion continues in part 2 and in part 3 of 3 – worth reading.

Tuesday, November 23, 2004

WUS Open Evaluation program - updated

For those of you who hasn't noticed this yet - Windows Update Services has reached Beta 2 (finally - the last version of WUS that was publicly released was in March as I recall) so Microsoft has relaunched its evaluation program. Information on WUS and registration for Beta download can be found here.
The current version version of WUS will of course update Windows (As SUS already does), but more interestingly it will also update Microsoft Office, Exchange and SQL (Including MSDE) and will in the "near future" also include other Microsoft products.
It will still leverage the BITS (Background Intelligent Transfer Service) platform but now in an updated version 2.0 (As does Windows Update v5) and much more interestingly it will now have the targeting and reporting features that we missed so much from SUS (making it much more applicable for other than small to medium organizations).
I've played a lot with the earlier versions of WUS and it's a big step forward - so go ahead download and test it so that you will be ready for the final release (Check out screenshots of WUS in this article).

Saturday, November 20, 2004

ISA Server 2000 Spoofing fix updated (890097)

As I reported earlier there we're issues with the first version of the security hotfix for the problems reported in the Microsoft Security bulletin MS04-039 - this is now corrected in a new version of the hotfix as reported in KB article 890097 "Multiple failures after you install Microsoft Security Update MS04-039" (Thank's to Per for noticing me about this update).

...files that are required for the package to install correctly on ISA Server 2000 Service Pack 1 (SP1) are missing. Additionally, the installer package included a setting that limited installation to Windows 2000 Service Pack 4 (SP4) only.

I haven't had the time to test this hotfix yet so do test the hotfix extensively (as always ;-) before applying it to your environment.

Friday, November 19, 2004

Detecting USN Rollbacks

While reading the Microsoft whitepaper about the support for domain controllers in virtual environments (see earlier post), I came across the KB 875495 article called How to detect and recover from a USN rollback in Windows Server 2003. If you ever setup operational procedures for rolling back your domain controller or your are afraid it could happen in your environment, go ahead and install the 875495 hotfix, so you at least can detect the situation. I recommend that you always install it - better safe than sorry.

Domain Controllers in a Virtual Environment

My normal strategy for handling failed domain controllers is to re-built it from scratch. This is a simple and safe strategy - restores are complex. Virtual environments (and imaging) increases at the risk of having a domain controller restored in an unsupported fashion. The 875495 hotfix is required by Microsoft, if you want support of your virtualized domain controller. If you have plans for virtual DCs, you must read the whitepaper, it also contains other important issues - e.g. remember that your virtual disk must be just as safe as a physical one.

Wednesday, November 17, 2004

RSS feed for Microsoft Downloads

Working with RSS feeds lately, I contacted Microsoft for an RSS feed for MS downloads. They do not have one, by dragged my attention to a third party one provided by ThunderMain. Very satisfying support from Microsoft. To give ThunderMain credit, I will not link you directly to the feed ;) - but select Resources on their site and find the link below Tools.

Saturday, November 13, 2004

XP SP2 / OWA S/MIME fix for Exchange 2003 (KB883543)

I just noticed that Microsoft has publicly released a Post SP1 fix for Exchange 2003 - it corrects a problem that I've been experiencing with S/MIME since the SP2 beta's. It does this by updating OWA to be able to find the S/MIME control (Handles S/MIME and functions like drag-and-drop of files/attachments) on computers running Windows XP SP2. You can find the hotfix here - including a link to the KB (that hasn't been published as of yet).

Wednesday, November 10, 2004

Make USB Storage Devices Read-Only

A few feature in Windows XP SP2 enables you to prevent writes to these devices. Could be useful in high-security or public environments, when you want to keep data on your systems. Read more in the section called Controlling block storage devices on USB buses in this Micrsoft article.

ISA Server 2000 Spoofing fix (888258)

Just an early warning from me - I've just installed this security fix in two completely different customer environments (and different OS'es - Windows 2000 and Windows 2003) and both of them had to be rolled back. During installation/test there are no problems, but under load the Web Proxy will repeatedly terminate "unexpectedly" and no in or outbound web acces will work. The solution was to uninstall the hotfix on both systems (And one of them actually required me to visit the customer on-site at 04:30 AM) - for now I recommend you to test the patch extensively in your environment and/or use the workaround published at http://support.microsoft.com/kb/889189.

Monday, November 08, 2004

Script Tales - script debugger

Here’s an introduction to the script debugger. If you are running VS.NET use can use that as well. Anyway, the Tales from the Script articles are quite funny to read, so even though you may not learn that much, it’s entertaining.

Sunday, November 07, 2004

Configure TCP/IP to use DHCP and a Static IP Address at the Same Time

Sometimes this could be useful - e.g. in a Virtual PC setup, you could have a server with a static address for server-to-server communication and a DHCP address (via NAT or whatever) for accessing the external network. The same could be configured using two NICs, but that typically gives other problems.

Friday, November 05, 2004

Microsoft PasswordUpdater.exe

The MOM 2005 Resource Kit contains a cool utility called passwordupdater.exe. This tool updates passwords (after you change it for the user in AD) on multiple servers in:
- Windows Services (Account Name)
- COM+ Applications (Identity)
- Task Scheduler (Run As)
- AT (Service Account)
- VDirs in IIS (Anonymous User & UNC User)

Tuesday, November 02, 2004

Force FRS replication from command line!

Finally – a pre Windows Server 2003 FRS update contains several fixes and an important new command argument to ntfrsutl called forcerepl.