MS SIR #12

like_a_sir Okay, better late than never. I finally got to the latest Microsoft Security Intelligence Report. While usually there is not much unexpected this time I was almost shocked with the first section of the document. And I believe it’s excusable, because it is named…

How Conflicker CONTINUES to propagate.

Conflicker! The three-years-old malware! CONTINUES to be a THREAT! Are we going nuts? =)

60% of people who could have got it (if not for antivirus) have weak admin’s passwords. Also 17 to 42% (XP only) have the vulnerability which is used by the worm. Three years after the patch was issued…

This is crazy word, guys =)

Everything else in the report is not half as thrilling as this:


1) HTML/JavaScript exploits are on the rise

2) It seems like document exploiting steadily grows too. Probably sooner or later we’ll see some book reader exploited Winking smile

3) SPAM seems to decline in quantity (at least in this report =) ). What become a surprise for me is the fact that the #1 contributor to the spam flow were emails with content advertising non-sexual pharmacy. Probably I wasn’t interested in the section while reading previous reports. Still it’s very refreshing to find that health is more reliable way to earn money than “enlarging someone’s manhood” =)

4) No surprise in the fact that most successful malware needs user action to be installed. But Conflicker is #6… Like I said – shocking discovery =(

Yep, I’m paranoid. The question is am I paranoid enough…

Well… It seems like Google finally officially turned up into The Evil Empire. Not that they haven’t behaved that way in the recent years… Neither do I believe that other companies don’t collect my information as well. Still no company has been barefaced enough to declare that my data just is theirs and no one can complain.

So, as long as Google went rogue, I decided to go Google-free. For me it is hard, yet not impossible. Here is what I personally have to do:

  • I have my Russian blog on BlogSpot. Since it has been accessible via my own domain name, I’ll just move it to other hosting, no sweat.
  • I have my RSS feeds for blogs on FeedBurner. This one will be tough, as I’m risking losing my subscribers, but I hope they still are reading all my posts, so, I’ll take a risk and migrate my feed to another hosting too. I believe it’ll be here, but just in case, you can subscribe to the direct feed.
  • Gmail. huh… I’m actually glad something forced me to live it. It’s good and all that stuff, but earlier I was too eager to subscribe to anything that looked interesting to me. My new address will be sent to every person I’ll be able to remember and it is searchable, if you need it. Anyhow, you can find me on my blog 8) I still will have some trouble in turning to the new addresses some of mail flows, but…
  • Google analytics: I use it rarely. Primarily to get my statistics for the MVP Award program and from time to time the search referrals tell me what is interesting for my readers. It’ll be harder to get this info from now on, but I believe I’ll succeed.
  • Chrome. The only thing I used it is to play. I can totally do without it, especially since we had Jagged Alliance 3 launched =)
  • Google search. That’s the most tough, probably. I haven’t yet found a suitable replacement for searching English-based content, but I will try. And I’ll give one more chance for, say, BING =)

After all that I’m going to delete my account. C U, Google (Unless they hire me, of course 8) )

MVP, one more time!

MVP_FullColor_ForScreenYep, even though I’ve betrayed you, my readers, by abandoning my blog for months, I still happened to receive the award once more. Although I believe that the award is granted for the past merits, every time I receive it I make some kind of “New Year’s” resolution. This time is not an exclusion, so, despite my life’s being changed vastly recently I promise to come back and continue the blog on. Probably it won’t be such technical anymore, but I believe it will be nevertheless interesting and helpful.

Thank you all for your support.

#RuTeched: the results

imageA couple of days before the Security Track Lead for TechEd Russia sent me results of visitors’ survey. Well… It turns out that the results aren’t as good as I want them to be. Ok, I hope that partly this is because wrong description of my session (the one I’ve created for the event has never made it to the site =)). Still, I’ve got the average 7.5 out of 9. Well, that’s near my usual mark, but it’s way below many others, so I’ll keep getting better.

Most of negative comments (I don’t count on positive ones: they are very nice, but not useful for my development as a speaker. Thanks, anyway – I appreciate itПодмигивающая рожица ) on my presentation were due to the reason stated above: the people just couldn’t find information they came for. But some of the comments were really helpful and I’m going to incorporate the ideas from the comments into my future blogs or presentations.

Anyhow, thanks a lot to everyone who came to listen to me. I really appreciate it and I will definitely get better for the next event =)

Lync and fortunes


“Parachute for sale. Only used once, never opened, small stain”

“Life is tough. Get a helmet”

“I don’t have a smart phrase to share with you”

Some people love to put sentences like these in their messenger. I, for sure, do. In case of OCS, you could do it manually. But really, only one message of the day? Boooooring (catchphrase: “Somebody’s boring me … I think it’s me. ”), especially if you have collected lots of them. Changing them manually, almost as boring as not changing them. Spend some time to create a small program for that: that’s how we, geeks, do the stuff!

Anyway, I tried it with OCS, but had no luck. Either I was too lazy to find some simple solution or it wasn’t simple enough. But With the new releases the things are usually better then before (“If at first you don’t succeed, call it version 1.0”) and with Lync we have received a new SDK with the most precious peace of it, which finally allows to change the status programmatically Подмигивающая рожица

To cut long story short: you can read about the SDK parts which helped me to build the script, then read about PoSh scripting for Lync using the extensibility API and then read about how to operate the needed parameters. One more step – to download and install the SDK. After that you’ll be able to write your own script for that stuff.

Or you can just use this one:


#Load Assembly

$assemblyPath = "C:\Program Files (x86)\Microsoft Lync\SDK\Assemblies\Desktop\Microsoft.Lync.Model.DLL"

Import-Module $assemblyPath


#Initialize objects

$client = [Microsoft.Lync.Model.LyncClient]::GetClient()

$self = $client.Self;


#Get a fortune

$Fortunes = Get-Content c:\temp\fortunes.txt

$linesNumber = $Fortunes.Length

$todaysFortuneNumber = Get-Random Maximum $linesNumber Minimum 1

$todaysFortune = $Fortunes[$todaysFortuneNumber 1]


#Publish personal note of the local user

$contactInfo = new-object ‘System.Collections.Generic.Dictionary[Microsoft.Lync.Model.PublishableContactInformationType, object]’

$contactInfo.Add([Microsoft.Lync.Model.PublishableContactInformationType]::PersonalNote $todaysFortune)

$ar = $self.BeginPublishContactInformation($contactInfo, $null, $null)



The script isn’t ideal and needs improving, but you can consider it as a working prototype =)

Where’s mah mail, dude?! (meme edition)

One of the recent requests from a user stated that all his mail without even visiting Inbox went right into … Deleted Items folder. No problem – just find the rule which does that and remove or fix it.


Simple as “one, two, three, doesn’t work”. Yep, after I had deleted all the rules the Inbox still lacked the mail.


Now what? Moving mailbox to another location? Probably that would help, probably not, but it is not a solution, actually (neither was the workaround we have found).

Even Google Almighty wasn’t able to find the solution (I found it later, when I new what to look for), so we went to our final resort: Microsoft Premier Support (yep, we didn’t want to breed a new variety of users: those who read their email in deleted items and store business critical documents in the recycled bin). The workaround was quite simple: set AutomateProcessing for the mailbox into AutoUpdate. After doing that:

Get-Mailbox | Set-CalendarProcessing -AutomateProcessing AutoUpdate

everything went back to normal. And you know what? I’m fine with it, even it wasn’t me, who found the solution =)

TechEd is over

imageWell, that’s a bummer but still it’s over. It was great:

1) I met many friends (MVPs and not)

2) I answered a bunch of questions from visitors and got some more for my “home work”

3) I delivered my presentation without forgetting anything vital. I don’t have the questionnaire’s result yet, but I hope it was useful for the attendees (though the only response I’ve got so fat was “nah… It was good, probably, but I knew it already” =))) ).

4) I met Thomas Shinder and he… interviewed me for “from end to edge and beyond”. He’s AWESOME: I’m not even sure if I spoke proper English while being interviewed (probably not, I was too thrilled =) ) or even that I was telling him something worthy….

Therefore I decree that the event was a total success (even though some organizational troubles were present). I’m really looking forward to the next one already =)

Heads-UP DST Cancellation in Russia and some other countries

Heads-UP, friends. Even if you have already installed the patches for every Windows Server and every Exchange 2007, there still is more to do. Microsoft has issued Rollup 6 for Exchange 2010 SP1 which contains one more update to your CAS servers which affects DST cancellation. If you still see +3 time zone for Russia and other countries then you need to install it.

Here is the Rollup:

And here is the KB about problem with CAS Servers:

I Hope you’ll get fine through all this stuff =)


imageYep. Speaking. I’m speaking of on TechEd Russia. This time it is more than 3000 people, 150 events and so on and so forth. And I’m going to be a part of this IT feast. I’ll be delivering a session about implementing a Role Based system of infrastructure administration in MS based environment. Hopefully some of you will attend by a chance, though usually English speaking don’t visit our Russian events.

While being quite sure I did what I’m going to describe to my listeners, I’m also aware that every infrastructure has its own features and can give us very different tasks (that’s one of many things why I like to attend Ask the Expert sessions as an expert: some questions couldn’t have crossed my mind unless visitors ask them). That is why I ask your help: if you have some questions about the topic, please ask them. Probably, I’ll create the screencast basing on them.

P.S. Yes, being a speaker is one of the reasons for me to post not very regular updates to my blog for a month or two. Sorry.

News and freebies

imageHi. Recently I’ve experienced some events in my life which made my blog totally neglected. I’m sorry about it, but life is life. I’ll do my my best to keep the blog updated, still the next couple of months updates probably won’t be regularly, because I’ll be getting ready to TechEd Russia 2011.


First of all, there have been at least two interesting new things about Lync: Lync Adoption and Training Kit and Lync Server Administration Guide. The first one is some kind of one-stop resource for everyone who wants to implement Lync in theirs organization. You can choose from one of three categories:

1) IT Pro/PM

2) HelpDesk/Support Professional

3) Trainer

The info pack contains a workbook with step-by-step guidance for the rollout, training resources and some learning tools. Quite impressive, even though I am not tied with Lync implementation in my Company as a IT Pro or any other of the role above.

Lync Server Administration Guide is a single document of almost 300 pages. Just read it if you have to deal with Lync. It is worth it.

Another free Lync content: Lync Resource Kit. It even contains some free chapters from the book, so go and get it.


The next item in my collection isn’t free, but still it promises to be awesome: the new book by Mark Rusinovich was RTM (and it wasn’t a fiction 😉 ) – Windows Sysinternals Administrator’s Reference. I’m ordering one for me.


Two new eBooks available for download:

Getting Started with SharePoint Server 2010

Getting Started with SharePoint Foundation 2010

And they are free. Moreover, they are in five (5!!!!!) different file formats. At least two of these five are ready to just upload to your eBook reader: .mobi & .epub (yeah, MS is going to put many things into eBook-compatible formats. Even MOCs)

You can also download SharePoint Foundation 2010 design samples: Collaboration with classic authentication or with claims-based authentication. Quite a helper if you are going to design the thingy.

New Products Releases

SC VMM Self-Service Portal 2.0 SP1

You know, SSP1 wasn’t really a very useful tool. This one seems to be more adequate for some tasks. Opalis integration, custom machine actions, VM expiration date and the whole bunch of other stuff. Get it, learn about it and give it a chance Подмигивающая рожица

SkyDrive and Windows Live Essentials updates

Many, many improvements. For example, SSL is enabled for all authentication pages (at last!), upload size limited to 100MB, and (hell, yeah!) they now support SSL in Live Mail, that is they finally secured your mail 😉

Read more about SkyDrive, download new WLE (it is not yet available through the windows update)