Jeff's Connected Corner

May 2006 - Posts

• WSUS SP1 Released to the Web

  WSUS SP1 is finally available.  Here are the links… scroll down further for the highlights of this release: Download Packages: Full Install & Update Package in One File – 160MB SP1 Update Only – Coming Soon Via WSUS Content Sync Documentation: Readme File SP1 Overview Info Preview of What's New in WSUS SP1: WSUS SP1 is a service pack release that improves the security, reliability, scalability, compatibility, and performance of WSUS. These are the new features and improvements: Windows Vista client support: Computers running Windows Vista can be updated by WSUS SP1 Server. More client language support: Support for all Office and Windows Vista languages. New version of WMSDE: The WMSDE instance will be upgraded to WMSDE SP4 by WSUS SP1 (WSUS RTM uses WMSDE SP3). Performance improvements: WSUS SP1 includes various performance improvements to accelerate user interface response times. All hotfixes: WSUS SP1 includes all changes and hotfixes that have been released since WSUS RTM. Support for SQL Server 2005 Enjoy!  Report any issues to the WSUS public newsgroup (microsoft.public.windows.server.update_services) or your Microsoft support rep. Posted May 31 2006, 04:40 PM by Jeff with 1 comment(s) Filed under: WSUS

• What Symantec Could Learn from Microsoft

  People can joke all they want about the number and severity of Microsoft security vulnerabilities, but all this practice has enabled them to develop an excellent security response system. Symantec should take note.  Their most recent security vulnerability (SYM06-010) has spawned a confusing array of maintenance and point patches.  Initial media reports claimed that only version 10.1 was affected.  However, after reviewing the most recent Symantec e-mail bulletin it appears that version 10.0 is affected as well. In Symantec’s defense, the vulnerability information page for SYM06–010 is fairly well laid out.  In fact, I like that I don’t need to expand a nested hierarchy to get the information I’m looking for.  See Microsoft security bulletin MS06–018 as an example.  Scroll down to the General Information section… why should I have to click so many ‘+’ symbols?  At least give me an expand all option or something. Oh, and this guys post is classic.  According to him, now that a patch is released there’s nothing to worry about.  Here’s his quote: “The issues of remote code execution have been resolved now, thanks to the fix which means that the products are no longer vulnerable to a stack overflow” Please move along… nothing to see here.  What a joke.  How many people spent their holiday weekend patching Symantec products?  Not very many, I’m sure.  This issue will continue to dog Symantec for many weeks to come.  I sincerely hope we don’t see any widespread attacks as a result of this vulnerability.  Anyway, it’s too bad we have a double-standard when it comes to reporting security issues. Here is a list of things I’d like to see from Symantec: Simplify the servicing of your software.  Not everyone understands the difference between maintenance releases, point releases, etc. Offer an RSS feed of Symantec product vulnerabilities (including Veritas and other recent acquisitions).  The Symantec Security Response page would be a good place to locate such a feed. Provide a security bulletin search tool similar to the Microsoft one found here.  Let me choose my product version, my OS, etc. and show all applicable updates. What do you think?  If you’re a Symantec customer, how did you learn about the SYM06–010 vulnerability?  What about vulnerabilities 001 through 009? Posted May 29 2006, 02:12 PM by Jeff with 3 comment(s) Filed under: Security

• Get Ready for WSUS SP1 and Vista Updates

  WSUS SP1 is right around the corner, and so is the ability to have your Vista Beta 2+ clients sync updates from WSUS.  Check out this link for information on how to point your WSUS SP1 server to an alternate update stream so you get Vista updates. Basically it breaks down like this… At the command prompt type: cscript.exe "%programfiles%\update services\tools\ToggleMUUrl.vbs" beta This enables your WSUS box to sync with a special version of Microsoft Updates that includes Vista patches.  To revert back to the normal update stream, type the following command: cscript.exe "%programfiles%\update services\tools\ToggleMUUrl.vbs" Stay tuned to the WSUS Team Blog and this site for an announcement on SP1 availability. Posted May 27 2006, 12:04 AM by Jeff with no comments Filed under: WSUS

• Be Careful with Groove 2007 Upgrade

  I’ve been a Groove user ever since Microsoft acquired the company last year.  I primarily use Groove for folder synchronization and a couple small collaboration workspaces.  With Groove 2007 finally hitting Beta 2 I decided it was time to upgrade from Groove 3.1.  I held off until now based on my testing of Groove 2007 Beta 1 and Beta 1 TR (those still seemed a little rough around the edges). Here are a couple things to keep in mind as you evaluate migrating to Groove 2007 Beta 2, or installing it for the first time: Folder synchronization has been locked down for your own protection… and there’s no way to change it.  For example, in Groove 3.1 I could set up folder synchronization between my laptop and desktop PCs and sync just about any file I wanted.  Now, with Groove 2007 Beta 2 there are some new limitations.  It’s not that these limitations are new – just that they’re forced down our throats with no way to change them.  Here’s a screen shot of the file types you won’t be able to sync in Groove 2007 Beta 2 (click image to zoom). Note: The blocked file types window above has a scroll bar – so you can’t see all the file types.  Here is a complete list: *.ade, *.adp, *.app, *.asp, *.bas, *.bat, *.cer, *.chm, *.cmd, *.com, *.cpl, *.crt, *.csh, *.der, *.exe, *.fxp, *.hlp, *.hta, *.inf, *.ins, *isp, *.its, *.js, *.jse, *.ksh, *.lnk, *.mad, *.maf, *.mag, *.mam, *.maq, *.mar, *.mas, *.mat, *.mau, *.mav, *.maw, *.mda, *.mdb, *.mde, *.mdt, *.mdw, *.mdz, *.msc, *.msh, *.msh1, *.msh2, *.msh1xml, *.msh2xml, *.mshxml, *.msi, *.msp, *.mst, *.ops, *.pcd, *.pif, *.plg, *.prf, *.prg, *.pst, *.reg, *.scf, *.scr, *.sct, *.shb, *.shs, *.tmp, *.url, *.vb, *.vbe, *.vbs, *.vsmacros, *.vsw, *.ws, *.wsc, *.wsf, *.wsh In my testing I’ve noticed some problems upgrading existing workspaces from 3.1 to 2007.  This is supposed to be supported in this build, but it’s been hit/miss for me so far. Speaking of upgrades – keep in mind that anyone or any PC you are synchronizing files/workspaces with will need to upgrade to Groove 2007 within 60 days of the first upgraded client.  In other words, don’t go upgrading your 3.1 corporate workspaces unless you know everyone else will also be upgrading to Groove 2007.  To quote the movie PCU, “Don’t be that guy”. At the root of the file blocking issue described above is the fact that all stand-alone Groove 2007 beta testers are essentially ‘managed’ by Microsoft enterprise policies at the moment.  If you were to download and install your own Groove Server infrastructure you could specify the approved/blocked extensions yourself.  However, don’t take this lightly – setting up a Groove Server environment of your own is no small task. Posted May 26 2006, 12:54 PM by Jeff with 4 comment(s)

• Vista and Longhorn Beta 2 Available on Connect

  It appears that Vista Beta 2 and Longhorn Beta 2 are both available via Connect. If you can’t get good download speeds in the US, try the UK servers Posted May 23 2006, 12:31 PM by Jeff with 2 comment(s) Filed under: Windows-General

• Free Office 2007 Training Available

  Free Office 2007 Training Available While you’re waiting on your Office 2007 download, be sure to check out the free Office 2007 training being offered at the following site: http://www.microsoft.com/learning/office2007/default.mspx FYI – as of the time of this post the Office 2007 download servers are getting hammered. Don’t expect to get in the first time you try, and even if you do you’ll probably get some fairly slow transfer speeds. Posted May 23 2006, 12:30 PM by Jeff with no comments Filed under: Windows-General

• Troubleshooting WindowsConnected Outage

  This morning I received an IM from Josh saying the WindowsConnected server was offline.  Being a server-focused guy… he asked if I had any ideas on how to troubleshoot the outage.  Here’s how we found the problem and got in touch with the appropriate people to bring the server back online. FYI – The site is hosted by Xeinos and DNS is provided by 1and1.com The main problem was that the web site was unavailable, both for Josh and myself.  It was important for both of us to check the site since it could have been a geographical net hiccup.  Josh is in CA, I’m in KS. Next, I opened a command-prompt and checked DNS resolution using ‘nslookup’.  Sure enough, windowsconnected.com resolved to an IP (216.119.207.138) – meaning DNS wasn’t the root cause.  Time to dig a little deeper. One of my favorite Internet/server troubleshooting sites is dnsstuff.com.  My first stop was the Traceroute tool.  A traceroute essentially tests each hop between your machine (or in this case, the dnsstuff.com servers) and the destination of your choice.  The traceroute showed that the windowsconnected.com server was ‘unreachable’.  All the routers leading up to the ISP worked fine – it wasn’t until the last few hops that packets started dropping into the bit bucket.  Next tool, please. A possibility at this point is a limited net outage in the area of the web host.  Josh knew that Xeions was in Utah – so I used the Internet Traffic Report to see if there were any known issues in the Utah area.  None to speak of… so on to the next step. OK – at this point we’ve established that the issue is likely web-host related.  Since it’s the weekend, we need to get some good contact info for their NOC (not the normal 1–800 number).  We also need to confirm that the IP assigned to windowsconnected.com is indeed hosted by Xeinos.  In this age of hosting companies being bought/sold/absorbed on a regular basis – this is an important step.  A great tool for the job is IPWhois, which identifies who is responsible for the IP range associated with windowsconnected.com.  Once again, dnsstuff.com offers a simple way to conduct an IPWhois query.  I plugged in the aforementioned IP address and up came a contact person and phone number for Xeinos. Josh contacted Xeinos and discovered that they had a power outage in their datacenter.  They didn’t know about the problem until Josh called, which isn’t a good thing in my opinion – but that’s another topic entirely.  Bottom line – Xeinos got the service restored in quick order, and the fact that you’re reading this post is a testament to the importance of Internet service troubleshooting. In addition to the above sites/tools, I like the Computer Network Defense ‘Radar’ web page for proactive monitoring.  In the past I used Sam Spade (the 32–bit version)… although in recent years I’ve dropped that app from my standard build. What are your favorite troubleshooting tools/techniques? Posted May 21 2006, 11:49 PM by Jeff with no comments Filed under: Windows-General

• SQL Server 2005 SP1 via WSUS

  Attention WSUS Admins: SQL 2005 SP1 will be available via WSUS starting next week – 5/23 to be exact.  The WSUS version of SP1 won’t patch the Express version of SQL 2005, just the Server SKUs.  This marks the first time a SQL service pack will be available via WSUS.  Good work Microsoft! Here are a couple important links where you can find more about this upcoming release, and all other WSUS-supported updates. Description of WSUS Content for 2006 New, Revised, and Re-released Updates for Microsoft Products Other Than Windows Happy patching! Posted May 19 2006, 02:39 PM by Jeff with no comments Filed under: WSUS

• Another Terrorist Casualty: Blue Security

  Just finished lunch and was browsing my RSS feeds.  I ran across the following article on Slashdot (amazingly – the article itself hasn’t been ‘Slashdotted’ as of 1:00pm my time): Blue Security Kicked While It’s Down If that doesn’t scare your pants off, please seek medical attention immediately. But seriously… this IS scary stuff – and it isn’t the first time a piece of ‘critical infrastructure’ has been attacked by terrorists.  I sincerely hope the National Strategy to Secure Cyberspace is more than just politics, or else it’s only a matter of time before we see a September 11th type attack that does more than take out Blue Security and a few innocent bystanders. So, aside from ranting – what can we do?  For starters we can educate those around us on how to secure their home/work PCs.  I blogged about this back in Dec. 2004, and continue to spend a few hours now and then making sure my friends/family have all the latest patches and up-to-date security software.  It might not seem like much, but if all of us ‘geeks’ secured 10 to 15 home PCs – that’s a lot less bots for the bad guys to use as ‘technology IEDs’. On the work side there’s a lot we can do as well.  Since I’m a Microsoft-focused guy… here’s a link to the Ten Principals of Microsoft Patch Management.  And patch management isn’t just a Microsoft issue – last time I checked there were some nasty OS X, QuickTime, and Java, vulnerabilities that needed patching too.  Patching is only part of the solution… but that’s a topic for another post. Have a nice weekend. Posted May 19 2006, 02:26 PM by Jeff with no comments Filed under: Security

• Playing Catch-Up

  Things have been a little busier than normal lately.  I just wrapped up a 3200 user e-mail migration for a local client (Sendmail to Exchange).  I’ve also been working on a new room addition for our house.  Add to that the normal grass mowing, car maintenance, time with my wife and daughter… and needless to say blogging has been at the bottom of the list.  So, consider this the first in a series of ‘catch-up’ posts. US Legislation Regarding the Internet In my opinion, government involvement in technology and the Internet (short of its creation) isn’t a good thing.  Think back to the Telecom Act of 1996 if you need a history lesson.  That didn’t exactly turn out in favor of us consumers, did it?  Fast-forward to 2006 and check out the info on H. R. 5252 – also known as the Communications Opportunity, Promotion, and Enhancement Act of 2006.  Smells dirty already, huh?!?!  Anyway, this is all about controlling access to the Internet – specifically prioritization of traffic.  The big boys like AT&T and Verizon (remember – the companies created by the Telecom Act of ‘96) aren’t too keen about people like Vonage using the Internet to bypass their bread and butter circuit-switched business.  This is only one area addressed by the bill, so take a look and make sure to contact your representative (House, Senate) if you disagree with this legislation like I do. Vista Performance Rating If you’ve played with any of the Vista betas you may have seen a Performance Rating.  My laptop scores somewhere between 2 and 4 depending on the component.  I found a good article on MSDN that describes how the ratings are generated.  Should be interesting to see how this shakes out over time. Windows PowerShell (a.k.a. Monad) I’ve been forcing myself to learn PowerShell lately.  The reason I’m enduring this pain is because Microsoft is basing many of their upcoming server applications on PowerShell.  Exchange 2007 will be the first, followed by SMSv4 and MOMv3.  If you haven’t taken a look at PowerShell yet, now is the time.  I think the idea of parity between the command-line and the GUI is a good thing… but for some reason I’m having a hard time digesting the PowerShell language/syntax.  Someone sent me a cool Matrix-looking PowerShell script – and it took me 10 minutes to figure out how to run it.  How sad is that :P  I’ll post more about my newbie PowerShell adventures in a future blog post. Posted May 10 2006, 10:30 PM by Jeff with 1 comment(s) Filed under: Windows-General, Security