Monthly Archives: June 2012

A new found love for Microsoft Small Business Server

I have always loved, supported and championed the Microsoft SBS product. I have worked with it since SBS 4.0 and always appreciated it.
I have installed every version of it and had a hand in some aspects of making it a better product.

Whilst I was a Microsoft MVP, I visited Redmond many times and had many discussions with the SBS project team.
I witnessed first hand the battles the project team had, getting simple things like the Exchange 2003 16Gb limit lifted.
The enterprise teams did not take too nicely to the SBS product. They did not understand it and did not want their product in the suite.
They saw no reason to integrate with it and no reason to give big features, at a small cost within the SBS suite. They did not want to cheapen their product.

I saw Microsoft ISA server ripped from the product in SBS 2008. I saw the SBS team stressed and I saw the product change.
As an old School Microsoft Small Business Specialist and a winner of the SMB150 for 2012, I thought I still loved SBS server.

Unfortunately, I got so used to the path SBS took and so used to the product, I lost a love for what the SBS project team does and what the product delivers.
I was a zombie and simply went through the motions and installed/setup SBS and then moved on.

Recently a project has reawakened my love for SBS. I had to do an enterprise installation.

The projects needs 2x Domain controllers, SharePoint Foundation server 2010, Exchange 2010 server, Threat Management Gateway (ISA), a DMZ (Perimeter network), an Exchange Edge Transport server, a Microsoft 2008 Web server, A SQL server, 3 or more Windows Enterprise servers in a load balanced/fault tolerant Remote Desktop server farm, a Wsus server, backup server (That images each server and creates Hyper V virtual machines) and much more.

We in SBS land are truly blessed. The Integration of Exchange, Window server (In Domain controller mode), file/print, Wsus, SharePoint Foundation server and more, all using blessed wizards.
No need to download prerequisites, manually install, add features/roles, make decisions or worry about all the tools integrating together and playing nicely.
Who needs to setup the finer details of email policies, Hub transports, IIS, Certificates, Wsus Policies and SharePoint? Not me. 

This is where the Wizards in SBS are truly wizardry. They make things simple. Sure I can manually configure DNS, DHCP and setup users in the Active Directory.
I can setup the network settings and even install Wsus. I can setup and configure SharePoint Foundation server. Or can I?
Using my knowledge of SBS, I can’t. I did not know that it can’t have it’s database on a domain controller. I did not know it was recommended to be on 2, maybe three servers.
The SBS project team must have worked incredibly hard to setup SharePoint Foundation on the same box as Active Directory and Exchange 2010.
Did you know Exchange should not be on a domain controller? I knew all this but had slowly forgotten and dismissed it.

Someone in the SBS team had to convince someone on the Exchange team to let them have their product installed on a domain controller. Convince them to allow SBS to have the Exchange product amongst it’s features. Then the hard work began. Someone had to setup wizards and an environment to tie it all in together and make it work for you and I, in a simple way.
Someone had to setup Remote Web Workplace, Wsus, Outlook Web Access and all the other Web based tools, onto the SBS IIS server.
Someone had to tie it all together and make it work.

In my current scenario. That is me. I am setting up this enterprise installation and I am downloading the prerequisites. I am tying everything together and I am finding all the dead ends.
I am doing the research. I am struggling with the different route tables and TMG firewall rules. I am taking many, many hours to setup something that would be over and done in much less time if this was SBS.

The SBS team have gone where we do not need to go. They have made it easy for us.They have given us something that works and is reproducible every time.
They have done loads of hard work so you do not have to.

So, now I need to stop taking SBS for granted. I need to understand where SBS comes from and what it really is. I have fallen in love with SBS all over again.

Upgrading to Windows 8..

To save me plagiarising, I will give you the link to Mary Jo Foley’s article..

There.. that was quick.. Smile

Techspot have a great little table which may be easier for you..

As usual, cross platforms and languages require a clean install. Personally, I favour the clean install anyway and always have.

One thing I didn’t see mentioned was whether upgrading Windows 7 which has XP Mode installed would be smooth and that XP Mode would still work. I never took the time to find out if Windows 8 would even accept a fresh XP Mode installation, so I can’t say one way or the other.

I will say that since deleting Windows 8, I have actually missed having it around, but needs must and I had to do it to preserve Windows 7. I do not consider that it is worth compromising my production OS for a beta.

Bear in mind that the above is based on an element of rumour, but if it is true, XP users get a better deal than they did when upgrading to Windows 7..

Windows 8 is in the wings, waiting for the curtain call.. Good luck, everybody.. Smile

Windows 8 – Preliminary list of Security improvements

Windows 8 will provide further security improvements and a preliminary list is noted below:

How Windows 8 Beefs Up Security

QUOTE:  Windows 8 promises to be much more secure than Windows 7 — so much so that some users might not like it.  Chris Valasek, a researcher with the San Francisco security firm Coverity, has been playing with the developer preview version of Windows 8 since last fall.  He told the British tech blog the Register that while the internal structure is not too different from that of Windows 7, there are a few new features that will nonetheless beef up Windows 8′s security considerably.

App store – New Windows 8 Apps will be contained by a much more restrictive security sandbox

Internet Explorer 10 — Locking down the browser with improved Flash & Java protection and other safeguards

Secure Boot — It means that all installed operating systems, whether on a hard drive or on an optical drive, will be checked for digital certificates of authenticity before they’re allowed to start the machine.

Windows Defender — Windows 8 will have a Microsoft first — a built-in anti-virus software installation

DSNChanger Malware – FBI will take infected PCs offline on 07/09/2012

In about 10 days, the FBI will carry out another stage of malware cleanup as noted below

DSNChanger Malware – FBI will take infected PCs offline on 07/09/2012

DNS-CHANGER MALWARE test site (if you see RED your PC may be infected … GREEN indicates no infection is present)

QUOTE: In 10 days, there’s a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing.  This potentially dire situation is due to the nasty DNSChanger Trojan, and the fateful date of July 9, on which the FBI is set to take all computers still infected with the malware offline for good. 

Launched by Estonian cybercriminals, the DNSChanger malware infected Windows PCs, Macs and routers across the world and enabled the crooks to hijack victims’ Web traffic and reroute it to rigged sites. After the FBI, in “Operation Ghost Click,” busted the criminals last November, the FBI set up surrogate servers to keep the computers infected with the Trojan temporarily online so users could clean them.

But on July 9, those surrogate servers are coming down.  In his Krebs on Security blog, researcher Brian Krebs cites a statistic from the DNSChanger Working Group, which estimates that more than 300,000 computers are still infected with the malware.

NMAP 6.01 Security Scanner Release

NMAP is an excellent network vulnerabilty assessment tool and a new version is now available:

QUOTE: Nmap 6.01 source code and binary packages for Linux, Windows, and Mac are available at:

Here are the changes in 6.01:

o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. A symptom of the hang was this message in the system console: 

o [Zenmap] Fixed a crash that happened when activating the host filter.   

o Fixed an error that occurred when scanning certain addresses like on Windows XP:   

o Fixed a bug that caused Nmap to fail to find any network interface when   at least one of them is in the monitor mode. o Fixed the greppable output of hosts that time-out

o [Zenmap] Updated the version of Python used to build the Windows release from 2.7.1 to 2.7.3 to remove a false-positive security alarm flagged by tools such as Secunia PSI.

Microsoft Security Essentials – New Pre-Release version

As with any beta version, please be careful and technical skills should be in place to uninstall or troubleshoot potential issues.  During first few days of testing, no issues have been discovered and it installed cleanly.

Microsoft Security Essentials – New Pre-Release version

QUOTE: As a Microsoft Security Essentials Prerelease user, you will have the opportunity to explore and test new builds of Microsoft Security Essentials before they are publically available and provide feedback to Microsoft. Your feedback helps Microsoft to make its software and services the best that they can be. As a Microsoft Security Essentials Prerelease user, Microsoft Security Essentials updates will automatically be installed on your computer through Microsoft Updates.


You may have noticed that I mention WMI from time to time Smile


Up to now WMI has been a Windows technology. Powerful but limited to Windows.  WMI has taken a giant step into the big bad world with the creation of OMI – Open Management Infrastructure thats WMI for non-Windows systems

Details are here


Expect more on this in the months to come

Want to learn about cryptography? I know where.


 Take notice: My new feed address is now Please re-subscribe.

Do you have some spare time and want to know how cryptography works? What is the most secure cipher? And why λ is always more than ε… Well, the latter is not true =)
Anyhow, there is a place where you can learn more about cryptography for free. Stanford University provides such a course for free at I’m at the second week now, and already tampered one cipher text and know how decrypted another (it’s not that tricky, but very time consuming).

So welcome to the world of knowledge Winking smile

Free books 27 June 2012

Want some free ebooks?

Check out

A great TechEd so far …

… will get even better. Tomorrow morning Sam Devasahayam and I will present the session “What’s new in Active Directory in Windows Server 2012”. It’s loaded from information of the Active Directory Product Group, and I’ll bring in some real-world scenarios. I’m looking forward to the session. Loads of information and loads of reference slides to take away after the session.

After the success from TechEd US we decided that we are again taking questions using twitter. If you come to the session, and you have a question but don’t feel like walking up to one of the microphones, you can use twitter to ask the question and we will get to it in the session or if we are running short on time we will get back afterwards.

Questions? Simply use the hashcode #TESIA312 for tomorrows session.

image  image

Hopefully will see you there!


P.S.: If you like the session, please don’t forget to fill in the session evaluation. I will provide a MS-Tag and QR-Code right at the end of the session, so have your phones ready Winking smile

Recent Comments