THE OFFICIAL BLOG OF THE SBS DIVA

Seen on a fortune cookie...

I hear and I forget.
I see and I remember.
I do and I understand.

...and I'll add one to that list....

I blog and I understand even better.

What happens behind the scenes when using the Microsoft Support Diagnostic Tool - The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2010/09/27/what-happens-behind-the-scenes-when-using-the-microsoft-support-diagnostic-tool.aspx

I want that.

I want to open a support case just for that.

Have you ever opened up the cab files of the Microsoft diagnostic tools and looked around as to what can be gleaned from their tools?  The next time you have a support case and get that tool to be run on your system, save a copy locally and open up the resulting .cab file. 

Wallow in the information you can glean from that. 

Ask yourself if YOU look for all of those things when you review a server.

The .net out of band is up on Microsoft update/Windows Update.

 For desktops this is not a risk.  You do not run a web server.
You can have as many as three updates offered up to you on your Windows XP.

For SBS 2003 servers you will need three updates (ugh) and it will need 
a reboot.

For workstations there is no need to rush to update.  In fact this is 
one of those things that you may just want to hide the patch (especially 
since we all LOVE to update .net on our desktops.

For servers, I honestly do not think this is a rush to the server and 
patch now kind of issue for Small Business Servers.  We're smaller 
targets at less risk for this attack.  Definitely test first.

http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx
Should I be concerned about this vulnerability if I don’t store any sensitive information in my viewstate?

"Yes you should.  There is a combination of attacks that was publicly demonstrated that can leak the contents of your web.config file, including any sensitive, unencrypted, information in the file.  You should apply the workaround to block the padding oracle attack in its initial stage of the attack.  The security update will fix this vulnerability."

========
I know, I know.... Geeze shut up Susan and patch already if you are that worried about this.

Sorry but I want to understand here.

Yoda has config info in some of his config files up on the server.  You open them up in notepad and bingo, there's the authentication information for stuff on the server.  (Guess I shouldn't admit that huh?)  But he's been patched already.

So I haven't looked at EVERY web config file on the SBS 2008 or SBS 2003 mind you, but of the ones I browsed through, I'm not seeing anything sensitive.  Both RWW on sbs 2003 and sbs 2008 (and obviously Home server) uses Viewstate...but.... passwords aren't saved.

As others have said, the Microsoft guidance too often focuses on the patch and not the risk of the patching. 

More discussion here to explode your brain tonight - http://www.troyhunt..com/2010/09/fear-uncertainty-and-and-padding-oracle.html

Before Microsoft was all in for the cloud, Karl wrote the book on it.

And if you don't jump on this now you'll price for gaining that knowledge will go up too!

Check out Karl's blog (that you should have ready already anyway and if you didn't add it to your RSS reader now) and sign up for his pre day training before Friday!

Small Biz Thoughts by Karl Palachuk: Walking Into the Cloud - Prices Go Up Friday!:
http://blog.smallbizthoughts.com/2010/09/walking-into-cloud-prices-go-up-friday.html

This is your chance to get that base of information regarding positioning yourself for the era of some full on premises, some Aurorafied.

*Update Rollup 1 for Exchange Server 2007 Service Pack 3 (KB2279665)* 
<http://support.microsoft.com/?kbid=2279665>
This update rollup resolves problems that were found in Exchange Server 
2007 Service Pack 3 (SP3) since Exchange Server 2007 SP3 was released 
and replaces previously released update rollups for Exchange Server 2007 
SP3.

Sync'd up on WSUS tonight but does not include the remote file access in 
OWA fix that was broken in SP3.

That fix will be in update rollup 2.

So if you depend on remote file access via OWA don't install SP3 yet.  Remember that SP3 is not offered up on WSUS.

Go here:

https://account.live.com

Now that you are there, set up your "proofs"... you know ... your proofs... what you need to prove you are who you are so you can easily and quickly gain your liveID back

Add your email, your mobile phone and hook it to your trusted PC.

http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/09/27/hotmail-security-updates-protect-you-from-account-hijackers.aspx

And while there...tell a friend...

Small Business Server 7 Overview Interview:
http://technet.microsoft.com/en-us/edge/small-business-server-7-overview-interview.aspx?query=1
Bjorn Levidow, Group Program Manager for SBS, tells us about some of the new enhancements in the next version of Windows Small Business Server 2008 (SBS 2008), currently called "SBS 7" for short. You can download the SBS 7 Preview by going to this Connect site

Upcoming Patch Watch update » Windows Secrets Lounge:
http://lounge.windowssecrets.com/index.php?showtopic=778419&st=0&gopid=860967&#entry860967

My take...don't panic, test... wait for the MU deployment.

Outlook 2010 with Business Contact Manager: You Spoke, We Listened - Business Contact Manager Team Blog - Site Home - MSDN Blogs:
http://blogs.msdn.com/b/bcm/archive/2010/09/23/outlook-2010-with-business-contact-manager-you-spoke-we-listened.aspx

"When we made this decision, we underestimated the importance of BCM to our small business customers and those who purchased previous versions of Office in retail stores or pre-installed on PCs. "

Proving that we don't buy Office through VL

Consider allowing unique Office 2010 rights to SBSv7 | Microsoft Connect:
https://connect.microsoft.com/SBS/feedback/details/604378/consider-allowing-unique-office-2010-rights-to-sbsv7

Which is what my bug in the SBSv7 beta is all about.  Be realistic about how we buy software.  We don't buy it via VL. 

http://www.cs.umass.edu/~verts/cs32/endian.html

All of us that use Intel processors use a Little Endian in our byte order.  No that's not Indian, that's Endian.  As in processing numbers from the Little end or big end. 

This standardization of process ensures that every computer can process things in the same fashion.  We all start "eating " our data from the same small end in the Intel processor chip world.

http://en.wikipedia.org/wiki/Endianness

Which amazingly enough we owe the term "endian" to a Swift novel, eggs and a computer geek.

http://www.ietf.org/rfc/ien/ien137.txt

An out of band Asp.net update is coming out tomorrow...but... it won't initially be on WSUS, WU or MU.

While the SharePoint blog says that 1.1 sites (http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx) are not subject to the vulnerability, I'm not yet ready to give the all clear to SBS 2003 sites as they run Exchange/OWA which has issues as well.  http://msexchangeteam.com/archive/2010/09/23/456399.aspx 

But I'm still not ready to tell you guys to go running around your clients yelling "Patch now".  The bad guys have to use this to get a leg up.  The bad guys are more often than not going to go after the bigger web sites.  The bad guys have better things to do and richer, easier targets to go after.  Sometimes the issue is not that there is a weakness in something but how realistic it is that someone will go after you.

Since the MSRC blog says that they are still testing the update for distribution through WSUS/WU and MU, I'm still saying that it's wiser to hold back...or ... at least test yourself BEFORE you install this on your client base.

http://www.dell.com/downloads/us/bsd/integrating_hardwareAlerts.pdf

(edit:  changed the url as I accidentially linked twice to the same page, now linked to the right Dell page, thanks Phil)

http://support.dell.com/support/edocs/software/svradmin/6.3/en/MSG/PDF/OMSAMSG.pdf

Introduction:
This white paper provides information on the Monitoring and Reporting
feature in the Microsoft Windows Small Business Server 2008
SBS Console and the alert mechanism in Dell OpenManage systems
management tool. It includes instructions to integrate the OpenManage
alerts into the SBS System Report. This white paper is ideal for
users who have a Windows SBS-based infrastructure deployed and
wants to generate a comprehensive report with both software and
hardware alerts.

<AlertDefinitions>
<AlertDefinition ID="469ADADA-0000-1111-9999-ADADADADA001"
Default="1"
Title="OpenManage Log"
Source="Server Administrator">
<Parameters>
<Path>System</Path>
<Provider>Server Administrator</Provider>
<SetEventID>2335</SetEventID>
<ClearEventID />
</Parameters>
</AlertDefinition>
</AlertDefinitions>

=========
Below is list of OpenManage alerts that gets into the Server Event
Logs section of the SBS report as displayed in the Fig 4 using the
sample script provided here.
• ESM log size is full.
• Failure of Fan 4 in the system chassis.
• Fan redundancy lost in the System chassis.

<AlertDefinitions>
<AlertDefinition ID="469ADADA-0000-1111-9999-ADADADADA005"
Default="1"
Title="Open Manage Log"
Source="Server Administrator">
<Parameters>
<Path>System</Path>
<Provider>Server Administrator</Provider>
<SetEventID>1104</SetEventID>
<ClearEventID />
</Parameters>
</AlertDefinition>

 
<AlertDefinition ID="469ADADA-0000-1111-9999-ADADADADA006"
Default="1"
Title="Open Manage Log"
Source="Server Administrator">
<Parameters>
<Path>System</Path>
<Provider>Server Administrator</Provider>
<SetEventID>1554</SetEventID>
<ClearEventID />
</Parameters>
</AlertDefinition>
<AlertDefinition ID="469ADADA-0000-1111-9999-ADADADADA007"
Default="1"
Title="Open Manage Log"
Source="Server Administrator">
<Parameters>
<Path>System</Path>
<Provider>Server Administrator</Provider>
<SetEventID>1306</SetEventID>
<ClearEventID />
</Parameters>
</AlertDefinition>
</AlertDefinitions>

http://technet.microsoft.com/subscriptions/downloads/default.aspx?pv=1:407

I have no idea exactly WHERE this is on the Technet download page but if you want to play/test with Office Web apps on SBSv7 that's where the download is on the Technet subscriber page.  And if you have Action pack you should be able to get that download.

http://technet.microsoft.com/en-us/office/ee815687.aspx

Computer Information Agency:
http://supportweb.ciaops.net.au/blog/archive/2010/09/20/migration-by-the-numbers-–-step-1.aspx
Computer Information Agency:
http://supportweb.ciaops.net.au/blog/archive/2010/09/20/migration-by-the-numbers-–-step-2.aspx
Computer Information Agency:
http://supportweb.ciaops.net.au/blog/archive/2010/09/22/migration-by-the-numbers-–-step-3.aspx

Keep watching Robert's blog for more

It takes a village sometimes.

So the other day the recording of the Aurora OPK deep dive was released.  Great, says I, a great way for partners to get a look at Aurora.  But the partner learning sign up is the most horrific process to share links to webcasts I have ever come across.

https://training.partner.microsoft.com/learning/app/management/LMS_ActDetails.aspx?UserMode=0&ActivityId=709800&CallerURL=/learning/app/taxonomy/TAX_Search.aspx?UserMode=0&NodeID=0&SelectedNodeID=0&VSC=ItemName&VSO=A&SourceRef=-1&DispMode=normal&AdvType=0&SearchStr=aurora&See=Search

That doesn't go directly to the webcast link, it goes to a sign up.  One that has annoying popups and what not.  To the point where when I was at our geek meeting with Eriq Neale NO ONE in the group has gone to the partner learning portal because they find it annoying.

So I was telling them how I could tell that there was a url to a wmv file but I could not figure out the link as it blinked across the screen too fast.  I said I had told them I tried fiddler, but the url was hidden by the partner learning center wrapper.  I tried network monitor but because the link was protected by SSL I couldn't see the link to the wmv file.  I tried looking at the firewall logs but again, SSL was blocking the url from me.

I was thinking that next I'd rip the media file and record my own to share this URL easier with User group leaders.

So then they said to use Camasta to record the screen on my computer. Then pause it right as the link showed up so I could capture it and figure out exactly where the wmv file was.

Bingo.  That worked.

https://training.partner.microsoft.com/learning/contentserver/msrecordings/fn57074mqq96905f.wmv

And there's the link to the direct windows media file.  A really good overview of Aurora including a little hint about migration.

John Paul Cook : Using Wireless with Hyper-V:
http://sqlblog.com/blogs/john_paul_cook/archive/2008/03/23/using-wireless-with-hyper-v.aspx

So the other day I moved a server and temporarily needed to move the HyperV networking connection to a wireless one.

First thing I had to do was to install the wireless feature as I couldn't connect to the wireless without it.  Then I had to do this trick of bridging the network connection as I found that I couldn't bind a wireless network connection to a HyperV network. 

But adding a virtual internal nic and bridging it to the wireless nic worked like a champ.

If you are participating in the SBSv7 beta ... consider voting on this bug.

Consider allowing unique Office 2010 rights to SBSv7 | Microsoft Connect:
https://connect.microsoft.com/SBS/feedback/details/604378/consider-allowing-unique-office-2010-rights-to-sbsv7

Okay so here's the proposal.  Please note Eric Ligman will probably have a heart attack and Attorneys will have nervous breakdowns.

You buy SBS v7 on volume license.  This gets you into the VL purchasing scheme.  You then buy ONE copy of Office 2010 VL.  This gives you the Office web apps key code/ability to install Office 2010 on top of SharePoint foundation that will give you the ability to have a web based Office wrapped inside of SharePoint.

At the present time, the only way you are allowed access to Office Web Apps is to have an Office license for every user using that Office web apps.  http://www.infoworld.com/d/developer-world/twists-and-turns-office-web-apps-software-license-895  Based on my understanding that means every user of Office Web apps on a SBSv7 would need a Office 2010 VL license as that's the only version that provides the Web apps right.

'For Office for Mac 2011 Standard, Office Professional Plus 2010 and Office Standard 2010:

Office Web Apps.  In addition to the rights above, you may install the Web App software on a network device. You may use the Web App software only as described below.

·         Primary User. The single primary user of the licensed device may access and use the software remotely from any device.

·         Non-primary Users. At any time, one user may access and use the software from the licensed device.'

So here's my bug and proposal.  Let's SBSize it.  Make the license such that as long as the SBSer purchased SBSv7 under a VL agreement and as long as they purchased ONE copy of Office 2010 standard under a VL agreement (which, remember, once the SBS gets you in the door of VL, you can purchase single licenses) than ANY  Office 2010 licence you have (Office Home and Business, Office OEM) would give you Primary user rights to that Office web app. 

This would be a sort of a hybrid licensing proposal and would reflect the realities of small business purchasing habits.  We don't buy Office via VL.  We buy it any way we can.  But you've given us the possibilities of Office Web Apps but not matched it up with the realities of small business.

Will this suggestion be taken up by Microsoft and made into reality?  Let's face it probably not.  But, this is one of those things, Microsoft needs to hear the realities of the marketplace.  Office under VL is just too expensive.

If you missed the Kerio-Windows Foundation server presentation from the other day...here's the link!

https://kerioevents.webex.com/kerioevents/lsr.php?AT=pb&SP=EC&rID=2725692&rKey=7ce892c5e3d1f6c4

Microsoft does an about-face; offers free Security Essentials to small businesses | ZDNet:
http://www.zdnet.com/blog/microsoft/microsoft-does-an-about-face-offers-free-security-essentials-to-small-businesses/7450?tag=mantle_skin;content
Announcing: Microsoft Security Essentials available FREE to Small Businesses in October! - Microsoft Partner SMB Community Blog - By Eric Ligman - Site Home - MSDN Blogs:
http://blogs.msdn.com/b/mssmallbiz/archive/2010/09/22/announcing-microsoft-security-essentials-available-free-to-small-businesses-in-october.aspx

Also there's something up with Home server as the recent update http://support.microsoft.com/kb/979453

Issue 5

You may experience incompatibility issues when you use the next version of Microsoft Security Essentials on Windows Home Server. This is a precautionary update. Windows Home Server is currently not supported by the next version of Microsoft Security Essentials Beta or final release. This update will address some incompatibility issues.

So I'd say stay tuned for that as well as something is cookin'.