in
Home Tips Reviews CES 2008 Forums

Enter NOW To Win an HP HDX Dragon!


HP, BuzzCorp, and 31 Blogs across the Internet (including Windowsconnected.com) are giving away one HP HDX Dragon, loaded with stuff, every day for 31 days.  If you have never heard of the HP HDX dragon it is an amazing machine sporting a 20.1" display, Intel Core 2 Extreme x9000, 4GB of Ram, Blu-Ray drive and more. 		Windows

Jeff's Connected Corner

Windows Server System news and real-world info

July 2006 - Posts

  • IE 7 Pushed as High-Priority Update

    I’ve already had a couple inquiries about today’s IE 7 distribution announcement.  Their concern is specifically around how to block IE 7 upgrades in a managed environment.  Apparently Microsoft anticipated this level of concern, and they’ve posted an FAQ for your viewing pleasure.

    Bottom line: Customers will have more ways to block IE 7 than they can shake a stick at… including SMS, WSUS, Group Policy, and a dedicated blocking tool. 

    One cool thing you’ll notice in the FAQ is that installing the blocking tool today won’t prevent you from being able to distribute IE 7 at a future date using WSUS or SMS – or by manually installing it from Windows/Microsoft Update.  All the blocking tool does is prevent the unmanaged Automatic Updates service from downloading/installing IE 7.

    Posted Jul 26 2006, 02:22 PM by Jeff with 3 comment(s)
    Filed under: ,

  • Life Needs a 'Best Practices Analyzer'

    Wouldn’t it be nice if you could sit down at your computer, answer a few simple questions, and then be given a set of instructions for fixing/improving your life?  Heck, the only thing better than that would be an ‘undo’ button for those little mistakes we all make.  But alas, we’ll have to wait a few more years for the geniuses at Google to come out with those services (in perpetual beta, I’m sure).

    All joking aside, Microsoft has some excellent tools to offer in its growing suite of Best Practices Analyzers (BPAs).  As of today there are 4 separate BPAs:

    • Exchange Server BPA: This is by far the most robust of all Microsoft BPAs.  In fact, other Microsoft product groups are so enamored with the Exchange BPA that they are writing their own rule-sets to tie into the Exchange BPA engine.
    • SQL Server BPA: Unless I’m mistaken (and believe me, you all will let me know if I am) the SQL Server BPA was the first BPA released by Microsoft.  While not as polished or current as the Exchange BPA, the SQL BPA has still come in handy on customer engagements to find config/security issues w/ SQL Server 2000.
    • ISA Server BPA: Microsoft released a new ISA Server BPA build today, which is what prompted me to write this post.  If you’ve ever run the Exchange BPA – this one will look very familiar.  Remember what I said about other product groups using the Exchange BPA engine?  The ISA Server BPA is a perfect example.  Like the SQL and Exchange BPAs, I’ve found this one very helpful in identifying issues, as well as documenting the current state of a customer’s environment before making changes.
    • BizTalk Server 2006 BPA: I’m not a BizTalk guy, so I’ve never needed to use the BizTalk BPA .  However, no post about BPAs would be complete without it… so there you go.

    One last thing – if you’re a Microsoft Operations Manager guru, you want to check out the Exchange BPA Management Pack (MP) for MOM 2005.  This MP essentially deploys the Exchange BPA to your Exchange servers and then executes a BPA scan on a pre-defined schedule.  It’s even smart enough to fire MOM alerts if something looks out of the ordinary.

    If you have any BPA feedback (good/bad/ugly), please post a comment for the benefit of the community.  And keep your eyes peeled for more BPAs in the near future.

    Posted Jul 25 2006, 03:43 PM by Jeff with 1 comment(s)
    Filed under: , ,

  • Exchange '07 In Production - Don't Even Think About It

    Exchange 2007 Beta 2 drops today, and I know some of you are very excited.  However, please save yourself a lot of time/money and don’t introduce Beta 2 into your production environment.  This means no in-place upgrades and no new server installs that join your existing organization.

    The only way to test Beta 2 in a ‘live’ environment is to deploy a separate AD Forest and create the necessary trusts and connectors.  See the Exchange Server 2003 Release Notes for more information on deploying Exchange 2007 Beta 2 in a separate forest (specifically the section Cross-Forest Connectors: Exchange 2007 to Exchange 2003).

    I’ll post more on this topic as soon as I get the code implemented in my test lab.  Stay tuned…

    Posted Jul 24 2006, 09:11 AM by Jeff with 1 comment(s)
    Filed under:

  • Hmmm... Should I Patch My ATM Machines?

    I subscribe to quite a few RSS feeds and mailing lists… but the following thread on Shavlik’s Patch Management list really takes the cake.  Be afraid – be very afraid:

    Post Subject: Patch Management for Automated Teller Machines (ATM)

    Hi All,

    The company that I work with will be rolling out ATM's with WinXP Operating system. These ATM's will be connected to our Backend system thru TCP/IP. I am just wondering how members of this list from the Banking Industry deploy patches to these ATM's.

    Do you employ automated patch deployment using WSUS, BigFix, Shavlik, Patchlink etc...? Or do you do manual deployment of patches? Or do you apply patch at all?

    Is hardening the OS and limiting the ports open will suffice not to install patches?

    I ask this because during deployment of patches there will be downtime which may affect the business. On the other hand if the ATM is infected with a virus due to absence of a patch this will also affect the business.

    I hope that you can help me on this. Thanks in advance for your replies.

    ** Name withheld to protect this guy (and his employer)

    …And an Interesting Reply

    I'm in the banking field. We have 11 new ATMs that run XP... Our first concern was patching. We were told by the service provider that we were responsible for patching, but that if we "broke" something in the process that they wouldn't fix the ATM. So if a patch causes an incompatibility with the ATM software we would have to fix it ourselves.

    What's our approach? We don't have one yet.

    ** Name withheld

    …Finally, a Voice of Reason

    For Diebold Automated Teller Machines we test all announced MS patches and post advisories on our Diebold Customer Internet Support (DCIS) site.

    Diebold Customer Internet Support (DCIS) is a system designed by Diebold to keep you current on software updates for Microsoft Windows(r) operating systems deployed on your Diebold ATMs.

    This valuable system provides:

    Custom user profile to view Windows software updates specifically for your deployed Diebold ATMs
    Microsoft bulletin link for each Windows software update
    Direct link to the Windows software download sites
    Downloads Windows software update tracking
    Secure customer administrator access and option to add 4 additional customer users to access DCIS

    This service is available to all Diebold customers with a current service contract free of charge. You can register at the following site https://patchaccess.diebold.com/DCIS/DCISLogon.asp

    Donn Bohn
    Diebold Global Software and Services

    Jeff’s Thoughts

    • ATM machines shouldn’t run XP (sorry, Microsoft).  Seriously, when XP launched it was all about the ‘eXPerience’.  What kind of ‘eXPerience’ do you need on an ATM?  I get frustrated enough when people decide to use the ATM for all their banking (deposits, stamps, etc.) while I’m just wanting a quick cash fix.  I can’t even imagine waiting in line behind some customer watching streaming video, or synchronizing their iPod. :P
    • Regardless of what OS is being used on said ATMs – your IT security policy must include patch management.  Yes, that includes you too Mr. Linux Zealot.
    • If your vendor isn’t supportive of security best practices, spend your money elsewhere.  Otherwise, your customers will!
    Posted Jul 18 2006, 07:59 PM by Jeff with 2 comment(s)
    Filed under: , ,
.
Windows is a registered trademark of Microsoft Corporation.
Listed on the Offical CS Listings Powered by Community Server, by Telligent Systems Themed By nb development