stuart test blog

UDATE: Longhorn Beta 3 has now been released to web.

• Ian McDonald first broke the news.
• Longhorn Beta 3 evaluation page on Microsoft.com
• Download search on Microsoft Download Center
• Windows Server Team blog post

For those of you who are eager to finally get your hands on Longhorn server, the wait is almost over… Rumour has it that Beta 3 will be released in the next couple of days TODAY. You’ll also be able to participate in some free eLearning courses provided by Microsoft:

Each of these clinics provides two hours of self-paced, interactive, multimedia-based training that give you an introduction to the new and enhanced features of Windows Server “Longhorn”. And best of all, they’re free!

Clinic 5936: Introducing Security and Policy Management in Microsoft Windows Server Code Name “Longhorn” (Beta 3)

In this online clinic, you are introduced to security and policy management in Windows Server “Longhorn”. You learn about how to secure and manage your en…

Clinic 5937: Introducing Branch Office Management in Microsoft Windows Server Code Name “Longhorn” (Beta 3)

In this online clinic, you are introduced to the improvements to security, management, and communications in Branch Office Server for Windows Server “Long…

Clinic 5938: Introducing Centralized Application Access in Microsoft Windows Server Code Name “Longhorn” (Beta 3)

In this online clinic, you learn the benefits of centralized applications and the Terminal Server features of Windows Server “Longhorn”.

Clinic 5939: Introducing Server Management in Microsoft Windows Server Code Name “Longhorn” (Beta 3)

In this online clinic, you learn the new tools and improved features for server management and adminstration of Windows Server “Longhorn”. This includes P…

Collection 5934: Introducing Microsoft Windows Server Code Name “Longhorn” (Beta 3)

Quote from: Windows Server Technology

There was an interesting download posted on the Microsoft Download Center last week, but I still haven’t been able to access it… This wouldn’t normally bother me but it intrigued me as it looked similar to the announcement that Citrix made about their Citrix Desktop Server product. I wonder if Microsoft pulled the download because of the Citrix announcement?

Windows Vista™ Centralized Desktop and Virtual Server

Also, this download is not available which is probably related:Windows Vista Enterprise Software Assurance New Version Rights Guide

Ben Hunter, a consultant with Microsoft Services in NZ, has recently started a blog focused on BDD 2007. There’s already heaps of great content on there and it’s worth following if you’re involved/interested in Microsoft’s latest BDD framework.

Link: Ben Hunter

OK, so my understanding of this product is that it provides Citrix ICA sessions to virtual machines running in the data centre. This model provides access to three types of desktops:

• Virtual machines running on Microsoft or VMware virtualisation products.
• Terminal services desktops running on Windows Server.
• Dedicated blade computers for the more demanding user.

Sounds interesting… I can see the value in providing ICA sessions to virtual machines, but this isn’t anything new or ground breaking – they’ve just bundled it up nicely in a $75 (USD) per user package.

When configuring a Windows SBS 2003 box – remember one golden rule: Always stick with the wizards. Even if you’re a server/AD/ISA/Exchange guru, you should still stick to the wizards. SBS 2003 is a complex beast and a lot of under-the-cover configuration takes place when running each of the wizards.

For example, did you know that when you run the Backup Wizard, circular logging is turned off in Exchange? Seems unconnected but the reason is that if you’re not backing up your SBS 2003 box, then the Exchange logs won’t be getting flushed – hence the reason for circular logging being enabled by default (so the disks don’t fill up with logs.) But as soon as you’ve configured your backups to run, then the system knows that the Exchange logs will get flushed successfully.

As soon as you start making manual configurations to the system, the setup wizards start producing unpredictable results. Have faith in the product, and stick with the wizards…

This has just been released but I haven’t had a chance to look at it properly yet. Will write more once I have a better understanding of it.

Citrix Desktop Server

New Citrix Desktop Server revolutionizes desktop delivery and management

Managing and securing the Windows Desktop OS is a significant and growing challenge for most companies’ Desktop IT organizations. Up to 80% of their time is spent installing new or updated desktops, loading antivirus software, installing security patches, and providing telephone or onsite support, leaving only 20% available for strategic projects. (Source: Forrester). As enterprises grow, this complexity intensifies with multiple types of users, PCs, and the difficulties associated with providing IT services to branch offices, remote employees, and international locations, requiring hundreds of different images to be supported.

Customers looking for an alternative to this traditional approach now have a better way, where desktops can be delivered as a service rather than deployed. Delivering the desktops as a service from the datacenter enables IT to more easily install, manage, and secure these desktops – all at a lower cost than traditional methods. Patches, upgrades, and new applications can be applied centrally, eliminating the enormous complexity and effort required to keep desktops secure and up-to-date while providing the availability, performance, and flexibility that end-users require.

Desktop Server is a strategic enabler for desktop computing allowing organizations to proactively support and drive business objectives by reducing the total time, effort, and cost of delivering desktops by as much as 40%.

Looks like Vista’s UAC is getting another grilling on several security blogs at the moment. Security researcher, Joanna Rutkowska wrote a post going into detail about UAC and pointed out an obvious flaw that she discovered.

Seems that Vista detects setup executables when they are launched through a heuristics mechanism which checks for an installer manifest, as well as checking the executable name for strings such as “installer”, “setup”, “update”, etc. If UAC detects that a setup program has just been launched, it will provide a UAC prompt to elevate privileges to run the program. It does this for ALL installers, regardless of whether they need elevated privileges or not.

The flaw with this, if it’s not obvious yet, is that if you download a seemingly harmless setup program from the internet (Joanna uses a freeware version of Tetris as an example) then that setup program will run under full administrator privileges. This gives it God-like powers and even allows it to install kernel-mode drivers.

In my experience, most of the nasties that I have seen running on users’ computers – Trojans, spyware, keyloggers, dialers, etc – have mostly been installed surreptitiously through seemingly harmless applications like card games, screensavers, file sharing apps, and other common freeware programs. You would hope that the built-in spyware protection program, Windows Defender, would pick up the obvious nasties, but the fact that all of these apps will be installed under full administrator rights seems to defeat the purpose of UAC in the first place.

Mark Russinovich, who recently became a Microsoft employee, writes on his blog: “Because elevations and ILs don’t define a security boundary, potential avenues of attack , regardless of ease or scope, are not security bugs.” I have great respect for Mark’s opinion, but this seems like a copout to me – he’s saying that this method of getting around UAC can’t be called a security bug because it’s by design.

I’m not a fan of the way that Microsoft have implemented UAC, but I am a fan of the principles it tries to achieve. If Vista’s UAC can be defeated as easily as now it now seems, was it worth it all? Is a false sense of security better than no security at all?

Biggest news around the blogosphere today was about Steve Jobs’s memo about DRM and why we shouldn’t put up with it. I won’t go in too deep on his thoughts as there is already lots being said out there (check TechMeme, Technorati, or Google BlogSearch for details.)

My brief thoughts are that although I agree with what he’s saying completely and I hope this comes true, I find it a bit hypocritical that the iTunes store doesn’t sell any music without DRM when there are lots of artists out there who don’t want DRM wrapped around their songs.

I’ll be up to date with my reading soon, but in the meantime here’s a whole bunch more to catch up on…

Downloadable Guide Available for Exchange 2007

You can now download the first couple of guides (word docs) for Exchange 2007.

Deploying a Standard Exchange Server 2007 Organization: http://go.microsoft.com/fwlink/?LinkId=82170

Deploying a Simple Exchange Server 2007 Organization: http://go.microsoft.com/fwlink/?LinkId=82171

Deploying a Large Exchange Server 2007 Organization: http://go.microsoft.com/fwlink/?LinkId=82172

Deploying a Complex Exchange Server 2007 Organization: http://go.microsoft.com/fwlink/?LinkId=82173

Additional guides will be released in the near future.

Source: Henrik Walther Blog » Blog Archive » Downloadable Guide Available for Exchange 2007

UPDATE: For more Exchange stuff, check out my Exchange tag!

I’ve been running Vista Ultimate for the last couple of weeks – it’s been full of highs and lows, but I’m saving that for a future blog post.

But I ran into something interesting this morning when I went to use one of Vista’s little-known gems, the Snipping Tool. It’s a nifty little screen capture utility that I was very impressed with during the early betas. Unfortunately it was missing…

I couldn’t figure out why I didn’t have it installed, so assumed that Microsoft must have removed it from the final RTM release. But I searched the help and found lots of info about the tool with screencasts showing how it is used. But in the screencast, you see a hand dragging around a stylus on a tablet screen – which reminded me that I had uninstalled the tablet PC software from the Windows features.

Turns out the snipping tool is marked as a tablet pc optional component and you can’t get it without installing the whole tablet pc pack. This seems like a bit of bloatware to me – the snipping tool is equally as useful on a non-tablet computer, so why do I need the hand-writing recognition software and the other tablet pc components too? Does this also mean that the lower-spec Windows versions don’t include the useful snipping tool, because they don’t have the tablet pc feature pack..?