THE OFFICIAL BLOG OF THE SBS DIVA

So if you've noticed that I have been blogging a bit lighter recently it's because it's DIY summertime project time at the Bradley household.  And this summer we're painting the house. 

No, our house doesn't come with a red A on the front, this just happens to be the Google street view.

A bit brighter blue, darker shutters.  Now mind you my feet hurt, I have a bit of a sunburn on the back of my neck, and I have white and blue paint still on parts of my arms and legs, but sometimes there's a great sense of accomplishment when you do a household project.  Just like with technology, the right tool makes the job go a lot easier. 

My Dad has always been a DIY/fixer kinda guy and very project orientated even though he had a desk job.  Using a hammer, saw, ladders, etc was normal around Dad.  The sound of a saw running on Saturday morning was not out of the norm at our house growing up.

So on this Father's day weekend, to all the Dads out there, thank you for being a Dad and Happy Father's day.

Recently a security researcher took it upon himself to make a risk decision for us all on the Internet.  He decided that it was better to put people at risk, make them deploy a fixit workaround than to work with a vendor for a long term fix.

During a month like June was with lots of updates and patches and especially .NET ones, the fact that one person took it upon himself to make a risk determination for the Windows computing world annoys me.  Fixits and workarounds that mitigate security issues are nice, but only if someone installs the mitigation. 

If you only think in terms of risk to Enterprises, you forget consumers.  If you only think of the impact to consumers, enterprises may need something different.

I challenge every security researcher to help someone get their computer fully up to date.  No really.  I mean FULLY up to date.  On both a Mac and a Windows platform you need near enterprise patch management tools to determine if you are really up to date.  And in getting up to date, try keeping tool bars and marketing relationships off your system.

Just the other day I was updating Adobe on Windows and had to ensure that I didn't get the Google toolbar.  Yet on my Mac, there was no offending marketing offering in the Adobe flash update.

Sometimes there's just as much risk from patching as there is from the thing you are putting out the patch for.

There is no absolutes in security.  There is no black and white. 

And sometimes one person doesn't get the right to make the risk decision for the entire Internet without having some of us "small people" question that decision.

So after our monthly mini cooper meeting, tonight I'm renewing a SSL cert for the blog site.  Well really not exactly renewing it, doing a full SSL cert request to get a CSR length of 2048 or 4096.  So I go into IIS (the Community server site is still running Win2k3) and right mouse click on the web site and go to the directory security tab.  I then go to server certificate and remove the SSL cert that is there (and expiring tomorrow).  I click back on the wizard again and start a new cert request.

It's on the third screen that I specific what key length.

http://help.godaddy.com/article/5619

Because I've previously run the wizard the information is predone so I then click next next next.

You process the request up at godaddy and within seconds they process the renewal. 

Now download the proper version of the cert (in this case for IIS6)

Download it to your server.  This may mean you need to turn on IE ESC to get on to the site or to email it to a web mail to then log in and get it on there.

Go back to the wizard and start the processing of the cert

Find the file you stuck on the server somewhere, click on "all files" to see the godaddy crt

Click next, click use 443

Click finish

From a remote client, check and make sure it's working as it should.

 And voila.. renewed our SSL certs.

You may need to download the intermediate cert to ensure the root chain - http://help.godaddy.com/topic/742/article/4801 and disable the root certs for Godaddy and Starfield as well (or at least check that you did them right the last time)

'Star Wars in Concert' comes to Save Mart Center - Entertainment - fresnobee.com:
http://www.fresnobee.com/2010/06/10/1965104/star-wars-in-concert-comes-to.html

So guess where I was.  There were times that they did parts of the movie.. and then there were cool times where they showed the members of the orchestra

Anthony Daniels as the narrator

Bottom line... if you are a Star Wars fan, and it comes anywhere near you.. go

http://www.starwarsinconcert.com/

Worth it.

 P.S.  Best touch.. starting the concert with the THX Dolby sound and the Fox Fanfare.

By now you've read that Intuit's cloud broke yesterday.  And the comments range from "it happens" to "boy did they screw up" to "I'll never use cloud again".

If you didn't plan on access to a hosted application breaking, shame on you.  If you didn't have a plan B in place, shame on you.  Sure Intuit has eggs benedict, scrambled eggs and eggs easy over all over their face by now, and it appears probably some rethinking to do regarding communication, data centers and what not, but what about you?  Do you plan on something you depend on being down?

If you couldn't pay your employees yesterday because a service you depended on was down, plan on it being down sometime in the future.  Let your brain wander to that possibility.  Now.  What do you do?

In the case of payroll, it's actually quite easy.  The old fashioned way with manual checks, Pub 15, a calculator and a pen if you want to be exact.  Or you just write manual checks based on what they made the last time and then post it as an advance and adjust it through the wagest later.  Oh but Susan what about direct deposit?  There's this old fashioned concept of walking to a bank or an ATM and making a deposit. 

Bottom line if you haven't thought about the process you'd go through if you can't do ....whatever... if whatever is providing it is broken or down... now's the time to sit back, read those "the cloud is falling" headlines and think about the next time your on premises solution is in exactly the same headline making/things aren't working/stuff is down condition.

It will happen.

Plan on it.

Some of the links talked about at tonight's partner geek meeting include....

You Had Me At EHLO... : Introducing Remote Desktop Connection Manager (RDCMan) 2.2:
http://msexchangeteam.com/archive/2010/06/11/455115.aspx
The RDconnection manager talked about on the Ehlo blog

Managed Services: Time to Abandon Per-Device Prices? | MSPmentor Managed Services News & Blog:
http://www.mspmentor.net/2010/06/14/managed-services-time-to-abandon-per-device-prices/
MSPMentor's discussion of per device pricing

Amazon.com: Microsoft Office 2010 Home & Business (Disc Version): Windows: Software:
http://www.amazon.com/Microsoft-Office-Home-Business-Version/dp/B0036Z0NZI
Office 2010 Home and business - licensed for one desktop/one laptop

VDI questions came from Doug... we still need to get some answers
Got Questions on Desktop Virtualization? You’re Not Alone… - Windows Virtualization Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/virtualization/archive/2010/06/02/got-questions-on-desktop-virtualization-you-re-not-alone.aspx
Got Questions on Desktop Virtualization? You’re Not Alone… - System Center Experts - Site Home - TechNet Blogs:
http://blogs.technet.com/b/systemcenterexperts/archive/2010/06/01/got-questions-on-desktop-virtualization-you-re-not-alone.aspx

The MSRC blog posted up the best part of the monthly security web cast... the Q&A part...

http://blogs.technet.com/b/msrc/archive/2010/06/11/monthly-security-bulletin-webcast-q-amp-a-june-2010.aspx

Here's some other patching related links you really should read...

Error 646 while installing updates.:
http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/18449f60-c149-4eaf-b8e6-a2880cd7232b

Servicing Windows: Part One - Ramblings of a Support Engineer - Site Home - TechNet Blogs:
http://blogs.technet.com/b/joscon/archive/2010/06/15/servicing-windows-part-one.aspx

General guidance on disk provisioning for WinSXS growth - Ramblings of a Support Engineer - Site Home - TechNet Blogs:
http://blogs.technet.com/b/joscon/archive/2010/06/12/general-guidance-on-disk-provisioning-for-winsxs-growth.aspx

http://social.technet.microsoft.com/Forums/en/sharepointadmin/thread/c054514a-4c1d-47d5-a2bc-d8c3c7a6870d

http://www.newagedev.net/2010/06/window-sharepoint-service-3-0-cant-load-after-install-kb983444-security-update/

The last dead body we're seeing (and not unique to SBS) is the SharePoint one.  No issues in my test networks or at my office, but some folks have reported this.

http://blogs.technet.com/b/sbs/archive/2009/05/06/companyweb-inaccessible-after-sharepoint-3-0-service-pack-2.aspx

Patching is not bulletproof.  Not even for cloud deployments.  Look at the maintenance windows they have.  If you want the control of the server, along with it comes the need for you to evaluate if the risk of patching is less than the risk of the threat. 

As I've said before, have a good backup, hold back a bit and monitor the forums, the partner forums and blogs and we'll be fine.

Thank Ian Watkins.. I missed this one.  I'm going to guess that one of those authentication updates for .NET caused this but I'm not willing to pull them off just to confirm.  To fix, go into the WSUS console change the mail server IP address to 127.0.0.1.

 EVENT #    367668
EVENT LOG    Application
EVENT TYPE    Error
OPCODE    Info
SOURCE    Windows Server Update Services
CATEGORY    Core
EVENT ID    10052
COMPUTERNAME      SERVER
DATE / TIME      6/14/2010 11:05:03 PM
MESSAGE    The server is unable to send e-mail notifications.

Someone will probably comment that it was supposed to be 127.0.0.1 in the first place or something.
 

The second dead body issue I'm seeing is error 646 with the Office compat updates.

The proposed workaround is posted here:

http://social.answers.microsoft.com/Forums/en/vistawu/thread/d71701e0-3f7a-42fe-b741-5d53be5a2b9c?prof=required

Here's what I recommend you to do:

1. Turn off User Account Control (UAC). Don't just lower down the restrictions - turn it off completely. See below on how to disable/enable it.
http://windows.microsoft.com/en-us/windows-vista/Turn-User-Account-Control-on-or-off
2. Restart your computer for the change to take into effect.
3. Re-download Security Update for the 2007 Microsoft Office System (KB982331) from the link below:
http://www.microsoft.com/downloads/details.aspx?familyid=7f89a734-cda4-4abb-9a10-f6dfe560e8d0&displaylang=en
4. Install it. It should be working fine.
5. If it still does not work, go to Windows Update client (for Vista and Windows 7) by clicking on Start and type "Windows Update" on the Start Search textbox. Windows Update window will then appear. Click "Install Updates".
6. If it still does not work, try to open any or all of your MS Office applications (like MS Word, MS Excel, etc).
7. Follow Steps # 3-4.
8. If it still does not work, follow step # 3 again. After downloading it, try to disconnect your computer from the internet (either unplug the internet cable or turn off the modem). Then, try to install the downloaded (KB982331). It must be working this time.

Let me know your findings.
DISCLAIMER: This is only a workaround - not a resolution. We will do our absolute best to find the resolution for everyone.

So I'm remotely patching machines (as I was busy painting my house this weekend) at the office.  This month takes time.  And given the number of patches, the .NET and the SharePoint, you want to take this nice and slow.  I've yet to hear chatter of major attacks from anything so the risk right now is more from updating than it is from patching.

On the consumer side the usual .net getting stuck ... and the Office compatibility 2007 patch looks like the body count for this month. 

.net --

http://social.answers.microsoft.com/Forums/en/vistawu/thread/5305c174-a8c0-4d04-b4a7-e37c76013564

Try -- 1. Run the FixIt in KB 971187 - How to fix MSI software update registration corruption issues by clicking the link below:
http://support.microsoft.com/kb/971187
2. Retry the Update.
3. If the Update fails, proceed to Step 4.
4. Download .Net Cleanup Utility from the link below:
http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-08-90-44-93/dotnetfx_5F00_cleanup_5F00_tool.zip.
5. By using the Cleanup Tool, uninstall all .Net Framework entries. (You will not be allowed to remove the .NET Framework 2.0 on Vista and higher because it is an Operating System component.)
6. Restart the computer.
7. Download and install the .Net Framework 3.5 SP1 by clicking the link below (this will also install .Net Framework 2.0 SP2 and 3.0 SP2):http://www.microsoft.com/downloads/details.aspx?familyid=AB99342F-5D1A-413D-8319-81DA479AB0D7&displaylang=en

How to Perform a Bare Metal Restore on Small Business Server 2008 - The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2010/06/11/how-to-perform-a-bare-metal-restore-on-small-business-server-2008.aspx

One thing to keep in mind when restoring a server in HyperV, you'll need to attached the backup drive location as an IDE drive even if you backed it up on a SCSI location.  Once you do that it will see the backup location.

Help Protect Your Data by Using BitLocker in Windows Small Business Server 2008 and in Windows 7 Ultimate - The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2010/06/10/help-protect-your-data-by-using-bitlocker-in-windows-small-business-server-2008-and-in-windows-7-ultimate.aspx

I'll be honest, I opted not to do bitlocker on my server for two reasons... one that my server doesn't have a TPM chip .. you have to specially order them typically for SMB servers and most importantly I didn't want to mess up being able to remotely reboot/patch servers. 

Bitlocker has it's place on laptops and removable devices, but with servers, at least for mine, I decided not to use it on the server.

I was fixing a computer for a friend and was considering using a boot disk to clean the machine and several of them have easy ways to update the boot disk with latest a/v signatures.  The avast bart cd/iso is probably the easiest - http://www.avast.com/bart-cd but it's also not free.

http://thepcsecurity.com/clean-malware-from-unbootable-pc-with-ultimate-boot-cd/ There are other offerings that are free.

However given that in chatting with the computer user we opted for the reinstall from fresh and this time use Microsoft security essentials.  What was probably slowing her system down, in addition to the rogue antivirus software that was obviously on the system, was that the computer only has 256 of RAM.  I haven't seen 256 of RAM on a system in ages.  Even with Microsoft Security Essentials the MSE doesn't turn on right away and takes a bit of time to load up.

Needless to say I'm going to see if I can scrounge up some RAM before sending this computer back to it's home.

My Sister gets every other Friday off, so I took the day off and went with my Sister and my Dad up to Yosemite.

Waters Run High at Yosemite: The California Report | The California Report:
http://www.californiareport.org/archive/R201006110850/b

The waters of the Merced river are running fast and cold.

Taken from the back seat of my Sister's Mini Cooper with the top down on the convertible...

Now tonight... starting patching.  With all the .NET stuff patching will take time this month so plan accordingly.

From TechEd 2010 some videos of interest:

Windows Small Business Server 2008 Migration Overview :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/WSV206
Windows Small Business Server (SBS) is the next generation server solution from Microsoft that is designed for small businesses. By integrating management, messaging, and security technologies together into a single product, SBS allows you to achieve greater efficiencies than ever before. With SBS, you can more proactively manage your environment, increase user productivity, and provide sophisticated and seamless remote access capabilities.

Windows Server 2008 R2 SP1 :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/WSV307
Death of a Network: Identify the Hidden Causes of Lousy Network Performance :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/WSV303
Cybercrime: The Gathering Storm (repeats on 6/10 at 3:15pm) :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/SIA330
Understanding How Microsoft Virtualization Compares to VMware :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/VIR204
Virtualization 360: Microsoft Virtualization Strategy, Products, and Solutions for the New Economy :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/VIR206
Networking and Windows Server 2008 R2 Hyper-V: Deployment Considerations :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/VIR310
Death of a Network: Identify the Hidden Causes of Lousy Network Performance :: 2010 :: North America :: Microsoft TechEd:
http://www.msteched.com/2010/NorthAmerica/WSV303

http://www.msteched.com/Latest/Page1/  Look there for more videos

Fortunately I passed with a 900 (700 is needed to pass) it would be kinda embarrassing to flunk it.

Questions about migration.  And a fair amount of questions about using the wizards way of doing things, not the fire up active directory users and computers and go around it way.

Remember that this is one of the exams you need to pass to maintain your SBSC program membership.

I don't get the VLSC web site.  They should be enticing people to WANT to pay money.  But every time I touch that site I want to go open source, deploy Apple or do anything and everything in my power to stop wasting my time with volume licensing.

Today I had to accept the new SA/renewal/reup volume licensing agreement and I tried to do so with the LiveID that I've used for the VLSC web site for the last 8 years (or as long as the eopen site has started using Passport authentication).

Hmmm...okay why can't I use my LiveID here?

Your Microsoft Volume Licensing Agreement has been created by your Microsoft Channel Partner and is ready for your acceptance and signature.  
1. First Time User of eAgreements – Accepting and Signing your Agreement :  
In order to review and accept your Licensing Agreement, please read the following instructions prior to clicking on the link below:
1. You will be prompted to sign onto eAgreements using a Windows Live ID - Your Windows Live ID must use the same email address that was used for this email notification [sbradcpa@pacbell.net]

Uh.... okay.. but you had said earlier that I didn't have to have my LiveID match my business email address.  In fact when I called them on the phone back in December when I was locked out for over 30 days in the VLSC web site it was established then that all I had to do was to associate the LiveID with the VLSC web site.

a. If you do not have a Windows Live ID for this email address, you are required to create one. Otherwise you will be unable to accept and sign your Agreement. (For example, email notification is sent to [sbradcpa@pacbell.net], therefore, this user must sign into eAgreements using a Windows Live ID of [sbradcpa@pacbell.net]).
b. If you are signed into another website using a different Windows Live ID, you must sign out of this website prior to signing into eAgreements
 2. Once you have verified that you have the correct Windows Live ID, you are now ready to click the link to Accept and Sign your Licensing Agreement (Note: You will be prompted to accept the Terms of Use of the eAgreements site).

Need I remind you guys that it says "your business email address may be different from your Microsoft Live ID.

So I emailed the eAgreements folks and indicated that I had the same LiveID since about 2002 handling my volume licensing and I'd not like to mess it up using another one.

And they wrote back...

We understand the convenience of keeping one Live ID to use with multiple agreements. Please note that for security purposes, your eAgreement must be signed with a Live ID that matches the email address that the reseller listed on the agreement when it was created. If you would like to change the email address on your agreement to e_bitzie@hotmail.com, we will need to direct you to your reseller Software One, so that they can make this change. If you are willing to create a new Live ID with sbradcpa@pacbell.net, you may do so by following the steps below:

But Ma'am, we established back in December that you didn't have to have them match they just had to be associated.... and there was a process to do so.

We apologize for any inconvenience that you are encountering with your eAgreement. Please be advised that the eAgreement acceptance process that you are being prompted to complete is unrelated to registration on the Volume Licensing Service Center (VLSC), and this may be what can cause confusion.

To accept your eAgreement, you must use a Live ID matching the email address listed on your agreement by the reseller. This can be changed by contacting the reseller, Software One. To access an agreement on the VLSC website, you must register a business email address, but the Live ID that you sign in with does not have to be the same as this business email address.

At this time you may either ask your reseller to change the email address on your agreement to e_bitzie@hotmail.com to match your existing Live ID, or you may create a new Live ID matching sbradcpa@pacbell.net

But I don't want another LiveID, I don't want one hooked to sbradcpa@pacbell.net, I want to use the SAME, the one, the only, so I don't have to remember multiple passwords and reset phrases, LiveID that I've used when buying volume licenses for the past 8 years.  I want to GIVE you money.  Why do you make it SO hard to give you money.

Okay I didn't email back that last part about how hard it was to give them money... I gave up... after talking with Tom from Softwareone who talked be down from the edge of stubbornness, I set up a liveID.

17 pages of legal verbage to read later...why does this have to be so hard and so complicated?

Okay we geeks don't read.  Fine.  I understand that.

But every month it's like the security bulletin people do not want us to read.  In EACH bulletin IF there is issues with the security patches that they know about there is a little link for known issues.  This month has to be the WORST for following the bread crumbs to where they explain what the known issues are.

http://www.microsoft.com/technet/security/Bulletin/MS10-036.mspx  Click there

Cool there's known issues that point to
Known Issues. Microsoft Knowledge Base Article 983235 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues. When currently known issues and recommended solutions pertain only to specific releases of this software, this article provides links to further articles.

We click and follow the KB.  We scroll down to the section where the links to additional KBs are...

Known issues and additional information about this security update

• 982311  (http://support.microsoft.com/kb/982311/en-US/ ) MS10-036: Description of the security update for Office 2003: June 8, 2010
• 982312  (http://support.microsoft.com/kb/982312/en-US/ )  MS10-036: Description of the security update for the 2007 Office system: June 8, 2010
• 982133  (http://support.microsoft.com/kb/982133/en-US/ ) MS10-036 and MS10-038: Description of the security update for Excel 2003: June 8, 2010
• 982308  (http://support.microsoft.com/kb/982308/en-US/ ) MS10-038 and MS10-036: Description of the security update for Excel 2007: June 8, 2010
• 982157  (http://support.microsoft.com/kb/982157/en-US/ ) MS10-036: Description of the security update for PowerPoint 2003: June 8, 2010
• 982158  (http://support.microsoft.com/kb/982158/en-US/ ) MS10-036: Description of the security update for PowerPoint 2007: June 8, 2010
• 982122  (http://support.microsoft.com/kb/982122/en-US/ ) MS10-036: Description of the security update for Publisher 2003: June 8, 2010
• 982124  (http://support.microsoft.com/kb/982124/en-US/ ) MS10-036: Description of the security update for Publisher 2007: June 8, 2010
• 982126  (http://support.microsoft.com/kb/982126/en-US/ ) MS10-036: Description of the security update for Visio 2003: June 8, 2010
• 982127  (http://support.microsoft.com/kb/982127/en-US/ ) MS10-036: Description of the security update for Visio 2007: June 8, 2010
• 982134  (http://support.microsoft.com/kb/982134/en-US/ ) MS10-036: Description of the security update for Word 2003: June 8, 2010
• 982135  (http://support.microsoft.com/kb/982135/en-US/ ) MS10-036: Description of the security update for Word 2007: June 8, 2010
• 983632  (http://support.microsoft.com/kb/983632/en-US/ )  Security Settings for ActiveX controls and OLE objects in Office 2003 and in the 2007 Office suite

Gahhhh....

Okay let's click on each one to see what issues we have...

Click scroll.. nothing of a known issue...
Click scroll.. nothing of a known issue...
Click scroll.. nothing of a known issue...
Click scroll.. nothing of a known issue...
Click scroll.. nothing of a known issue...

http://support.microsoft.com/kb/982157/en-US/ Something in this one

Removal information

To remove this security update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.

Note When you remove this update, you may be prompted to insert the PowerPoint 2003 CD in the CD drive. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or the Programs and Features item in Control Panel. There are several possible causes of this issue.

For more information about the removal, click the following article number to view the article in the Microsoft Knowledge Base:

903771  (http://support.microsoft.com/kb/903771/en-US/ ) Information about the ability to uninstall Office updates

http://support.microsoft.com/kb/982158/en-US/

Removal information

To remove this security update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.

Note When you remove this update, you may be prompted to insert the PowerPoint 2007 CD in the CD drive. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or the Programs and Features item in Control Panel. There are several possible causes of this issue.

For more information about the removal, click the following article number to view the article in the Microsoft Knowledge Base:

http://support.microsoft.com/kb/982122/en-US/

Known issues with this security update

• If you do not have Microsoft Office Publisher 2003 installed, Microsoft Update may still offer this update. For more information about why you may be offered to install this update, click the following article number to view the article in the Microsoft Knowledge Base:
  
  830335  (http://support.microsoft.com/kb/830335/en-US/ )  Microsoft Update and Windows Update offer updates for Office programs that you do not have installed

http://support.microsoft.com/kb/982124/en-US/

Known issues with this security update

• If you do not have Microsoft Office Publisher 2007 installed, Microsoft Update may still offer this update. For more information about why you may be offered this update to install, click the following article number to view the article in the Microsoft Knowledge Base:
  
  
  830335  (http://support.microsoft.com/kb/830335/en-US/ ) Microsoft Update and Windows Update offer updates for Office programs that you do not have installed

http://support.microsoft.com/kb/982126/en-US/

Removal information

To remove this security update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.

Note When you remove this update, you may be prompted to insert the Visio 2003 CD in the CD drive. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or the Programs and Features item in Control Panel. There are several possible causes of this issue. 

Conviction and confusion in Microsoft's cloud strategy • The Register:
http://www.theregister.co.uk/2010/06/08/teched_microsoft_cloud/

"So, does this all mean Microsoft now "gets" the cloud? There was a telling comment in the press briefing for Windows InTune, a cloud service for managing PCs that is aimed at small businesses. Product manager Alex Heaton had been explaining the benefits: easy management of PCs and laptops wherever they are, and a web application that upgrades itself, no need to install service packs or new versions.

In fact, it seemed better than tools in Small Business Server (SBS) that covers the same area. Should SBS users move over?

"It's an interesting question, when should you use the cloud based versus when should you use the on-premise," said Heaton. "The answer is, if you've already got an on-premise infrastructure that already does most of this, you're pretty much good, there's no reason for you to go to a separate infrastructure."

In reality this is not the case. There are strong reasons for small businesses to migrate to cloud-based solutions because keeping a complex on-premise server running sweetly is a burden. Microsoft is heavily invested in on-premise though and disrupting its own business is risky.

The result is a conflicted strategy."

I have a crappy DSL connection.  I have sensititve data.  I have needs for a Windows file server, not Azure, but a file server.  I see just as many strong reasons for keeping an on premise server.

So when you email Vlad regarding your concerns, issues and business reasons for looking at clouds -- http://www.vladville.com/2010/06/writing-a-book-on-cloud-services.html just remember that there's still a lot of hype out here and we're still separating the hype of a beta product (Intune) from the reality of what is showing that it works (Hosted Exchange with www.ownwebnow.com )