MSMVPS.COM

Solution: ConfigMgr2007 SP2 Setup stuck in Upgrade status

Rod Trent at myITforum.com — Tue, 09 Feb 2010 18:56:14 GMT

I recently ran into this issue a couple days ago and didn't see a whole lot documented on it so I thought I would do a quick write up here. If you're trying to upgrade some of your site servers to SP2 and run into an issue, this should Read More......(read more)

Microsoft Security Bulletin(s) for February 9, 2010

Don — Tue, 09 Feb 2010 18:13:00 GMT

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···feb.mspx

Critical (5)

Microsoft Security Bulletin MS10-006
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
»www.microsoft.com/technet/securi···006.mspx

Microsoft Security Bulletin MS10-007
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
»www.microsoft.com/technet/securi···007.mspx

Microsoft Security Bulletin MS10-008
Cumulative Security Update of ActiveX Kill Bits (978262)
»www.microsoft.com/technet/securi···008.mspx

Microsoft Security Bulletin MS10-009
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
»www.microsoft.com/technet/securi···009.mspx

Microsoft Security Bulletin MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
»www.microsoft.com/technet/securi···013.mspx

Important (7)

Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution
»www.microsoft.com/technet/securi···003.mspx

Microsoft Security Bulletin MS10-004
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
»www.microsoft.com/technet/securi···004.mspx

Microsoft Security Bulletin MS10-010
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
»www.microsoft.com/technet/securi···010.mspx

Microsoft Security Bulletin MS10-011
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
»www.microsoft.com/technet/securi···011.mspx

Microsoft Security Bulletin MS10-012
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
»www.microsoft.com/technet/securi···012.mspx

Microsoft Security Bulletin MS10-014
Vulnerability in Kerberos Could Allow Denial of Service (977290)
»www.microsoft.com/technet/securi···014.mspx

Microsoft Security Bulletin MS10-015
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
»www.microsoft.com/technet/securi···015.mspx

Moderate (1)

Microsoft Security Bulletin MS10-005
Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
»www.microsoft.com/technet/securi···005.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Anybody remember ‘Judy Patch’?

Mike Hall — Tue, 09 Feb 2010 17:24:45 GMT

I have been trawling through some of my saved URL’s and came across this one. At the time, it was difficult to determine if the website was for real or just an attempt at comedy. Personally, I believe that it was constructed in all good faith that it would be of help to people.I don’t think that Judy Patch is still doing this, thankfully. Judy Patch was not and is not alone. There are many ‘have a go’ heroes in this world, and some may be living not too far away from you. They are generally recommended...(read more)

Adding disks into a cluster using PowerShell

John Toner — Tue, 09 Feb 2010 17:01:00 GMT

With Windows 2008 R2, we now have the option to use PowerShell when you want to look at things in the cluster from a command line along with the cluster.exe command. If you want to add a disk to a cluster using PowerShell, there are several different options. In my previous article , I explained how to add a disk in Windows 2008. This still applies to 2008 R2, but if you’re more comfortable using PowerShell, here are a couple of ways to do this. I am a novice PowerShell user so my examples...(read more)

Error handling in a NativeActivity

Maurice — Tue, 09 Feb 2010 15:40:06 GMT

Note: This blog post is written using the .NET framework 4.0 RC 1

Using Workflow Foundation 4 the NativeActivity is the powerhouse when it comes to building native activities. One of its many capabilities is around error handling. Every so often I run into one of these things where things don’t quite work the way I expect them to and this is one of these cases.

The basics of error handling when scheduling child activities.

Whenever a NativeActivity is executed it is passed an instance of the NativeActivityContext which it can use to schedule other activities using the ScheduleActivity() function. This ScheduleActivity() function has a few overloads, one of them using an FaultCallback. This FaultCallback is called when some kind of exception occurs while executing the child activity being scheduled. The fault handling function is called with a couple of parameters including a NativeActivityFaultContext and the exception that is unhandled. The NativeActivityFaultContext contains a HandleFault() function used to indicate that the fault was handled. Not quite as straightforward as a try/catch block but given the asynchronous nature of workflow that would not work.

So I expected the following activity to catch any exceptions and continue.

public sealed class MyActivity : NativeActivity

    public Activity Body { get; set; }

    protected override void Execute(NativeActivityContext context)

        context.ScheduleActivity(Body, FaultHandler);

    private void FaultHandler(NativeActivityFaultContext faultContext, Exception propagatedException, ActivityInstance propagatedFrom)

        Console.WriteLine(propagatedException.Message);

        faultContext.HandleFault();

Do not use, this code has a serious error!

Lets test this code by executing the following workflow:

private static Activity CreateWorkflow()

    return new Sequence

        Activities =

            new WriteLine { Text = "Start outer sequence." },

            new MyActivity

                Body = new Sequence

                    Activities =

                        new WriteLine { Text = "Start inner sequence." },

                        new Throw { Exception = new InArgument<Exception>(ctx => new DivideByZeroException()) },

                        new WriteLine { Text = "End inner sequence." }

},

            new WriteLine { Text = "End outer sequence." }

};

Given this workflow I would expect the following output:

However what really happens is something else as I receive the following output:

As we can see the second inner WriteLine still executes even though the exception is caught at a higher level!

This behavior reminds me of the infamous VB6 On Error Resume Next where an error would just be ignored and the next statement executed. Not really what I was expecting or want.

So the fix is easy. All that is needed is to explicitly cancel the child activity being executed using the CancelChild() function. Below the correct version of my NativeActivity.

public sealed class MyActivity : NativeActivity

    public Activity Body { get; set; }

    protected override void Execute(NativeActivityContext context)

        context.ScheduleActivity(Body, FaultHandler);

    private void FaultHandler(NativeActivityFaultContext faultContext, Exception propagatedException, ActivityInstance propagatedFrom)

        Console.WriteLine(propagatedException.Message);

        faultContext.HandleFault();

        faultContext.CancelChild(propagatedFrom);

The correct fault handler

Enjoy!

www.TheProblemSolver.nl
Wiki.WindowsWorkflowFoundation.eu

End of the line

Mike Hall — Tue, 09 Feb 2010 15:20:40 GMT

Windows 7 RC users will get notification around Feb 15th that usage of the RC will come to an end.. Details here.. http://windowsteamblog.com/blogs/windows7/archive/2010/02/01/important-reminder-regarding-expiration-of-the-windows-7-rc.aspx Users of Windows 2000 should also be aware that support is coming to a very definite end. Without security updates of any kind, it will be increasingly difficult to maintain any level of safety if the computer is connected to the Internet for any length of time...(read more)

{Activa} tu conocimiento - Workshop Desarrollo para Windows 7.

Jaimir Guerrero — Tue, 09 Feb 2010 14:04:00 GMT

9 de febrero 2010 16 de febrero 2010 23 de febrero 2010 2 de marzo 2010 Durante los martes del mes de febrero (o sea desde hoy) vamos a dictar un ciclo de talleres orientados a desarrollar aplicaciones cliente que sean compatibles y exploten todas las ventajas de la plataforma Microsoft Windows 7®. Para este fin vamos a basarnos en el "Windows 7 Training Kit For Developers" el cual pueden descargar aquí . Pueden asistir de forma presencial en las instalaciones de Microsoft Bogotá...(read more)

Llegó el RC1 de Visual Studio 2010

mmendozg — Tue, 09 Feb 2010 13:17:00 GMT

Ya esta disponible el RC1 de las diferentes ediciones de Visual Studio 2010, del .Net Framework 4.0 y TFS 2010.

Aunque inicialmente esta disponible para los suscriptores de MSDN, seguramente al finalizar la semana estará disponible para todos los usuarios. Más información la pueden conseguir en http://msdn.microsoft.com/en-us/vstudio/dd582936.aspx

Para los que ya tienen sus máquinas virtuales o infraestructura funcionando con el Beta 2, la ruta de actuallización a RC es posible. Les recomiendo que revisen el borrador de la guía: Team Foundation Server 2010 Beta 2 to RC Upgrade Guide. Una guía similar va a estar disponible para actualizar de Beta 2 a RTM y de RC a RTM.

Esta versión incluye mejorar muy amplías en temas de desempeño, especialmente de los editores de formularios de aplicaciones y uso de memoría entre otras. si quieren dar feedback sobre su experiencia con esta versión pueden contestar la encuesta disponible en https://mscuillume.smdisp.net/Collector/Survey.ashx?Name=VS2010-RC

Características en Windows Server 2008 R2

juansa — Tue, 09 Feb 2010 12:59:29 GMT

Windows 2008 R2 proporciona un conjunto de funciones añadidas para el servidor llamadas características. Estas formaban parte de Windows 2008 con algunas nuevas en R2. De estas características se extraen las que son obligatorias para que ciertos roles funcionen, de las que añaden fiabilidad al servidor, como el clustering por ejemplo. Algunos sólo añaden estética, como Experiencia de Escritorio. Cuando planeamos nuestro servidor puede que necesitemos instalar algunas de ellas para lograr la configuración querida. En muchos casos no necesitaremos instalar características necesarias a un role. Las que son obligatorias normalmente se instalarán al instalar el propio role.

Para instalar una característica abrimos el Administrador del Servidor, y elegimos Características.

Pulsando en el enlace Agregar características obtendremos acceso al asistente:

Tabla de características:

Característica	Descripción
Administración de directivas de grupo (Group Policy Management)	Instala el complemento MMC para administrar los objetos GP(GPO).
Administrador de almacenamiento para redes SAN (Storage Manager for Storage Area Networks)	Juego de herramientas para administración central de SANS sobre fibra o iSCSI.
Administrador de recursos del sistema de Windows (Windows System Resource Manager)	Proporciona control de administrador sobre cómo se asignan los recursos de CPU y memoria y ayuda a proporcionar fiabilidad a las aplicaciones.
Asistencia Remota (Remote Assitance)	Nos permite ver y compartir el control del escritorio de un usuario que necesita ayuda.
BranchCache	Ayuda a reducir el consumo de banda ancha de clientes ubicados en escenarios de sucursales de oficinas. Los clientes han de ser 2008 R2 o Windows 7.
.Net Framework 3.5.1	Proporciona las API necesarias para que trabajen las aplicaciones.
Copias de seguridad de Windows Server (Windows Server Backup Features)	Herramientas de copia de seguridad y restauración de R2, para el sistema, aplicaciones y datos.
Cifrado de unidad bitlocker (Bitlocker Drive Encryption)	Cifrado de unidad en cado de perdida o robo.
Cliente de impresión en Internet (Internet Printing Client)	Protocolos necesarios para impresión en la red o internet.
Cliente Telnet (Telnet Client)	Conexiones Telnet a Servidores.
Cliente TFTP (TFTP Client)	Escritura/Lectura hacia un servidor TFTP remoto.
Compresion diferencial remota (Remote Differential Compression)	Permite el cálculo para reducir el ancho de banda necesario a utilizar para transferencia entre dos recursos de red.
Consola de administración de Direct Access (Direct Access Management Console)	Consola MMC usada para administrar y configurar acceso directo a clientes Windows 7 y 2008 R2.
E/S de múltiples rutas (Multipath I/O)	Junto con DSM(Módulo específico de dispositivo) proporciona compatibilidad con el uso de varias rutas de acceso a datos a dispositivos de almacenamiento.
Equilibrio de carga de red (Network Load Balancing)	Compatibilidad para TCP/IP para distribuir el tráfico de red mediante varios servidores.
Experiencia de escritorio (Desktop Experience)	Incluye componentes comunes de escritorio, media player, windows aero, etc… Aún si las características han sido instaladas deben habilitarse manualmente.
Extensión IIS de WinRM (Windows Remote Management IIS Extension)	Comunicación segura con sistemas remotos y locales mediante servicios web.
Herramientas administración remota del servidor (Remote Server Administration Tools)	Administración remota de roles y características desde nuestro servidor R2.
Herramientas de migración de Windows Server (Windows Server Migration Tools)	Instala los cmdlets de PowerShell para migración.
Kit de administración Connection Manager (Connection Manager Administration Kit)	Herramienta para creación de perfiles de Connection Manager para escenarios de VPN.
Marco biométrico de Windows (Windows Biometric Framework)	Servicios compatibles necesarios para dispositivos lectores de huellas dactilares usados en el inicio de sesión.
Message Queue Server	Entrega de mensajes garantizada entre aplicaciones.
Monitor de puerto LPR (LPR Port Monitor)	Permite la impresión en impresoras compartidas LPD, comúnmente usado por servicios UNIX.
Protocolo de resolución de nombres de mismo nivel (Peer Name Resolution Protocol)	Permite a las aplicaciones registrar y resolver nombres en el equipo para que otros equipos puedan comunicarse con éstas.
Proxy RPC sobre HTTP (RPC over HTTP Proxy)	Utilizado por aplicaciones con capacidad de reenvío de tráfico RPC sobre HTTP. El más común es Outlook sobre RPC.
Servicio de transferencia inteligente en segundo plano (Background Intelligence Transfer Service BITS)	Servicio de transferencia asíncrono de archivos.
Servicio WAS (Windows Process Activation Service)	Elimina la dependencia sobre Http para IIS, permitiendo a otras aplicaciones usar protocolos no-http.
Servicio WLAN (Wireless LAN Service)	Servicios y configuraciones necesarios, para trabajar adecuadamente en R2, de los adaptadores Wireless.
Servicios de escritura con lápiz y a mano. (Ink and Hardwritting Services)	Compatibilidad para servicios típicos de Tablets.
Servicios simples TCP/IP (Simple TCP/IP Services)	Proporciona compatibilidad con versiones anteriores y sólo ha de instalarse en caso necesario.
Servicios SNMP (SNMP Services)	Instala agentes para control de la actividad de red.
Servicio de nombres de almacenamiento de Internet (Internet Storage Name Server)	Servicios necesarios para detección y compatibilidad para redes de área de almacenamiento iSCSI.
Servidor SMTP (SMTP Server)	Compatibilidad básica con servicios de transferencia de correo electrónico para mensajes y sistemas de correo electrónico.
Servidor Telnet (Telnet Server)	Proporciona capacidades remotas administrativas de línea de comando para aplicaciones de cliente Telnet.
Servidor WINS (WINS Server)	Resolución de nombres NetBIOS para equipos y grupos de la red, usado como compatibilidad de versiones anteriores.
Subsistema de aplicaciones UNIX (Subsystem for UNIX-based applications)	Permite a R2 ejecutar programas basados en UNIX.
Visor de XPS (XPS Viewer)	Compatibilidad con documentos XPS:
Windows Audio Video Experiencie	Plataforma de red para aplicaciones de transmisión de audio y vídeo por secuencias en redes domésticas.
Windows Internal Database	Almacenamiento de datos sólo para roles y características de Windows como AD RMS y WSUS.
Windows PowerShell Integrated Scripting Environment	GUI que nos permite ejecutar comandos de PowerShell. También crear y probar scripts de PowerSHell.
Windows TIFF IFilter	Proporciona capacidad de reconocimiento òptico de caracteres. Específicamente para archivos TIFF 6.0, permitiendo además la indización y búsqueda de texto en dichos archivos.

How to change the temp location for the OAB Generation process on Exchange 2007 sp2 and Exchange 2010

Anderson Patricio — Tue, 09 Feb 2010 12:31:40 GMT

Hi folks,

Dave Goldman blogged how to change the OAB Generation process temp folder. However it only applies for Exchange Server 2007 SP2 and Exchange Server 2010.

By the way, if you are going to change that make sure that you specify the new location in your exclusion list of your AV.

Cheers,
Anderson Patricio
http://msmvps.org/Blog/AndersonPatricio
http://www.andersonpatricio.org
Twitter: @apatricio

Technorati : OAB, change path, geration process
Del.icio.us : OAB, change path, geration process
Zooomr : OAB, change path, geration process
Flickr : OAB, change path, geration process

Free Instructor-Led Training for OCS

Anderson Patricio — Tue, 09 Feb 2010 12:25:16 GMT

Hi folks,

The OCS Communicator team blogged about two free training for Live Meeting and OCS Communicator (Introduction). It's a high level training to introduce the basic features of both products.

Check them out:

Office Communicator https://events.livemeeting.com/967/15027/reg.aspx?pc=05
Live Meeting http://office.microsoft.com/en-us/livemeeting/HA102429721033.aspx

Cheers,
Anderson Patricio
http://msmvps.org/Blog/AndersonPatricio
http://www.andersonpatricio.org
Twitter: @apatricio

MVPS HOSTS File Update Feb-09-2010

winhelp2002 — Tue, 09 Feb 2010 11:14:00 GMT

The MVPS HOSTS file was recently updated [Feb-09-2010]
http://www.mvps.org/winhelp2002/hosts.htm

Download: hosts.zip (148 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource for determining possible unwanted connections ...
http://www.mvps.org/winhelp2002/hosts.txt (599 kb)

Quoi de neuf dans Microsoft Office 2010

Mtoo — Tue, 09 Feb 2010 10:58:06 GMT

La nouvelle version de Microsoft Office est désormais annoncée disponible pour le public en Juin 2010. Le développement touche à sa fin puisque la RC (Release Candidate) vient d’être finalisée.

Quoi de neuf ?

Premier point, presque rassurant, l’interface n’est presque pas remaniée.

Le menu Office (que tous les débutants ne trouvaient pas) est remplacé par…un menu Fichier !!! Celui-ci, lance une nouvelle fenêtre, un menu plein écran, en quelque sorte… beaucoup plus intuitif !!

La grande nouveautés est le fait que Office existera pour PC mais aussi en version Web : si vous placez un document Office dans un dossier spécial sur Internet (SkyDrive),vous pouvez éditer celui ci directement via une version web de Excel, Word, PowerPoint, ou One Note. Ceci est aussi possible sur Firefox, Opera, et sur d’autres plateformes que Windows Mobile…

Le travail collaboratif est aussi mis en avant avec la possibilité de travailler à plusieurs sur un même document.

La fonction PowerPivot d’Excel va sublimer les possibilités d’analyse d’Excel, depuis des bases SQL, mais aussi des bases hétéroclites.

Outlook est remanié : le ruban y est présent, de nouvelles fonctions de réseau social, de travail collaboratif ainsi que de gestion des mails plus “intelligente et automatisée”.

PowerPoint est l’application mise en valeur, avec de nouvelles fonctionnalités de gestion multimédia (retouche et montage de vidéo) .

Les Microsoft TechDays sont une très bonne opportunité pour découvrir toutes ces nouveautés.

Laurent Gébeau – http://www.twitter.com/mtoo

Banning illegal file-sharers could breach human rights

donna — Tue, 09 Feb 2010 10:56:01 GMT

Banning web users suspected of illegally downloading content from the internet could breach human rights legislation, says the Joint Select Committee on Human Rights.

According to the group of MPs and members of the House of Lords, the proposals set out in the Digital Economy Bill reference 'technical measures' which could be employed to block internet pirates' web connections.

However the committee said the technical measures had not been "sufficiently specified".

"The concern we have with this Bill is that it lacks detail," said Andrew Dismore MP and chair of the Committee.

http://www.networkworld.com/news/2010/020810-banning-illegal-file-sharers-could-breach.html

Leaky anti-virus defences letting malware through

donna — Tue, 09 Feb 2010 10:55:58 GMT

Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service.

Nearly a third (25,000 out of 78,800) of computers with up-to-date anti-virus software were discovered to be infected with malicious code when users scanned their PC using SurfRight's HitmanPro 3 behavioural scan.

SurfRight's analysis is based on 107,435 users who put their PC through its scanner between 10 October and 4 December 2009. Around a quarter of these users (28,608) either had no scanner installed or were running security software that was out of date.

Surfers are much more likely to turn to SurfRight's software if they suspected their Windows PC was running slowly or might be infected with malware, so the figures from SurfRight's audit are bound to come out worse than those from the general web population.

http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/

China Closes Hacker Training School, Arrests 3

donna — Tue, 09 Feb 2010 10:50:46 GMT

China officials have shut down Black Hawk Safety Net, the country's biggest hacker training Website, and arrested three people for making hacker tools available online.

China announced it has arrested three people in connection with operating a hacker training school that distributed malware and hacking tools to its members in online forums.

According to Xinhua, China ’s state-run newspaper, three people were arrested in connection with making the tools available online through a business known as Black Hawk Safety Net. Established in 2005, Black Hawk Safety Net is reportedly headquartered in Xuchang of the central Henan Province and has more than 180,000 members. Police reportedly uncovered the operation as part of an investigation into a cyber-attack in Macheng City in 2007.

The three suspects arrested in the case are charged with offering online hacker tools, a crime newly listed in the country's criminal law last year, the paper reported.

http://www.eweek.com/c/a/Security/China-Closes-Hacker-Training-School-Arrest-3-827095

Symantec hit with class-action lawsuit over auto-renewals

donna — Tue, 09 Feb 2010 10:48:57 GMT

N.Y. man claims Symantec didn't tell him before charging his card, as 2009 settlement required

A New York man has sued security software maker Symantec for automatically renewing his subscription to Norton Antivirus, alleging that the company did not notify him before charging $76 to his credit card.

The lawsuit comes seven months after the New York Attorney General's office fined Symantec $375,000 for the practice and ordered it to give notice before renewing any subscription.

According to the lawsuit filed Jan. 19 in a New York County court, Kenneth Elan of Port Washington, N.Y., purchased a copy of Norton Antivirus in 2007. Early in November 2009, Symantec told him that it had automatically renewed his license to the software for one year, and charged his credit card $76.03. Elan said he had not been notified prior to the charge hitting his card.

http://www.computerworld.com/s/article/9153118/Symantec_hit_with_class_action_lawsuit_over_auto_renewals

Same incident as last year: http://www.calendarofupdates.com/updates/index.php?showtopic=20325

Google to use Gmail to challenge Facebook

donna — Tue, 09 Feb 2010 10:45:18 GMT

Google will today announce some big changes to its social media strategy. It is believed these will include changes to Gmail that will allow users to post messages in a similar way to Twitter or Facebook.

That social media sites Facebook and Twitter have a huge potential for advertising in the future will not have gone unnoticed at Mountain View, CA.

Google recently announced that its only social success to date; YouTube, has started to make a profit. Google bought the already successful but loss making YouTube in 2006, and has steadily increased the amount of advertising on the site since.

Google has numerous products that have some form of social aspect to them. Reader, Calendar, Bookmarks and others all encourage sharing, there is a full social network site in Orkut, Google Profiles links in well with Wave the much maligned collaboration tool. Then let's not forget SideWiki which allows users to leave messages on any site via a browser add-on.

The problem that Google has had is that these products have been too disparate. There hasn't been a single combining element that has allowed all the best features to appear in one single interface in a way that could compete with Facebook. It sounds like Google is attempting to make up for lost time now.

http://www.bigmouthmedia.com/live/articles/google-to-use-gmail-to-challenge-facebook.asp/6751/

Google to add social-media tools to Gmail similar to facebook, Twitter

Hacker Unleashes BlackBerry Spyware Source Code

donna — Tue, 09 Feb 2010 10:40:10 GMT

Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim's physical location via smartphone's GPS

A researcher at the ShmooCon hacker conference yesterday demonstrated how BlackBerry applications can be used to expose sensitive information without the use of exploits.

Tyler Shields, senior researcher for Veracode's Research Lab, also released proof-of-concept source code for a spyware app he created and demonstrated at the hacker confab in Washington, D.C., that forces the victim's BlackBerry to hand over its contacts and messages. The app also can grab text messages, listen in on the victim, as well as track his physical location via the phone's GPS.

The spyware sits on the victim's smartphone, and an attacker can remotely use the app to dump the user's contact list, email inbox, and SMS message. It even keeps the attacker updated on new contacts the victim adds to his contact list. "This is a proof-of-concept to demonstrate how mobile spyware and applications for malicious behavior are trivial to write just by using the APIs of the mobile OS itself," Shields says.

http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=222700260

Adobe apologizes for festering Flash crash bug

donna — Tue, 09 Feb 2010 10:36:57 GMT

An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.

The admission, by Emmy Huang, product manager for Flash, came a week after Apple CEO Steve Jobs lambasted Adobe engineers as "lazy" and said when Macs crash, "more often than not it’s because of Flash." Adobe CTO Kevin Lynch struck back, insisting that at Adobe, "we don't ship Flash with any known crash bugs."

The crash bug at issue in Huang's blog post published over the weekend was reported in September 2008, but it has yet to be excised from release versions of Flash. She said a beta version of Flash scheduled for official release later this year has fixed the problem.

Continued here: http://www.theregister.co.uk/2010/02/09/adobe_flash_crash_bug/

Flash Bug Report

As has been pointed out by the community, there is an existing crash bug that was reported by Matthew Dempsky in the Flash Player bugbase (JIRA FP-677) in September of 2008 that still exists in the release players. It is fixed in Flash Player 10.1 beta, and has been since we launched the beta in early November 2009.

I want to reiterate that it is our policy that crashes are serious "A" priority bugs, and it is a tenet of the Flash Player team that ActionScript developers should never be able to crash Flash Player. If a crash occurs, it is by definition a bug, and one that Adobe takes very seriously. When they happen, it can be the result of something going on purely within Flash Player, something in the browser, or even at the OS level. Depending on where an issue occurs we work to resolve the crash internally or with our partners.

So what happened here? We picked up the bug as a crasher when it was filed on September 22, 2008, and were able to reproduce it. Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch. The mistake we made was marking this bug for "next" release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release. We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. Having that line of communication open would have allowed him to let us know directly that it was still an issue. I intend to follow up with the product manager (or Adobe rep) who worked on this issue to make sure it doesn't happen again. It slipped through the cracks, and it is not something we take lightly.

The team is actively reviewing all unresolved crash bugs in JIRA and will reach out to the submitter if we need their help. We have been updating JIRA bugs with status when we ship pre-release and release players with fixes, but will be focusing on scrubbing these more vigilantly so the community will be able to get status on their issues earlier. Again, FP-677 is fixed in Flash Player 10.1 beta on Adobe Labs and was made public in a regular bugbase scrub that happened yesterday.

http://blogs.adobe.com/emmy/archives/2010/02/flash_bug_repor.html

New Attack on Threefish

donna — Tue, 09 Feb 2010 10:34:32 GMT

From Bruce at his "Schneier on Security":

At FSE 2010 this week, Dmitry Khovratovich and Ivica Nikolic presented a paper where they cryptanalyze ARX algorithms (algorithms that use only addition, rotation, and exclusive-OR operations): "Rotational Cryptanalysis of ARX." In the paper, they demonstrate their attack against Threefish. Their attack breaks 39 (out of 72) rounds of Threefish-256 with a complexity of 2252.4, 42 (out of 72) rounds of Threefish-512 with a complexity of 2507, and 43.5 (out of 80) rounds of Threefish-1024 with a complexity of 21014.5. (Yes, that's over 21000. Don't laugh; it really is a valid attack, even though it -- or any of these others -- will never be practical.)

This is excellent work, and represents the best attacks against Threefish to date. (I suspect that the attacks can be extended a few more rounds with some clever cryptanalytic tricks, but no further.) The security of full Threefish isn't at risk, of course; there's still plenty of security margin.

http://www.schneier.com/blog/archives/2010/02/new_attack_on_t.html

Poughkeepsie, N.Y. slams bank for $378,000 online theft

donna — Tue, 09 Feb 2010 10:32:04 GMT

TD Bank's failure to detect fraudulent money transfers 'unacceptable,' official says

The theft of $378,000 from the town of Poughkeepsie, N.Y. is prompting questions about the responsibility of banks to protect customer accounts from online criminals.

In a statement last week , a town official revealed that thieves had broken into the town's TD Bank account and transferred $378,000 to accounts in the Ukraine.

The thefts took place over a two-day period in mid-January during which a total of nine attempts were made to steal money. In the end, four of the attempts were successful, resulting in the lost money.

The thefts were discovered by town officials one day after they occurred. So far, TD bank has managed to recover $95,000, with efforts still under way to try and recover the rest. The theft is being investigated by local police, the FBI and the U.S. Secret Service.

It was not clear how the thieves gained access to the town's bank account and there was no immediate response from Town Supervisor Patricia Meyers to a Computerworld request for comment.

http://www.networkworld.com/news/2010/020810-poughkeepsie-ny-slams-bank-for.html

iHound aims to help you find your missing iPhone

donna — Tue, 09 Feb 2010 10:31:02 GMT

If you're outside Moscone Center for this week's Macworld Expo, and someone hands you a "Lost iPhone" sticker, don't toss it away. It could help you track down your phone, should it ever go missing.

The stickers, from iHound Software, go on the back of the iPhone or the phone's case. They feature a unique ID number so that anyone who finds a misplaced phone can go to iHound's Website and punch in the nine-digit number along with a message to the phone's doubtlessly frantic owner.

"We believe most phones are lost, not stolen," Gary Moskoff, one of the founders of iHound Software told me Monday, as we talked about his company's mobile security offering.

Of course, to take advantage of that lost sticker, you've got to use the iHound app for the iPhone. But iHound has an Expo-timed special there too: for the month of February, the app--normally a $3 download--is available for free. (After the 10-day trial period, you'll still have to pay a recurring service charge, which Moskoff says costs less than $1 a month.)

http://www.networkworld.com/news/2010/020910-ihound-aims-to-help-you.html

Comerica Phish Foiled 2-Factor Protection

donna — Tue, 09 Feb 2010 10:29:35 GMT

A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year.

The lawsuit, filed by Experi-Metal Inc. (EMI), in Sterling Heights, Mich., charges that Dallas-based Comerica Bank effectively groomed its customers to become phishing victims by routinely sending them e-mail messages that asked recipients to click a link to update the bank's security technology. The company also alleges that Comerica's security protections for customers are not commercially reasonable, because the phishing scam routed around the bank's 2-factor authentication system.

According to a complaint EMI filed in December with a Michigan circuit court, for many years Comerica used "digital certificates" for authenticating online banking customers. Digital certificates are the browser-based counterparts to ATM cards, and many banks require customers to include the bank's cryptographically signed digital certificate in their browser before the bank's online system will allow users access. [...]

EMI's complaint is here (.pdf). Comerica's line-by-line response is available here (.pdf).

http://www.krebsonsecurity.com/2010/02/comerica-phish-foiled-2-factor-protection/

Researchers Develop Code That Stops Local Scanning Worms

donna — Tue, 09 Feb 2010 10:28:09 GMT

In tests, algorithm was an efficient estimator of worm virulence and could determine the size of the susceptible host population after only a few infections

Self-propagating worms are malicious computer programs, which, after being released, can spread throughout networks without human control, stealing or erasing hard drive data, interfering with pre-installed programs and slowing, even crashing, home and work computers. Now a new code, or algorithm, created by Penn State researchers targets the "stealthiest" of these worms, containing them before an outbreak can occur.

"In 2001 the 'Code Red' worms caused $2 billion dollars worth of damage worldwide," said Yoon-Ho Choi, a postdoctoral fellow in information sciences and technology at Penn State. "Our algorithm can prevent a worm's propagation early in its propagation stage."

Choi and his colleagues' algorithm defends against the spread of local scanning worms that search for hosts in "local" spaces within networks or sub-networks. This strategy allows them access to hosts that are clustered, which means once they infect one host, the rest can be can be infected quickly. There are many types of scanning worms, but Choi calls these worms the stealthiest because they are the most efficient and can evade even the best worm defenses.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=222700362

Directivas basadas en Registro

juansa — Tue, 09 Feb 2010 10:13:32 GMT

Para administrar los entornos de escritorio de los usuarios se utilizan las Directivas de grupo, las GPO. Más que ver las directivas a nivel de Active Directory lo que veremos es como implementar las directivas a nivel local, incluso crear nuestras propias directivas para redes que no están basadas en AD.

Las directivas no son Preferencias, comparándolas entendemos mejor cómo Windows usa las primeras. Los usuarios establecen preferencias, su fondo de pantalla por ejemplo y las pueden cambiar en cualquier momento. Los administrdores establecen directivas como donde está la carpeta Mis Documentos y éstas toman precedencia sobre la preferencia equivalente del usuario. Windows las almacena en el registro de forma separada. Si existe una directiva, el sistema usa la configuración especificada en ella, si no la hay, usará la preferencia del usuario; en ausencia de ambas, la configuración predeterminada. Una directiva no cambia una preferencia de usuario sino que toma precedencia en su aplicación coexistiendo ambas. En cuanto un admin suprime la directiva, la preferencia vuelve a usarse.

Directiva	Preferencia	Comportamiento
No	No	Configuración predeterminada
No	Sí	Se aplica la preferencia
Sí	No	Se aplica la directiva
Sí	Sí	Se aplica la directiva, ingnorando la preferencia.

Windows combina las directivas en una GPO. En AD hay múltiples GPO que se aplican a usuarios y equipos, dependiendo de donde se encuentren en el directorio. En Windows sólo hay UNA GPO, Local GPO. Su configuración se aplica al equipo local y a cualquier usuarios que inicie sesión en el. Ya que la Directiva Local es la primera que aplica Windows cuando arranca y los usuarios inician sesión, las directivas de red pueden sobreescribir su configuración. Es decir, si la directiva local indica una configuración y la establecida en la red por el administrador la niega, se aplicaría la segunda.

Las Directivas de grupo contienen configuración tanto para usuario como para equipo, conteniendo dos ramas principales:

Configuración de Equipo. Valores de configuración de directiva por-equipo que especifican el comportamiento del sistema operativo, del escritorio, de seguridad, de scripts de inicio y apagado del sistema, de aplicaciones asignadas al equipo y configuración de aplicaciones. Windows las aplica las directivas por-equipo cuando se inicia el sistema y a intervalos de forma regular.
Configuración de Usuario. Valores de configuración de directiva por-usuario que especifican el comportamiento del sistema operativo, del escritorio, de las aplicaciones publicadas y asignadas, de redirección de carpetas, de seguridad, de scripts de inicio y cierre de sesión de usuario y configuración de aplicaciones. Windows las aplica cuando el usuario inicia sesión en el equipo y a intervalos de forma regular.

Para editar la Directiva Local usamos el Editor de directivas:

A) Abrimos Inicio, ejecutar y escribimos gpedit.msc

B) O, nos creamos una MMC con el snap-in.

1. escribimos mmc en Inicio-Ejecutar

2. Menú Archivo, Agregar o quitar complemento

3. En la pestaña Independiente, botón Agregar

4. Elegimos Editor de Directivas de grupo del cuadro y botón Agregar

5. Seguimos el asistente eligiendo Equipo Local

6. Pulsamos en Finalizar y cerramos todos los diálogos abiertos, pulsando luego en Aceptar del diálogo Agregar o quitar complemento.

7. obtenemos una consonla con el complemento añadido.

Extensiones de directiva

Las directivas tienen varias extensiones que podemos ver cuando las configuramos. De hecho, cada nodo que vemos en el editor de directivas es una extensión. De forma predeterminada, el editor carga todas las que están disponibles al iniciar. Configuración de Equipo y Configuración de Usuario contienen diferentes extensiones, podemos ver más al editar una directiva en AD que en una directiva Local. Algunas de las extensiones, resumidas, en una directiva local son:

Scripts. Podemos asignar scripts a los usuarios que se ejecuten al inicio o cierre de sesión. También a equipos para que se ejecuten al arrancar o apagar Windows. Se encuentra dentro de la carpeta de Configuración de Windows.
Configuración de seguridad. Podemos administrar valores de seguridad, como contraseñas, auditoría y bloqueo de directivas. También podemos administrar derechos de usuario y restringir las aplicaciones que los usuarios pueden ejecutar. Se encuentra dentro de la carpeta Configuración de Windows.
Plantillas administrativas. Directiva crea un archivo que contiene valores de Registro y que se escriben en HKCU o HKLM. Windows carga los valores desde este archivo cuando el sistema inicia o el usuario inicia sesión. Estas son las directivas basadas en el registro.

Directivas en el registro

Directivas del registro o directivas administrativas son la misma cosa. Son valores en el registro que sobreescriben las preferencias de los usuarios y hay buenas razones para que los usuarios no las puedan cambiar. Otras directivas, como la configuración de seguridad pueden o no ser valores de registro. En el editor de directivas encontramos las directivas de registro en la carpeta Plantillas Administrativas, tanto bajo la Configuración de Equipo como de la Configuración de Usuario.

Las plantillas administrativas, archivos con la extensión .adm, definen las directivas que los administradores pueden establecer. Estas plantillas describen el interfaz de usuario para reunir configuraciones del administrador y las ubicaciones de estas configuraciones desde el registro. Cuando el administrador define directivas, el editor las guarda en un archivo llamado Registry.pol. Windows carga la configuración contenida en Registry.pol cuando el sistema se inicia, cuando los usuarios inician sesión, y a ciertos intervalos regulares.

Las extensiones, Plantillas administrativas y una extensión de parte del cliente integrada en el registro* trabajan juntas para implementar las directivas basadas en el registro.

*Procesa las directivas y crea sus correspondientes valores en el registro.

Windows tiene plantillas administrativas que definen todas las directivas compatibles con el sistema operativo. Si queremos usarlas para una aplicación, como Office, debemos cargar la plantilla administrativa correspondiente a Office. (El kit de recursos de Office contiene muchas plantillas administrativas para el manejo y administración de la suite) Las que nos proporciona Windos son:

System.adm. Valores principales y primer archivo de plantilla, define la mayoría de valores que vemos en Plantillas Administrativas.
Wmplayer.adm. Valores de Windows Media.
Conf.adm. Software de NetMeeting.
Inetres.adm. Microsoft Internet Explorer.

Todas las directivas se establecen en uno de tres estados: Hailitada, Deshabilitada o No configurada.

Habilitada explícitamente aplica la configuración añadiéndola al registro con un valor de 0x01. Deshabilitada explícitamente desactiva la configuración añadiéndola al registro con un valor de 0x00(o quitándolo). No configurada elimina el valor de configuración del registro. Hay algunas directivas que necesitan de datos adicionales.

Cuando configuramos una directiva prestemos atención a la explicación para asegurarnos que el resultado será el que queremos. Algunas directivas son positivas –se activa la característica al habilitarla-, otras negativas –se desactiva la característica al habilitarla-. Un poco de confusión, a veces para aplicar hemos de deshabilitar y al contrario. Así que leed bien la directiva y lo que hace antes. ;-)

¿Donde guarda Windows las directivas?

En la rama \Software\Policies preferentemente. En la llave HKLM, contendrá las directivas por-equipo y en HKCU las directivas por-usuario.

Otra rama, heredada de versiones anteriores, es \Software\Microsoft\Windows\CurrentVersion\Policies. En la que las directivas tienden a tatuar el registro, lo que quiere decir que hacen cambios permanentes en el registro; Debemos explicítamente cambiar estas directivas. Las ACL, listas de control de acceso, impiden a los usuarios hacer cambios en estas llaves y de ese modo las directivas que se aplican. Los grupos locales usuarios y usuarios avanzados no tienen permisos para cambiar valores en estas llaves, pero un administrador puede sobreescribirlas directamente y cambiar la directiva.

Ya que sabemos donde se ubican en el registro sólo nos resta saber en ué lugar del sistema de archivos están. La directiva local está en %raíz_del_sistema%\System32\GroupPolicy. Es una carpeta super oculta . Para verla en el explorador de Windows hemos de habilitarlo desde herramientas del menú y cambiar las opciones en la pestaña Ver del diálogo de Opciones de carpeta, tanto Ver archivos y carpetas ocultos como desmarcar ocultar archivos del sistema.

Dentro de esta carpeta encontramos las siguientes subcarpetas y archivos:

\Adm. Donde están todos los archivos adm de la directiva local.
\User. Archivo Registry.pol.
\User\Scripts. Scripts por-usuario de la directiva local. Dentro de Logon para el inicio de sesión en Windows y dentro de Logoff para el cierre de sesión en Windows.
\Machine. Registry.pol del equipo.
\Machine\Scripts. Scripts por-equipo de la directiva local. Dentro de Startup para el arranque y en Shutdown para el apagado.

Puede copiarse la carpeta de un equipo a otro para replicar las directivas que contienen, aunque mejor comprobarlo antes de hacerlo en un entorno de trabajo.

The Query Optimizer’s handling of Relationships for T-SQL Tuesday #003

Rob Farley — Tue, 09 Feb 2010 07:34:00 GMT

I’m feeling the pressure for this month’s T-SQL Tuesday, probably because I’m also the host. I’ll be posting a roll-up for it soon too, which I’m sure will be great fun researching.

Given that the topic is on relationships, and the main SQL Server database is a relational engine, relationships are incredibly relevant to databases. The idea behind RDBMSs is that keys are used to refer to entities. This leads to foreign keys, such that a particular column(s) is constrained to values which appear in another table, thus referential integrity is enforced. And yet there are so many database designs out there that do not have relationships defined between tables. I shudder when I find them, but that doesn’t make them any less commonplace.

In data warehouses, designed primarily for reporting systems rather than transactional systems, tables are often designed in a more denormalized manner, to avoid needing to perform so many joins to access the data required for reports. This involves having tables with many extra columns, containing data that would otherwise be stored in other tables. Fewer tables are used, and therefore the system has fewer relationships.

I sometimes wonder how this should affect relational database design. I have written before about the fact that the Query Optimizer can leverage foreign key relationships to be able to simplify queries by noticing that joins can be redundant and simplified out of plans, but to summarise:

A foreign key relationship is between a column (or set of columns) in a table to a unique key (typically the primary key) in another table (which could even be the same one). Because of this uniqueness, the relationship can map to at most one record on the other side. And because the foreign key relationship enforces referential integrity, it must map to exactly one record on the other side (a caveat being that the foreign key column(s) could be configured to allow NULLs, which won’t map). Therefore, a join that doesn’t actually select data from any of the columns in the second table might be able to be simplified out of the query completely, as if the query didn’t have the join at all. But read my other post for more on that.

Thinking about many of the queries that I’ve written over the years, I know that I often only want one field from the table I’m joining. For example, I might want to get a ProductName when I have a ProductID, or I might want the Login from a UserID. A standard Lookup situation, which in a data warehouse would often be handled by storing the Name in a dimension table rather than the ID.

So my surmising leads me to this question:

If there is a unique index on the field that I typically want to lookup from a table, does this make it a better candidate for foreign key relationships than the primary key, so that the system can avoid needing as many joins?

This screams against everything I ever learned about relational databases. It would obviously make for a larger row, but if this were offset by performance gains in querying, could it be worthwhile? Maintaining referential integrity based on a string field may be more costly than on an integer field, but I’m wondering if the impact on SELECT queries through the reduction of the number of joins required might not make it a worthy consideration.

Please note: I’m not saying it’s necessarily a good idea – I’m surmising here, and would love to hear comments about whether or not other people have tried it, what circumstances they were trying to handle, and whether or not the idea worked.

But back to the Query Optimizer…

The QO needs information to be able to work out how to run your query. It needs statistical information about the columns that are filtered; it needs to be able to figure out which parts of the query can utilise indexes effectively (see my recent posts about SARGability); but also very significantly, it needs to have information about the relationships between tables.

Any time you write a query that involves a join (which I imagine most of your queries do), the system can use information about the relationship between the two tables. If it is defined as a foreign key relationship that doesn’t allow NULL values, then the system knows that each record in the ‘child’ table must match exactly one record in the other table. The Query Optimizer can use this information, and it should be available. Any time you’re thinking of not putting enforced relationships in your system, consider the fact that you’re blinding the Query Optimizer and ultimately making it do more work.

Put your relationships into your database design. Put constraints where they can apply, mark items as unique. The Query Optimizer will thank you for it, expressing its thanks as better performance.

Viewing windows event viewer remotely in Windows 7 in SBS 2008

bradley — Tue, 09 Feb 2010 07:32:00 GMT

So when you add Vista and windows 7 machines to the network there's a couple of edits I do to the existing firewall rules to allow me to view the windows event viewer remotely.

In addition to these firewall rules I add two more

•   Configure Windows Firewall ports to allow the following features to work:
•   Core Networking
•   Remote Assistance
•   Remote Desktop
•   Windows Management Instrumentation (WMI)

The first is to poke a hole in Remote Administration and the other is in the Remote Event Log Management.

Open up group policy management, go down to the windows vista policy and edit the rules in there.

http://www.sbslinks.com/windows_sbs_client_-_windows_vista_policy1.htm

Go down to the section

Policies

Windows Settings

Security Settings

Windows Firewall with Advanced Security

And edit that policy. Now add a new rule, and click on predefined rule.

Choose remote administration

And remote event log management.

Now you can review the event logs remotely in active directory users and computers.

Développement d'un jeu en Silverlight

valentin — Tue, 09 Feb 2010 07:32:00 GMT

Hier,

j'ai eu la chance de pouvoir, comme chaque année, donner des sessions aux Techdays sur le développement de jeux.

Enfin ... trois sessions dans la journée c'est quand même fatiguant...

Quoi qu'il en soit la dernière session était assez interessante puisqu'elle liait Silverlight et Xna au travers des plateformes Xbox 360, Windows et Zune HD.

J'avais pour but, avec l'aide de Julien Frelat -un passionné de dev de jeux sur Silverlight- de créer un jeu en moins de 40 min. Nous avons pratiquement reussi ! (si on avait parlé moins c'était dans la poche).

Le jeu une fois terminé ressemblait à ceci :

Pour télécharger la version Silverlight du jeu cliquez ici.

Julien a pour sa part fait la demonstration de son utilitaire de conversion de code ActionScript 3 vers C# pour passer des jeux Flash en Silverlight.

Pour me venger j'ai montré un projet Zune HD affichant le même jeu que ci-dessus et je l'ai passé en live sur Windows et Xbox. Là encore le projet dédié à ces trois plateformes est téléchargeable ici.

Pour terminer un gros merci à Antoine Emond de Microsoft qui est à l'origine de cette session, dès fin novembre on en parlait déjà au téléphone pour la préparer !

A bientôt sur ce Blog !

Valentin

So why use http://connect

bradley — Tue, 09 Feb 2010 07:20:00 GMT

So why do you want to use http://connect rather than just manually adding the box to the domain?

Because of the extra magic the wizard does.

First off if you have a local profile it will move that local profile to the domain profile.

Then it will do the following:

•   Create a Windows SBS group on the Start menu, and place the Internal Web site link in the group.
•   Create a shortcut to the internal Web site on the desktop of computers running the Windows XP operating system.
•   Set the Home page link in Internet Explorer to point to the internal Web site.
•   Create favorite links in Internet Explorer for the Internal Web site, Outlook Web Access, and Remote Web Workplace.
•   Configure Windows Firewall ports to allow the following features to work:
•   Core Networking
•   Remote Assistance
•   Remote Desktop
•   Windows Management Instrumentation (WMI)
•   Configure Automatic Update on the client computer to install updates automatically.
•   Install the Windows Small Business Server 2008 Client Agent application on the client computer (Client Side Extension).
•   Configure the Windows Small Business Sever 2008 WMI Provider to help ensure system health monitoring.
•   Install the Windows SBS 2008 Desktop Links gadget on client computers running the Windows Vista operating system.
•   Deploys an outlook 2003 PRF auto configuration profile (Outlook 2007 utilizes Exchange 2007 autodiscover to connect)

Pretty cool huh? For Vista and Windows 7 it pushes out the Vista gadget but doesn't automatically put it on the desktop, you have to manually enable it.