THE OFFICIAL BLOG OF THE SBS DIVA

From Bink today comes the word that SUS 1.0 is going to be turned off soon, so if you are running SUS... this US Holiday weekend is probably a good time to start testing out WSUS.  Step by step instructions on migrating from SUS to WSUS are here and given that we never READ [including myself] use this weekend to start reading.

And bookmark this KB article to keep you alerted as to what comes down on WSUS/AU, etc.

In fact, patching will be the topic I discuss at the SMB Technology Network.  To be specific WSUS, Shavlik and Patching in general.

Then in September at SMB nation it will be on Security and Hardening with Dana.

Hope to see you in both places!

Update --- okay I should have read more than the headline...

http://www.microsoft.com/windowsserversystem/updateservices/evaluation/faqs.mspx

in the WSUS and SUS section:

Q. How long will Software Update Services (SUS) be supported by
Microsoft?
 
A. SUS will be supported through June 6, 2006. The documentation for SUS
will remain available on the web here.

Q. How long will SUS continue to receive new content from Windows
Update?
 
A. SUS will no longer receive new update content after June 6, 2006.

Q. Will I still be able to download SUS?
 
A. No. SUS will no longer be available after June 30, 2005.

I was checking the Microsoft update here at the office and when I went to MU I kept getting Error 0x80072EE2.  Hmmmmm....so I googled and found:  You receive an "Error 0x80072EE2" or an "Error 0x80072EFD" error message if you try to use the Microsoft Windows Update Web site, the solution for which is in KB 836941: Making the MU site a trusted zone in IE fixed the issue and I can now use Microsoft Update [and for that matter auto updates was apparently broken as well and just now started working again after I put the link into the Trusted Zone.]

Check and make sure that check box indicating it's a trusted site is in place.

The first five I met in the plane over from Fresno, the next glob was in the line for a cab, the next view was in the window of a shop at the Bellagio hotel, and even now, sitting as I typically do, on the airport floor next to the power plug in, they are here...what are they?  The ladies in the red hats and wearing purple.

And to these ladies over the age of 50 that decide to 'brand themselves' as someone who wants to live their life a certain way also remind me of the SBS Community.  We don't wear red hats, but we bond and share info.

Here at a CPA Tech Conference, Anne Stanton [who amazes me with the amount of business cards she accumulates] found two firms from Alabama that specialize in SBS. She tells the soon to be community members about all thatt they are missing out on.  Sometimes we work in a silo and don't realize that 'we're normal' and that 'we belong'.  Sometimes you need a Red Hat kind of belonging.  

Sept 9 - 11th, SMBNation is our SBS equivalent of the “Red Hat” Conference.  If you haven't booked by now, it''s not too late.  

Have it be your “red hat event”  

Just a heads up to everyone.... the Windows Update/Microsoft Update that may be offering up to your servers right now that will have the v6 in it's address, it is offering up to you the Windows 2003 sp1...that is NOT SBS 2003 sp1. It is merely the first part of what you need for a fully complete service pack.

Remember that SBS 2003 sp1 is

• Windows 2003 sp1
• Sharepoint sp1
• Exchange sp1
• XP sp2
• and finally..the SBS specific parts of the patches

You can't get ISA server or SQL server sp4 any other way than ordering the cdrom.

So if you've downloaded and installed it...just go to the SBS page and finish the SP installation

In the Indentiy Management presentation by Roger Grimes at Tech 2005 and he's talking about

• Identification - who I am
• Authentication - prove it
• Authorization - can I access that object?
• Accountability - who did what?

So many times in SBSland we don't take the time to worry about the last two.  We don't set specific permissions to files, parts etc.  Yesterday I was asked by a CPA on the best way to allow a client to have access to their own financial reporting and nothing else and it's a matter of permissions isn't it?

Do we take the time to set permissions appropriately to shared files..heck no, we open up the whole thing.

And accountability?  Do we make sure that everyone logs in individually so that you can track who does what?

Last day of the AICPA Tech Conf in Vegas...

And of course, the LAST thing I'm putting in the suitcase is the DLink wireless access point.  We're using the TV checkout system.

Things we didn't do.

• Sleep
• Anne didn't audio blog
• I didn't go to the pool
• Anne didn't go to the hot tub
• Convince Mark Minasi that SBS isn't evil just because it doesn't natively have a secondary domain controller

Things we did do

• Didn't sleep
• Talked with good friends
• Made sure we introduced people that we knew....that we wanted to make sure knew each other [Alan Brill from Kroll on track...meet Roger Grimes]

And with that... I'll packing up the wireless... I'll be on the Cellular air card next for the next round...

In the AICPA Tech 2005 presentation with Roger Grimes [fellow MVP] and he's talking about Open Source.  And one of the points he makes is that Migration is hard. from any platform to another platform..AND he's making the point that in most firms you will have both Windows and Linux based operating systems and thus you'll need to people with both skill sets in your firm.

* Security Advisory (891861) 

  - Title:    Release of Update Rollup 1 for Windows 2000 Service
Pack 4 (SP4)
  - Web site: http://go.microsoft.com/fwlink/?LinkId=49772

Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

Gave a presentation today with Clint Krintner from the Center for Internet Security on Security benchmarks and we drove it home that we ....the users...the buyers... the consumers have the power.  We have the ability to ask...to make the vendors do a better job in Security.  The topic was on security benchmarks and how we can raise the bar.

Disable unneeded services.  Ensure you are fully patched.  Ensure you enforce password policies [passphases]

I'll have blog a bit more  on this tomorrow... off to bed....

Rats... the digital camera is dead and so is the cell phone and the power cords to charge them are all the way back in the hotel room all they way back on the other side of the Casino in the Spa Tower.

Batteries.... if you don't have power.... you don't compute.... you don't ....well you just don't.

Well I have two batteries [a backup] for the laptop...but don't have for the cell phone....oh well... if you need me... don't call me... email or IM me.

That's the one thing we need to work on ....batteries....juice.. power...

Blogging to you live from Vegas from the AICPA Tech2005 Conference and it's the 25th anniversary. One person has been part of that history the entire time ...Rick Richardson.  There will be some special events to celebrate this and Mark Minasi is sitting at the table getting ready to speak.

Some sound bites....Technology is a core service and competentcy of the profession.....The future of our profession relies on Business Technology.

I've noticed that in Computer Security conferences ...some of the concepts being discussed are foundational accountability concepts. 

The hotel itself has 'egress filtering' on the hotel... you must show your hotel key to enter in the small hallway that gets you to the hotel rooms.  Kinda of a human firewall mechanism if you will and ingress and egress filtering for sure....

Update - read Dana's view of the knock on the door

From the mailbag today comes the question...what do you do if you see traces of someone banging on your accounts?

Now here comes the controversy...some say they like account lockout as it shows when you are getting nailed...some like Steve Riley and Dr. Jesper Johansson in their book on Protecting your Windows network say that if you have the proper passwords...[great passwords are akin to great strong locks on your doors].... you can let them bang on those doors all you want because you are snug behind those locks.

So what should you do when you see the door rattling?

Ask yourself if your locks [i.e. your passwords] are good enough.  If they are...roll over and go back to. bed... because it would take them eons of time to break down the door if the lock is good enough.  If, however, you have your doubts... then you need to replace your current lock [password] with a better lock [passphrase].

P.S.  In SBSLand we DO know when folks are knocking on the door because of our monitoring email.  Anytime there is a login failure we see it in the emails.  I personally want my ISA server logs more 'in my face' and heck..even RSSable.

You would think Anne and I would fight over the TV station or where to eat or which sink which one of us is going to use in the hotel room..but no..we fight over the high speed access.  Thus this time in my geek travels I brought with me a tiny [and I do mean tiny] Dlink Wireless AP that broadcasts the room's connection.

So for those folks on the 17th floor of the Spa Tower at the Bellagio...no the hotel doesn't exactly offer wireless connectivity... you just have two geeky gals that hate sharing one wired connection so we made it easier to connect both of our laptops.

And yes, it's reallllyyyyy tiny.

A great conference is great because of the face time... show me a conference ....and I'll show you a bond.. a level of communication that occurs.  Show me a really really great conference and I'll show you one with people who have communicated for a while in a virtual setting and thus the conference itself is just to solidfy what's already there.

While I'm totally pleased that TechEd has placed it's presentations online, there's still a level of communication that just cannot be captured in “Death by audio and powerpoint”.  I'm in Las Vegas at the Bellagio and having a AICPA Tech conference with my geeky CPA friends.  And while I'm making sure I'm buying the MP3 to listen to it back home, I know that the talks with my fellow geeks over Mountain Dew will many times be just as valuable to me as the presentations themselves.   

My only complaint [that has privacy issues as well] is when they give us the brochure for the attendees, that we don't get an opt-in to share emails addresses.  As it is I'll be advertising the community listserve on the web site of the conference. 

Hand out business cards.....join/start a listserve... keep that virtual face time going.... and that conference will give back ten fold.

For you SBSers...don't miss the summer mini Harry-fest in Los Angeles and remember the SBS lovefest of www.smbnation.com this fall.

Law #7: Encrypted data is only as secure as the decryption key

Had to remove a computer drive to do a forensic analysis on it and it's always annoying how the teeny tiny screws that hold the hardrive drop inside the case.  And then of course you have a heck of a time getting them back out.  Even though Dell machines are a bit cheesy the are nicer in that you mount the drive on these plastic drive rails and it's that that you stick into the computer.  I could tell that even the original manufacturer of the system cheated... they only put one screw on the far side of the unit [you know the side that you are normally going 'through the case' to get at?]

Now it's off to put the drive back in the unit and make sure it's working to go back.  Meanwhile I have a forensically sound bit by bit backup of the drive that I can scan for what I need for the investigation.  [I'm using Encase and not Norton Ghost or anything like that as it automatically makes hash values and what not of the data to prove that the image to the original is the same data.]

Las Vegas packing

• Pocket CDrs that have CISecurity.org information burned in [the presentation topic is benchmarking...more on this later]
• Presentation on USB thumb drive/laptop and CDrs
• Laptop
• Remote presentation thingy [...ooh need to go find that]
• Digital camera
• Smart media chip reader
• power cords
• Cingular aircard
• Speaking schedule
• Moderating duties schedule
• Front page 2003 in case of last minute changes to web site
• ooh... business cards [see I'm going to forget something]
• batteries for camera
• spare battery/charger for computer

Oh yeah... clothes and makeup...guess that would be good to remember...huh?

I don't.

Some do.

Most say they see no difference. 

SBS engineers have said don't do it.

A KB says no....but there are enough vague ones out there that say ...yes do it...

What am I talking about?

The /3GB switch.  I have 4 gigs of RAM and have never messed with that setting.  I have folks that have messed with it and see no impact.

So... start the debate.... do you?  Don't you?  Do you see a difference?  And note the two sections of the KB below... I'd say that's a “don't do it“.... wouldn't you?

If you are having memory issues...check out the blog links on allocated memory alerts.

*Note* For Exchange Server computers which are at the same time Active 
Directory Domain Controllers or Global Catalog servers we do also not 
recommend setting the /3GB switch in boot.ini. We recommend having 
dedicated Active Directory Domain Controllers or Global Catalog servers.

http://support.microsoft.com/?kbid=815372

 
Note You do not have to use the /3GB switch on Microsoft Windows Small
Business Server 2003-based computers. We do not recommend that you use
the /3GB switch parameter in the Boot.ini file for Exchange Server
computers that are also Active Directory domain controllers or global
catalog servers. 
 
http://support.microsoft.com/default.aspx?scid=kb;en-us;823440

I have an 'addictive' personality.... I'll admit it.....I'm addicted to Dew... I'm passionate about SBS... and blogging.. well.... I think it's obvious that I'm wacko about that too.  At first when I started this blog I was like...what the heck am I going to talk about ... and it started off with just tech notes and my external web based filing cabinet.  And most days it's just that.....like put a phrase in that inurl Google box like...Thanks Les - that's my post on how to clean up Exchange..... Allocated Memory.... that's all the info on my memory alerts issues... it's also sometimes my vent and rant location...but I've also tried to capture things that I'm seeing in the SBS newsgroups and communities as well.... the collective [okay... so Borg] experiences of all of us filtered through the blog.

Along the way there are folks that get blogs and those that don't...and most that don't get blogs aren't using newsaggregators for viewing them... they are googling and hitting the XML format and don't understand what they've hit.

But it's more than just that isn't it?  There's a person, a voice... a conversation that begins... it's not just one person, the interaction with readers and those who contact via the contact page [that is now working again I might add] means that there is a dialog.

If you don't see what the possibility is of RSS... watch this....do you see the possibilities?  And some of this isn't needing the Longhorn under the hood to do.

Starting tomorrow I'll be blogging from Vegas as I'm on my way to the AICPA Tech Conference.... hmmmm....wonder if I can find something orange to wear to showcase “I get” RSS.

For those of you who don't.... start opening up that mind to the possibilities....