I hate to say it, but there are still a number of shops out there still running Windows NT. In most cases, these machines are running legacy line of business applications that either won’t run on other versions of Windows Server, or the IT group that put the application in place is gone, and no one else knows how to migrate the application or the data or the tiers that the legacy application uses.

In some cases, I’ve seen that these Windows NT systems are also running some core Windows network infrastructure services. Some examples of core infrastructure services include WINS, DNS and DHCP.

Well, if you’re one of these people and want to move up into the 21st century – and if you have a DHCP server you want to migrate, then check out this blog post by the Windows Networking team. In this article they show you how to migrate your Windows NT DHCP server to Win2k or Windows Server 2008.

Check it out at:

http://blogs.technet.com/networking/archive/2009/0...8.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Yay! We’re getting closer to RTM for Forefront Security for Exchange 2010.

If you haven’t seen any of the beta versions, you’re going to be pleasantly surprised with the work they’ve done for the next version. The user interface has been revamped – making it easier to use and at the same time more powerful than ever before.

Check out this post on the Forefront Server Security Blog for more information on the upcoming RC for FSE.

http://blogs.technet.com/fss/archive/2009/08/18/an...r.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Who’d a thunk it? If you’re having problems with poor Internet Explorer performance, it could be due to Skype.

How to fix it?

Check out this blog post by the IE support team for an explanation and a fix:

http://blogs.msdn.com/askie/archive/2009/07/17/slo...n.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

What’s the most secure browser on the market today?

If you said Microsoft Internet Explorer 8, then you were right.

Check out this NSS Labs report that proves the point.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Building a Safer, More Trusted Internet through Information Sharing: A report from the Microsoft Security Response Center on the progress of three initiatives that share information to foster deeper industry collaboration, increase community-based defenses, and better protect customers.

In August 2008, the Microsoft Security Response Center (MSRC) announced three security-related programs – (1) Microsoft Active Protections Program (MAPP); (2) Microsoft Exploitability Index, and; (3) Microsoft Vulnerability Research (MSVR) – that would collectively share more information with partners and customers. With these programs, customers have increased access to more effective countermeasures and additional information to better evaluate risks. This paper highlights the three programs and the progress of each.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“What is the risk of this vulnerability?

A remote, anonymous attacker could use CVE-2009-1923 (addressed by MS09-039) to force wins.exe to under-allocate a buffer and copy in attacker-controlled data. This could lead to heap corruption and potential code execution as SYSTEM. Therefore, it is important to apply this security update to affected servers.

Why is it rated Critical?

The last WINS security update addressing a remote code execution vulnerability was MS04-045, shipped in December 2004. MS04-045 addressed a remote code execution security vulnerability rated “Important.” The mitigating factor dropping the rating from the maximum “Critical” rating down to “Important” was the fact that WINS is not installed by default. MS09-039 has the same mitigating factor – WINS is still not installed by default. However, the most recent Security Development Lifecycle (SDL) bug bar has changed how we rate components necessary for critical infrastructure. Security bulletins affecting critical components on enterprise networks are no longer down-rated for being off by default. We know that enterprise networks will have WINS so while the mitigating factor applies, it does not change the bulletin severity.”

For more information, check out:

http://blogs.technet.com/srd/archive/2009/08/11/ms...n.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This page consolidates and features Microsoft Trustworthy Computing blogs. Our department works to deliver more secure, private, and reliable computing experiences for customers.

Read about Microsoft’s long-term vision and strategy for computing privacy and security.

http://www.microsoft.com/mscorp/twc/blogs/default.mspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

The extensions enable Configuration Manager 2007 to consume Security Content Automation Protocol (SCAP) data streams, assess systems for compliance, and generate report results in SCAP format by taking advantage of the compliance checking capabilities inherent in the desired configuration management (DCM) feature.

Your organization can optimize its existing Configuration Manager 2007 infrastructure to ensure that the computers you manage meet this federal compliance requirement and generate the requisite FDCC reports for the National Institute of Standards and Technology (NIST) and the U.S. Office of Management and Budget (OMB). The System Center Configuration Manager Extensions for SCAP convert SCAP files into DCM Configuration Packs for use with Configuration Manager 2007 and they convert DCM compliance reports into SCAP format. This release includes a user guide that provides instructions for using the command-line tools, and detailed information about the mapping between the SCAP data formats and the DCM format.
The System Center Configuration Manager Extensions for SCAP includes the following components:

• ConfigMgr_Extensions_for_SCAP.msi: This Microsoft Windows Installer (.msi) file includes the command-line tools that you use to convert SCAP data files to DCM Configuration Packs and also convert DCM reports into SCAP format and the following two documents.
  • System Center ConfigMgr Extensions for SCAP User Guide.docx: This user guide provides instructions and commands for the tool.
  • Data Type Mapping for SCAP to DCM.docx: This document illustrates how data elements map between DCM and the SCAP formats including XCCDF and OVAL.
• System Center ConfigMgr Extensions for SCAP FAQ.docx: This document contains frequently asked questions and answers about the Configuration Manager Extensions for SCAP.

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This step-by-step guide includes updates to the original guide due to security enhancements in the release of Windows Server 2003 with Service Pack 1 (SP1) and Windows XP Professional with Service Pack 2 (SP2).

This guide describes how to configure Internet Protocol version 6 (IPv6) in a test lab using five computers. Of the five computers, one is a DNS server, two are clients, and two are routers. This guide also includes an exercise that ends the network connection between intranets and then uses Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) to restore communication.

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

And oldie, but a goodie :)

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This document provides an overview of BranchCache, explains the different modes in which BranchCache operates, and describes how BranchCache is configured.

The paper also explains how BranchCache works with Web servers and file servers and the steps BranchCache takes to determine that the content is up-to-date.

http://www.microsoft.com/downloads/details.aspx?di...5a4c9d

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)