technical solutions and commentary

A National Vulnerability Database launched August 2005 to keep IT professionals up to date. The database is updated in near real time with CVE’s (Common Vulnerabilities and Exposures) and enhanced reporting and analysis. The database is fully searchable and and can even deliver vulnerability information through RSS. These resources are freely available and do not require registration.

CVE’s are commonly used by vendors to create anti-malware software tools. The information can also be cross-referenced against the US-CERT technical alerts and notes.

Robert McLaw from LonghornBlogs.com posted information what is thought to be the price of the new Windows Vista editions comoing out the last day of January 2007. The post entitled “Windows Vista US Pricing and Launch Date Revealed!” has a pricing table for the full retail and the “second” copy license costs. The prices are taken from the Amazon.com Pre-order page for Windows Vista.

The full retail of the Home Premium Editions is $239.00 if you buy additional full licenses to for your other PC’s they drop the price down to $215.00. With a savings of only $24 for Hime Premium ($20 savings for Home Basic) per additional license, I would have to agree with Robert… I don’t get the point of even giving a discount on the addtional license to the home user. Then there is the “upgrade” license for Home Premium to get if you are running Windows XP Pro. The price is $159 for the first license and $143 per additional license, a savings of $16 per addtional PC.

While most people will get Vista with a purchase of a new PC, mostly because of hardware requirements, I think Microsoft is missing a BIG opportunity to get people legal on their licenses installed on their current PC’s. A saving of $16-24 for a home user is not incentive enough to get people to buy additioanl licenses of Vista. This is a lost opportunity to get people excited and wanting to upgrade all of their PC’s. With these prices,  I think even more home users will stay on Windows XP until they are ready to buy a new PC which will come with Vista.

As far as the business users which purchase OS licenses under a program instead of OEM, Microsoft will have to add a lot more to it’s “Software Assurance” benefits to get business to buy into it. When you pay as much as 1/3 of the the license cost annually for life, you better get software released more often than every 4 or 5 years.

Who knows, with the Apple iPod being so popular and the marketing campaign Apple has been running against the PC, some may even decide to switch to the Mac platform.

During the Microsoft SharePoint Conference 2006 held in Redmond in May 2005, Bill Gates outlined the “Top 5 Thing Bill Gates Loves About SharePoint 2007″ in his key note address. Here they are:

1. SharePoint for Composite Apps
2. Search and the Business Data Catalog
3. Client Integration
4. Excel Services
5. Community (Wikis, Blogs, RSS)

Many of the new high-end Multi-Function Devices (Printer/Copier/Scanner/Fax) have the ability to “scan to email” or “scan to a folder”. Upgrading to a Windows 2003 infrastructure may prevent some of these current functions from working properly.

In order for the “scan to email” function to work with a Windows/Exchange 2003 Server, the properties on the SMTP connector need to be modified to ‘Allow SMTP Relay’ from the IP address of the MFD.

These same items may need to be modified when using an imaging program, such as Ghost, which uses images stored on a Windows 2003 server. If the client can’t natively support the SMB signing, such as non-windows platforms, you will likely need to perform the same steps.

In order for the “scan to folder” function to work with a Windows 2003 Server, the new default SMB settings need to be modified. You need to disable SMB Packet Signing and Secure Channel Signing in the Domain Controller Security Policy.

1. From the Windows 2003 Domain Controller, open the ‘Domain Controller Security Policy‘.

2. Select ‘Security Settings\Local Policies\Security Options’.

3. In the details pane, locate and ‘Disable’:

• ‘Microsoft network server: Digitally sign communications (always)’.
• ‘Microsoft Network Server: Digitally Sign Communicates (If Client Agrees)’.
• ‘Domain member: Digitally encrypt or sign secure channel data (always)’.

To apply the Group Policy change immediately either, (1) restart the domain controller; (2) open a command prompt, and type ‘gpupdate’.

If you change these setting and still have a problem, check the following settings.
1. Open the ‘Default Domain Controllers Policy’ to edit the properties.

2. Under ‘Computer Configuration’, expand ‘Windows Settings\Security Settings\Local Policies\Security Options’.

3. In the details pane, locate and ‘Disable’:

• ‘Microsoft network server: Digitally sign communications (always)’
• ‘Domain member: Digitally encrypt or sign secure channel data (always)’

To apply the Group Policy change immediately either, (1) restart the domain controller; (2) open a command prompt, and type ‘gpupdate’.

Microsoft has released an updated beta of Windows Live Mail Desktop. The new beta is much improved over the previous version that I reviewed in July here.

The new beta has a much cleaner and organized feel to it. They also removed the sky scrapper ad which was the first thing that made me uninstall the beta 1 version of the software- much like the issue that Windows Live Mail had when they released their first online beta which I also reviewed on my blog.

The setup of email accounts is easy with the new beta, including Gmail accounts and POP3 Internet accounts. One limitation I ran into is that a Hotmail account that has not been converted to Windows Live Mail can not be added to Windows Live Mail Desktop. It does stat in the connection error message that this account needs to be moved to Windows Live Mail. Another quirk, which just may be my current configuration or of this beta release, is that when I clicked on the Calendar button it opened the calendar in a web browser, not in the desktop application.

The limitation with subscribing to and reading RSS feeds is the requirement of having to have Internet Explorer 7. When clicking on ‘Add a feed’ it notifies you of this requirement and gives you a link to download IE7. I did not see an option to import my RSS Feed list which I exported from a third-party RSS New Reader.

When you run the application for the first time it also offers to import all of your mail, contacts and other data from Outlook Express and/or Outlook clients. I choose not to do this import at this time since the software is beta and I did not want to risk the import removing my data from Outlook Express. The contacts from Windows Live messenger are integrated into WLMD and that is a ice feature.

All-in-all I thought the new beta version of WLMD was on the right track. As all beta software it could use some tweaks and refinements in the area of the calendar, and especially how it handles, or in my case, doesn’t handle the RSS feeds. My top priorities for the final release of WLMD 1.0 would be: (1) calendar integration and (2) adding the ability to import RRS feeds from an exported (XML) Feeds list.

Workstation are not applying Group Policies from the Active Directroy. The following are some possible functions on the Workstation:

• Running ‘gpupdate’ on Windows XP confirms it runs successfully.
• Running ‘gpresult’ on Windows XP gives the error: ‘The user [domain\username] does not have RSOP data.’
• You can browse to the netlogon and the sysvol folders on a DC.
• Typing the ‘SET’ command shows you have a vaild authentication server.

In order to resolve this make sure the workstation is pointing to a valid internal DNS server which contains Windows Active Directory informaiton. Verify the internal DNS server are functioning properly.

After modifiying the workstations DNS, rerun ‘gpupdate’ and ‘gpresult’. This should now apply the GPO successfully and display the results.

More information can be found here: Technet KB 291382 Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS

Exchange Server 2003 Backup Types

Source: Exchange Backup Types; Incremental and differential backups

Upgrading to the latest verison of IE7 beta requires you uninstall the previous beta version and then install the new beta. The process to uninstall the previous beta is straightforward. You can use the Add/Remove Programs and unistall the beta. If you run into issues you can use the command line to try and force an unistall. If you run into issues with that you can modify the registry and try it agan. All the instructions for this process are on the IE Team Blog at the post Uninstalling IE7 Beta Releases.

The one scenario I could not find addressed anywhere was, if you deleted the hidden uninstall files for the IE beta from the c:\windows folder. What then? None of the resources I found addressed this problem. There is a work around for this. Here is what you have to do:

• Open the “c:\windows\dllcache” folder. Find the “iexplorer.exe” file and rename it to “iexplorer.exe.old”
• Open the “c:\program files\internet explorer” folder. Find the “iexplorer.exe” file and rename it to “iexplorer.exe.old”
• You will probably get an error prompting you to insert a Winodws XP SP2 CD-ROM to replace this file, etc. Just ignore this error and leave the box open on the screen.
• Run the latest IE7 beta installation package. When it checks for the current verison of IE it will not see the iexplorer.exe file and verison number and will proceed to install as usual.

These steps ONLY address the need to install the latest IE7 beta. Renaming these files and choosing insert the CD-ROM for Windows XP, SP1, or XP2 DOES NOT completely uninstall IE7 components and may cause your computer to become unstable. This should only be used as a work around to get the LATEST IE7 beta installed on the system.

ExMerge results in “Error getting Hierarchy Table” in the log file when trying to import data from a PST file. In toubleshooting this error:

1. Verify this is not a permissions issue. Run an Export on the destination server of a mailbox. Use the mailbox of the account you are logged in with AND and mailbox of another standard user. If you can run an export successfully that should verify the ‘Send As’ and ‘Recieve As’ permsission have been configured properly.
2. Make sure the name of the PST file matched the name of the mailbox alias on the destination server. For example if the mailbox name on the destination server is “JDOE” make sure the source file is “JDOE.PST”.
   
3. Copy the PST file which you like exported from the source server (and that you are trying to import with errors) to a workstation that has Outlook installed. Try and open the PST archive and see if you can read it.
4. If step 3 doesn’t work, you likely have a corrupt PST file. Try running the export of the mailbox again and then attempt another import sing the new file.
5. If step 4 doesn’t work, use Outlook to connect to the mailbox on the source server and save all of you Outlook data (mail, calendar, contaxts, etc) to a PST file. Then use this file for the ExMerge import.
   

*Note: ExMerge and Outlook clients prior to Outllok 2003 do not support PST files over 2GB. TO work around this if you have mailbox data over 2GB, you can export portions of the data to different PST files under 2 GB. I have had to do this a couple of times using the ExMerge export. You can choose the user choose just the calendar and contacts data for example, or just the sent items and then export those items. You can then rerun the export and choose other data sources to export. Then when you rum the import use the first PST file with the name of the mailbox (with the PST extension) and complete it. Then rename that file to something else, take the second source file and rename it to the mailbox name (with the PST extension) and run the import again. The data will all merge together in the users new Exchange mailbox.

BetaNews.com reported on August 7th, Microsoft is planing to kill the VirtualPC application for the new Mac OS Intel-based platform. Microsoft doesn’t see the value in rewriting VirtualPC to be compatable with Intel base Mac’s as seen in the statement “…the need for virtualization should be satisfied through alternatives provided by Apple and others.”

Apple is integrating PC virtualization techology into it’s next release of Mac OS X (10.5) code named “Leopard”. Currently, Apple has Boot Camp which allows Mac hardware to dual boot between Mac OS and Windows. Upstart software vendor Parallels offers low cost virtualization technology for the Mac including a beta of the next release. And today (8/9/2006) market leader VMWare announced a beta of an upcoming PC virtualization product for the Mac.

With the desktop virtualization space quickly becoming saturated, it looks like Micorosft is using the opportunity to focus it’s resources on integrating it’s Virtualization software into the Windows platform itself with the upcoming release of Windows Vista and Windows Longhorn Server.