TECHPRO.MS

Hello, Bill here.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, April 8, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

 

·        Five Microsoft Security Bulletins rated Critical and three that are rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

 

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

 

Finally, we are planning to release five high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as three high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS).

 

As always, we’ll be holding the April edition of the monthly security bulletin webcast on Wednesday, April 9, 2008 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well.

 

You can register for the webcast here:

 

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357219&Culture=en-US

 

Thanks,

 

Bill Sisk

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi there,

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

This is Mike of the MSRC,

 

The case of the MDB attack vector

 

The MSRC on Friday afternoon posted an advisory about limited, targeted attacks using JET database files, commonly referenced as file type MDB.  Many of you probably remember that MDB files are on the unsafe file type list (http://support.microsoft.com/kb/925330), and are blocked from being opened by Outlook, are commonly removed from incoming email by Exchange, and trigger scary prompts similar to EXEs when clicked on with IE.  So why the hubbub?

 

First – let me describe the attacks we’ve seen:

We have seen two malicious JET database files sent in by anti-virus companies.  These files make it clear that some attackers have figured out a way to workaround the mitigations built into Outlook. 

 

These new attacks, discussed in Friday’s security advisory, use the exact same vulnerability as was posted in a November 2007 full-disclosure posting by cocoruder.  In fact, very little was changed about the file compared to cocoruder’s POC file which launched calc.exe.  It uses the same column number overflow.  Even as far back as March 2005, HexView posted a similar vulnerability in msjet40.dll column handling.  You’ll notice that both the HexView and the cocoruder posting mention that they first submitted their samples to the MSRC, but the MSRC replied back that they would not address the issues via a security bulletin because any attempt to attack customers using these issues was heavily mitigated by the blocking mentioned earlier in this post.

 

So how is this new JET database file attack different than the previous JET database file issues? 

Everything changed with the discovery of this new attack vector that allowed an attacker to load an MDB file via opening a Microsoft Word document.  The previous guidance does not work against this new attack.  The attack sequence is not the dangerous multi-step process of requiring a customer to first change their Outlook and Exchange settings from the secure default of blocking MDB files and then opening the MDB file.  Instead, it could occur by having a customer save two DOC files to the hard drive and opening one of them.  So that’s why we alerted customers to these attacks and are re-investigating JET parsing flaws – this is a new attack vector discovered that we didn’t know about previously.

 

So now what are we going to do about JET database files?  

Well, a lot of this is still under investigation as part of the SSIRP process.  We’re investigating if we can ship a security update that prevents Word documents from loading MDB files without prompting.  This would block this new vector and would be a great solution if we can find a way to make it work without affecting custom applications.  Also, we already have a new version of msjet40.dll that fixes the known attacks.  In fact, we have already shipped it in Windows Server 2003 SP2, Windows Vista, and it is included in beta versions of Windows XP SP3. We’re investigating what it would take to release those fixes as part of the security update as a defense-in-depth change. 

 

Even after we determine a fix plan for these issues, JET database files (filetype MDB) will remain on the unsafe filetype list because they can run code by design.  MDB files opened by Access can run arbitrary VBA script code specified in the MDB file – that’s why they’re marked as unsafe and blocked by Outlook, Exchange, etc.  So even if we tried to, we could not secure this file format – it will always present attackers an opportunity to run code.  We currently do not plan to turn off the VBA functionality present as part of opening an MDB files as many customers use that feature in their applications and wouldn’t apply the security update anyway.  So we will continue to recommend that you never, ever open MDB files received unexpectedly.

 

So what should customers do in the meantime? 

Well, first, I recommend you read the security advisory. There’s some solid guidance in there, for example, enterprise administrators can block JET files, even those renamed from MDB, at the gateway.  We’ve even shared samples with folks in the MSRA. For end-users, we will continue to recommend that you never, ever open attachments received unexpectedly.  Finally, I’d recommend that you continue to monitor this blog and the MSRC blog as we’ll update you on the results of our investigation through each of those.

 

Mike Reavey

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Hello, Bill here,

 

I wanted to let you know that we have just posted Microsoft Security Advisory (950627).

 

This advisory contains information about a very limited, targeted attack exploiting a vulnerability in Microsoft Jet Database Engine. Our initial investigation has shown that this vulnerability affects customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007 and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

 

Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

 

We’ve activated our Software Security Incident Response Process (SSIRP) to investigate the vulnerability and have identified steps customers can take to protect themselves in the workaround section. As part of our SSIRP process, we currently have teams working to develop an update of appropriate quality for release in our regularly scheduled bulletin process or as an out-of-band update, depending on customer impact. In the meantime, we encourage customers to review the advisory and implement the workarounds.

 

While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the Advisory and this blog as new information becomes available.

 

Bill Sisk

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

 

 

This article discusses some significant improvements achieved in Windows Server® 2008 related to redirecting connections in a TS Farm.

Understanding the terminologies:

Terminal Services Session Broker (TS Session Broker) is a role service in Windows Server® 2008 that allows a user to reconnect to an existing session in a load-balanced terminal server farm. TS Session Broker stores session state information that includes session IDs and their associated user names, and the name of the server where each session resides.

Credential Security Service Provider (CredSSP) is a new security service provider introduced in Windows Vista that enables an application to delegate the user's credentials from the client (by using the client-side SSP) to the target server (via the server-side SSP). Terminal Services client uses this feature to authenticate the user before further negotiation is done with the terminal server to start the session.

Behavior before Windows Server® 2008:

Before Windows Server® 2008, when a terminal server in a farm received a connection request, it created a temporary session to authenticate the user and load user policies. If no local disconnected session was present, it queried the TS Session Broker to see if there was a disconnected session for the user on another machine in the SB farm. If a disconnected session was found, a redirection request was sent to the client to connect to the other server instead. The temporary session was then discarded.

The temporary session creation resulted in significant delay in completing the connection because a full logon occurs in the session. Also, the user experience was unpleasant because the user saw two welcome screens, first for the temporary session and then again for the redirected session. The new technique addresses these drawbacks when a connection is made using the new Terminal Services client with CredSSP.

What changed in Windows Server® 2008:

In Windows Server® 2008, a new load balancing algorithm has been introduced to distribute the load amongst all the servers in the farm. This can increase the number of redirected connections in a Windows Server® 2008 TS farm, hence making it more important to address the drawbacks with redirection.

A new technique was introduced to improve the redirection scenario in Windows Server® 2008. When CredSSP is used, the user credential is available even before temporary session is created. The new technique uses the credentials (user name and domain name) provided by CredSSP and the initial program available at that point, to load the user profile. It then uses the same credential to query for a disconnected session in the SB farm, if the machine is in a farm. If a disconnected session is found on another machine in the farm, it immediately sends a redirect packet to the client and the client subsequently connects to the redirected server. Hence no temporary session is created before the connection is redirected.

Benefits of the changes in Windows Server® 2008:

Security improvements - The use of CredSSP provides enhanced security for terminal servers against rogue clients. With this feature, clients need to authenticate even before the connection sequence is completed and a session is created for the user.

Performance optimization - The new technique removes the expensive process of creating a temporary session if a disconnected session is already available in a farm. This helps improve the redirection performance significantly in terms of time to connect and CPU utilization on the server.

Experiments performed in our lab shows significant performance improvements in terms of CPU utilization.

Fig 1 CPU utilization for a single redirected connection:

 

Figure 1(a) Before Optimization

 

Figure 1(b) After Optimization

Fig 2 CPU utilization for a burst of redirected connections:

 

Figure 2(a) Before Optimization 

 

Figure 2(b) After Optimization

Improved customer experience - In addition to providing performance improvement, the new technique also helps deliver a better user experience for a redirection scenario. This is primarily because the user no longer sees two sessions, one for the first server (temporary session) and one on the redirected server. Instead they see only the final session after redirection occurs.

 

Finally, we have the results of our comics contest. We know that the suspense has been killing you.

Without further ado, here are our favorites. We got many great submissions, choosing was a bit tricky.

The overall winner is Danny Mills:

The following 4 winners will also be getting Exchange swag:

Petrenyi Jozsef... Petrenyi has chosen to go for full-drawing style rather than use our templates; please click on the thumbnails to see them in full resolution!

Tony Woodruff:

Jeremy Wood:

Kale Davis (click on it to see the whole thing):

Thank you for all your submissions! We will be contacting the winners for their snailmail address or the address confirmation before we send out the swag.

- The Exchange Team

Share this post :

Last week, at the MIX conference in Las Vegas, the Internet Explorer team made several announcements regarding IE8, the first of which was that a Developer Beta (emphasis on the Developer) is now available.  You can download the beta from the IE8 Beta Site.  The beta is available today for Windows Vista (“Gold” and SP1), Windows Server 2008, Windows Server 2003 SP2, and Windows XP SP2 and SP3, both in 32- and 64-bit versions.  We will release the developer beta in German, and Simplified Chinese shortly.

There were seven other developer-oriented areas of discussion that were covered at MIX by the IE Team.  For those of you not familiar with the MIX conference, MIX is an opportunity for technical, creative and business strategists to engage Microsoft in a conversation about the future of the web.  You can find out more about MIX '08 by clicking on the MIX logo on the right, including viewing the MIX sessions and keynotes.  So what were the seven developer-focused areas?

1. Our goal is to deliver complete, full CSS 2.1 support in the final IE8 product
2. Microsoft has contributed over 700 test cases to the W3C CSS working group
3. Delivery of better scripting performance
4. Support for HTML5
5. Delivery of the first installment of built-in developer tools
6. A better way for Web Services to integrate into the user's workflow
7. A better way for Web Services to enable their users to keep an eye on interesting parts of a web page within the browser with "WebSlices"

The items above do not represent everything that will be in the final product by any means.  The folks over at the IE Blog are going to be keeping us all up to date with what is going on the IE8 world.  However, here are some quick tidbits:

Internet Explorer 8 and the ACID2 test: IE8 Beta 1 passes the official ACID2 test.  However, there are a number of copies of this test posted at various Internet locations and IE8 is failing the test at the copy sites due to the cross domain security checks performed for ActiveX controls

Activities and WebSlices in Internet Explorer 8: There are two new features in IE8, Activities and WebSlices.  With Activities you can access your services from any web page.  For example, let's say I want to map the address for Microsoft.  I can highlight the address from the "Contact Us" page on the Microsoft.com website (http://support.microsoft.com/contactus/?WS=mscorp) and select the option to Map with Live Maps (as shown below) which will open up a new tab and map the address selected.

So what are WebSlices?  WebSlices allow you to subscribe to a portion of a web page to get updates and view the changes without having to go back to the site.  If a web site supports WebSlice, you will see a new icon in the IE Command Bar:

Clicking on the button adds the WebSlice to the Favorites bar.  IE then checks for updates on a schedule.  When IE finds an update, the item on the Favorites bar bolds.  You can click on the item to view the details.  eBay has an IE8 site up and running (http://ie8.ebay.com), and you can also try out WebSlices on StumbleUpon and Facebook.

We also mentioned improved scripting - the folks over at the JScript Blog have written a post regarding this.  There's a lot more information regarding the IE8 Developer Beta - check out the following posts over at the IE Blog:

• IE8 and CSS 2.1 Testing
• The Default Layout Mode
• Improved Productivity Through Internet Explorer 8 Developer Tools
• Internet Explorer 8 Beta 1 for Developers – Standards Highlights
• Using The Emulate IE7 Button
• Address Bar Improvements in Internet Explorer 8 Beta 1
• IE8 and Loosely-Coupled IE (LCIE)
• The IE8 Favorites Bar

As you can see, there are lots of new features and some very cool functionality in IE8!  Until next time ...

- CC Hameed

Share this post :

When addressing system performance issues, a key element that is often overlooked is Disk Fragmentation.  Even on a brand new system with plenty of RAM and high-end processors, the performance of the hard disk may be a bottleneck causing system performance issues.  It takes time to load large data files into memory - issues become particularly noticeable when dealing with movies, video clips, database files or .ISO image files which may easily be several gigabytes in size.  On a freshly formatted disk, these files load fairly quickly.  Over time, however you may start to notice performance degradation - caused by disk fragmentation.

We touched on disk fragmentation when we were discussing the Page File a couple of months ago, but we never really got into the nuts and bolts of it.  To understand disk fragmentation though, you need to understand the basic structure of hard disks.  When you format a hard disk, the formatting process divides the disk into sectors, each of which contains space for 512 bytes of data.  The file system then combines groups of sectors into clusters.  A cluster is the smallest unit of space available for holding a single file - or part of a file.  On NTFS disks, the cluster sizes are determined based on the drive size as shown below (this information is also available in Microsoft KB 314878).  When formatting disks it is possible to change the cluster size, however this may cause additional performance issues.

Drive Size (Logical Volume) Cluster Size Sectors 512MB or less 512 bytes 1 513MB - 1,024MB (1GB) 1,024 bytes (1kb) 2 1,025MB - 2,048MB (2GB) 2,048 bytes (2kb) 4 2,049MB + 4,096 bytes (4kb) 8

Using the information above, if you were to take a 100MB video file, the file would be divided into roughly 25,000 pieces.  If you save this 100MB file onto a freshly formatted disk, the information would be written in contiguous clusters.  Since all of the clusters holding the data for this file are physically adjacent to each other, the mechanical components of the hard disk work very efficiently, pulling the data in one operation.  In addition, the hard disk's cache and the Windows disk cache can anticipate data requests and fetch data from nearby clusters.  This data can then be retrieved by an application from cached memory which is faster than retrieving the information from the disk itself. 

Seems pretty straightforward, right?  The problem is that the hard disks don't stay neatly organized for very long.  Whenever you add data to an existing file, the file system has to allocate more clusters for storage.  Typically, these clusters wind up being in a different physical location on the disk.  As you delete files, you create gaps in the arrangement of the contiguously stored files.  As you save new files (and this is especially true for large files), the file system uses up all of these bits of free space - resulting in the new files being scattered all over the disk in noncontiguous pieces.  And thus we end up with fragmented disks and system performance issues because the disk heads have to spend time moving from cluster to cluster before they can read or write the data.

Enter Disk Defragmenter.  This utility physically rearranges the files so that they are stored (as much as possible) in physically contiguous clusters.  In addition to the consolidation of files and folders, the Defragmenter utility also consolidates free space - meaning that it is less likely for new files to be fragmented when you save them.  For operating systems prior to Windows Vista, you had to manually run the utility or schedule automatic defragmentation via a scheduled task.  On Windows Vista, Disk Defragmenter runs as a low-priority background task that is automatically run on a weekly basis without requiring user intervention.  On Windows Server 2008, which uses the same Disk Defragmenter, the automatic defragmentation is not enabled by default.  Also, the color-coded display that was part of earlier versions of the utility has been retired (believe it or not, more than a few people have asked about that!).  Aside from the GUI version of the tool, you can also use a command-line version that enables some more granular control over the process.  The utility name is DEFRAG.EXE and does require administrative privileges to run.  The basic operation of the utility involves passing it a driver letter, for example: defrag.exe c: would perform a defragmentation of the C: drive.  You can also specify other options through the use of command-line switches:

• -c: Defragments all volumes on the system.  You can use this switch without needing to specify a drive letter or mount point
• -a: Perform an analysis of the selected drive and provides a summary output (shown below):

• -r: Performs a partial defragmentation by consolidating only file fragments that are less than 64MB in size.  This is the default setting
• -w: Performs a full defragmentation by consolidating all file fragments regardless of size
• -f: Force defragmentation of the volume even if the amount of free space is lower than normally required.  When running this, be aware that it can result in slow system performance while the defragmentation is occurring
• -v: Displays verbose reports.  When used in combination with the -a switch, only the analysis report is displayed.  When used alone, both the analysis and defragmentation reports are shown.
• -i: Runs the defragmentation in the background and only if the system is idle
• -b: Optimizes boot files and applications, but leaves the rest of the drive untouched

So now that we've covered what disk fragmentation is and how to address it, there are some caveats.  You must have at least 15 percent free space on the disk volume before Disk Defragmenter can completely defragment the volume.  If you have less free space, then a partial defragmentation will occur (unless you force the defragmentation with the -f switch).  Also, you cannot defragment a volume that has been marked by the OS as possibly containing errors.  This is where you would need to use the CHKDSK.EXE utility to ensure that there are no underlying disk issues.  Some other things to look out for:

• Empty the Recycle Bin before defragmenting.  Disk Defragmenter does not defragment the Recycle Bin
• As we discussed in our Page File post, if you want to defragment the page file, you need to zero it out first and then defragment the disk
• By default, fragments that are greater than 64MB in size are ignored by Disk Defragmenter.  Fragments of this size (which already contain at least 16,000 contiguous clusters) have a negligible impact on performance
• Disk Defragmenter will not defragment files that are in use.  For best results, shut down all running programs, or log off and log back in as an administrative account before defragmenting the disk

And with that, it's time to wrap up this post.  Until next time ...

- CC Hameed

Share this post :

Bill here. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

I wanted to let you know that we have updated bulletin MS08-014 to provide additional information on a newly identified issue that causes Microsoft Excel 2003 calculations to return an incorrect result when a Real Time Data source is used.  The issue affects a specific scenario and may not affect you. Please see the bulletin for additional details.

 

Our teams are testing a fix and will release it once it meets our quality bar for broad distribution.

 

Cheers,

 

Bill Sisk

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Looking at the problem in configuring Mac Address List File while configuring callout DLL for Mac Address based filtering, here are some detailed tips which will help you in verifying your configuration with one below... · File should contain action followed...(read more)

PowerShell Plus has now officially released V1.0.  Actually I'm late in my congratulations, they actually released it on March 6th. 

If you haven't checked out PowerShell Plus, you definitely should take advantage of their free 30 day trial and see what you are missing.  This is a really impressive piece of creative engineering.

You can learn more about it HERE.

Congratulations to Karl and Tobias on a job well done!

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

As you may know, Service Pack 2 for Windows Server 2003 included the Scalable Networking Pack (or SNP) which allowed for increased performance in many situations by allowing some TCP functionality to be handled by the network driver and network adapter instead of the Windows TCP/IP stack itself.  This functionality was enabled by default in Service Pack 2.

There have been some problems seen in some environments where Windows Server 2003 SP2 has been deployed on systems that support the SNP features.  Issues like this have been discussed in several previously published Knowledge Base articles.

There is now a new update available that will turn off the Scalable Networking Pack features on Windows Server 2003 Service Pack 2 systems.  The article lists a number of symptoms that have been seen when Windows Server 2003 SNP is enabled and links to download the update for x86, x64, and Itanium-based systems:

An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers

  The creative guys at Sapien are thinking outside the box again.  They are offing a new hybrid approach to online training for PowerShell.  You sign up for a class and get some self-study materials but you also have an online class that meets twice a week for an hour (you have a choice of a couple of timeslots).  The course runs for 2 to 4 weeks depending upon the topic.  Very clever stuff.  You can find out more at the following links:

www.scriptinganswers.com/training/online
http://www.scriptinganswers.com/training/ilt/

BTW - you probably already know that BillG is a big fan of creative education delivery.  At last year's Technical Recognition Event (TRE), he invited George Lucas to discuss the topic (apparently George is a big fan of this as well). 

This year's TRE was in large part a going away party for Bill.  Bill gave a fantastic talk about his foundation, the challenges ahead both in the SW industry and the world in general.  At some point he started talking about batteries and got super excited saying that he was VERY optimistic about the future of batteries and if you want more you should go watch the MIT Solid State Chemistry lectures which are online on the web.  He even gave us the course # 3.091.  He said, "it's a 35 hour investment but well worth it".   (Professor Sadoway - Bill Gates loved your lectures!)

Now just step back a second and let that sink in.

Bill Gates.

(Once) the richest guy in the world.  Has a family.  Is SUPER hands on (often it feels like HEELS ON :-) ) when it comes to setting the technical direction for the company and keeping track of progress.  Runs one of the largest foundations and is hard core focused on SOLVING (NOT "improving") some of the biggest health problems facing mankind.  All that and he is investing 35 hours watching video lectures about solid state chemistry over the web. 

It blows my mind!

(BTW - I started watching those lectures and the guy is REALLY good.

Also - while we are on the topic of great internet lectures - I loved Lisa Pruitt's Structural Aspects of BioMaterials over at the Berkely site.)

 

Anyway the reason for that diversion is to point out that novel education and training delivery is a growing area and can be quite effective.  I'd love to hear from anyone that takes this training.

Cheers!

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Hi everyone,

I wanted to let EHLO readers know I'll be keynoting at INTERACT 2008 in San Diego on Wednesday, April 9. We're planning a good walk through Exchange history, and then a peek into the future with Exchange Labs.

Register here with code EXCHANGE08.

I hope to see you there!

Thx,

Terry

Share this post :

 

The MSIT pilot project of Windows Server 2008 Terminal Services was so successful that Microsoft IT went on to test the scalability and performance into the production environment. The environment acts as a SSL-based remote access solution and MSIT was able to create a scalable remote access solution that is accessible by using HTTPS connections from any location worldwide. Additionally, user experience enhancements in Windows Server 2008 improved the end-user experience when using Terminal Services.

Technical White Paper | IT Pro Webcast

Lots happening in Orlando at Convergence 2008 - the Microsoft Dynamics users' conference.  Steve Ballmer and vice president Kirill Tatarinov are speaking and the Dynamics team is making a number of announcements, including a partnership with EDS to extend Microsoft Dynamics CRM deployments, a preview of Dynamics AX 2009 (part of the ERP product portfolio), and more developments in hosted, online services.  Also announced - and one of the things Kirill is speaking about in his keynote -  is how Windows Essential Business Server and Microsoft Dynamics are an ideal combination for midsized companies.

Essential Business Server provides that reliable platform for line of business applications that is all too often a challenge for midsized businesses to set up.  All of the core infrastructure needed - Windows Server, Active Directory, SQL Server, secure remote access, etc. - is ready to go, configured to best practices.  And Dynamics solutions will be manageable as "Add In" apps within the Essential Business Server unified administration console, giving IT pros a more efficient way to manage everything in one place.

Software partners such as Citrix, CA, FullArmor, Mimosa Systems, Quest Software, ScriptLogic, Symantec and Trend Micro also plan to provide Add-In software solutions for Windows Essential Business Server. And HP, IBM and Intel will make hardware management Add-Ins.

Microsoft and HP are demonstrating Essential Business Server with Dynamics Add Ins at Convergence, and the EBS team is doing a number of sessions at the show.

Joel Sider

 

I am sure many of you might have seen the issues that can be caused by the Windows Scalable Networking pack and incompatibilities with certain NIC drivers, as previously mentioned in http://msexchangeteam.com/archive/2007/07/18/446400.aspx.

As of yesterday, there is a new High Priority Windows update available that will turn off of the Scalable Networking Pack features once it is installed. If you have Windows Update setup to receive updates automatically, this update will be downloaded and automatically installed.  If you need to manually apply the update, you can reference http://support.microsoft.com/?kbid=948496 for more information as well as a link to the download. Note: Once this update is installed, you must reboot your server for these changes to take effect.

I would highly recommend applying this update to all Windows 2003 SP2 servers to help alleviate some of the connectivity issues that  can occur as a direct result of having the Scalable Networking Pack features enabled, and some incompatibilities with NIC drivers that we have seen.

In Windows 2008, these features are disabled by default and can be enabled if desired.

Have a great day!!

- Mike Lagase

Share this post :

If so SPEAK UP NOW.  The Windows SDK team is looking for feedback on whether this would be useful.  Check out their request for feedback at:  Influence the future of Windows sdk - Powershell based build environment

Jeffrey Snover [MSFT]
Windows Management Partner Architect
Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Although the bulk of Group Policy Processing and Troubleshooting is handled by our Directory Services team, we often collaborate on these issues - mainly when the issue relates to a user logging in and not being presented with their desktop environment as they would expect.  Instead they are simply presented with a blank background (usually blue!) with no icons.  It's not the dreaded "Blue Screen of Death" - it's a blue screen of, well ... nothing.  Usually we will troubleshoot this by turning on debug logging for Group Policies to capture a Userenv.log to figure out if the basic shell (explorer.exe) is even being called.

However, in Windows Vista, the Group Policy engine no longer records information in the userenv.log.  Instead, detailed logging of Group Policies can be located using Event Viewer.  The log for group policy processing can be found in the Event Viewer under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational - a sample is shown below.

As you can see, each of the policy processing events that occur on the client are logged in this event viewer channel.  This is an administrator-friendly replacement for the userenv.log.  When looking at these events in the event viewer, there are some event ranges to be aware of:

Range Meaning 4000 - 4299 Scenario Start Events 5000 - 5299 Corresponding Success Scenario End Events (scenario start event + 1000) 5300 - 5999 Informational Events 6000 - 6299 Corresponding Warning Scenario End Events (scenario start event + 2000) 6300 - 6999 Warning Events (Corresponding Informational Event + 1000) 7000 - 7299 Corresponding Error Scenario End Events (Scenario Start Event + 3000) 7300 - 7999 Error Events (Corresponding Informational Event + 2000) 8000 - 8999 Policy Scenario Success Events

Administrative events relating to Group Policy are still logged in the System Event Log, similar to pre-Windows Vista platforms.  The difference is that the event source for the event is now Group Policy instead of USERENV.  In Windows Vista, the Group Policy script processing errors are also now logged through the same mechanism as the rest of the Group Policy errors.

And that brings us to the end of this quick post on Group Policy Logging on Windows Vista.  Until next time ...

Additional Resources:

• Microsoft KB 221833: How to enable user environment debug logging in retail builds of Windows
• Technet: Enabling Logging for Group Policy Editor (use to capture when Group Policy Object Editing Task causes errors)
• Technet: Fixing Group Policy problems by using Log Files
• Technet: Troubleshooting Group Policy Using Event Logs

- CC Hameed

Share this post :

EDIT:

3/11: Removed last paragraph (applied to server, not client OS), added additional Technet links and re-published article

The team behind Windows Essential Business Server 2008 for midsized companies (part of the newly announced Windows Essential Server Solutions family and formerly known as "Centro") has launched a team blog here.  Group Program Manager Eric Watson provides the introduction:

In this Blog, key people that design and develop the product will discuss all of those features, the software, tips and tricks, and yes, even shortfalls that we hear from customers. As engineers, we love details, and with 5 products and 15 workloads plus all the ‘can’t get it anywhere else’ software we added, there are plenty of details to talk about.

The Essential Business Server web site is here.  A Q&A about the product is here.

Joel Sider

Wow! It is already the 2nd Tuesday of the month, and with it comes the announcement of some new bulletins! This is Tami Gallupe, MSRC Release Manager, and I just wanted to let you know that we just posted our March 2008 Bulletins. We released four bulletins today, all are for Office and all have a maximum severity rating of Critical.  Here is a quick list of what we released:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution. Note that this Excel bulletin addresses the issue highlighted in Microsoft Security Advisory (947563).

MS08-015: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution

MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

MS08-017: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution

 

Our team also plans to post some additional in-depth technical information about today’s release on the Security Vulnerability Research & Defense  blog. It will be available this afternoon, and I think it will be worthwhile to stop by and check it out.

 

As always, the webcast is one of my favorite events, and I want to make sure you are aware that it starts tomorrow at 11:00 AM PST.  We’ll be talking about today’s release and answering your questions on the air. Click here to register. We look forward to hearing from you tomorrow.

 

Thanks!

   Tami

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*