Shavlik Technologies has released updated XML files for Shavlik HFNetChkPro.
XML data version = 
Last modified on 5/31/2004

 This update includes the following changes:
 – Added detection for Exchange Server 2003 SP1

(we are still testing the deployment instructions for this SP, thus the package
is not available for download and deployment at this time.  We will release an
updated XML file when this SP is available for download and deployment via Shavlik

– Added detection and deployment for ISA Server 2000 SP2

I’m not surprised that the Exchange file is not ready to deploy.  I’ve seen some people having a bit issues with the install and it needs the GZIP patch prior to installation.  Plus post installation we need to adjust some settings.

Today we had Ice Cream [old family recipe], which means this is the start of Summertime in California…..and I just looked at and yup, we’re definitely going to get hot next week.

6 eggs [I now use eggbeaters since this is a non cooked ice cream recipe]

2 cans of evaporated milk

2 cans of sweetened condensed milk

2 tablespoons of Vanilla along with scrapings of vanilla beans

1 teaspoon of orange extract [can also be lemon extract or even better Grand Marnier liqueor

Mix and pour into a 4 or 5 quart ice cream container, fill remaining space with whole milk, half and half, and some cream in whatever proportions to your taste

Load up in the electric or hand crank ice cream maker, cover with ice, enough rock salt to melt the ice and about 45 minutes later… voila.  So good, you don’t even need chocolate syrup

Now back to our regularly scheduled SBS blog….  😉

In the newsgroups today, a person updated his SBS 2000 and was prompted that the TS in application mode would be removed during the upgrade.  He went through the upgrade and then posted back in the newsgroups asking how to turn on Application mode again…….

Well… it can’t be turned back on again….. and we should not have been allowed to do it in the first place. 

Let’s determine why shall we?

Okay first and foremost, would you agree that allowing your employees to sit at your server and use it as a workstation is a good idea?  Probably not right?  Well that’s what you are doing when you do TS in application mode.  You are allowing people to log onto that server, use possibly “leaky“ applications that may require you to reboot the server, and in general, expanding greatly the threat vectors on that server.

Take for example – Internet Explorer.  You have to remove the Enhanced IE security [go into add/remove programs to remove this on a normal server].  Michael Howard [MS Security dude] talks about the threat modeling that they did on Windows 2003 server.  Near the end of the project they did a “threat model“ brainstorm and asked themselves what was a potential issue….and the threat that came back was surfing on that domain controller.  So the Security folks pushed through that Enhanced IE [you know that box that prompts you the web site you are wanting to go to is not in a trusted zone?].  Andrew Duthie talks about the settings on his blog.

Right now my security issues are the spybots and gunk that are going after Internet Explorer.  Just last night in talking “geek“ with my friends from LA that were up for a visit, Pierre talked about having to track down a browser hijack program [He wanted  to do it manually, but he could have used the CWshredder tool].  Now ask yourself, do you want to do that on your one and only domain controller?  Think of what you do to clean up your separate desktops. 

So the next time someone says “But it’s dumb, I want my TS in application mode back!“ remember that we can’t do things the way we used to.  That was then, this is now. 

Now, there is one way that this can be better.  Documentation and information. 

In one of the listserves I’m on we were chatting about the lack of documentation on this issue [and I’d add the lack of documentation of WHY we shouldn’t do it]  Now granted, we women would argue that guys don’t read, but I do agree with my fellow listmates that the information about the lack of TS in application mode should be WAY more obvious.  The information of how it is no longer supported or included and why it’s not safe and secure to have it there in the first place needs to be way way more obvious.  In fact it should be part of the sales and marketing stuff because to me, it shows better than anything else that Microsoft is indeed “walking the walk, talking the talk“.  We asked them to make the products more secure.  They responded.  This should be a selling point that they are making it more secure, not a “What happened to TS?“ question in the newsgroup.

Documents that discuss TS in application mode removed …..

This KB   and read Page 44 in this document

Random musings is the title of Charles Anthe [SBS Release Manager] latest blog entry and talks about upcoming changes to SBS2k3.  Remember when you have a newsreader inside of Outlook like Newsgator or IntraVnews, that blog entry gets pushed to your inbox into a folder.  Really cool. 

He also talks about a tool that he’s testing that notifies you of downloads.  Right now the way I do it is through the Thundermain scrape of the Microsoft Downloads site.  If you click on that link it looks like goblety gook, but in an RSS reader it shows me what new stuff has hit the download site…..


speaking of which…. next post…

1.  You need to install the GZIP patch from 831464 first

831464 – FIX: IIS 6.0 compression corruption causes access violations:;en-us;Q831464

2.  Can’t install because of an issue with Search

If you are getting Dependency Manager: ***ERRORLOG EVENT*** :
CDependencyManager::ValidateDependencyStates() : The dependency of
Microsoft Exchange Messaging and Collaboration Services on Microsoft
Search is not satisfied.

Look under this key “HKEY_LOCAL_Machine\Software\Microsoft\Search\Install”
and if all you have is [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Search\Install]
“InstallPath”=”C:\\Program Files\\Common Files\\System\\MSSearch”

Then add the following :

   Major Version: REG_DWORD: 0x9
   Minor Version: REG_DWORD: 0x6b
   Version: REG_SZ: 9.107.5512

Then reboot

3.  Forgot to add, when I’m installing a big SP like this, I’ll manually shut off the Services to the “things“ that I know will be affected… in this case shut off all services with Exchange in the name, all A/V services, all IIS services.  Go into start, control panel, admin tools, services, and “stop“ the service.

And added a new post category of “Needed Patches/Tweaks” to capture all the items needed to finish up an install “after“ the box is loaded with SBS2k3.

I’m stealing this disclaimer from Les [Les is More]

Be aware that this list is a compliation of all hotfixes and configurations.
They do not all apply to all installations, do not use them out of context.
Use only what is required for your installation.

Patch for BCM with SBS2k3 –

Tweak for change in Domain\User after Exchange 2k3 sp1 –

Memory switch tweak

Exchange 2003 sp1 – 

POP3 Connector patch –

ISA Server 2000 – sp2

Tweaks that “I“ personally do –

Installing Trend –

Hotfixes – now included in Exchange 2003 sp1 –

Error #50070 STS_Config –

Change REG key

Disk quotas/permissions

Faxes not opening right?

Sharepoint slow to open?

Error 800423f4 in backup log?

Install SUS

POP Connecter taking all resources?

Install GFI faxmaker

VSC and SQL server issues

Tweak ISA

Disable NDR

Hooking MACs into you LAN?

Add ISA to the console

Flat file backup of Sharepoint

Sharepoint fix

Outlook over HTTP

Anti Virus fix

Enable Full text search

Hotfix for Travan drive

Get Sharepoint through ISA

Exclude site from Google Searches

Sharepoint on first launch

I think that’s all the funky patches and tweaks that us SBSers need for post installation.  Do I need any more?

Fellow SBSer Tavis Patterson has a SBS/SMB blog located at with the RSS feed for it

If you haven’t found the power of RSS feeds and newsreaders, this is the time to get cracking…. I personally like newsgator but there is also IntraVnews

Advantage of IntraVnews – free for personal use

Advantage of Newsgator – plug ins that post to blogs, read and post NNTP newsgroups