Saturday, December 02, 2006

Article on Exchange Troubleshooting Assistant

Pretty good article on http://www.msexchange.org/tutorials/Exchange-Troubleshooting-Assistant.html about Exchange Troubleshooting Assistant in Exchange 2007.

Good enough to get you up and running with Exchange Troubleshooting Assistant efficiently.

/Gill

Wednesday, November 29, 2006

Tuesday, November 28, 2006

A Hard Lesson in Privacy

Read this article at Security Focus about how this guy purchased a second-hand laptop and found some porn stuff in the laptop belonging to the owner and then it turns out the owner is a very popular tv hostess.

Read more..

SQL Server 2005 Waits and Queues:SQL Server Best Practices Article

This paper approaches the complex area of Microsoft® SQL Server™ performance tuning using a methodology called Waits and Queues.

Top 10 SQL Server 2005 Performance Issues for Data Warehouse and Reporting Applications

Relational Data Warehouse or Reporting work loads are characterized by low volumes of very large transactions. These applications are often identified as having predominately read workloads (e.g. Decision Support, Analysis, and Reporting) with periodic feeds or batch loads. It is important to keep these characteristics in mind as we examine the significance of database design, resource utilization and system performance. The top performance bottlenecks or gotchas to avoid for Data Warehouse or Reporting applications are outlined in this article at Mirosoft's TechCenter SQL Server site.

Monday, November 27, 2006

Article about DataWarehousing on Avoiding the Metadata Pitfalls

Summary: By doing a bit of groundwork and effectively controlling the scope of the metadata repository continuously throughout the project, few problems should arise.

Microsoft is often unfairly slammed for security issues, says NGSS

November 25, 2006 (Computerworld) --

Microsoft Corp may be taking the most heat among software vendors for security problems, but it's not always the one with the worst record.

A comparison of vulnerabilities in Microsoft's SQL Server database with Oracle Corp.'s relational database management products by Next Generation Security Software Ltd. (NGSS) shows that the latter vendor's products to have far more vulnerabilities than do products from Microsoft.

Read more...

BusinessValue Summit '06 (in Singapore)

SQL Server 2005 Service Pack 2 CTP

CTP for SQL 2005 SP1 can be downloaded from SQL Server 2005 Service Pack 2 CTP (November 2006).

The CTP for SP2 adds data compression, increased business intelligence functionality, adds security updates and support for Windows Vista and Office 2007. Excel, Excel Server and Sharepoint have all been integrated with SQL Server, allowing for Excel data analytics to be done within SQL Server.

Microsoft SQL Server 2005 Compact Edition

Overview (from microsoft.com)

Microsoft SQL Server 2005 Compact Edition offers essential relational database functionality in a compact footprint ideal for embedding in mobile and desktop applications including a new generation of occasionally connected dynamic applications.
Sharing a familiar SQL syntax and common ADO.NET programming model with other SQL Server Editions, and management via SQL Server 2005 Management Studio, SQL Server 2005 Compact Edition allows developers and administrators to apply their existing skills and be immediately productive.

In addition, SQL Server 2005 Compact Edition enables scale-up of an application, either via a robust synchronization with other SQL Server Editions, or by moving to a higher edition of SQL Server. SQL Server 2005 Compact Edition allows you to extend your integrated data management platform deeper into your enterprise and into your mobile workforce. Download SQL Server Compact Edition Release Candidate 1 (RC1).

Saturday, November 11, 2006

Announcing Process Monitor v1.0

Regmon and Filemon is now combined into a single tool, Process Monitor. Also included is other monitoring tools like process, thread and DLL monitoring.

There are all sorts of information displayed, including some basic data mining capabilites.

/Gill

Sysinternals Suite Now From TechNet

MS TechNet has rolled up the entire set of Sysinternals Utilities into a single
Suite of tools. This file contains all the individual tools & help files. The
whole thing is just 8MB.

http://www.microsoft.com/technet/sysinternals/utilities/sysinternalssuite.mspx

Find a career with Dell! The Dell Careers Blog is Open

Source: msexchange.org

Monday, October 23, 2006

Zune another kind of four-letter word in Hebrew: Microsoft Zune: Doesn't sound sweet to everyone

October 20, 2006 (IDG News Service) -- Microsoft Corp.'s forthcoming digital music player, dubbed Zune, may make some Hebrew speakers gasp. The name for the device, which will take on the Apple iPod when released later this year, sounds like a vulgarity, specifically the "f" word, in Hebrew.

Read more.

Wednesday, October 18, 2006

2006 January through September Vulnerability Trends

A compiled a large database of information covering vulnerabilities identified at http://cve.mitre.org and http://nvd.nist.gov that includes, among other things, sources concerning dates of public disclosure and references to the disclosures. With this database, it is possible to examine vulnerability trends over time and look for interesting events through the first 9 months of 2006.

Saturday, October 07, 2006

Microsoft releases Windows Vista RC2

October 06, 2006 (Computerworld) -- Microsoft Corp. today released what it expects to be the final release of Windows Vista before the operating system is sent to manufacturing for distribution.

Windows Vista Release Candidate 2 (RC2), which is build number 5744, is being made available to 100,000 Customer Preview Program (CPP) participants, as well as to subscribers and members of TechBeta, TechNet, TAP and MSDN.

The company said that this newest build includes bug fixes, performance improvements, better application compatibility and "fit and finish" work -- tweaks to the look and feel of the operating system.

Microsoft also said that it is on target for making Windows Vista available to volume licensing customers in November and to consumers in January 2007. However, it added that "the final delivery will be based on quality" -- in other words, if it finds serious issues with the operating system, it would delay its planned launch. The company does not expect that to happen, however.

The company will continue to support RC1 through the official Windows Vista launch, and adds that RC1 can be used as the basis for logo certification.

Thursday, September 07, 2006

Microsoft Research Builds BrowserShield

from: webappsec@securityfocus.com

"With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers.

"We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting our layer of code at run-time to make the Web page safe for the end user."

URL: http://www.eweek.com/article2/0,1895,2011765,00.asp

Wednesday, August 30, 2006

Sunday, August 27, 2006

Toshiba to make Microsoft's Zune

Microsoft says Japanese firm Toshiba will make its Zune portable music player, due out later this year.

Saturday, August 05, 2006

Microsoft Standard User Analyzer Beta 1

Summary:

The UAC team has just released the first beta version of the Microsoft Standard User Analyzer (SUA) tool. SUA is a tool that independent software vendors (ISVs) and IT developers can use to diagnose and identify possible application compatibility issues when migrating applications from running as administrator on down level Windows operating systems to Windows Vista which even with administrators run most programs with standard user privileges by default.

Friday, July 28, 2006

Microsoft will distribute Internet Explorer 7 as a high-priority

Microsoft will distribute Internet Explorer 7 as a high-priority update via Automatic Updates soon after the final version is released for Windows XP, planned for the fourth quarter of 2006.

/Gill

Sunday, July 16, 2006

Hands On: How to Install Windows Vista Beta

July 12, 2006 (Computerworld) -- Microsoft last month made Windows Vista Beta 2 publicly available for download or delivery on DVD via its Windows Vista Consumer Preview Program (CPP). The CPP closed to new registrations on June 30, and it appears Microsoft will not reopen it when Vista Release Candidate 1 arrives, but all registered CPP users will be offered RC1 as well.
What's the best way to install and test Windows Vista? There are three main ways to do so gracefully. There are also one or two tricks of the trade.

Read the rest of the guide..

Saturday, July 15, 2006

very comprehensive list of Windows Update error codes

Phishing Attack Defeats Two-Factor Authentication

from: The SANS Institute [NewsBites@sans.org]

(13 & 10 July 2006)
Phishers are targeting Citibank Citibusiness customers using a man-in-the-middle attack to exploit people's trust in two-factor authentication. The scheme, if successful, would provide the phishers with Citibank Citibusiness customers' names and passwords in addition to temporary passwords generated by security tokens. The scheme passes on the customers' entered information to the legitimate site to see if it authentic. In a real-time attack scenario, the temporary passwords could be used before they expire. The phony site has reportedly been shut down.
http://www.vnunet.com/vnunet/news/2160250/phishers-crack-two-factor
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html

Legendary hacker and author Kevin Mitnick has produced a whitepaper

Legendary hacker and author Kevin Mitnick has produced a whitepaper in which he details several scenarios in which social engineering exposed significant vulnerabilities that lead to corporate attacks.

People who have read Kevin's books and who like his style of writing will also enjoy the paper. What I find most valuable about this paper is that Mitnick remains neutral in his approach when he outlines his "Best Practices" approach to protection. He does a thorough analysis of various techniques and methodologies for mitigating risk and locking down endpoints, while allowing users enough flexibility to perform their jobs.

People can download the whitepaper in PDF format from www.appsense.com/mitnick
It's a good read, I would recommend it for anyone security inclined even if you just download it and save it for a rainy day :o)

resource:security-basics@securityfocus.com

Saturday, July 08, 2006

The Depressing State Of Computer Security

From WServerNews.com newsletter.

Perhaps you know Roger Grimes. He's an InfoWorld Test Center Contributing Editor, Writes for WinITPro Mag, and is a Foundstone Ultimate Hacking instructor/consultant teaching Windows, Linux, Unix, and Solaris security.
His column this week was as depressing as it was interesting. He puts all his 10 fingers smack in the middle of many sore spots.
It was revealing and entertaining to read his admittedly gloomy perspective on security, but he did say that next week's column will point to some solutions. In the mean time, read this and get yourself trained as an IT security specialist. There will be a lot of work for -years- to come !

Thursday, June 29, 2006

Wednesday, June 28, 2006

Microsoft details unified communications road map

Main items include:
Microsoft Office Communications Server 2007, which is Microsoft's new name for its Live Communications Server. It will include voice-over-IP call management, as well as audio-, video- and webconferencing and instant messaging communication with and across software applications and devices.

Microsoft plans to release its Office Communicator 2007, a unified communications client that works with Communications Server 2007 to provide enterprise VoIP through a softphone. Microsoft also announced Office Live Meeting, which includes audio and video capabilities for conferencing from a PC and is due out at about the same time.

A new product: Office RoundTable.

Microsoft Exchange Server 2007 is also expected for release in late 2006 or early 2007, and Microsoft Speech Server 2007 will be available in late 2006

Partnerships with other communications vendors and includes plans for IP desktop phones that run Communicator software. The vendors named were Polycom Inc., LG-Nortel Co. Ltd. and Thomson Telecom. Microsoft also announced interoperability with or partnerships with Hewlett-Packard Co., Siemens AG and Motorola Inc.

/Gill

Tuesday, June 27, 2006

Microsoft offers online tests of Office 2007

Microsoft for the first time allows you to test pre-release/beta software without you having to download it first :)

Office components offered include:
Microsoft Office Access 2007
Microsoft Office Excel 2007
Microsoft Office InfoPath 2007
Microsoft Office OneNote 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007 with Business Contact Manager
Microsoft Office Outlook Web Access
Microsoft Office PowerPoint 2007
Microsoft Office Project Professional 2007
Microsoft Office Publisher 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office Visio 2007
Microsoft Office Word 2007
Microsoft Windows SharePoint Services
Microsoft Office Project Server 2007 (coming soon)
Microsoft Office SharePoint Server 2007

Go ahead. Click http://www.microsoft.com/office/preview/beta/testdrive.mspx.

Sunday, June 25, 2006

Friday, June 16, 2006

Bill Gates: I salute you .

Analysis: Look for change at Microsoft after Gates

'You can't help but see some level of change,' says one analyst.

Microsoft outlines post-Gates transition plans

Gates will step aside in two years; Ray Ozzie named chief software architect

Reports of Excel 0-Day (NEW)

from SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

Reports of Excel 0-Day (NEW)
Published: 2006-06-16,Last Updated: 2006-06-16 06:02:01 UTC by Scott Fendley (Version: 1)
Microsoft has received a report of a new 0-day vulnerability involving Excel. They are currently investigating this issue and will issue more information on workarounds as it becomes available. They are currently blogging about it at http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx so check that site for more information as it becomes available.In the meantime, we continue to recommend the same defenses we recommended with the Word 0-day from last month located at http://isc.sans.org/diary.php?storyid=1347. These very general best practices should help alleviate the danger until Microsoft releases a patch or more specific workarounds.

Friday, May 19, 2006

ADModify.NET: Workspace Home

Overview
ADModify.NET is a tool primarily utilized by Exchange and Active Directory administrators to facilitate bulk user attribute modifications. See http://blogs.technet.com/exchange/archive/2004/08/04/208045.aspx for launch details

Thursday, May 11, 2006

Tech-Ed 2006 Webcasts: Power to the Pros

If you have already registered for Microsoft TechEd 2006, tune in to this series of webcasts and get the most out of your time while you're there. Haven't yet decided if you'll attend TechEd 2006? This webcast series will give you a preview of what you can learn June 11-16, 2006, in Boston, Massachusetts. Plus, attend a pre-TechEd webcast by May 12 and you could win a free pass to TechEd 2006. See the official rules for details.

IIS 6.0 Security and Hardening Resources

Windows 2003/IIS 6.0 DMZ Hardening Guidelines http://www.shebeen.com/win2003/

Securing Internet Information Services 6.0 http://www.microsoft.com/smallbusiness/support/articles/sec_iis_6_0.mspx

IIS 6.0 Security Best Practices
http://technet2.microsoft.com/WindowsServer/en/Library/ace052a0-a713-423e-8e8c-4bf198f597b81033.mspx

Security in IIS 6.0 (links to resources) http://technet2.microsoft.com/WindowsServer/en/Library/354f4539-982a-418c-bfe7-4d5155b83f4a1033.mspx

Checklist: ASP Security (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d2e896b5-97af-4b74-89be-55a30e1030e2.mspx?mfr=true

Microsoft IIS Hardening Checklist
www.uchsc.edu/is/security/IISHardeningChecklist.pdf

Thursday, April 27, 2006

Wednesday, April 26, 2006

Monad is called Windows Powershell

The blog location for Windows Powershell is at http://blogs.msdn.com/powershell/default.aspx.

Read more here about the presentation at the MMC event where the announcement was made.

Saturday, April 22, 2006

Free MOM 2005 MP for Virtual Servers

Last week, Microsoft made available a free management pack for download for server virtualization software. Note you still need to have MOM 2005 running already.

The pack helps keep tabs on computers running the software and the virtual machines hosted by the software.


The Microsoft Virtual Server 2005 R2 Management Pack can run on Virtual Server 2005 and on Virtual Server 2005 R2. Microsoft said the management pack provides monitoring and reporting capabilities. Follow the download link for more information on the capabilities.

Friday, March 17, 2006

Tuesday, March 14, 2006

Kimberly Tripp's SQL 2005 ITPro Webcasts : 1st session done.

The 1st webcast from Ms. Tripp was vastly popular. She blogged about the session and also offered demo scripts for download and some valuable additional resources.

Here is her blog entry for the first session :
http://www.sqlskills.com/blogs/kimberly/PermaLink.aspx?guid=f66a8646-bf9d-4f3e-b46e-dbce22be2f96

Sunday, February 26, 2006

Beginning this March from Microsoft:Kimberly L. Tripp SQL Server 2005 ITPro Webcast Series

If you're an IT professional wanting solid, valuable content and help with SQL Server 2005, your ship has landed in the form of an 11-part Webcast series brought to you by Microsoft. Kimberly L. Tripp of SQLSkills.com, a Microsoft MVP and Regional Director, is going share her knowledge and passion around building robust, recoverable and reliable SQL Server 2005 systems. Join the free Webcast every Friday starting March 10, 2006.

Visit here for more information.

Tuesday, February 21, 2006

Vista Versions Finally Finalized

It looks like Microsoft has made up its collective mind about the editions of Vista that will be offered, and as expected, there'll be no more Tablet PC or Media Center Edition.

The six core versions include: Starter Edition, Enterprise Edition, Home Basic, Home Premium, Business and Ultimate. There will also be two "N" versions (Home Basic N and Business N) that are customized to comply with the European Union's orders not to include Windows Media Player with the operating system.

Friday, February 17, 2006

Office 12 is Office 2007

Microsoft Corp. today announced the lineup of its upcoming 2007 Microsoft® Office system products, previously code-named Microsoft Office "12".

Details about the 2007 Microsoft Office system products, including press releases and white papers on new Office products, application naming, suite packaging, server lineup, and U.S. estimated retail prices, can be found online at http://www.microsoft.com/presspass/presskits/2007office/default.mspx and http://www.microsoft.com/office/preview.

Sunday, February 12, 2006

Microsoft buys FutureSoft Web-filtering software

FEBRUARY 09, 2006 (IDG NEWS SERVICE) - Microsoft Corp. Thursday said it was buying Web-filtering software called DynaComm i:filter from FutureSoft Inc.

DynaComm i:filter allows IT administrators to filter content coming through a company's network that has been deemed inappropriate or bandwidth-hogging. The software also protects users against spyware by blocking the download of executable files through Web browsers.

Tuesday, February 07, 2006

Exchange 12" beta will be in TechNet March Shipments!

Big news for TechNet Subscribers!

March disc shipments will include a special treat: a special beta release of the upcoming version of Exchange Server code-named “Exchange 12”.

Get over to http://www.microsoft.com/technet/subscription !

Sunday, January 29, 2006

The Security Monitoring and Attack Detection Planning Guide

Found this Guide while reading a thread on Windows Log management.
Here is a quick brief description:

This guide is designed to help organizations plan a security monitoring and attack detection system based on Windows Security Event logs. It highlights how to interpret the events and which events indicate the possibility that an attack is in progress.

Overview
The Security Monitoring and Attack Detection Planning Guide is a practical support document for business and information technology professionals who are working to develop systems to monitor security on a network and to detect intruders. Its primary goals and objectives are to:
  1. Introduce the concepts of security monitoring and attack detection.
  2. List applications that can provide event log correlation.
  3. Describe best practice activities and processes for developing a security monitoring and attack detection system.
  4. Identify business, technical, and security issues for:
    Detecting policy violations
    Detecting external attacks
    Implementing forensic analysis
  5. Design a security monitoring and attack detection solution that can identify when attacks on the network take place.
  6. Provide the ability to implement data retention for Forensic Analysis.

Download it and start reading it. If not all, some parts of it maybe useful, for sure. Imagine starting to understand Forensic Analysis using Windows Log!!

Saturday, January 21, 2006

Windows XP SP3 Due Out in Second Half of 2007

(18 January 2006)

Microsoft has set a tentative release date of the second half of 2007 for Windows XP Service Pack 3 (SP3) the professional and home editions.
Windows XP SP2 was released in 2004. Microsoft reportedly pushed back the release date for XP SP3 to allow them to concentrate resources on Windows Vista, which is scheduled to be released later this year.
http://www.zdnetasia.com/news/software/printfriendly.htm?AT=39305800-39000001c
http://www.theregister.co.uk/2006/01/18/windows_xp_sp3_delay/
http://www.microsoft.com/windows/lifecycle/servicepacks.mspx

From sans.org

The Smart Card Deployment Cookbook

Overview
Typically, a cookbook is a collection of recipes, or instructions, that explain how to do something and what you need to do it. This "cookbook" is a set of "recipes" for deploying smart cards in an enterprise that is deploying Microsoft Windows 2000 Active Directory. The white papers in this series will help you understand the principal smart card concepts and guide you through the planning tasks.
The cookbook is divided into three sections:
On This Page

About This Cookbook

Who Should Read This Series

Section 1: Smart Card Backgrounder

Section 2: Smart Card Deployment Planning Considerations

Section 3: Smart Card Deployment Scenario

Related Materials