THE OFFICIAL BLOG OF THE SBS DIVA

Lately I've been doing some work in Win2k8 RC0 and when you work on "big server" platforms, you forget all the little things that you take for granted on SBS that .. are just there.  When you fire up Win2k8 Enterprise and look in the group policy management console, the first thing you will notice that it's a blank slate.  And I do mean a blank slate. 

Now while some would say "Oh this is cool as i can set it up the way I want to", I'd argue that there are efficiencies because I'm not having to reinvent the wheel.

Firewall policies for Vista and XP are preconfigured.

WSUS policies in place already. 

The foundations are built for you.

And I strongly feel that if SBS 'fits' the small business, you are doing them a disservice if you choose the regular server platform.

Does it fit in all places?  No. But when it does..and you don't install it.. man you are doing a client a disservice.

I buy a Mac Mini and a Social Engineered Trojan hits the news...

But the story at http://www.incidents.org/diary.html?storyid=3595 points out that Social Engineering is the hardest one to patch for and the threat is now on the Mac platform as well. 

All you have to do is entice me enough to think it's a normal app that I want to install and you have me nailed. That's not hard to do these days.

Well here I am... with the laptop on wireless... I'm sitting in the living room with sounds of "Trick or Treat" wafting down the street where I live.   This year is the first year of the "daylight" Halloween ..where 5 p.m. was still light because we haven't moved to daylight savings yet.

So far we've had more kids ..either due to the time difference ...or the fact that the weather this year is very mild. 

Based on my unofficial candy count... I think we've had about 125 or so kids, teenagers tonight.... and I think I hear some more coming up..

According to http://www.maxmind.com/app/locate_ip the IP of 199.239.30.126 is out of Denver Colorado

It's also using an Outlook Express is now a spammer of this maware:  http://isc.sans.org/diary.html?storyid=3591

That's outlook 5.5..that's an old version to boot.

http://www.engadget.com/2007/10/30/mini-how-to-remove-the-windows-bsod-icon-in-leopard-make-os-x-a-little-less-smug

When I first read this .. I went.. no way... they didn't do that did they? And I had to fire up the OS and drill around and check...

All the operational computers in my network look like this...

Now mind you .. BSOD's happen so infrequently that when they do it's such a rare treat to dig up Peter Gallagher's blog post so I can figure out what third party driver was the culpret...

http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx

I did have one last week but that was a known self induced event anyway due to not following my own cardinal rule of using a driver from Microsoft Update.

But you know... Apple needs to get on board with Interoperbility.  Having Macs and Windows side by side working happily is what he's all about and embracing technology to just work better together is what everyone in this industry should strive for. 

That icon is indeed a bit lame in a shipping product.

Kicking and Screaming I am Bloggin » Blog Archive » Faxing From Vista via SBS:
http://blog.sbs-rocks.com/?p=67

Okay so maybe not to Attorneys, engineers, vast sectors of the economy that just have to fax.....

http://www.microsoft-watch.com/content/security/security_what_microsoft_can_teach_apple.html
http://www.microsoft-watch.com/content/operating_systems/why_leopard_isnt_better_than_vista.html
http://www.microsoft-watch.com/content/operating_systems/why_leopard_is_better_than_vista.html

Three interesting threads.

I personally didn't notice surfing delays on the Leopard so I can't confirm that I've seen that issue here in the office, but there are some default settings in Leopard that definitely make me poke under the hood a lot more.

"Allow all incoming connections" was the default setup.  It would be nicer if stealth/set access was the default.

Another ..hmmm... long term is that wise?  Guest is enabled...

Leading to tell tale signs of it hitting network resources until I provided authentication.  Another ...hmmmm ... will have to understand that more....

A good moment?  Where Safari in one click will allow you to go into private browsing mode.  Nice touch.

The hmmmm .... moment was the web page before where Safari autofilled my contact in and I didn't realize that it was going to keep the MacMini registration as auto fill info as the auto fill info.

It just points to recent posts where privacy and security is different for different generations.

Updated info on connecting a Mac to a SBS is here:

Connecting a Macintosh to an SBS 2003 Server via SMB (2007):
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/233/Default.aspx

Author: Eriq Neale

Sometimes it's nice to just pretend .... what if I were in charge of the Universe.

Well the first thing I would do is that I would put out a formal statement (and not just a blog post) about how I'd be planning to help the patching admins clean up the Windows Desktop Search .... well...mess that was blogged about here: http://blogs.technet.com/wsus/archive/2007/10/25/wds-update-revision-follow-up.aspx 

I'd state a timeline of actions and I'd give people a variety of tools, options and guidelines to pull that patch back off.

I'd first build a scan tool that would allow folks to scan their networks for that patch.  MBSA is already build, how about a special build that would look for that Search KB/registry?

I'd then give guidance on removal. 

I'd take what was added as a suggestion on the blog...

http://www.adobeforums.com/cgi-bin/webx?128@@.3bc48a7e

One for the bizarre side effects.

Adobe 8, Word 2007.  Word would not properly pdf using the Adobe wizard.  Couldn't figure out why.  Googled and finally hit this.  Because the person did not have a proper Name and initials in the Box inside of Word 2007 the PDFmaker wizard would consistently barf.

Who knew.

1.  I think the router on our DSL freaked ..as yesterday we lost DSL connectivity for most of the day and all night and today I had to log all the way into the DSL modem/router before it would connect to the Internet.

2.  Our Ricoh copier thinks it's an hour earlier... obviously we missed that patch....

Heard about some VOIP systems that had some minor date issues.

And I had patched all the phones so didn't see this.. http://blogs.technet.com/dst2007/archive/2007/10/29/windows-mobile-update-102907.aspx

http://docs.info.apple.com/article.html?artnum=306804

http://docs.info.apple.com/article.html?artnum=306490

Okay ..take this as a patchers rant tonight.  I understand that software has to get shipped but at what point in time did it become acceptable to release something that on the third day it's in public release I'm already getting patches for this Operating system?

The first byproduct of the upgrade is that RealVNC 4 won't work and I had to load up logmeinfree (that has a beta version that runs on Mac) to remote into the system.

https://secure.logmein.com/products/mac/

But did you have to take a page out of the Microsoft playbook and patch the OS the first thing?  Can't you at least wait a week or something?  Lull me into a false sense of security or something?

P.S. after reboot and changing RealVNC to full color the RealVNC works.

Microsoft has it as IPSec.... but wikipedia and other sources has it as IPsec.  And even Office 2007 wants to capitalize it.

...so is it IPSec or IPsec?  Inquiring minds want to know tonight....

http://technet2.microsoft.com/windowsserver/en/library/2a2f7792-5a4a-438b-8711-23694ae56e3a1033.mspx?mfr=true

http://en.wikipedia.org/wiki/IPsec 

http://msmvps.com/blogs/bradley/archive/2007/10/28/the-quot-run-quot-command.aspx

As a follow up to that...

Thanks Kerry!

click on the Run and voila...

Doing some stuff with Win2k8 RC0 and it just hit me today that Server 2008 has a "run" command in the start bar that Vista doesn't have.

Guess they figure admins can handle "run" whereas users can't? 

http://www.itwire.com/content/view/15070/1103/

To build back ...some... of the trust in patch management here's what I'd recommend.

First and foremost ...start with Communication

a.  Start with RSSing this KB http://support.microsoft.com/default.aspx/kb/894199 and letting us admins know AHEAD OF TIME what non security updates will be planned to be released on WSUS.  I'm tired of having to read that KB to confirm that whatever WSUS did last night was expected.  Tell me ahead of time.

b.  More blogging on http://blogs.technet.com/wsus and http://blogs.technet.com/mu - If you change the AU bits, blog about it.  If you plan a release, blog about it.

c.  More resources to detail how the update process works.  You guys are good at whitepapers so whitepaper that.

d.  While you now have a means to get a hotfix via email (and THANK YOU for that) the second long term ask that I've asked for is a way to get alerted about Service packs being released.

Bottom line folks... start with the communication.  Keep us informed.  Please.

There are times that I have unusual ways of retrieving information... and this is one of those unusual ways that I have of remembering where to get this nugget that I do on laptops where I'm not sure where exactly they'll be hanging off of.  It's probably not what you think.  It's not an encryption step, nor is it extra heavy duty security or something, it's a setting to ensure that if I'm not sure what kind of router that Vista will be stuck to, and it's going to be with a non geeky person, that I'm sending it off as proactively as I can to be able to connect to possibly older routers and what not.

Like, for example the Vista laptop that I sent with a partner to the Philippines.  Sent it with all the necessary remote access protection, but because I wasn't 100% sure what sort of router he'd be connecting to, I did this command before I sent it off just in case.

So here's the trick of the fastest way I know to find this setting as you know I'm not a command line person at heart and just remember it's netsh interface ...somethingorother....

First, point your browser to Steve Riley's blog.  In the search box put in the word "hotel" and voila.... http://blogs.technet.com/steriley/archive/2006/11/21/windows-vista-vs-hotels.aspx

netsh interface tcp set global autotuninglevel=disabled

I'm sure others know better ways to find that information or have that memorized.. but for me... it works as a short cut way to get that info on any laptop that I may not be assured that it's going to be hanging off of modern routing equipment. 

P.S. I sent a Vista laptop with a partner who only has XP and had him use it for a week before he left.  I showed him UAC before he left but left it turned on and not adjusted to silently elevate in admin approval mode.  I left it "as is".  I am honestly finding that it's the admins that are the ones that complain the most about UAC.  If you explain to the end users what it is, how it works, what to expect and set up the machine so that it really shouldn't be showing up much at all, it's really not as big of a thing as people think in my opinion.  It's all in the deployment.

At 2 a.m this morning....Nothing should happen.

You heard me.. nothing.  No computer should jump it's clock back an hour at that time.

If you patched back in March you should be good to go even without patching with the recent stuff as I'm betting most of you don't live in those affected time zones that got another time zone change.

... so here's hoping that nothing does indeed occur.

Time will tell.

http://www.engadget.com/2007/10/27/leopard-vs-vista-feature-chart-showdown/

I think the funnist thing on that chart is how Home Server wins out over Apple's network storage in that chart.

I actually took my MacMini back out of my Active Directory at my office and made it more like a XP Home or Vista Home works... with pass through authentication because it was annoying me too much to have it in AD control places in the network still messing up my R2 WSUS console no matter what I tried.  So rather than have it in my Active Directory I took it back out so I don't have to build group policy to try to exclude it.  Vlad is challenging me to try out Linux as he considers Mac a bit of a "sell out" platform, but the reality of the platform choice is still this.  It's a platform.  A base.  And you still need to determine what applications are driving your needs.  That's the deciding factor for any platform along with a good dose of having tools and knowledge to serve your needs.

And quite frankly.. I'm/we're still a Windows apps driven firm with not enough apps "in the cloud" .. at least not for the foreseeable future anyway.

Fsecure talks about the lengths the bad guys are going to... http://www.f-secure.com/weblog/archives/00001292.html 

As they say.. follow the money

More videos here on Mobile Malware...

Mobile Malware
Mikko Hypponen, F-Secure Corp.

Listen in MP3 format

View the presentation slides

View video in MP4 format:
240 by 180 pixels (35.7MB)
320 by 240 pixels (160.8MB)

So tonight I was needing to adjust something on our older Konica 7155 printer (it's about to come off lease) and it wouldn't let me reset the thing I needed to reset.  The password I was entering for the administrator control that I had written down in my network documention manual wasn't working.

So on the off chance that either I forgot to change the password, or it reset or something, I did what every self respecting hack IT person would do.  I googled it.

http://defaultpassword.com/?action=dpl&char=k

Yes, sysadm was indeed the password the system was looking for.

Nice one there, Susan.  And what's the cardinal rule of devices ESPECIALLY ROUTERS AND NETWORK FIREWALLS?  Ensure you change the default password.  Check and make sure that your password is not one that is a known, googlable, guessable one as well.