Monthly Archives: August 2010

You are browsing the site archives by month.

One more step for setting up group policy

http://msmvps.com/blogs/bradley/archive/2010/08/30/a-bit-of-group-policy-for-aurora.aspx


Oops I forgot a step.


One thing that SBS does for you in connect that Aurora does not is move the computer to the Organizational unit you set up.



Go into the active directory computers and users and right mouse click on that computer and…



…move it to the proper OU you set up



Again this is where you have to decide how you are going to enable group policy… in this demo I made it match exactly how SBS had set up it’s Organizational unit structure.  You may not want to do this.  But bottom line, move the computer to the OU so that the group policy will kick in.

Community build doc for Aurora


Like any good cook you’ll want to have a recipe and customize it for your own.


http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-code-name-aurora-build-document.aspx


While I’ve started a community wiki build document for Aurora, think of what your “dish” will look like and ways you might customize it.

A bit of group policy for Aurora

One of the things you notice upon cracking open the current beta of Aurora is that while it has the Group policy management console it does not have group policy predone for you.  Given the small network marketplace I can kinda understand why they are making this decision (but nevertheless if I were in charge of the Universe I’d have the policies preloaded but just not enforced to make it easier to use group policy should you want to)  But no worries you can export them from SBS 2008 and put similar ones in Aurora.


Now you won’t need the WSUS group polices as WSUS is not on Aurora, but you might want those handy dandy Win7 and XP firewall policies.


To export out of SBS 2008 and import into Aurora do the following:


Go down to the Group policy objects section and right mouse click on the group polices you want to export.  In this case we’ll be exporting the following:


  • Windows SBS Client – Windows Vista Policy (same as Win7)
  • Windows SBS Client – Windows XP policy
  • Windows SBS Client Policy

Right mouse click and click on backup for each one.  Dump it into a folder so you can get to it.



I renamed it aurora so I know what it is



Next we want to export out the WMI filters:


  • Windows SBS Client – Windows Vista
  • Windows SBS Client – Windows XP

 


Zip up the three group policy folders and copy the zip file along with the exported MOF files that are the WMI filters and move them to a flash drive or even a skydrive (after flipping IE ESC to off on the server to you can get the file off).  Now go to the Aurora server and log into the server itself.  Ignore the warning that you shouldn’t be here.


Launch the group policy management console.


Expand the group policy by clicking the arrow keys. Go down to the WMI filter section.



Right mouse click on the section and click “import”



Insert the filters you exported (and renamed)



 



You’ll see that it will confirm the wmi filter


Now comes the tricky part… scroll up to Group policy objects and click on New policy


 



Enter the name… Windows Aurora Client policy and press OK


 



Now right mouse click again and “import from settings”



Now drill down to that extracted zipped up folder of policies you borrowed from SBS 2008


 



And match up the policy you want with the name you entered, click next



It will check and make sure no UNC paths are messed up (there are none)



And it reminds you you’ll need to reset up the WMI filters



Keep doing that again until you’ve imported all three group policy settings


As you can see you’ve now imported all three.



Now edit the policy to limit the 7/Vista one to just 7/Vista clients by linking at the very bottom on the scope tab to the WMI filter that matches it.



Do the same for the XP group policy.



It will say “are you sure” after you’ve linked them.



Now comes the decision about how SBS sets up the “My business” OU



I just find it easier on my brain to make consistent OU’s so I went ahead and under the domain I made an OU and then under that set up the Aurora computers



I duplicated it and link the group policies you just made to that



I then linked the policies to that Organizational unit



So they end up with an Aurora Computers OU



Finally I clicked on “enforced” by right mouse clicking in that AuroraComputers section.


And there you have it.


Next up … a group policy preference how to for deploying mapped drives and other cool things.

Microsoft Dangles Incentives To Cloud-Wary Partners

XChange: Microsoft Dangles Incentives To Cloud-Wary Partners:
http://www.crn.com/news/cloud/226900062/xchange-microsoft-dangles-incentives-to-cloud-wary-partners.htm;jsessionid=iuY3ZR+JHHQTrkrsav9bAA**.ecappj02


“This isn’t just about signing partners up — we want to make sure we are assisting partners to transform their business into the world of cloud,” he said.


The ongoing industry shift to the cloud is even more dramatic than resellers that made the transition to being solution providers, but the good news is that the return is much larger, noted Martorano.


The services revenue is six times the software revenue opportunity,” he declared.


=======


Do you make money off of selling Microsoft licenses?  I’m guessing not.  I’m guessing it costs you more (as it does me) to figure out the licensing nuances than you make off of it.  And I’ll bet many of you still make money off of desktop services even if you aren’t “all in” on the cloud.


Now mind you it looks to me that the SBSC $500 is not the cloud services $500… so check out Mark’s blog for another offer:


SBSC & MSP Buzz » Blog Archive » Microsoft MDF for SBSCs!:
http://sbsc.techcareteam.com/?p=470

TIF, TIFF, and MDI files are no longer associated with Microsoft Office Document Imaging (MODI) after you install Office 2003 Service Pack 3 or certain post-SP3 security bulletins:

TIF, TIFF, and MDI files are no longer associated with Microsoft Office Document Imaging (MODI) after you install Office 2003 Service Pack 3 or certain post-SP3 security bulletins:
http://support.microsoft.com/kb/967055/
After you install Microsoft Office 2003 Service Pack 3 (SP3) or certain post-SP3 security bulletins, the TIF, TIFF, and MDI files are no longer associated with Microsoft Office Document Imaging (MODI).


 


This problem is resolved in the Word 2003 hotfix package that was released on February 24, 2009. For more information about the hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
967054  (http://support.microsoft.com/kb/967054/ ) Description of the Word 2003 hotfix package (Modifileassoc.msp): February 24, 2009

The art of the analog

http://www.minasi.com/newsletters/nws1008a.htm


The new kindle reviews are coming in.

In reading Mark’s review of the new kindle, and now two days into ownership myself, the pros of the Kindle (or any ebook reader for that matter).. is the instantaneous gratification of an immediate book purchase.


But you know the one thing I miss… and I miss this in my Zune/iTunes experience as well, something I’m going to call the “art of the analog”.  I’m of that old fuddy duddy generation that actually remembers what an Album cover looks like.  And as we’ve progressed into our march to all digital it’s the art of the covers of things that I miss the most.


Take album covers.  Even in the cd era it’s hard to replace the large square area of space that could be artwork on one side, and background stories on the other. 


And sometimes it’s the dumbest album covers that stick in your mind.  When I was a very little girl my Sister had an album done by Bobby Sherman.  What?  You’ve never heard of Bobby Sherman?  Take Justin Bieber’s hair, but make him older and is voice lower and you got Bobby Sherman.  Teenaged girls would faint in his presence.



My sister had his album cover in her bedroom and it was always creeping us out as his eyes felt like they were following you around the room.  Watching you.  Needless to say the album cover would invaribly end up on the bottom of the stack or flipped upside down so as to not weird us out.  Then there were the fold out inserts that was near book like in it’s detail of the album.  CDs came close to duplicating that insert experience, digitial just doesn’t have liner notes.  Oh sure Zune can have a link to a review, or album info, but it doesn’t compare to pulling out the glossy insert and reading while the music you just purchased enters your ears.


And then there’s the art of the front of the book.


The one thing I notice I miss the most when moving to e-readers is the cover of a book.  No more than 4 inches wide and 6 inches tall at times, it would give a glimpse into the magic of what lie ahead.  I remember when I was a teenager, during summers I would read books.  One summer was the “classics” summer and I tore through The Count of Monte Cristo, the Three Musketeers, Sense and Sensibility, Pride and Prejudice and so one.  But there was one book that I just never got into.  Great Expectations.  I still remember to this day that unlike my paperback versions of The Count of Monte Cristo and the other classics that had merely one dramatic color image of the action that lie inside in the book and in my imagination, Great Expectations had a white and black pencil sketch cover.  I just never could get excited about that book because the cover just never drew me into the story.


Shallow isn’t it? 



Of course the image of Miss Havisham, rats and a dining room table may have lessened my zeal for Dickens as well.


So the digital lifestyle has a different and very good experience… but I’d still say that analog still has elements in it that just can’t be replicated in electronic ink.


Not yet anyway.

Third Tier offering Technical Training at SMBNation PreDay Event!

Third Tier offering Technical Training at SMBNation PreDay Event! :: Third Tier:
http://www.thirdtier.net/2010/08/third-tier-offering-technical-training-at-smbnation-preday-event/

Planning to go to SMBnation?  Consider one of the preday events.  In addition to Karl’s cloud sessions (see http://www.smbbooks.com/index.php?option=com_flexicontent&view=items&cid=48:seminars&id=140:walking-into-the-cloud&Itemid=89) Third tier will be having a deep technical preday event.


Check it out!

Amazon’s Kindle: Some Interesting Security Thoughts

I didn’t expect that my newly received Kindle would know I bought it.

It’s already called “Susan’s Kindle”, it’s hooked to my Amazon account and recommends a combo of security books and “chick flick” books.

Kinda cool but kinda creepy that it already knows who I am and what I read because it’s prelinked to my Amazon account.

So I gotta ask.. is there a password on here or is there some other magic mumbo jumbo under the hood?

Rational Survivability: Amazon’s Kindle: Some Interesting Security Thoughts:
http://rationalsecurity.typepad.com/blog/2009/02/amazons-kindle-some-interesting-security-thoughts.html

Ah I see someone else who works in cloud security has thought of this prior to me.

Robert Crane has started up a new podcast series

Robert Crane has started up a new podcast series and we kick it off with chatting about XP, Security, Microsoft security essentials, and the new betas in the house.


Computer Information Agency – Need to Know Podcasts:
http://www.ciaops.com/n2k

Check it out

Failed extract of third-party root list from auto update cab — still

Event ID 4107 or 11 is logged in the Application Log in Windows Vista or Windows Server 2008 and later:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2328240&sd=rss&spid=14498

On a computer that is running Windows 7 or Windows Server 2008 R2, an error that resembles the following is logged in the Application log:


ME:  Resembles?  Resembles?  How about driving me insane it’s logging so much in the Application log!


Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: Date and time
Event ID: 4107
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Computer name
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab (http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab) > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


 Or, on a computer that is running Windows Vista or Windows Server 2008, an error that resembles the following is logged in the Application log:


 Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: Date and time
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Computer name
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab (http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab) > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


This error occurs because the certificate “Microsoft Certificate Trust List Publisher” expired. A copy of the expired certification exists in the CryptnetUrlCache folder.


ME:  No kidding we kinda figured that one out but don’t know how to fix this.


To resolve the problem, follow these steps:


ME:  Oh maybe please this sounds promising….


  1. Start a command prompt. To do this, click Start
    click All Programs, click Accessories, and then click Command Prompt.
  2. At the command prompt, type the following command and then press ENTER:
    certutil -urlcache * delete
    Note If the expired certificate is cached in the system profile, you must run the certuil command in the system context. To do this, follow these steps:
    1. Download the PSExec tool from the following Microsoft Web site:
      http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx)
    2. Extract the tool.
    3. Start a command prompt and change to the directory where you save PSExec, and run the following command:
      psexec -i -s cmd.exe
    4. Run the certutil -urlcache * delete command

ME: Oh wow look at the certs that just got expired off and….


…and.. please oh please make this stop…and…



<sigh>


Nope still occuring. 


http://social.microsoft.com/Forums/en/partnerwinclient7rc/thread/ad5ac163-3566-4fad-95a7-e4e34ae1c4a3


Hang loose I’ll keep you posted.


P.S. the command is psexec cmd.exe -i -s and then another window pops up