Order Now!
Windows 7 for XP ProfessionalsUpdating Support Skills from XP to Windows 7by Bink.nu's Raymond Comvalius
There are 127 guest(s) online.
There are 0 member(s) online.
MSRC Blog: We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.
However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don’t need to worry about this issue. If, however, you are running IIS in a configuration that allows both “write” and “execute” privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable. Once again, here’s a list of best practices resources:
· IIS 6.0 Security Best Practices
· Securing Sites with Web Site Permissions
· IIS 6.0 Operations Guide
· Improving Web Application Security: Threats and Countermeasures
The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they’ve put more information up about this on their weblog.
The Microsoft Security Response Center (MSRC) Results of Investigation into Holiday IIS Claim
Forefront TMG 2010 TechNet documentation is now live with Forefront TMG Release to Web content. This release of the documentation culminates a customer- and solutions-focused effort undertaken by the Forefront TMG User Assistance team since the release of ISA Server 2006, resulting in a new content structure, new content, and the streamlining of previously-available content.
The new content structure focuses on Forefront TMG’s core value to your business: protecting IT environments from Internet-based threats, while providing both internal and remote users fast and secure access to the Internet and to internal applications and data. The Planning and Design, Deployment, and Operations guides are synched to guide the Forefront TMG administrator through system deployment in various topologies, enabling access through Forefront TMG, and setting up the protection of organizational resources from Internet-based threats.
More information at source
Bring enterprise search to your organization quickly and easily for FREE with Microsoft Search Server 2008 Express.
Bring enterprise search to your organization quickly and easily for FREE with Microsoft® Search Server 2008 Express. As an IT professional, you need a search solution that allows you to deliver the simple, easy-to-use experience your users expect while helping to meet the security and manageability requirements your IT environment demands. The download on this page has been updated to include Service Pack 2. Note: In order to install Search Server 2008 Express on Windows Server 2008 R2, you must use this download. Previously available versions will not install. Product Highlights Quick to download and set up
For more information on Microsoft enterprise search products, please visit www.microsoft.com/enterprisesearch
Download
“Geneva” team blog: We are happy to announce several updated federated identity product releases that are available NOW!
· Active Directory Federation Services (AD FS) 2.0 (previously known as Geneva Server) release candidate (RC)
· Microsoft Federation Extensions for SharePoint 3.0 RC
· Windows CardSpace 2.0 Beta 2 Refresh
There is a lot that is new and updated in the RC for AD FS 2.0. We listened to your feedback from Beta 2 and have invested heavily in making the AD FS 2.0 RC even more interoperable and easy to deploy and manage.
What’s new in the AD FS 2.0 RC:
· SAML 2.0 protocol support for Identity Provider Lite, Service Provider Lite and the eGov 1.5 Profile verified by Liberty Interoperable™ SAML 2.0 interoperability testing
· Simplified user experience for configuring high availability federation server farm and proxy deployments
· Automatic encryption and signing certificate distribution and rollover across a farm of multiple federation servers, enabling zero touch management of trust relationships
· Choice of deploying without SQL Server for storing AD FS 2.0 configuration data
· Claims based authorization rules for restricting security token issuance
· Improved events, audits, and tracing for diagnostics
· Complete PowerShell support for end to end AD FS 2.0 management
· Lots of other fixes and UI improvements!
The release and pre-built VMs can be downloaded here. To get started, check out our available documentation:
· AD FS 2.0 Getting Started Guide
· Step by Step Guide for Federated Document Collaboration Using MOSS 2007 and AD FS 2.0
· Step by Step Guide for Single Sign-On to Microsoft Online
· Step by Step Guide for Identity Delegation with AD FS 2.0 and WIF
· AD FS 2.0 RC Design and Deployment Guides
Also check out our Channel 9 video discussing the new features and capabilities of the RC.
The Microsoft Federation Extensions for SharePoint 3.0 RC enables federation for existing SharePoint deployments, both Windows SharePoint Services (WSS) 3.0 and Microsoft Office SharePoint Services (MOSS) 2007. Using this package, enterprise SharePoint administrators can configure their deployments to trust any WS-Federation STS, such as AD FS 2.0, so that an enterprise can take advantage of claims and offer their services to federation partners. The release can be downloaded here.
The Beta 2 release of Windows CardSpace 2.0 has been refreshed with a variety of fixes and improvements for working seamlessly with AD FS 2.0. We’ve improved interoperability and added a feature for automatic logon to the STS. The release can be downloaded here, and for more information about streamlining authentication with CardSpace, you can explore the topic Automatically Distribute Information Cards by Using Group Policy.
The product team is anxious to hear about your experiences and feedback for these releases. Please send any questions or comments about AD FS 2.0, Microsoft Federation Extensions for SharePoint 3.0, and Windows CardSpace 2.0 to the product team via our forum or support email address. We will continue to announce updates on our website and here on our team blog.
Engineering is a process, with trial and error, analysis, weighing of pros and cons, planning for the unexpected, and discovering unexpected issues along the way. It’s exciting precisely because we’re always learning as we go.
I want to welcome you to our new blog, which is about just that: the engineering behind Windows Live.
Over the last year, we’ve consolidated our blogging efforts for all of the different Windows Live teams into a single blog, Windows Live team blog (or “Windows Live Wire”), so you wouldn't have to chase all over the web find out what we’re up to and what’s new in our products. But as we’ve brought the different blogs together, some of you let us know that you wanted to see more details about not only what we’re building, but why and how.
This blog, Inside Windows Live, is where we’ll do that.
The posts here are intended to complement those on the Windows Live team blog, which will continue to provide Windows Live customers with essential news and information about using our products and services.
The new blog, on the other hand, will be dedicated to software engineers, web industry insiders, and to our most passionate Windows Live customers, those who want to dig a little deeper into how we build our services and how they’re used worldwide.
Bing ringtones? Yes Bing Ringtones
“Three Bing-branded ringtones for your mobile device.”
Greetings! For a limited time you can download this free e-book without stepping through any registration. First Look: Microsoft Office 2010, by Katherine Murray, offers 14 chapters of early content, organized like so:
Part I, “Envision the Possibilities,” introduces you to the changes in Office 2010 and shows you how you can make the most of the new features to fit the way you work today. Chapter 1, “Welcome to Office 2010,” gives you a play-by-play introduction to new features; Chapter 2, “Express Yourself Effectively and Efficiently,” details the great feature enhancements and visual effects throughout the applications; and Chapter 3, “Work Anywhere with Office 2010,” explores the flexibility factor by presenting a set of scenarios that enable users to complete their work no matter where their path takes them.
Part II, “Hit the Ground Running,” focuses on each of the Office 2010 applications in turn, spotlighting the key new features and showing how they relate to the whole. These chapters provide a how-to guide for many of the top features you’re likely to use right off.......
Download At Source
Microsoft today released the Open Sourced Windows 7 USB/DVD Download Tool (WUDT) under the GPLv2.
As we previously explained, the testing and localization took longer than we expected, but the project is now hosted on CodePlex.com, Microsoft's Open Source software project hosting repository, and the code can be found here.
The tool can also now be downloaded from the Microsoft Store here.
Also, as a result of some necessary changes, while the user experience of the tool will be the same as before, the install involves additional steps.
Continue: Windows 7 USB/DVD Download Tool Released Under GPLv2
Here you see how the logon screen evolved during Windows 7 development.
See video with the story behind the logon screen and wallpaper.
Like that there are over 30 versions of the logon screen for differnt screen sizes, rotations, resolutions etc.
Let your customers know that Microsoft support for the Windows XP with Service Pack 2 (SP2) and Windows Vista Release to Manufacturing (RTM) operating systems will end July 13, 2010. Help them plan system and operating system deployments to ensure that they maintain access to Microsoft support and updates.
Windows XP with SP2 and Windows Vista RTM End of Support Information PDF
OK I have been participating in Exchange 2010 beta testing and also Office 2010 beta testing, but I never heard that one of the most requested feature is actually available in Outlook 2010!
Below you see a screenshot of my accounts in my default Outlook 2010 profile.
I have 4 Exchange mailboxes from 3 organizations in my profile and 2 hotmail mailboxes.
Before Outlook 2010 you could add extra mailboxes, but only from the same organization and sent items were saved in sent items folder of the main mailbox.
Now in Outlook 2010 by default it will let you connect to 3 Exchange mailboxes maximum, in or outside default Exchange organization.
But Group Policy settings (GPO) for Outlook 2010 can change this maximum behavior from 1 to 15 (!).
This GPO set to maximum of 15 Exchange accounts, translates to this registry setting:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\exchange] "MaxNumExchange"=dword:0000000f
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\exchange] "MaxNumExchange"=dword:0000000f
Other GPO settings are also available for forcing behavior.
Now I wouldn’t be happy with 15 mailboxes in my Outlook, but I can manage 3 or 4. I suggest using the favorites section for quick access.
When sending a new message you can choose which (Exchange) account to use.
Items you sent are saved in the sent items of your Exchange account
Thanks to Kees for pointing me to Jaap Wesselius article: http://ucug.nl/blogs/jaapwess/archive/2009/11/12/outlook-2010-en-meerdere-exchange-mailboxen.aspx
Fraunhofer SIT has presented a method for discovering the BitLocker drive encryption PIN under Windows. The method even works where TPM is used to protect the boot process. The trick? An attacker with access to the target computer simply boots from a USB flash drive and replaces the BitLocker bootloader with a substitute bootloader which mimics the BitLocker PIN query process but saves the PINs entered by the user to disk in unencrypted form.
Although the BitLocker boot process carries out an integrity check on the system, and thereby the Windows installation, it does not check the bootloader itself – not that the actual attack described even gets as far as the Windows boot process. Consequently, according to the Fraunhofer SIT report, even if a Trusted Computing Module (TPM) is fitted, it fails to protect against such an attack.
Once the substitute bootloader has saved the victim's PIN to the hard drive, it rewrites the original bootloader to the MBR and restarts the system. The victim may indeed wonder why their computer is restarting, but then we've all seen computers suddenly decide to abort a boot and restart.
To get hold of the saved PIN, the attacker needs to gain access to the target computer for a second time, to once more boot up from a USB flash drive and then access the hard drive. The computer can then be rebooted and the PIN thus obtained used to open up BitLocker, allowing access to the protected Windows system.
Continue Attack on Windows BitLocker - The H Security News and Features
Download the report: Attacking the BitLocker Boot Process
Video Demo
This design guide provides information about BranchCache in both distributed cache mode and hosted cache mode that assists you in determining the best way to deploy BranchCache on your network.
BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in some editions of the Windows Server® 2008 R2 and Windows® 7 operating systems. To optimize WAN bandwidth, BranchCache copies content from your main office content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN. This design guide provides information about BranchCache in both distributed cache mode and hosted cache mode that assists you in determining the best way to deploy BranchCache on your network.
Download details BranchCache Design Guide
DirectAccess is an integrated part of the Windows 7 Enterprise, Windows 7 Ultimate, and Windows Server 2008 R2 operating systems. A DirectAccess solution provides a secure, flexible architecture for enhanced remote access and transition to IPv6. It is designed to be compatible with most existing Internet, perimeter, and intranet environments by using IPv6-inside-IPv4 tunneling and IPv6-to-IPv4 translation where necessary.
A DirectAccess solution may require IPv6/IPv4DNS and IPv6/IPv4NAT at the network perimeter to provide access to existing IPv4-only internal hosts. New IETF specifications for DNS64 and NAT64 should provide IPv6/IPv4DNS and IPv6/IPv4NAT products that are compatible with DirectAccess. The Forefront Unified Access Gateway DirectAccess server provides a comprehensive DirectAccess solution, with a compatible IPv6/IPv4DNS and IPv6/IPv4NAT, network load balancing, and high availability.
Download details Windows 7 and Windows Server 2008 R2 DirectAccess IT Infrastructure Compatibili
Boxshots of retail packages of Microsoft Office 2010. Pics thanks to CentrumXP.pl