Site Sections
Posts
254
Comments
120
Trackbacks
120
December 2005 Entries
New skin

I'd gotten some feedback on my personal blog that the Black Sun skin I'd switched to wasn't nearly as impressive to readers as it was to me. Since I was switching it there, I figured I'd switch it here too -- so I went looking and found this nice new skin based on the look of the OneNote application (part of Office 2003). This amused me, so here it is.

posted @ Thursday, December 22, 2005 11:43 PM | Feedback (2)
DCAR ebook Chapter 3: The Messaging Environment

Chapter 3, The Messaging Envrionment, of my ebook on DCAR (Discovery, Compliance, Archival, and Retention) is now available for download. This ebook is published online by Windows IT Pro.

This chapter takes a look at your Exchange environment and points out various aspects of your Exchange organization that you need to examine as you design your DCAR solution:

  • AD forests, domain, and sites
  • Administrative and routing groups
  • Routing and front-end servers
  • Mailbox servers
  • Public folder servers
  • Messaging clients
  • Mail-enabled applications
  • LAN and WAN bandwidth
  • Backup and recovery systems

This chapter also examines the critical importance of messaging hygiene in your DCAR solution, and even takes a look at the implications of using transport and message security protocols in your organization.

All three chapters are a free download away (registration required) so please go download and enjoy. I'd love to hear your thoughts and feedback.

posted @ Thursday, December 22, 2005 5:28 PM | Feedback (1)
What good is Windows Error Reporting, anyway?

In the August 2005 issue of Windows IT Pro magazine, Karen Forster wrote an article "Windows Error Reporting: Elementary, My Dear Watson" that described how Windows Error Reporting (WER) is more than just a black box component designed to annoy you every time something goes wrong on your Windows system. This article is in response to an earlier survey and includes an interview with Microsoft's Ben Canning, who gives some great examples of how feedback from WER has directly contributed to fixes as well as giving more information about how the data is collected and transmitted to Microsoft.

This past weekend, I had my own positive encounter with WER. For the past week or so, performance on my trusty IBM T-30 Thinkpad laptop has been going down the tubes. I'm pretty careful with what software I add and remove, but as a consultant, I still have to do a lot of product evaluation, so over time, my laptop registry and file system can get pretty thrashed. At first, I was thinking that I'd merely hit the limit and was going to spend some time over the holidays re-installing the OS and software. Then, last Thursday, I got a BSOD, and the error message was one of the nice non-informational errors. On Saturday, I'd had three more BSODs and was starting to suspect that a fan had failed, causing heat-related failures.

Before I phoned IBM support, though, I wanted to take one last stab at eliminating other hardware issues. Sunday afternoon, I took out all my peripherals, unplugged my USB mouse, and turned the laptop back on. Once I logged in, WER popped up and asked to send the report to Microsoft. I shrugged my shoulders -- what did I have to lose? -- and clicked the button. A few seconds later, I got a very nice Web page on my screen that explained that an analysis of my data indicated faulty memory. It included a link to a small, free memory testing utility I could download from Microsoft. I downloaded the utility and burned it to CD (the util includes the .ISO image, or can make a boot floppy), then rebooted. Sure enough, a couple hours later I'd isolated the faulty RAM module and eliminated the possibility of a motherboard hardware fault.

I'll certainly make a point of sending WER reports on from now on. In this case, I was able to solve my problem conclusively because other people sent their reports in. I'd like to pass on the karma.

posted @ Monday, December 19, 2005 1:09 PM | Feedback (1)
How to bypass Group Policy settings as a non-admin

Security researcher Mark Russinovich once again knocks one out of the park by showing that even non-admin users can bypass Software Restriction Policies and other components of Group Policy.

Software Restriction Policies (SRP) are another example of Group Policy settings that can be subverted by limited users if you allow them to run an arbitrary executable – in other words, if you don’t apply SRP correctly by using it to define the executables users can run (whitelisting) instead of simply singling out executables that you don’t want them to run (blacklisting). When a user launches a process it’s the parent process that checks SRP to see if the execution of the child should be allowed or blocked, allowing the owner of the parent process to manipulate the process into bypassing or negating SRP processing. There are many ways of accomplishing that, including writing a program that reaches into the parent’s address space and changes the Registry path strings that refer to SRP storage or overwriting the code that reads SRP Registry settings.

Be sure to read the comment thread; there are many ways to weaken or remove the protections that even properly designed Group Policies can give you, including unplugging the machine from the network and logging in with cached credentials. This prevents your machine from pulling down and applying the GPO. It just goes to show that the 10 Immutable Laws of Security are still valid.

posted @ Friday, December 16, 2005 8:41 AM | Feedback (2)
nLite: slipstream and Windows installation tweak tool

Okay, this is the coolest utility I've seen in quite some time.

nLite is a sweet little freeware utility that bills itself as a "Windows Installation Customizer." Using it, you can create customized Windows installation media or network share points (for those using RIS) with all of the following:

  • slipstream service pack files
  • permanently remove components
  • generate an unattended installation script
  • integrate both text-mode boot and PnP drivers
  • integrate type 1 hotfixes
  • perform OS tweaks
  • create a bootable ISO image
Very cool indeed!

nLite is a .NET 1.1 app, so you'll need the .NET 1.1 Framework installed on the machine you use to create the customized installers. It works with Windows 2000, Windows XP (x86 and x64), and Windows Server 2003 (x86 and x64).

posted @ Thursday, December 15, 2005 4:59 PM | Feedback (1)
Excellent Windows IT Pro article on scripted shutdowns

It's a problem that every admin has to face at some point or another: you have a series of servers that you need to shutdown or reboot. If you're doing this with relatively recent versions of Windows, no problem -- just use the handy shutdown command-line tool. Combined with a list of server names, you're good to go.

Oh, wait...not so fast. You need to make sure the SQL server doesn't shut down until the SharePoint server has shutdown first. Likewise, if you shut the domain controllers down, your Exchange servers are going to do a 10-minute timeout waiting for AD calls to complete. What you really need is a way to sequence your shutdowns, and that gets messy quickly. Sequenced shutdowns are most common for patch management and UPS power situations, but there are many circumstances in which you need to sequence a subset of your machines. Clusters, anyone? (You are using UPSs on all of your servers, right? Even if you get the high-end UPSes that send out network notifications to all of your servers, you still need these servers to be able to shutdown in an orderly fashion.)

The Windows IT Pro online newsletter has an article by Dick Lewis that explores the topic of Scripting Sequenced Shutdowns. Right now it's available to view even if you're not a subscriber, so go see what he has to say and download the sample code.

posted @ Thursday, December 15, 2005 3:12 PM | Feedback (0)
ISA Server 2004 Best Practices Analyzer released

Following in the steps of the insanely useful and cool Microsoft Exchange Server Best Practices Analyzer and Best Practices Analyzer Tool for Microsoft SQL Server 2000, Microsoft rolled out the ISA Server 2004 Best Practices Analyzer on December 8th.

I see that SBS MVP Susan Bradley is already on top of it and noted the hardening warning. I really wish, that instead of putting out separate tools for each app, Microsoft would have a single analyzer app with add-in packs for each application they're supporting.

Better yet, I'd love to see them somehow tie it into the Security Configuration Wizard and allow you to choose and fine-tune roles for each of your servers. The resulting reports would greatly benefit not just those folks who have datacenters full of Windows servers, each running a single app, but us smaller guys who have to run multiple apps on a server. Even better, you could use this kind of tool to prepare, deploy, and manage your resulting application-level configuration changes. Admins could then run the reports on an automated basis and automate to some degree the appropriate actions, because the tool could then audit the server config against the baseline config already in place. Add in the ability to interface with MOM, and you've got a winner.

Don't get me wrong; with the SCW, the BPA tools, and all the other good stuff Microsoft has coming out, they're clearly showing that they're serious about helping the security process. I just hate the feeling of having to load Yet Another Tool or four.

[Edit: As Alistair pointed out, I did indeed copy and paste a bit too emphatically and get the SQL BPA in there twice. D'oh!]

posted @ Wednesday, December 14, 2005 4:06 PM | Feedback (1)
And whilst in the throes of insomnia, a book review

Jesper Johansson and Steve Riley -- surely two of the best-known Microsoft names in the Windows Security business -- have written a fantastic book on Windows Security. While it came out in May 2005, I didn't learn about it until shortly before Exchange Connections, and I've been lugging it around with me so I can do a proper review of it.

posted @ Thursday, December 08, 2005 3:30 AM | Feedback (0)
Looking forward to Exchange Connections Spring 2006

For some of us, it's already time to start thinking about the next Exchange Connections, which has traditionally been held during the fall Windows Connections. This is the first year Exchange Connections will also be held during the spring conference, and they've got the speaker list up. Yes, that's me up there, for my first full conference as a speaker. I'm excited and nervous at the same time. "What sessions are you presenting?" I hear you ask; well, look no further:

  • EXC02: All About SenderID: This session explains the concepts behind SenderID and the Purported Responsible Address (PRA). We’ll walk through how to implement a SenderID solution in your Exchange organization. We’ll focus on the built-in support in Exchange 2003 SP2, but we’ll list some of the common (and free) third-party add-ons. We will examine the history, present, and future of SenderID. We’ll also help you identify where Sender ID will help, where it won’t, and how it stacks up to other proposals such as Sender Policy Framework (SPF), Sender Rewriting Scheme (SRS), and Yahoo!’s DomainKeys.
  • EXC03: Best Practices for Exchange 2003 Site and Server Consolidation: (with Missy Koslosky) Interested in learning whether it’s practical to reduce the number of sites and servers in your Exchange Server organization? We’ll discuss the reasons behind site and server consolidation and the methods you can use to consolidate your environment, and tell you when it makes sense to consolidate.
  • EXC05: E-Mail Discovery and Compliance on Ice!: Does the phrase “regulatory compliance” strike fear into your heart? This session is a condensed, live verison of the E-mail Discovery and Compliance eBook from Windows IT Pro. We’ll find out how discovery, compliance, archival, and retention (DCAR) are not separate concerns but rather are the cornerstones of an integrated approach to controlling your messaging data. We’ll explore specific business drivers, the components of your Exchange configuration, how to plan your own DCAR solution, and how to gain control over your own challenges through your implementation.

I'm honored to have been selected; there are many fine speakers and writers who will be presenting. I've got no easy standard to live up to. You can bet that I've taken close note of Jesper Johansson's all-too-true blog post Death by PowerPoint and I've already started thinking of ways to make sure my slide decks don't wind up being something banned by the Geneva Conventions.

[Ed. The website currently has my name misspelled as "Granger" which is, sadly, not an uncommon mistake. I've already alerted the folks and asked them to change it; I am confident they'll get it straightened out quickly. Thankfully, the brochure has it spelled correctly. You would think that as often as it happens, I'd have learned to not get upset about it, but no, Ganger/Granger is the one mangling of my name that I have little patience for.]

[Ed. Like I figured, the fine folks at Windows IT Pro are all over the case. They've already got all the little typos fixed. Amy and Erik, you rock!]

posted @ Wednesday, December 07, 2005 10:55 PM | Feedback (1)
News

Devin has moved on
to new adventures.
This blog is preserved
for historical purposes.

Please follow his
personal blog at:
Devin on Earth

Virtual Devin
Article Categories
Archives
Post Categories
Data Protection
DCAR
Exchange
Other
Security
Unified Communications
Windows