Windows 8 "Refresh Your PC without affecting your file" option deletes your Outlook profile

By richardwu

Windows 8 “Refresh Your PC without affecting your file” option deletes your Outlook profile
http://support.microsoft.com/kb/2872888/en-us?sd=rss&spid=14864

After you run the “Refresh Your PC without affecting your files” feature in Microsoft Windows 8 and Windows RT, the Microsoft Outlook profile is deleted, and the data files are deleted or moved.

Note This feature is also known as the Push-Button Reset option.

More Information

In this situation, you must re-create the Outlook profile and then manually import the Outlook Data (.pst) file or files from the following locations:

C:\Users\<Your User Name>\Documents\Outlook Files
C:\Windows.old\Users\<Your User Name>\AppData\Local\Microsoft\Outlook

How to configure Windows Defender to get definition updates in Windows 8 without using Windows Update?

By richardwu

In Windows 8, the automatic definition update work only IF you TURN ON the Windows Update and configure it to install update AUTOMATICALLY!
If you need to turn off the windows automatic update but still want Windows Defender to update its definition, it would be trouble.

According to some references from the internet, you can use the Task Scheduler to help you.
Use administrator right to open a command prompt and run the following:

schtasks /create /tn “My Definition Update” /sc DAILY /MO 1 /st 04:00 /ru SYSTEM /RL HIGHEST /tr “‘C:\Program Files\Windows Defender\MpCmdRun.exe’ -SignatureUpdate -MMPC”

(Note that if you copy/paste the command in this article, you have to re-type the double quotes or the command line doesn’t understand the web-encoded quotes). 

TMG / ISA…discontinued………..R.I.P.

By richardwu

I feel so sad to saw the news about Microsoft discontinue the great TMG/ISA product.
http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx

I love ISA/TMG! It is secure and easy to use. Microsoft! Please give it back to us!

=========================================
 Important Changes to Forefront Product Roadmaps:

Today, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand.

  1. As part of this effort, the next release of Forefront Online Protection for Exchange, which has long been part of the Office 365 solution, will be named Exchange Online Protection. 
  2. In response to customer demand, we are adding basic antimalware protection to Exchange Server 2013.  This protection can be easily turned off, replaced, or paired with other services (like Exchange Online Protection) to provide a layered defense. 
  3. We are discontinuing any further releases of the following Forefront-branded solutions:
  •  
    • Forefront Protection 2010 for Exchange Server (FPE)
    • Forefront Protection 2010 for SharePoint (FPSP)
    • Forefront Security for Office Communications Server (FSOCS)
    • Forefront Threat Management Gateway 2010 (TMG)
    • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

For collaboration protection, SharePoint and Lync Servers will continue to offer the built-in security capabilities that many customers use to protect shared documents.  For remote access, DirectAccess and Routing and Remote Access Server (RRAS) VPN in Windows Server 2012 provide secure remote access for Windows and cross-platform clients, as well as cross-premise access through site to site VPN. Forefront Unified Access Gateway (UAG) 2010 also continues to provide secure application publishing and cross-platform SSL VPN remote access for a range of mobile devices. 
We will continue to provide maintenance and support for the following Forefront solutions through the standard Microsoft support lifecycle (see chart below), but the discontinued Forefront offerings will no longer be available for purchase as of Dec. 1, 2012. 

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista

By richardwu

From Steve Riley site:

Changing the SSL cipher order in Internet Explorer 7 on Windows Vista:

Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows is this:

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA

When you study the list, you’ll see that IE presents the algorithms in decreasing order of strength, but places the shorter bit-lengths first. Why? If longer bit lengths are more secure, shouldn’t they be listed first?

Remember, encryption is the thing that buys you time against Immutable Law #3. But performing encryption itself takes time. So when choosing an algorithm and a bit length, one important consideration is to ask yourself this question: “How long do I need for my secrets to remain secret?”

We configure IE to use shorter bit lengths — but never shorter than 128 bits, except for the last two that use no encryption — because it gives you better performance than the longer bit lengths. In almost all cases, a 128-bit key is more than sufficient to protect the information you’re exchanging over HTTPS.

However, if you require something longer, and want to change the default, you can. Here’s how.

  1. Open your group policy editor by entering gpedit.msc at a command prompt.
  2. Choose Computer Configuration | Administrative Templates | Network | SSL Configuration Settings.
  3. There’s only one item here: SSL Cipher Suite Order. Open it.
  4. Select Enabled.
  5. Now here’s where you need to tread carefully. You’ll see that the list is the same as above, but rather than formatted nicely with carriage returns, they’re simply separated with commas. The first item in the list is:
          TLS_RSA_WITH_AES_128_CBC_SHA
    And the second item is:
          TLS_RSA_WITH_AES_256_CBC_SHA
    Cursor your way through the list. Change that first 128 to 256. Then cursor forward a bit more and change the 256 to 128.
  6. Feel free to change other orders, too, but keep your changes within algorithm types.
  7. OK your way out, close the group policy editor, and reboot.

Most of you probably won’t need to do this — I haven’t. But for those who have regulatory requirements for using 256-bit AES, follow these steps and you’ll be compliant.

==========

It is good to know that! We can change the SSL cipher order of Internet Explorer. 

Linux Integration Services Version 3.4 for Hyper-V

By richardwu

Linux Integration Services Version 3.4 for Hyper-V

http://www.microsoft.com/en-us/download/details.aspx?id=34603

Overview

When installed in a supported Linux virtual machine running on Hyper-V, the Linux Integration Components provide:

•Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.

•Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.

•Time Keeping: The clock inside the virtual machine will remain accurate by synchronizing to the clock on the virtualization server via Timesync service, and with the help of the pluggable time source device.

•Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut down” command.

•Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use multiple virtual processors per virtual machine. The actual number of virtual processors that can be allocated to a virtual machine is only limited by the underlying hypervisor.

•Heartbeat: This feature allows the virtualization server to detect whether the virtual machine is running and responsive.

•KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server.

•Integrated Mouse Support: Linux Integration Services provides full mouse support for Linux guest virtual machines.

•Live Migration: Linux virtual machines can undergo live migration for load balancing purposes.

•Jumbo Frames: Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload.

•VLAN tagging and trunking: Administrators can attach single or multiple VLAN ids to synthetic network adapters.

Windows 8 build-in PDF reader?

By richardwu

When clicking on a link to a PDF file within a PDF file in Windows 8 Reader nothing happens

http://support.microsoft.com/kb/2777631/en-us?sd=rss&spid=16799

Consider the following scenario:

  • You have a computer running Windows 8.
  • You open a PDF file with the Windows 8 Store app “Reader.”
  • You click on a link within the PDF file which links to another PDF file.

When you click on the link to another PDF, instead of the linked PDF file opening, nothing happens. This behaviour does not occur if the PDF file is opened in another PDF reader application.

=====

Answer:

Currently the Windows 8 Store app “Reader” will not have an ability to open multiple PDF files, or have multiple instances open at the same time. This is a design feature that is dependent on the Reader and the operating system. A feature change for the Reader is being investigated in a subsequent release of the product. The exact dates for the feature change have not been determined.

=====

Seem….we still need to Acrobat Reader in Windows 8…………