| Remember - if you use Windows and Internet Explorer, you should be applying the new security update that came out today. | |
|
| Microsoft to release out-of-band security update 11/23 that impacts Windows. Exploit code must either be out there or close to it. *gulp* | |
|
| Home from MMS 2008. I'm thoroughly exhausted but it's worth it. ![[info]](http://l-stat.livejournal.com/img/userinfo.gif) zarchasmpgmr will feel snarky when I mention that one of the main focuses at this conference was talking about virtualization. ( Techy stuff behind the cut, to spare those who are not interested )The conference itself was at The Venetian in Las Vegas, and will be there next year as well. While the room itself was nice, as you may have seen from previous posts with pictures or from their web site directly, I wasn't thrilled with this location. First, to get to the very nice room, one had to take no less than two elevators and walk quite a bit. If I caught the elevators correctly, it took me seven minutes to get from my room to the conference floor. While I need the exercise, it was a bit excessive in my opinion. Also, the food at the conference, while still plentiful, was less than satisfactory. The wireless access was very limited, which also was unsatisfactory. At Mandalay Bay as well as San Diego Convention Center, the wireless was plentiful and food great. Thursday night I played a table game for the first time in my life. Several of us had gone over to the Casino Royale after the daily conference. Several of the peoplewere playing craps, which I find thoroughly confusing. Ben was sitting at the roulette table, and I watched him for a bit. After a while, I plunked out $40 and played. A few hours later, I walked away from the table with $60 and had a blast. I think I've found a new game for the next time Jen and I go to Vegas. Speaking of which, Jen and I leave Monday morning for Chicago, as previously mentioned. The weather looks to be ... partially wet. Humpf. | |
|
| Currently at the Microsoft Management Summit, and will be back this weekend for a short stint. Don't be surprised by my partial ignoring of the flist... | |
|
| I've recently had a spat of clients who were not able to select Restart Later when they received updates via Automatic Updates. I validated that they should in fact be able to perform this function - Elevate non-admins was enabled and the updates did not have a deadline within WSUS. After quite a bit of investigation, we figured out what the cause for us was. As always, your mileage may vary.
In the registry, under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate, there was a key DisableWindowsUpdateAccess with a value of 1. That indicates that a policy, either Group Policy or Local Policy, is in effect. You can attempt to delete the key, but any sort of policy will put it back upon refresh. You can do a gpresults to figure out which.
For me, it was a local policy, so I launched GPEdit.MSC, navigated to User Configuration\Administrative Templates\Windows Components\Windows Update, selected Remove Access to use all Windows Update features, and changed it to Disabled. This is one of those great double negatives of policy - disable the removal of access means that it's effectively enabled. | |
|
| End of Extended Support for various Microsoft products.These are the drop dead, we ain't even providing you security updates, youain't getting squat dates. Note the dates in bold for Windows 2000 and Office2000.
( Cut for brevity ) | |
|
| http://blogs.technet.com/systemcenteronline/archive/2007/09/28/introducing-microsoft-asset-inventory-service-ais.aspxWhat I’m not sure of is how this compares to SMS 2003 SP3’s Asset Intelligence feature. AIS sounds like repackaging the AssetMetrix product, taking your inventory offsite to be manhandled and presented back in a logical form, whereas Asset Intelligence sounds like it brings that same intelligence into SMS. Either way, this could really be some cool stuff. SMS doesn't provide the easiest reporting at times, and being able to more definitively understand what is installed on the computers in your realm is a major task that needed more clarity. AssetMetrix did this as a service, where you loaded an agent on the machine and it sent inventory data to AssetMetrix, who crunched it and presented web based, friendly information to the asset managers. AIS looks like the Microsoft rebranding of that software they acquired. But Microsoft has since brought that intelligence into SMS 2003 SP3 and made it avaialble in Web Reporting. Since AIS is only available to those who have MDOP, and I would guess that most who have MDOP have SMS...what's the market for this? *shrug* | |
|
| This is a "drinking the Kool-Aid" type of email. If Microsoft's virtualization announcement today lives up to statements, it could end up having huge implications for many companies - enterprise and mid-sized. Summary: System Center Virtual Machine Manager went RTM today General availability in October 2008 New license (System Center Management Suite Enterprise license) Priced at $860 per physical host The license is on the physical host and includes unlimited VMs running on that host Includes the following licenses System Center Virtual Machine Manager 2007
System Center Configuration Manager 2007
System Center Operations Manager 2007
System Center Data Protection Manager 2007
System Center Virtual Machine Manager 2007 Workgroup edition available January 2008 Manages up to five physical host servers and an unlimited number of virtual machines Priced at $499 Future release (with Viridian) In our next set of releases will be adding support for non-Windows virtualization environments – specifically VMWare and Xen From a single console and a single command-line you will be able manage Virtual Server, Viridian, VMWare and Xen. | |
|
| “This download installs Microsoft® Windows® Script containing Visual Basic® Script Edition (VBScript.) Version 5.7, JScript® Version 5.7, Windows Script Components, Windows Script Host 5.7, and Windows Script Runtime Version 5.7.” Windows Script 5.7 for Windows 2000 (Yeah, I am surprised by this one myself…) Windows Script 5.7 for Windows XPWindows Script 5.7 for Windows Server 2003I do not know what additional functionality this new version provides. I have not seen this updated on WSUS either. EDIT - It's worth noting the there is no Vista update, because Vista already have WSH 5.7. | |
|
| Spent most of the day yesterday incapacitated with a headache. It was always too bright, so I tried keeping my eyes closed while staying awake. Failed miserably on that last part. Pretty much was sleeping on and off from 11 am to 6:30 pm.Surprisingly, the headache lifted a bit to just a dull pain, and I was able to read the paper and watch TV in the evening. Even more surprising was that I was able to fall asleep at my regular time. Alas, this morning I woke up early and am fairly grumpy. There's not nearly enough coffee in this building to pep me up. Mind you, I work in a 50-story buliding, with a cafeteria and a Strabucks in it. Nope, not nearly enough coffee. But I'm not like this guy. I feel like I'm playing stupid. And I'm winning. Jen finished Harry Potter. Big surprise there. Got most of our CDs ripped. Using FLAC file format, there were 6,173 individual tracks on 397 CDs, totalling 118 GB of drive space. I still have a stack of CDs that are in Jen's car, and four in mine. WSoPC was fun again. Pat Kiernan could be the next Alex Trebek. I could give less than a care about who is going to host TPiR, though having this drag out is just an embarrassment. Microsoft Windows 7 in three years? Not holding my breath. They were saying the same thing for Longhorn, of which the server side *STILL* hasn't been released and isn't expected until early next year. I think I need to keep a headache journal. | |
|
| I have been testing a few comic collector softwares, mainly to inventory my collection but also to possibly sell some things I no longer feel the need to keep. Fine. There are three bigs in this field from what I can tell -- the new Comic Collector Live, Collectorz Comic Collector, and ComicBase. So I've been playing with the evaluation versions. Last night, I had ComicBase installed and decided it wasn't for me. I went through their uninstall and everything turned wonky on my machine. Seems ComicBase, upon uninstall, takes out *any* font it thinks it installed, whether the font was there already or not. So it ripped out Tahoma, which is the font Microsoft predominately uses in Windows XP for the system. Many other applications also rely on this system font, and this stupid stupid comic collecting database program went and unistalled it without a care in the world. Thankfully, either XP or Office detected that the font was missing and reinstalled it on my system in a manner of minutes. But HELLO! This is version 11 of the software. While I realize that this started on Macs, you've been doing Windows versions for some time now. Don't you think you ought to figure out how a Microsoft Installer package works? ComicBase -- off the list. | |
|
| (link to Redmond Magazine)Something that I've been hanging onto for a long time, and since I'm purging physical files, I thought I'd share. It's dated December 2005, mentions information about SMSv4 and not System Center Configuration Manager 2007, but there's still good info in it. The concept of a reverse collection is interesting, especially if you want to have a reverse collection of machines that don't have the approved antivirus, for example. | |
|
| More for my reference to make sure I can find this later. References Generic Microsoft Support Lifecycle Policy: http://support.microsoft.com/gp/lifecycleWindows Lifecycle Policy: http://www.microsoft.com/windows/lifecycle/default.mspxWindows 2000 - Entered into Extended Support on June 30, 2005. This means Microsoft will only provide security updates for free to the platform. There are no additional features or enhancements offered for free on the platform, and new software from Microsoft is no longer installable on the platform. End of support is currently scheduled for June 2010. Additional source: http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/extendedsupport.mspxWindows XP - Currently in Mainstream Support, which means that Microsoft provides security updates as well as additional features and enhancements. New software from Microsoft is still installable on the platform. Microsoft policy is to provide a minimum of 5 years mainstream support from initial release date, which was 12/31/2001, as well as 5 years of Extended Support at the supported service pack level. XP SP3 is currently expected in the first half of 2008. There is a real possibility that SP3 will be the final service pack, and the product will then enter Extended Support. This will move end of support to 2013. Vista - Currently in Mainstream Support, since if was just released. A minimum of 5 years mainstream support would put this entering Extended support no earlier than January 2012, and end of support no earlier than 2017. Realistically, these dates will extended beyond the minimum due to service packs and other issues. | |
|
| I postulated the other day that, with the new Office 2007 category showing in WSUS right before Patch Tuesday, we'd been seeing the first security updates. Well, not so much. Patch Tuesday has come and gone, and while there were many Office updates, none for the 2007 version. Hummm. We also failed to receive a Vista security update. Could it be that Microsoft actually... I dunno ... might have done something leaning towards making things more secure? | |
|
| Per the WSUS team blog, there will be a new category for Office 2007 in WSUS starting today. Given the the advance notification lists two bulletins for Microsoft Office and one affecting Windows and Office coming out on Patch Tuesday, I'm thinking we're going to get our first Office 2007 security bulletin a mere weeks after consumer product launch. | |
|
| One of the most interesting items that comes with Microsoft's new operating system, Vista, is called User Account Control. Very simply stated, it forces the user of the system to specifically authorized any function that requires administrative credentials. For example, if you want to change install WEP to connect to "secure" wireless networks, you would need to put in your password, basically reaffirming this is something that could be dangerious and that you really want to do this. A geekier explaination is avaialble here from Microsoft. This is a great theory, and many other systems have it. In *nix, there's a speciall command called sa which allows you to enter a system administration session to do system administration work, since you should never log in as root. I'm sure there will be a comment shortly from zarchasmpgmr telling me how long ago IBM implemented this within their architecture. =) Well, Microsoft is finally joining the frey with UAC on Vista. And, in theory, this is good. However, Microsoft's implementation has been considered less than stellar by many people. The major offense is that UAC is too "chatty", asking for credentials a lot more often than people would think they should need. To this point, I offer you this gem, brought to you by those fine people at Apple. | |
|
| |
