IT edge

Running an Exchange 2003 Front-end / Back-end configuration there are certain settings that you need to make sure are enabled to allow ActiveSync to connect to the servers via SSL.

The best KB article I located that walks through this is KB817379.

In the article it instructs the creation of a secondary virtual directory for Exchange server. It tells you to go to IIS and open ‘Web Sites\Default Web Site\Exchange’ and export the configuration. And then walks you through the steps to create a new Virtual Directory.

Before going through these steps as instructed, there is a simple option that should be verified.

• Open to the Properties of the original Exchange directory.
• Under Authentication and access control, click Edit.
• Make sure that only the following authentication methods are enabled, and then click OK:

• Integrated Windows authentication
• Basic authentication

I have found that on some systems, especially for organizations that may have a mixed directory environment (i.e. Novell eDirectory and Active Directory) and have been running Blackberries, that ‘Integrated Windows Authentication’ may not be checked.

I won’t go into my personal opinion about allowing Android devices on a corporate network, but go to a search engine and enter “Android Security” and see what comes up. Another good resource is Kaspersky Labs: http://usa.kaspersky.com/search/apachesolr_search/android 

From a security best practice, I would avoid it unless you can lock down the device to allow only corporate approved software to be installed. It seems Android is the preferred platform for mobile device hacking.

Today – Feb 9, 2011 – Microsoft announced the released of Service Pack 1 for Windows Server 2008 R2 and Windows 7. With this release come two new features: RemoteFX and Dynamic Memory.

An enhancement to Hyper-V R2, Dynamic Memory pools all the memory available on a physical host. Dynamic Memory then dynamically distributes available memory, as it is needed, to virtual machines running on that host. Then with Dynamic Memory Balancing, virtual machines will be able to receive new memory allocations, based on changes in workload, without a service interruption. In short, Dynamic Memory is exactly what it’s named (a six part blog series on Dynamic Memory here: Part 1, 2, 3, 4, 5, and 6).

In lab testing, with Windows 7 SP1 as the guest operating system in a Virtual Desktop Infrastructure (VDI) scenario, there has been a 40% increase in density from Windows Server 2008 R2 RTM to SP1. This was achieved by enabling Dynamic Memory.

This increased density does not come at the expense of security, as is the case with other offerings in the industry. Dynamic Memory preserves Windows 7 security without compromising density. Jeff Woolsey goes into detail in a recent post on this topic at the virtualization blog.

You get immediate benefit from the moment you turn on the virtual machine. There’s no waiting for memory management algorithms to work. Nor do you have to tweak the hypervisor with custom settings for specific workloads to maximize density. It’s an awesome out-of-box experience for all your virtualization workloads.

RemoteFX lets you virtualize the Graphical Processing Unit (GPU) on the server side and deliver next-generation rich media and 3D user experiences for VDI. RemoteFX also enables new low cost ultra-thin client devices to enter the market. Together, these technologies will drive down the end-point cost and reduce endpoint power consumption.

Customers have already been successful with Dynamic Memory and RemoteFX, in early adopter deployments. Case studies, like the one with Sporton International show how using both RemoteFX and Dynamic Memory delivers real business value.

Service Pack 1 will be made generally available for download on February 22, and will be available to Volume Licensing customers on February 16.

For more information see the official blog posts on Service Pack 1:

• http://blogs.technet.com/b/windowsserver/archive/2011/02/08/windows-server-2008-r2-and-windows-7-sp1-releases-to-manufacturing-today.aspx
• http://blogs.technet.com/b/virtualization/archive/2011/02/09/windows-7-and-windows-server-2008-r2-sp1-add-new-virtualization-innovations.aspx

Today – Feb 9, 2011 – Microsoft announced a new tool for organizations using BitLocker to secure their data called Microsoft BitLocker Administration and Monitoring. In the tradition of Microsoft the acronym for the tool is MBAM.

MBAM enable an enterprise solution for BitLocker provisioning, monitoring and key recovery for Windows 7 Enterprise PCs. The tool is designed to simplify provisioning and deployment of BitLocker on machines and improve compliance through reporting and reduce support costs.

Some key points of this new tool":

• For new deployments of Windows 7 Enterprise, the MBAM client can be integrated into the task sequence in MDT or in SCCM or other Windows 7 deployment tools. The client then automates the encryption process as part of the PC deployment.
• For Windows 7 Enterprise clients that have already been deployed, the MBAM agent provides a standard user the ability to start the encryption process.  This enhances the BitLocker out-of-box experience where the end user must have administrative rights to accomplish this.
• Either way, administrators can also excuse machines from BitLocker encryption by make and model.
• Administrators can generate reports on machines that are encrypted using BitLocker and meet the organizations security policies.
• Machines with the MBAM agent can send BitLocker recovery keys to an encyrpted SQL Database as an option. Whereas, up until this point the recovery keys where stored in Active Directory.
• The MBAM tool optionally provides a web page that can enable help desk personnel to get the user’s recovery key if they get into BitLocker recovery mode. The help desk will not longer require into Active Directory to be able to get the recovery keys.
• When a recovery key is used, the MBAM client will automatically generate a new recovery key for that PC so that the original key cannot be used to gain access to the machine again.
• MBAM allows an end user with standard user rights to perform basic BitLocker tasks like changing their PIN or start the encryption process.

MBAM will be available to Software Assurance customers through the Microsoft Desktop Optimization Pack in the future. No RTM date has been announced. A public beta version will be available in March 2011.If you want to be notified when the beta is open, you can sign up here.

you can read the official blog announcement in a Q&A format here: http://windowsteamblog.com/windows/b/springboard/archive/2011/02/09/microsoft-announces-microsoft-bitlocker-administration-and-monitoring-mbam.aspx

I have been looking all over the web for a SharePoint 2010 feature comparison of Foundation Server, Standard Server and Enterprise Server. The comparison has been readily avilable for SharePoint 2007 for years, but there is no comparison for SharePoint 2010.

I put together this comparison in Excel for some customers and thought I would share it. You can download it from:

http://www.itedge.net/published/SharePoint_2010_Editions_Features_Comparison.xlsx

System Center Virtual Machine Manager Self-Service Portal 2.0 (SSP) is now available free and fully supported by Microsoft. This is a fully supported, partner extensible solution that enables you to dynamically pool, allocate, and mange compute network, and storage resources to deliver a private cloud platform to your datacenter.

Features of the System Center Virtual Machine Manager Self-Service Portal 2.0:

• Automation and Guidance: to assess, plan and design your private cloud foundation infrastructure
• Customer/Business Unit On-boarding: automated workflows to onboard business unit IT departments onto your virtualized shared resource pool
• Dynamic Provisioning Engine: to rapidly provision virtualization infrastructure in conjunction with System Center and Hyper-V
• Self-Service Portal: to empower consumers of IT to request and provision infrastructure for their Apps/Services
• Partner Extensibility: enable partners to expose their unique hardware capabilities through familiar Microsoft scripting technologies while providing variety and flexibility to IT

Learn more, get more

• Visit the Official SCVMM Self-Service Portal blog
• Download the Self-Service Portal

Microsoft’s Global Foundation Services (the team at Microsoft who operates the data centers worldwide for internal and cloud services) Cloud Infrastructure Security Team has shared a new whitepaper titled “Information Security Management System for Microsoft’s Cloud Infrastructure”.

The whitepaper and accompanying blog post by Mark Estberg examines how Microsoft addresses the security challenges it faces as a cloud provider, and explains three of the security practices Microsoft uses to secure its cloud:

• Information Security Management Forum – A structured series of management meetings in specific categories for managing the ongoing operations of securing the cloud infrastructure.
• Risk Management Program – A sequence of processes for identifying, assessing, and treating information security risks and for enabling informed risk management decisions are made.
• Information Security Policy Program – A structured process for reviewing information security policy and for making changes when deemed necessary.

For any organization that runs their own data centers, is looking at setting up an internal cloud, or is a customer of a cloud provider, this could be a helpful resource.

As a consumer, I am always looking for ways to save some money here and there. I was a log time fan of the AVG Free anti-virus until Microsoft came out with Windows Live OneCare, which I promptly switched to primarily for the automated backup, updating and reporting for all of my home computers and then secondly for the anti-virus, PC tuning, and security center. That was a great product that I thought was compelling enough to purchase, and it was licensed for 3 PCs. Since Microsoft stopped shipping that product, I looked at other paid Anti-virus and security suites but with the performance issues and third-party firewalls that were installed I decided against it. Even my ISP offers a security suite that is a paid retail product available for free to subscribers, but I had the same concerns. 

At the discontinuation of Live OneCare, Microsoft pulled the Anti-virus (Anti-malware) software out of that product and made it available for free as Microsoft Security Essentials. A great move for millions of consumers that don’t have ISP’s that provide free Anti-virus software, or for people that want something simple, works well with their PC and Windows Firewall, and doesn’t kill the PC performance. So, I downloaded the beta and then the full version of the software and never gave it a second thought.

Then I saw a write-up on a ZDNet Blog that talked about how free Anti-virus (Microsoft Security Essentials) outperformed paid Anti-virus. It’s an interesting read, especially if you are paying for Anti-virus software now and your subscription will be up for renewal soon. You can find the article here:
http://www.zdnet.com/blog/bott/microsoft-vs-mcafee-how-free-antivirus-outperformed-paid/2614

Before you plunk down $50 or so for Anti-virus, give it a second thought and give the free Microsoft Security Essentials a try. It’s worth a try and will save you some money too.

If you have a Mac you can get iAntiVirus Free Edition. Yes, it’s TRUE. There are thousands viruses that affect Macs floating around in contrast to popular belief.

If you have a Linux computer, you can get AVG Anti-Virus Free Edition for Linux.

The Microsoft Solution Accelerators team released new resources that you can use in combination with the Microsoft Security Compliance Manager tool: the Windows Server 2008 R2 Security Baseline and the Office 2010 Security Baseline, and setting packs for Windows 7 and Internet Explorer 8. Together with the tool, these resources are designed to help efficiently manage the security and compliance process for some of the most widely used Microsoft products.

In combination with best-practice guidance and the Security Compliance Manager tool, the baselines are designed to help you plan, deploy, and monitor the security of computers running Windows Server 2008 R2 and of Office 2010 applications. Both releases also include a settings pack (for Windows Server 2008 R2 and Office 2010) enabling you to define baselines that include settings outside the scope of the security baselines from Microsoft.

The Windows 7 and Internet Explorer 8 setting packs will enable you to define baselines that include settings outside the scope of the security baselines from Microsoft. Use these new resources to define custom baselines, meet business-critical needs, and elevate the security of Windows 7 and Internet Explorer 8.

The Security Compliance Manager works with the Microsoft Assessment and Planning (MAP) Toolkit and the Microsoft Deployment Toolkit (MDT) to help you plan, securely deploy, and manage new Microsoft technologies.

Learn more about the Security Compliance Manager tool. Next, learn more about the new security baselines and setting packs:

• Windows Server 2008 R2 Security Baseline
• Microsoft Office 2010 Security Baseline
• Windows 7 setting pack
• Windows Internet Explorer 8 setting pack

Download the tool:

• New users can access these resources by visiting the Microsoft Download Center to download the Security Compliance Manager tool.
• Existing users can access the baseline and setting packs in the tool by clicking the Tools menu, and then clicking Check for Baselines.

Simplify planning for upgrade or migration to the latest Microsoft products and technologies with the Microsoft Assessment and Planning (MAP) Toolkit 5.5 Beta. This tool is now includes assessment for easier migration to Windows Azure and SQL Azure, heterogeneous database discovery (of MySQL, Oracle and Sybase instances) for SQL Server migration projects, Internet Explorer 8 upgrade assessment, and more.

• Assess your environment for upgrade to Windows 7 and Windows Internet Explorer 8 (or the latest version). Helps to simplify the organization’s migration to Windows 7 and Internet Explorer 8. The MAP 5.5 Internet Explorer Upgrade Assessment inventories the environment and reports on deployed web browsers, Microsoft ActiveX controls, plug-ins and toolbars, and then generates a migration assessment report and proposal. Information needed to more easily migrate to Windows 7 and Internet Explorer 8 (or the latest version).
• Identify and analyze web application, and database readiness for migration to Windows Azure and SQL Azure. Simplify the move to the cloud with the MAP 5.5 automated discovery and detailed inventory reporting on database and web application readiness for Windows Azure and SQL Azure. MAP identifies web applications, IIS servers, and SQL Server databases, analyzes  performance characteristics, and estimates required cloud features such as number of Windows Azure compute instances, number of SQL Azure databases, bandwidth usage, and storage.
• Discover heterogeneous database instances for migration to SQL Server. Now with heterogeneous database inventory supported, MAP 5.5 helps accelerate migration to SQL Server with network inventory reporting for MySQL, Oracle, and Sybase instances.
• Enhanced server consolidation assessments for Hyper-V. Enhanced server consolidation capabilities help save time and effort when creating virtualization assessments and proposals. Enhancements include:

• Updated hardware libraries allowing you to select from the latest Intel and AMD processors.
• Customized server selection for easy editing of assessment data.
• Data collection and store every five minutes for more accurate reporting.
• Better scalability and reliability, requiring less oversight of the data collection process.
• Support for more machines.

If you are interested in previewing this before the RTM, you can join the MAP 5.5 Beta here.

I have a HTC HD7 Windows Phone 7 and have been extremely pleased with the device. Microsoft has finally released a Windows Phone OS that is modern, and intuitive to use. The App Marketplace also has a ton of Apps that are free and paid which make the device more compelling. I think for PC users that this device should be looked at if you’re in the market for a new phone.

The Zune Pass subscription is one of the best things available for all you can eat music, which you get to keep 10 songs per month as well. I’ve had the service for a year now and am using the single subscription on 3 devices (1 Windows Phone, 2 Zunes), on my Xbox for music streaming, and on my PC’s for streaming and for my library.

So with all this music available to me, the thing I hate about the HD7 is that it only comes with a max of 16GB memory. This is not much in comparison to my ZuneHD 32GB and my second gen Zune80. Some of the other Windows Phones from other manufactures come with more memory options. But if you are a T-Mobile network customer, you don’t have these devices options, at least not right now.

You can however, hack the HD7 to add more memory into it, but it does void the warranty and you risk damaging the device. The flash memory is a MicroSD card like on most other devices that is buried under plastic covers, but can be replaced. Here is a YouTube video that demonstrates how to disassemble the phone and replace the MicroSD memory card.

I did not create this video, nor have I modified my device. I also don’t recommend modifying your device, because it does void the warranty – even if the sticker is not damaged. So please don’t post questions for me to answer about this process. But for those f you who really want to add more memory to the device and are not concerned about the warranty, this may be of interest to you.