MSMVPS.COM

Brittany Murphy SEO

donna — Mon, 21 Dec 2009 13:33:44 GMT

From F-Secure Blog:

Just a quick note - the sudden death of Hollywood celebrity Brittany Murphy last Sunday (BBC report here) has prompted a spike in searches on the subject - and of course, an SEO attack.

Users who click on a poisoned search result link will be redirected to a website that will display a scare message trying to panic users into downloading rogue AV software.

Screenshot and more info in http://www.f-secure.com/weblog/archives/00001842.html

Christmas Bo(g)us

donna — Mon, 21 Dec 2009 13:32:49 GMT

From Sophos Blog:

Well, it didn't take long for the Christmas E-Card scams to start.

Recently we have seen email messages pretending to be from Hallmark, suggesting that you have received an E-card from a friend. The complete email message looks like this:

You have recieved a Hallmark E-Card from your friend.
To see it, check the link below:
http://www. hallmark. com/webapp/wcs/stores/Occasion/ChristmasE-Cards
There's something special about that E-Card feeling. We invite you to make a friend's day and send one.
Hope to see you soon, Your friends at Hallmark

Note, that the link looks like it's from Hallmark, but it's fake. If you hover your mouse over the link and look at your browser's status bar, the real link show up (which in this case is http://www. <hidden>. com/_themes/Christmas.exe). This piece of malware is detected by us as Troj/VBInject-S.

http://www.sophos.com/blogs/sophoslabs/?p=8039

UK retail Wi-Fi security still patchy

donna — Mon, 21 Dec 2009 13:31:55 GMT

Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist.

The cybercrooks, who lifted more than 21 million credit card records, leapfrogged onto the retailer's credit card database after first breaking into the wireless network of a regional store, a subsequent investigation ahead of upcoming US trials revealed. The incident ought to have acted as a wake-up call to retailers worldwide, but progress has been a little slow.

A Wi-Fi war walk, passively detecting Wi-Fi networks in a popular shopping areas around Oxford Circus last week, revealed numerous problems.

Data was collected over a one hour period on 16 December using security scanning tools from Motorola AirDefense. No networks or devices were actively compromised during the exercise.

More in http://www.theregister.co.uk/2009/12/21/west_end_wardrive/

Module Help Files

RichardSiddaway — Mon, 21 Dec 2009 11:57:00 GMT

The use of modules to supply PowerShell based functionality in Windows 7\Windows 2008 R2 makes accessing the help files a little bit problematic. We have to have the module loaded to access the file. Sometimes I want to think through what I’m doing and research the help files before I dive into coding. To make that easier I decide to dump the help files for the modules I an interested in. For example I have been experimenting with the Group Policy cmdlets in Windows 2008 R2 and wanted the help files accessible.

            001              
002               
003               
          Get-Command -Module GroupPolicy | foreach {               
    Get-Help $_.Name -Full | Out-File -FilePath "D:\Scripts\AD\GPOHelp\$_.txt" -Width 1000               
} 
       
 

This just goes through the module and creates a text file for each individual help file.

Not something you necessarily need to do but useful if you don’t want to fire up a machine specifically to access the help files

Technorati Tags: PowerShell,help files,Windows 7 RTM,Windows 2008 R2

Outlook 2010: How to change your default Contacts Address Book

jeffl — Mon, 21 Dec 2009 10:24:00 GMT

Have you ever wondered how to change the default address book in Outlook when you are using Exchange. If you have ever sent an email and tried to find your contacts using the To: button you know that by default the Exchange Global Address Book is the first source of contacts. What a pain. I always find it difficult to locate where to change the default so I thought I would post it in case you are looking. I know I will come back to this post because even after having found it, I still can't remember...(read more)

Infinite Drill-through in a single SSRS report

Rob Farley — Mon, 21 Dec 2009 10:18:15 GMT

Grant Paisley of Angry Koala and Report Surfer put me onto this a while back, and I have to admit I’m a bit of a fan. The idea comes from the fact the way that SQL Server Reporting Services (both 2005 and 2008) handles parameters with Analysis Services, and lets you make a report that drills through into itself, deeper and deeper into a hierarchy. Today I did a talk at the Adelaide SQL Server User Group, and mentioned this was possible (but didn’t have the time to demonstrate it properly).

If you make a parameterized query in an MDX query in SSRS, you use the STRTOMEMBER or STRTOSET function to handle this. But the MDX has no other indication of what dimension, hierarchy or level is being passed in. If you grab the children of whatever you’ve passed in, you can easily put this on the Rows axis and get one level down. Passing the UniqueName of whatever you’ve just provided back in as the next parameter, and you have infinite drill-through.

Look at the following MDX query:

WITH
MEMBER [Measures].[NextLevel] as StrToMember(@SomeDate).Hierarchy.CurrentMember.UniqueName
MEMBER [Measures].[NextLevel Name] as StrToMember(@SomeDate).Hierarchy.CurrentMember.Member_Name

SELECT
NON EMPTY { [Measures].[Internet Sales Amount], [Measures.NextLevel], [Measures].[NextLevel Name] } ON COLUMNS,
NON EMPTY { (StrToMember(@SomeDate).Children ) } ON ROWS

FROM [Adventure Works]

You see that I provide the UniqueName and Member_Name properties in known columns, so that I can easily reference them in my report. You’ll also notice that nowhere do I actually indicate which dimension I’m planning to drill down on, or to which hierarchy the @SomeDate parameter refers. I have suggested it’s a date, but only in name. At this point I also make sure that the Report Parameter is not restricted to values from a particular query, and I hide it from the user. I’m going to be passing in UniqueName values, which aren’t particular user-friendly.

If I start with [Date].[Fiscal].[Fiscal Year].&[2003], then my NextLevels will be [Date].[Fiscal].[Fiscal Semester].&[2003]&[1] and [Date].[Fiscal].[Fiscal Semester].&[2003]&[2]. This then continues down as far as I want it to go. I could always put a condition on my Action to pick up when there are no more levels, and potentially start down a different hierarchy. After all, I can always use a bunch of other parameters in the WHERE clause to slice the cube in other ways first, for placeholders. It really just comes down to MDX creativity to investigate different ways of drilling through the data.

Please bear in mind that other people may well have achieved the same sort of thing using a different query – I’m just posting what has worked for me. Hopefully by doing this, you can avoid making five drill-through reports just because your hierarchy has five levels. This might just remove 80% of your reporting effort!

Felicies Fiestas

peplluis — Mon, 21 Dec 2009 07:57:00 GMT

Que ganas tenía de volver a poner este clásico... así que una vez más:

Feliz Navidad y Prospero año nuevo!

Merry Christmas to you and your family as well

The best whishes to make this 2010, the Year!

Catalonian Claus.

Pep Lluis,

So when is a terrabyte not a terrabyte

bradley — Mon, 21 Dec 2009 07:46:00 GMT

Was swapping out a new harddrive to my HyperV test server at home and I noticed when the system first installed it did not see the 1.5 terrabyte drive, it only saw it as approx 500 gigs. It wasn't until the system was fully built that you can see that the system could see the entire drive, but obviously couldn't be built with it from the get go like that:

Now it will allow you to extend it once it's like that so that now I have the full 1.5 terrabytes out there (less the 100 MB system reserve there)

It obviously sees it, it just can't see it booting up raw from it.

Passing along some Win7 KBs

bradley — Mon, 21 Dec 2009 07:19:00 GMT

The Welcome screen may be displayed for 30 seconds during the logon process after you set a solid color as the desktop background in Windows 7 or in Windows Server 2008 R2:
http://support.microsoft.com/default.aspx?scid=kb;en-us;977346
WFP drivers may cause a failure to disconnect the RDP connection to a multiprocessor computer that is running Windows Vista, Windows Server 2008, windows 7 or Windows Server 2008 R2:
http://support.microsoft.com/default.aspx?scid=kb;en-us;976759
No private key is associated with a certificate after you successfully install the certificate on a computer that is running Windows 7 or Windows Server 2008 R2:
http://support.microsoft.com/default.aspx?scid=kb;en-us;977222
Windows 7 displays "Windows is not Genuine" with error code of 0x80070005:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2008385
Unable to print large page documents from Windows 7:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2011767

(courtesy of Dean Peters)

I didn't realize that it's downright impossible to get 7200 rpm PATA or IDE laptop hard drives

bradley — Mon, 21 Dec 2009 06:53:00 GMT

7200 laptop pata, great deals on Computers Networking on eBay!:
http://shop.ebay.com/?_from=R40&_trksid=p3907.m38.l1313&_nkw=7200+laptop+pata&_sacat=See-All-Categories
Newegg.com - laptop drive:
http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=laptop+drive

An interesting factoid I didn't realize that it's downright impossible to get 7200 rpm PATA or IDE laptop hard drives. One can find SATA drives but not IDE in the 7200 rpm speed. One can find them fortunately on ebay. Ensuring that a laptop is on the fastest speed you can buy/afford/upgrade to is the difference between night and day on a laptop. Some have upgraded laptops to solid state drives.

But it's funny how it's harder to find some versions of the drives these days.

It's also impossible for me in California to buy/order silver dragees as well, but that's another story several years old -- http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/12/23/MNGS03SUEM1.DTL

Do I need glasses ?

bill — Mon, 21 Dec 2009 04:07:56 GMT

If I can’t read the small print on a bottle of beer does that mean I need glasses ??????

Solving Windows Mobile device sync problem in WIndows 7 WMDM

Richard — Mon, 21 Dec 2009 03:54:00 GMT

Recently, I changed my HTC HD Windows mobile device to HD2. However, when I plug the HD2 to my Win7 x64 Ultimate, it won't detect as normal.
My HD have no problem to sync with my PC before....
THe HTC HD2 only detected as "Windows Mobile-device" and show error "Code 19" in the properties. I can't sync it with WMDC. I used only 24hrs to troubleshoot it....
Finally, I tried the following steps and my new HD2 finally got detected in WMDC and Device Manager!!!!

1. Uninstall WMDC and the "WMDC devices update" from Control Panel.[Suggested to choose the second option for reboot when it prompt you about the WMDC is running]
2. Open regedit, go to HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}
3. Delete the "UpperFilters" Key.
4. Remove all "0000", "0001", "0002"...etc subkey inside {eec5ad98-8080-425f-922a-dabf3de3f69a}
5. Do not remove the "Properties"
6. Delete the "UpperFilters" key inside HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
7. Reboot
8. Download WMDC(drvupdate-amd64) from Microsoft.
9. Reinstall drvupdate-amd64.
10. Replug the device to your PC and it should be detected as normal.

Warning! Use the above steps at your own RISK!

Entity Framework troubleshooting and performance

Simon Sabin UK SQL Consultant's Blog — Sun, 20 Dec 2009 23:38:28 GMT

I'm starting a whole series of blog posts on the use of Entity Framework and the evil it can do to your database without you knowing it. Your DBA will probably look at some of the queries that LINQ to Entities executes and will take a big gulp. They Read More......(read more)

Microsoft Pinpoint

Cleber Marques — Sun, 20 Dec 2009 22:03:00 GMT

O Microsoft Pinpoint é um grande diretório com fornecedores de tecnologias Microsoft. Nele é possível encontrar especialistas, aplicações e serviços dos mais diversos lugares no mundo. É aqui que encontraremos, a partir de agora, os Management Packs para o SCOM, é o novo catálogo. Para começar a sua busca por Management Packs é só selecionar a opção System Center (ao lado do botão GO), clicar em Applications em I'm looking for e depois digitar o nome do Management Pack que deseja procurar no campo Search Applications (com a lupa). Para acessar o catálogo clique aqui.

What is Microsoft Pinpoint?

Pinpoint is a dynamic technology marketplace and the largest directory of qualified IT providers and their software built on Microsoft technologies. Microsoft Pinpoint is the fast, easy way to find experts, software applications, and professional services to meet your specific business needs and build on your technology investments.

Obrigado pela leitura e até a próxima publicação,

Abraços.

Cleber Marques

Microsoft MVP & MCT | Charter Member: SCVMM & MDOP
Projeto MOF Brasil: Simplificando o Gerenciamento de Serviços de TI
Meu Blog | MOF.com.br | CleberMarques.com | CanalSystemCenter.com.br

gPoly status update #5

arno — Sun, 20 Dec 2009 20:07:00 GMT

For today I made a little teaser video of gPoly to show the progress. As you can see the adding and editing of the polygons it getting there, so it seems I can move to the export functionality soon. Enjoy!

Sophos's - Best Practices for Facebook security

Harry Waldron — Sun, 20 Dec 2009 16:27:00 GMT

Security tips related to safety using Facebook can be found in the following links:

Sophos's - Best Practices for Facebook security
http://www.sophos.com/security/best-practice/facebook/

QUOTE: ID fraudsters target Facebook and other social networking sites to harvest information about you. Here's how we recommend you set your Facebook privacy options to protect against online identity theft.

* Adjust Facebook privacy settings to help protect your identity
* Read the Facebook Guide to Privacy
* Think carefully about who you allow to become your friend
* Show "limited friends" a cut-down version of your profile
* Disable options, then open them one by one

Facebook - Guide to Privacy
http://www.facebook.com/privacy/explanation.php

F-Secure - Security Forecast for 2010

Harry Waldron — Sun, 20 Dec 2009 16:04:00 GMT

F-Secure has issued their Security Forecast for 2010 and a partial list of key predications are noted below:

F-Secure - Security Forecast for 2010
http://www.f-secure.com/weblog/archives/00001835.html

QUOTE: Here are our predictions for 2010 based on this year's threat analysis.

• Windows 7 will gain market share during 2010. Windows XP will drop below 50% market share overall and will thus reduce the amount of "low hanging fruit." This will improve Internet security in affluent countries ...

• Web search results leading to "location based attacks" using geo-location IP address techniques will increase. They will be localized in terms of language, current news events, and even regional banks that they target.

• There will be more attacks against online banks with tailor-made trojans.

• There will be more iPhone attacks, possibly also proof-of-concept attacks on Android and Maemo. We could also see a 0-day vulnerability used in a large scale exploit.

• At least one large-scale DDoS attack against a nation-state is likely.

• There will be more attacks on social networks such as Facebook, Twitter, Myspace, Linkedln, etc.

• There will be significant data base compromises that lead to tailored attacks. Cyber-criminals now have the resources to analyze, plan, and carry out mass-targeted attacks.

Avoid Data Doctor 2010 Ransomware

Harry Waldron — Sun, 20 Dec 2009 15:49:00 GMT

Please keep Windows and AV software updated as dangerous threats continue to circulate. Ransomeware encrypts files on the PC and holds the user hostage until they pay a fee ($89 in this case). Avoid any use of "Data Doctor 2010" and use a cleaning tool from a legitimate AV vendor instead if you become infected

Data Doctor 2010 will make you sick
http://sunbeltblog.blogspot.com/2009/12/data-doctor-2010-will-make-you-sick.html

QUOTE: new piece of today, an encryption trojan. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it. It arrives through drive by downloads from malicious web sites. It’s also packaged with other malware. The victim receives a message that the system is shutting down due to "Unrecognized disk driver command. The system is then re-booted to safe mode and a message is displayed: "Windows has recovered from a serious error. Some files can be corrupted. Disk checking is strongly recommended."

ISC Security Awareness education for Youth

Harry Waldron — Sun, 20 Dec 2009 15:10:00 GMT

One of the ISC handlers shares some worthwhile training on the importance of security training. It's important to teach children safety as the Internet is a dangerous environment when it comes to email, web links, and malware. Some facts and quiz are shared. Knowledge of security principles is just as important as security software safeguards.

ISC Security Awareness education for Youth
http://isc.sans.org/diary.html?storyid=7783
http://www.isek.iastate.edu/fll/

QUOTE: A few weeks ago it was my pleasure to talk to a group of young people who were participating in a program through Iowa State University School of Engineering. This program is designed to get children interested in and excited about science, technology and engineering.

I explained to them the dangers of illegal download activity, clicking on links in emails, messages and websites, etc. They asked what could be done to improve the condition of the virtual world. I told them how we often times joke about creating a "test" and that everyone would have to pass the test and receive a driver's license before they were allowed on the Internet - the World Wide Superhighway. The group took this to the next level and created a test.

Adobe PDF Reader - Zero Day JavaScript attacks circulating in the wild

Harry Waldron — Sun, 20 Dec 2009 15:01:00 GMT

Please be careful with all PDF files, keep AV protection updated, and look for future Adobe releases which will address this issue. I usually keep JS off unless it's required to fill out a PDF form.

Adobe PDF Reader - Zero Day attack circulating
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.avertlabs.com/research/blog/index.php/2009/12/16/another-adobe-reader-zero-day-take-care/

QUOTE: Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available

HOW TO DISABLE JAVASCRIPT IN ADOBE READER

Customers can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK

New TFS 2010 Beta 2 patch available

Mathias — Sun, 20 Dec 2009 08:37:16 GMT

A few weeks ago I posted about some issues I’ve had with Team Build on TFS 2010 beta 2 (http://msmvps.com/blogs/molausson/archive/2009/11/23/issue-with-team-build-2010-beta-2-on-some-localized-machines-value-cannot-be-null-parameter-name-path1.aspx). A fix for this and a few other issues has been released and it works great on my configurations.

Here’s the isses this fix resolved:

Fixes an intermittent race condition that prevents WIT data from making it to the Warehouse
Fixed an issue where the iteration backlog for each build workbook is based on the root iteration and not on the individual iterations
Fixes an issue where in the Regional Options, the Decimal Symbol is defined to something other than “.” (For example ”,”.)
Fixed an issue that prevents saving multiple work-items in excel or project when connected to TFS 2010 server from a 2008 client.

Get the patch here:

http://code.msdn.microsoft.com/KB977226

Forum access gadget

bradley — Sun, 20 Dec 2009 08:07:00 GMT

http://www.microsoft.com/downloads/details.aspx?FamilyID=69a2c15c-ac7a-4aab-b470-c51254ec9ff6&displaylang=en

This gadget is designed for Microsoft Partners to access the Online Technical Support more conveniently. Users can directly visit the queues specific for Microsoft Partners through the gadget in the desktop.

If you are looking for an easier way to access the forums, check out that Partner forum gadget.

A little Mini Holiday cheer

bradley — Sun, 20 Dec 2009 07:12:00 GMT

This is the 'baking' weekend where I make some of the traditional treats of the season.

Mind you some of those "traditional" treats get a new twist or interpretation than how we've traditionally done it.

http://www.minibee62.com/MINI-Cutters-p/cutters.htm
http://ubermini.com/32501.html?*session*id*key*=*session*id*val*

Doesn't everyone make Gingerbread cookies in the shape of Mini Coopers?

And I even found a new cookie cutter that we ordered tonight. This one is in the shape of a convertible:

http://www.minibee62.com/PhotoGallery.asp?ProductCode=Cutters

We didn't have that one so we just ordered it tonight so that next year my Sister will have a cookie specifically shaped like her car.

Got a WSUS on SBS 2008 and is the update console crashing?

bradley — Sun, 20 Dec 2009 01:02:00 GMT

The just happened to someone -- http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.sbs/2009-03/msg01633.html

You have a SBS 2008. You go to change the update settings in the console on the box and the console crashes. Why is it doing this?

There should be three specific groups in the WSUS console to deal with the updates. If you remove one, it will make the console crash.

Russ - SBITS.Biz wrote:

FYI: Do not delete Computer Groups SBS2008 WSUS 3.0
Windows SBS Console Crashes when running reports
(And Daily Weekly Reports have Stopped)

I ran into This last week and I though I'd post it.
Running a report I get a Crash/Error

With Error
Problem Signature 09: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB
In log
C:\Program Files\Windows Small Business Server\Logs\console.log
there is a "NullReferenceException"

The problem was I deleted a computer group in WSUS 3.0
I deleted the Group "Update Service Excluded Computers"

(Since I felt it didn't matter since there were no computers in that group.)
Well WRONG it does matter Make sure you have all Groups.

Unassigned Computers
Update Service Excluded Computers
Update Services Client Computers
Update Services Server Computers

Note "Update Service Excluded computer" and it should NOT be "Update
Services Excluded computer" which 'Services' is plural

If any groups are not in the list or the names are not exact same, the report will crash.

Russ

Can anyone recommend the top performing Network Management software for a small IT service company?

bradley — Sun, 20 Dec 2009 00:51:00 GMT

So I was asked in the comments...

Can anyone recommend the top performing Network Management software for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: <a href="http://www.n-able.com"> N-able N-central helpdesk software

</a>? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

The best resource is to read up on the comments in the smbmanagedservices@yahoogroups.com listserve. The answer is "it depends". Some people like Kaseya for it's robustness, but some people don't like it because it's expensive and can be time consuming to do right. Some sign up for hosted solutions to begin -- http://www.virtualadministrator.com/ Then there are folks that sign up for the remote management tools provided by http://www.mspsn.com/.

I wouldn't say there's one "best" in the pack, each one has pros and cons, but my best advice is to lurk on that list. See the likes, dislikes, the rants and the raves.

Swyx stellt SwyxWare Version 7 vor

rauscher — Sat, 19 Dec 2009 23:10:13 GMT

Seit Freitag ist die neue Version 7 der Unified Communications-Lösung SwyxWare verfügbar. Die aktuelle Version unterstützt nun auch Windows 7 und Windows Server 2008.

Wer Swyx nicht kennt: Kurz gesagt, eine absolut geniale Telefonielösung für mittlere und große Unternehmen. Ich beschäftige mich seit 2004 mit SwyxWare und bin noch immer vom Funktionsumfang und den Leistungsmerkmalen begeistert.

Weitere Informationen:

Viele Grüße
Dieter

--
Dieter Rauscher
MVP Forefront

gPoly status update #4

arno — Sat, 19 Dec 2009 19:21:00 GMT

Time for another gPoly status update, today I have made some good progress on the tool again. The first part I have finished is the display of the GeoTIFF background image, this code seems to be quite optimal now, so that even with big images you can pan and zoom without too much delay. What I still have to do is verify the accuracy of the geo position, I think I need to render some reference information (of which I know the position) over it to do this. Another related feature on the todo list is the ability to make images georeferenced when they are not yet.

Today I also worked quite a bit on the user interface, especially the part that allows you to manipulate the layers in the project. Each layer can hold a background image or a set of features (polygons, lines, etc). Below is the screenshot of the current status.

Service Desk Documentation and Support Tool

Rod Trent at myITforum.com — Sat, 19 Dec 2009 17:25:56 GMT

This automated several administrative tasks at our service desk. It reportedly saved 10% of our full FTE count. Also, it significantly improved documentation by making Tech actions cut-and-paste-able: Service Desk Documentation and Support Read More......(read more)

Update on iPhone 3.1 and Exchange Connectivity

eriq — Sat, 19 Dec 2009 15:27:00 GMT

My last post (and yes, it's been a loooooong time between updates) noted the problem of the device-level encryption support differences in the various models of the iPhone hardware and OS updates. I had started writing an updated post on this, but it got lost in the ether, and I then got to a point where I haven't been doing much updating on this blog, and quite frankly I forgot about it.

That changed yesterday when I implemented a service to auto-tweet blog posts from my various blogs and, not being entirely familiar with how the service worked, it posted the most recent post on each blog that I selected. As a result, it looks like I tweeted about the old post on this topic yesterday, and that tweet got retweeted by several folks, who apparently thought this was new news.

OK, my bad for implementing a solution without fully understanding how it worked.

So while there is not a *fix* for this issue coming from Apple (according to the information I've been able to uncover), the problem is actually not as prevalent as initially surmised, at least in terms of the numbers of users who will actually be affected.

Here's the issue: In Exchange 2007, there is an option to require users who connect through Exchange ActiveSync to have a device that support device-level encryption. This is a good thing form a security point of view, especially if you have users who will be accessing sensitive e-mail from the corporate Exchange server from their iPhone (I'm ignoring the entire tangent of whether you can really assume that anything in e-mail can be truly secure), having device-level encryption adds another layer of protection on that data should the device get compromised in some way. This setting is a mailbox-level setting and not a server-level setting, meaning that the decision to enable this requirement can be done on an individual level.

The initial concern I heard in the SMB space when this news first came out (and all the facts weren't fully available when I made my initial post) was how this would impact iPhone users connecting to SBS servers. Well, there was good news, as it turns out:

The issue didn't impact Exchange 2003 at all, and since the vast majority of iPhone users connecting to SBS servers are connecting to SBS 2003, no problem.
The default settings for Exchange 2007 in SBS 2008 does NOT require device-level encryption for mobile device connections.

So, every one of the customers I had with iPhones and SBS servers were fine. And the vast majority of iPhone and SBS users were also not impacted.

Does that mean that this isn't an issue? No, it doesn't. For companies who have enacted corporate security policies to require device-level encryption for Exchange connectivity, the users who have iPhones will either have to stick with iPhone OS 3.0 (which "faked out" the Exchange server by reporting that device-level encryption was actually in place) , get an iPhone 3Gs with iPhone OS 3.1 which does fully support the device-level encryption standard, or work with the corporate security folks to negotiate an exception for that user/device and have the IT admin change the device security policy for that user's mailbox in Exchange 2007 (which can be done without impacting the security requirements for any other mailboxes on the system).

Hopefully that will clear the air a little from the confusion I inadvertently caused yesterday. And get me back to updating this particular blog on a more regular basis.

Announcing two new video tutorials

arno — Sat, 19 Dec 2009 15:01:00 GMT

Early January 2010 I will be doing two new online video tutorials, check out the details on the FSDeveloper website. Just like last time they will be given on the FSDeveloper LiveStream channel. And afterwards they will be made available on the FSDeveloper Wiki as well of course.