Monthly Archives: October 2007

You are browsing the site archives by month.

I am a spoiled SBSer

Lately I’ve been doing some work in Win2k8 RC0 and when you work on “big server” platforms, you forget all the little things that you take for granted on SBS that .. are just there.  When you fire up Win2k8 Enterprise and look in the group policy management console, the first thing you will notice that it’s a blank slate.  And I do mean a blank slate. 


Now while some would say “Oh this is cool as i can set it up the way I want to”, I’d argue that there are efficiencies because I’m not having to reinvent the wheel.


Firewall policies for Vista and XP are preconfigured.


WSUS policies in place already. 


The foundations are built for you.


And I strongly feel that if SBS ‘fits’ the small business, you are doing them a disservice if you choose the regular server platform.


Does it fit in all places?  No. But when it does..and you don’t install it.. man you are doing a client a disservice.

The patch for social engineering

I buy a Mac Mini and a Social Engineered Trojan hits the news…



 


But the story at http://www.incidents.org/diary.html?storyid=3595 points out that Social Engineering is the hardest one to patch for and the threat is now on the Mac platform as well. 


All you have to do is entice me enough to think it’s a normal app that I want to install and you have me nailed. That’s not hard to do these days.

The Halloween duty tonight

Well here I am… with the laptop on wireless… I’m sitting in the living room with sounds of “Trick or Treat” wafting down the street where I live.   This year is the first year of the “daylight” Halloween ..where 5 p.m. was still light because we haven’t moved to daylight savings yet.


So far we’ve had more kids ..either due to the time difference …or the fact that the weather this year is very mild. 


Based on my unofficial candy count… I think we’ve had about 125 or so kids, teenagers tonight…. and I think I hear some more coming up..

Halloween malware – watch out

According to http://www.maxmind.com/app/locate_ip the IP of 199.239.30.126 is out of Denver Colorado


It’s also using an Outlook Express is now a spammer of this maware:  http://isc.sans.org/diary.html?storyid=3591



That’s outlook 5.5..that’s an old version to boot.

Yeah, they really did that…

http://www.engadget.com/2007/10/30/mini-how-to-remove-the-windows-bsod-icon-in-leopard-make-os-x-a-little-less-smug


When I first read this .. I went.. no way… they didn’t do that did they? And I had to fire up the OS and drill around and check…



All the operational computers in my network look like this…



Now mind you .. BSOD’s happen so infrequently that when they do it’s such a rare treat to dig up Peter Gallagher’s blog post so I can figure out what third party driver was the culpret…


http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx


I did have one last week but that was a known self induced event anyway due to not following my own cardinal rule of using a driver from Microsoft Update.


But you know… Apple needs to get on board with Interoperbility.  Having Macs and Windows side by side working happily is what he’s all about and embracing technology to just work better together is what everyone in this industry should strive for. 


That icon is indeed a bit lame in a shipping product.

Fax is dead

Kicking and Screaming I am Bloggin » Blog Archive » Faxing From Vista via SBS:
http://blog.sbs-rocks.com/?p=67

Okay so maybe not to Attorneys, engineers, vast sectors of the economy that just have to fax…..

Poking under the hood

http://www.microsoft-watch.com/content/security/security_what_microsoft_can_teach_apple.html
http://www.microsoft-watch.com/content/operating_systems/why_leopard_isnt_better_than_vista.html
http://www.microsoft-watch.com/content/operating_systems/why_leopard_is_better_than_vista.html


Three interesting threads.


I personally didn’t notice surfing delays on the Leopard so I can’t confirm that I’ve seen that issue here in the office, but there are some default settings in Leopard that definitely make me poke under the hood a lot more.


“Allow all incoming connections” was the default setup.  It would be nicer if stealth/set access was the default.



Another ..hmmm… long term is that wise?  Guest is enabled…



Leading to tell tale signs of it hitting network resources until I provided authentication.  Another …hmmmm … will have to understand that more….


 


A good moment?  Where Safari in one click will allow you to go into private browsing mode.  Nice touch.



The hmmmm …. moment was the web page before where Safari autofilled my contact in and I didn’t realize that it was going to keep the MacMini registration as auto fill info as the auto fill info.



It just points to recent posts where privacy and security is different for different generations.


Updated info on connecting a Mac to a SBS is here:

Connecting a Macintosh to an SBS 2003 Server via SMB (2007):
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/233/Default.aspx

Author: Eriq Neale

If I were in charge of the universe….

Sometimes it’s nice to just pretend …. what if I were in charge of the Universe.


Well the first thing I would do is that I would put out a formal statement (and not just a blog post) about how I’d be planning to help the patching admins clean up the Windows Desktop Search …. well…mess that was blogged about here: http://blogs.technet.com/wsus/archive/2007/10/25/wds-update-revision-follow-up.aspx 


I’d state a timeline of actions and I’d give people a variety of tools, options and guidelines to pull that patch back off.


I’d first build a scan tool that would allow folks to scan their networks for that patch.  MBSA is already build, how about a special build that would look for that Search KB/registry?


I’d then give guidance on removal. 


I’d take what was added as a suggestion on the blog…


Put the script in your Active Directory Computer Startup GPO and this runs with the necessary rights, also /norestart if you don’t want it to retart the PC
[ instead of /promptrestart  ]
 %windir%\$NtUninstallKB917013$\spuninst\spuninst.exe /q /promptrestart

And I’d see if there’s more options I could do to help admins.

And then I’d start a WSUS advisory council.  Okay so it’s probably too much to ask that there’s an external WSUS test network, but if there was some way that Microsoft would have WSUS deployments monitored around the world so that when they deployed something, they could call the admin and just say “everything okay?” and confirm that what was intended to occur, really did occur.

But first off… I’d make a formal statement.  No this isn’t because blogging is maturing or dead or anything else… I just think that Blaine and his fellow Patch Admins deserve it is all.

Put in your name and initials in Word 2007

http://www.adobeforums.com/cgi-bin/webx?128@@.3bc48a7e


One for the bizarre side effects.


Adobe 8, Word 2007.  Word would not properly pdf using the Adobe wizard.  Couldn’t figure out why.  Googled and finally hit this.  Because the person did not have a proper Name and initials in the Box inside of Word 2007 the PDFmaker wizard would consistently barf.


Who knew.

Casualties of the time change…

1.  I think the router on our DSL freaked ..as yesterday we lost DSL connectivity for most of the day and all night and today I had to log all the way into the DSL modem/router before it would connect to the Internet.


2.  Our Ricoh copier thinks it’s an hour earlier… obviously we missed that patch….


Heard about some VOIP systems that had some minor date issues.


And I had patched all the phones so didn’t see this.. http://blogs.technet.com/dst2007/archive/2007/10/29/windows-mobile-update-102907.aspx