THE OFFICIAL BLOG OF THE SBS DIVA

 http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx

The long awaited patch for the issues of late.  Start testing and patching!

If you have XP sp2, your local zones are already in “protected” state and thus you do not need this.

David Hibbeln pinged me this morning that Robert Hensing started a blog.  Who?  You ask?  Security Dude at Microsoft. That's who.  Good stuff.  Subscribed!  He does the Security Incident Response stuff at Microsoft.  Talk about a “been there, seen that” kind of job.

He starts off with passphrases and getting rid of LMhash.  Start reading... and then go change your password to a passphrase.

I'm down in Los Angeles visiting with my girlfriend and her nine year old little boy is demonstrating his UC Irvine Tech Camp project.  He worked on MAC computers to do digital photography and then worked on developing a game.  The camp runs about a week and each child does a project and then presents it on the final day.  We've come down to also go to a baby shower for another girlfriend, but will be going to the Tech Camp presentation tomorrow. 

When I was his age, we didn't have computer camps.... for that matter my first introduction to computers was in high school.  My goodness.. when Nathan grows up... can you imagine how much technology he will have absorbed as just “normal”. 

I had to laugh though.  On Michael Howard's blog he talked about how he was talking to game designers on how to code more securely in the gaming industry. That's one thing that hopefully will occur “as Nathan grows up”.  All developers will think about security.  For now, I'll let Nathan off the hook and just sit here amazed at what a 9 year old is being introduced to. 

My sister was talking to my Dad about our city's new natural gas/hybrid busses that have global positioning units on them so that they can track the bus locations at any point in time, have cameras on board to ensure that the driver is okay and electronically counts how many get on and get off the bus. 

Look what we now take for granted.... as I sit here typing on my laptop connected wirelessly to my friend's computer system....and replay/tivo TV in the living room. 

Here's to the next generation.  My hat's off to you Nathan.

Update - photos from the “Family presentation“ at IDTechCamp are online here.

327644 - How to configure licensing on an additional Windows server in an SBS network:
http://support.microsoft.com/default.aspx?scid=kb;en-us;327644

324958 - How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP Queues on SBS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324958

838183 - How to turn on the Exchange writer for the Volume Shadow Copy service in Windows Small Business Server 2003:
http://support.microsoft.com/?kbid=838183

 830360 - Default picklist value in an opportunity is not set if the opportunity is created from lead conversion in Microsoft Business Solutions CRM:
http://support.microsoft.com/?kbid=830360

832319 - Vertical scroll bar not visible when you add columns to a view in the Microsoft Business Solutions CRM version 1.0 Sales for Outlook client:
http://support.microsoft.com/?kbid=832319

Office 2003 sp1 just hit the download site today

Office 2003 sp1 - http://www.microsoft.com/downloads/details.aspx?familyid=9c51d3a6-7cb1-4f61-837e-5f938254fc47

Visio - http://www.microsoft.com/downloads/details.aspx?familyid=afca0578-e1fb-4540-b0cc-ff83def61cc6

Outlook BCM - http://www.microsoft.com/downloads/details.aspx?familyid=d21f3d89-46ac-4a27-b4c7-be05723d53e5

Outlook Junk mail filter - http://www.microsoft.com/downloads/details.aspx?familyid=d8ded71e-89ed-4473-9640-13a2b799564e

Office update inventory tool - http://www.microsoft.com/downloads/details.aspx?familyid=37822f41-f749-4b7c-b4df-b052d255a1b8

Infopath toolkit - http://www.microsoft.com/downloads/details.aspx?familyid=7e9ebc57-e115-4cac-9986-a712e22879bb

Office 2003 - Office web components - http://www.microsoft.com/downloads/details.aspx?familyid=7287252c-402e-4f72-97a5-e0fd290d4b76

Project Server - http://www.microsoft.com/downloads/details.aspx?familyid=5dea5862-d534-4f17-ab08-7c9b790c5b15

OneNote - http://www.microsoft.com/downloads/details.aspx?familyid=07408348-26c9-43bb-9e7e-6151cf15d415

Does your server have 4 gig of RAM?

Today a poster asked if we SBSers need to follow this KB or not:

823440 - You Must Use the /3GB Switch When You Install Exchange Server 2003 on a Windows Server 2003-Based System: http://support.microsoft.com/default.aspx?kbid=823440

The recommendation is if you have a server with 4 gig of ram to follow that KB.

I saw that they announced the name of the next Star Wars movie “Revenge of the Sith”.  Just putting everyone on notice now.  I will be in Newport Beach at the Big Newport movie theater with a bunch of my friends next May.  Oh and I should also warn you that I'm known for making folks that go with our group wear matching shirts.  This photo of me was taken in line at the Big Newport before Star Wars I and beleive it or not, someone else there brought that Yoda.  For the record I wasn't the only one who took my picture with him.  ;-)

If you know me, you'll know that I quote Yoda when talking about the Small Business Server platform. 

"Size matters not. Look at me. Judge me by my size, do you?"

"Try not. Do. Or do not. There is no try."

Personally, I think there's a little green guy inside every SBS box.

[now back to your regularly scheduled SBS blog]
P.S.  Click on the link for Multimedia on the Big Newport link to see some photos of the “tent city” that crops up before each Star Wars showing.  I'd also recommend that you try to watch it on an IMAX screen but NOT the domed one in San Jose... find a flat IMAX instead like the one in Las Vegas in the Luxor Hotel

...with Google being affected by the Mydoom virus.  Must have Google... can't live without google.... can't newsgroup without google.... can't GOOGLE without google!!

While last weeks bagel was a real “stupid computer user” virus [like a normal paranoid computer user couldn't look at the bagel emails that had no body message, a stupid subject line and an attachment that SCREAMED “I'm a virus!  Stupid Computer User click here” and STILL click that attachment and get themselves infected, today's MyDoom was way more believable of an email.

This Mydoom one of today was a lot more into social engineering.  I got an email this morning from my ISP that said my account had been sending out a lot of spam this weekend and that I'd better check my system with the attached file... yeah... right...I said... fat chance.  But it was still enough to trick possibly most not so paranoid folk.

This is why proactively BLOCKING these attachments is key.  The virus companies were scrambling to get the dat files out.  Don't even let these files into your network, either using the SBS file attachment blocking wizard or using Trend [or your Antivirus] to block these.

Also on a paranoid note...I was in Macy's tonight [a department store in my city] and I honestly do much of my shopping online and have not been in the store in a long time.  So it was pretty obvious that they were updating their database when they swiped in my Macy's card, asked to see my Driver's License [swiped it in], wanted my address, phone number.. and get this... asked me to enter my Social Security number on the sign-on-the-screen thingamabob.  As I entered in the Social Security number, the numbers were in plain view on the screen of the device that normally you just sign your name on. 

Okay ... I think I'm getting paranoid because entering in the Social Security number freaked me out especially the fact that it was not even blocked on the screen while I was entering it.....I mean HIPAA rules are there to protect my privacy and electronic health information but what about my rights on my personal data.  I just gave Macy's and their IT department, my credit card number, my signature image, my address, my phone number AND my Social Security number.  I have no idea if their network system is patched, scanned, and if that transmission of my Social Security number is encrypted while in transmission...I assume it is... but I really don't know, do I?   Okay so maybe being a little too geeky and a little too paranoid is not a good thing?  ;-)  

The other day I posted in a link to a SBS chat coming up in August and initially the link had extra “stuff” in the html that I didn't realize.  Now I know why.  Once again, the EHLO blog explains why when I copied the html code that I got extra “stuff” that I later had to edit off. 

That's good to know. And good to know to watch out for that in the future.

I write articles for my local business journal as well as for the AICPA Infotech newsletter and they needed an article for the September/October edition.  PERFECT TIMING!  Unless you've been living under a rock, you know that XP Service Pack 2 will be out in the month of August and I'd strongly recommend that consultants and admins review the document located on the web that details out what specific setting you can do with the firewall.  Remember that in the SBS 2003 network, we will get a specific group policy that will enable it inside the network but we can even edit it MORE than they have and do our own adjustments.  There's settings in there that can limit the settings to just certain IP addresses, to just the local network or to the entire Internet. 

Start with the base and then start to “play” to better protect your clients.  My guess is that you will find you'll build on top of the rules that the SBS 2003 team has built to customize it for your clients.

I was out surfing and found this web site that talked about some of the things they didn't like in XP sp2.  It's an interesting site that talks about some of the concerns that some of us have been discussing on a listserve.  Will end users just blindly approve applications to go out the firewall without understanding what they are approving?  I do think that the IE scripting limitations, the pop up blocker and the firewall action will need end user education.  In my office where we have the RC2 installed on four production workstations, it already has needed some explanation for those folks running it.  But that's good.  The more we educate, the better we are protected.

So, I'm looking forward to it... August... come on August!

If they ever ask to see my Amazon.com book purchases they are going to see hacker books, computer books, and my latest purchases... a bunch of Sharepoint books.  I just finished an online training class and definitely my interest was peaked and definitely demanded that money be spent at the “book store”.

Remember that the SBS sharepoint [aka companyweb] is pretty much the same as “normal“ Windows Sharepoint Server with the following exceptions:

SBS sets up the WSS, it sets up the virtual server, configures the sites, add the users automagically.

It has custom lists, content unique to SBS -- for example -- it has Help Desk and Vacation calendar as a custom list

It has an import file wizard that allows bulk import of folder structures.

It has a part that works with MS fax server that can auto route incoming faxes to a WSS fax document library.

That's about it folks.... other than that the technology of WSS inside SBS is the same as "normal" WSS.

So the books I ordered are:

Amazon.com: Books: Microsoft SharePoint 2003 Unleashed (Unleashed):
http://www.amazon.com/exec/obidos/tg/detail/-/0672326167/102-6920567-9875324?%5Fencoding=UTF8&v=glance
Amazon.com: Books: Microsoft SharePoint: Building Office 2003 Solutions:
http://www.amazon.com/exec/obidos/tg/detail/-/1590593383/102-6920567-9875324?%5Fencoding=UTF8&v=glance
Amazon.com: Books: Microsoft SharePoint Products and Technologies Resource Kit (Pro - Resource Kit):
http://www.amazon.com/exec/obidos/tg/detail/-/073561881X/102-6920567-9875324?%5Fencoding=UTF8&v=glance

http://www.microsoft.com/downloads/details.aspx?familyid=09b835ee-16e5-4961-91b8-2200ba31ea37

An addin to Outlook to quickly search all of your email, contacts, calendar, and filesystem.

And I added TAZ's blog link at the bottom of my page.  He reminded me that hit the download site.  It a supersearcher add in for Outlook.  Microsoft bought them and already it's a free download on the Microsoft web site.

A buddy of mine called me the other day saying that he kept losing connection to the server and “Quickbooks” would barf on him and was there anything he could do about it.  Oh yeah.  As part of my “three things I always do on a server” shutting off the autodisconnect is very high on my list.  Gordon in the blog comments alerted me to a new KB that is on point discussing how to tweak this setting.

Hmmmm wonder if I should put that down as a SBS “hack”.  I just take it for granted that everyone does that.

Okay, filed in the SBS "hack" section in anticipation of the SMBNation conference in Seattle September 10-13.  If you happen to be going, start getting sleep now.  I just saw the tentative schedule.... you'll need it.

Scripting webcast week

So Scoble  says that his wife's new job as a MSDN webcast host, they hosted over 4,000 in attendance at the Scripting webcasts.  Wow.  One of my fellow MVPs attended [Steven Teiger [no “h”] and got this email back in response.

Remember that this webcasts are always available ON DEMAND!

Thank you for your interest in our TechNet Webcast
Scripting Files and Folders Makes Me Happy - Level 200.
Here are some related resources that you might find valuable.
            
                                    
Try Your Own Script Writing With a FREE TechNet Virtual Lab!
The best way to learn scripting is by writing scripts. That’s good advice,
but how does it help a newcomer looking to get started in the world of 
system administration scripting? Here is your answer! Try our 
FREE hands-on lab that walks you through the script writing 
process by clicking here. 
 
Script Center | Files and Folders
Lots of sample scripts that extend the themes of the webcast. Click here
 
Review the on-demand version of this webcast and other resources
Available 48 hours after the live webcast.  Click here
 
Microsoft Skills Assessment for Windows Server 2003 
Click here   
 
Microsoft Windows Server 2003 Books for IT Professionals
Click here   
 
Microsoft Windows Server 2003 Deployment Kit
Click here   
We hope you find this information useful.
 
Your feedback is important and helps us improve our program.
If you attended the event and have not already completed 
a survey, please click here  . 
 
Thank you again.
 
Sincerely, 
 
Your TechNet Team
 
So anyway... besides Scripting webcasts they also have Security webcasts [my passion]
and TechNet Radio now and Channel 9 videos and then there are Technet Chats  [don't forget the SBS End user
chat on August 5th]
 
So what's scripting about anyway?
 
You are building a script to run a task that might normally in a gui screen take longer.
 
For example changing the local admin password via script is done like this...
 
strComputer = "MyComputer"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")
objUser.SetPassword "testpassword"
objUser.SetInfo
Obviously change the name of the computer from “MyComptuer” to whatever the name is and change “testpassword”
to whatever you like but copy and paste that to notepad, save as a vbs file and voila, you have a script.

“One nic [network card] is better than two nics“

“A hardware firewall is better than a software firewall“

I was reminded by these “mine is better than yours” by a post by Rory.  He starts out by relating the story of Nike and how he thought if he only had the “swoosh” on his side, he'd be better, stronger, he'd be just ... just more.  Well he found out that shoes do not make the man.  He uses it as an analogy over “language wars”.

The same can be said in SBS land.  I'm guilty in the newsgroups of posting in a “pompous manner' oh don't do it with a one nic, always do it with two nics, but you know what?  I'm second guessing that consultant who [if they've done what they are supposed to do], analyzed the client, looked at the issues they face and determined the best solution.  At the same time, for all those folks that recommend one nic, don't blame me for liking and recommending two network cards.  I like having the separation and feeling like I'm doing it like the big boys. I'll paraphrase Rory's question but in the case of SBSland where we can do things in many many ways.....

1) Can it do the job well?

2) Can it do the job in a way which pleases you?

If you can answer "yes" to these two questions, then you have the right bloody “technology“, and don't let anybody tell you otherwise.

As long as both methods work, keep the networks safe, and provide that company with what they need, does it matter how you do it?  It provides a solution.  So let's get past arguing what is the “best practice“ as what is “best“ for you might not be “best“ for me.  The “best“ solution is one where the consultant has set up “the“ firewall [whatever brand], in a manner that it is controlled, auditable, confirmed to only have those ports open what is it was intended to have open, configurable only by those who are authorized to configure it, and without known vulnerabilities. As long as whatever technology is in place protects and defends that network exactly when it needs it, who cares what is used?

<< The SBS Newsgroups Posting FAQ >>

The following tips are designed to help you get the fastest
and most appropriate answer to your questions.

Following these tips will help us to help you.

===================================================
- Post to the appropriate newsgroup -

For SBS 4/4.5: microsoft.public.backoffice.smallbiz
For SBS 2000 : microsoft.public.backoffice.smallbiz2000
For SBS 2003 : microsoft.public.windows.server.sbs

Microsoft News Server: news.microsoft.com

The SBS Newsgroups provide a free forum for threaded discussion
and peer support on issues related to Small Business Server by
users, service providers and interested parties.

Please remember when posting that non Microsoft people don't get
paid to be here, and MVPs are -not- Microsoft employees.

- Who are the Microsoft MVPs ? -
Frequently asked Questions about the Microsoft MVP Program

Everyone here is giving generously and freely of their time, experience
and expertise to enhance the Small Business Server Community.

Join it, support it, respect it and enjoy it. - SBS Rocks !
 
===================================================
- A Web interface to the SBS 2003 newsgroup is at -

http://support.microsoft.com/newsgroups/?pr=newsgsbs2003

You'll find the Rules of conduct on the Microsoft Website at:
Welcome to Microsoft Discussion Groups

===================================================
- Do some advanced research for previously posted solutions -

( It's most likely been posted and solved before. )

Advanced Google Search:
http://www.google.com/advanced_search
Domains: microsoft.com,  experts-exchange.com

Advanced Google Groups Search of the Usenet archives:
http://groups.google.com/advanced_group_search

Advanced Microsoft Search
http://search.microsoft.com/search/search.aspx?st=a&View=en-us
Note: You can also just enter a KB Number , Q Number or Error Number

Search via an Error Event ID
http://www.eventid.net
http://search.microsoft.com

Your Public Interface:
http://www.dnsreport.com
http://www.dnsstuff.com

View your network settings on Servers and Workstations:
Start > Run > cmd : ipconfig /all

View your Ports Status:
Start > Run > cmd : netstat -an

===================================================
- Post with a meaningful subject line so those with expertise or interest
in the topic can find it quickly.
Posting with a purely attention seeking topic such as "DISASTER"
or "No-One Ever Responds to Me" may get you noticed -once-
but is likely to get you ignored or dropped in future.

Remember: -everyone's- issue is important to them, so queue jumping
certainly won't enhance anyone's opinion of you within the newsgroup,
and you may need their help again sometime.

===================================================
- If posting a Question, post with sufficient information for a complete
stranger to understand your SBS version, environment; your issue, what you
have tried and what failed. You're not cutting down on the typing as you'll
be asked anyway, and it can only enhance the speed to diagnosis and resolution.

Please state all messages and IDs in failure notices and/or in the event viewers.
Also what may have been installed/changed/updated prior to or during the issue.

A secondary benefit to this is that in correctly framing the question,
the resolution often presents itself.

Note:
Stating your SBS version ( 4, 4.5, 2000, 2003 ) is particularly important as is
whether your SBS 2003 is Standard or Premium and whether you have ISA installed.

===================================================
- Posting In capitals on is considered SHOUTING! ...Please don't.

===================================================
- Don't overlook or discount Paid Support.
If the Issue is urgent or complex, the time you spend searching for a "free"
solution. ...and cost factors such as Worker Downtime, Customer Irritation,
Lost Productivity, and Hair Replacement costs will likely far outweigh the
cost of a support call to Microsoft PSS (Product Support Services ) or a
local IT Support Professional with experience in Small Business Server.

Note: Hot-fixes are free of charge. Just ask for the specific Hot-fix.

===================================================
- It's difficult to convey human emotions on Usenet (Humour, Pathos,
Sarcasm, Tongue-In-Cheek ) so use of emoticons and/or acronym tags is advised.
.... and no; you -don't- have to be serious all the time.
It's a community. Enjoy !

===================================================
- There are many paths to a solution and as many experiences in getting
there as there are posters.

Sometimes the paths are well worn, tried and true. Sometimes paths diverge,
sometimes converge and sometimes new trails are blazed. Understand and respect
that and use what suits you and your particular situation.

Posting back the solution that helped you will help others
with similar scenarios and issues and add to the overall knowledgebase.

===================================================
- People are different, but people are people -  you should be nice to them.
This is a technical newsgroup and not a place for Egos or Flame Wars.
As a community we try to leave them at the door and respect each other.
What you post here is archived and available to anyone, anytime.

Remember: ...."Please don't feed the Trolls!"

===================================================
- Newsgroups are not your only source of Information / Help.

Many of the members of the Small Business Server Community
provide support via Websites, Lists and Blogs such as:

http://www.sbslinks.com ( Susan's Links to all things SBS)
http://www.smallbizserver.net ( Mariette's SBS Website and Forum )
http://www.sbs-rocks.com/articles.htm ( Andy's SBS Articles & Resources )
http://www.sbsfaq.com ( Wayne's Website )

Small Business Server Groups on Yahoo.
sbs2k@yahoogroups.com ( SBS Forum on Yahoo )

Blogs by: Chad, Charlie, Kevin, Susan
http://www.msmvps.com/cgross
http://blogs.msdn.com/canthe
http://www.msmvps.com/kwsupport
http://www.msmvps.com/bradley

The Microsoft SBS Websites:
Small Business Server Homepage for all sorts of Information,
Demos, Whitepapers Upgrades, Migrations Events and Training
http://www.microsoft.com/sbs

Small Business Community Sharepoint Site:
http://sbcomm.sts.winisp.net

===================================================
- Don't be shy about posting a Question ....or an Answer.
SBS encompasses a lot and has been known to make even corporate
SysAdmins Cringe and MCSEs cry. None of us knows all the answers.

We were all "Newbies" once and none of us has experience with every
permutation, combination, setup and environment SBS is deployed in,
so there are -no- stupid or dumb questions. That's the domain of
answers that imply that there are.

If you're asking a question and know the answer to another one on the
page, muck in and post it. The poster may get a faster resolution than they
would have, and an additional member may get a response
they wouldn't have otherwise

Your solution may be a something that we can all learn from.
- What goes around, comes around.-

===================================================
- It's not only Break/Fix. Anecdotes, Wishlists, Insights and Brickbats
are all grist to the mill of SBS Topics and all on-topic for the community.

===================================================
- Don't Multi-post*.
( * the same Posting within different newsgroups or within the same thread.)

If you must post to several newsgroups, Cross-post to just the relevant ones.
A response in one will then show up in the others and all can follow the thread.

===================================================
- Be patient.
Newsgroups are not Instant Messaging, and people aren't on-line just waiting
for you to post. If the situation -is- that urgent, then Paid Support will pay
for itself. Remember: No-one owes you a response.

===================================================
- Things get missed.
Things do get lost or missed, or someone with the appropriate skills
or experience may not be available, so if you haven't had a response
after 3 Days or so, post again, perhaps with more detail and things
you've tried in the interim.

============================================
- Lastly, -enjoy- and remember, SBS Rocks !

For and on behalf of the SBS Community.
SBS FAQ Poster

Just a reminder to folks running with ISA Server 2000....

You must reinstall ISA Server SP2 after you do any of the following:

·       Add or remove ISA Server components
·       Install ISA Server Feature Pack 1
·       Change ISA Server installation mode

The upgrades to ISA Server Feature pack 1 will only get “smooshed“ on there if you reapply SP2 afterwards.  So don't forget to reapply SP2 when installing that feature pack.

SBS 2003 End User Experience
Join Microsoft experts on August 5, 2004 to discuss tips, techniques, and best practices for the SBS 2003 End User Experience. The topics include Remote Web Workplace, SBS intranet (Windows SharePoint Services) and Office Outlook 2003 running on SBS clients.

Date: 10:00-11:00 am Pacific Time, 1:00-2:00 Eastern Time on August 5, 2004.

Enter Chat Room

Add to Calendar

So go find some “Ends” that are “users” and drag them to this ;-) 

Seriously, the integration that SBS has right in it's pocket is amazing.  We DON'T take advantage of what we have.