Good post that has links to all 6 parts of the blog.
http://bit.ly/g38WCt
Along with that, Microsoft has new certifications for 'cloud'
February 2011 Archives
Shouldn't affect us in the enterprise we're we don't use FEP. For home users that have Security Essentials it should upgrade automatically. I've pasted the summary below.
Executive Summary
Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.
Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.
Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: February 22, 2011
********************************************************************
Summary
=======
The following bulletins have undergone a major revision
increment.
Please see the appropriate bulletin for more details.
* MS10-077 - Critical
* MS10-070 - Important
Bulletin Information:
=====================
* MS10-077 - Critical
-
http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx
-
Reason for Revision: V3.0 (February 22, 2011):
Announced a detection change to offer the Microsoft .NET Framework 4.0 update
packages to customers who install Microsoft .NET Framework 4.0 after installing
Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for
x64-based Systems Service Pack 1, or Windows Server 2008 R2 for Itanium-based
Systems Service Pack 1. Customers
who have already successfully updated their systems do not need to take any
action.
-
Originally posted: October 12, 2010
-
Updated: February 22, 2011
-
Bulletin Severity Rating: Critical
-
Version: 3.0
* MS10-070 - Important
-
http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
-
Reason for Revision: V4.0 (February 22, 2011):
Announced a detection change to offer the Microsoft .NET Framework 4.0
(KB2416472) update packages to customers who install Microsoft .NET Framework
4.0 after installing Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for
x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems
Service Pack 1, or Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1. Customers who have
already successfully updated their systems do not need to take any action.
-
Originally posted: September 28, 2010
-
Updated: February 22, 2011
-
Bulletin Severity Rating: Important
- Version: 4.0
As some of you know I'm participating in the ConfigMgr 2012 CEP (Customer Experience Program). Today's session was on migrating from ConfigMgr 2007 to ConfigMgr 2012. See the below list for things we can do to prepare for ConfigMgr 2012, and how prepared we already are :)
- Get to ConfigMgr 2007 SP2 - Done
- Avoid mixing user and devices in collection definitions - Done
- Yep, this one is kind of meaningless right now since we don't *yet* offer user centric deployments
- Don't use collections with multiple query rules which limit to different collections.
- This could be a big one here since we do a fair amount of collection limiting. So, basically we all need to get really good at WQL so we can do all the limiting in in the query (using joins and other commands)
- Send questions to the list
- Package source path needs to be UNC - done
- I may have a couple I need to clean up centrally, but we should be pretty much set here
- Site codes between ConfigMgr 2007 and ConfigMgr 2012 site need to be unique - easy
- One that wasn't listed (since the have a migration strategy for that) is flatten your site - done, we're as flat as they come
Thanks to Yuemo Zeng for finding this app and letting me know about it!
http://offisync.com/
I've been using this app and it's been great to migrate all our documents from our current document management system to Google Docs. It's a Word add-in that creates another ribbon for you to use that you can save your documents up to Google docs after working on them in Word, directly from Word. It also will merge your changes with changes another user is making when its uploaded. Also, if you need to convert your document it will convert it for you by default, but does allow the option to keep it's current formatting.
Unfortunately, it doesn't seem to get around Google's 1 MB limit for converting documents to Google documents. But I wouldn't expect it to, it just would have been great!
Thanks to Derek from OIT-SEC for pointing out the scripting games have begun. If you haven't started to learn PowerShell, now's the perfect time!
Scripting games study guide
Client Center Tools have been updated!
- Running executions will show more details (Thanks to Mark Whittle)
- Advertisements for Task-Sequences do now have a different icon than normal advertisements.
- Packages from within a TS will be highlighted with a different color (green) in the advertisements list.
- some bug fixes...
Nice variable for using the full UNC path to a file on the DP during a Task Sequence. Note that since this is a UNC path it only works for SMB, not HTTPs.
FYI, for those upgrading from Windows 7 to SP1.
Good talk on balancing work life.
Interesting post for a Sunday afternoon, eh?
Sweet stuff for extending inventory.
If you need it, hopefully you won't.
Nice blog post! For any of you using certificates for LOB functions, here's a good way to get a list of certificates that are expiring soon. If the beginning of the blog seems confusing, just scroll down the function he wrote that you can download.
Answers some questions about the WAIK and what's new in WinPE3.1.
Chrome blows away the competition in another category too. :) I don't think they'll be bragging about this one.
I want one!
Just a short list of programs that have compatibility issues with Win7 SP1. It'll get added to as needed.
FYI
It's a good read. Has some nice scripts for querying information and using ConfigMgr for settings. One word of caution though, is it is a vendor whitepaper so they show off there product. But, it still contains some great information.
The latest Java has arrived, yesterday.
Information Systems Specialist at Luther Seminary in St. Paul, MN.
More good information for SA customers (which includes us).
Here's and excerpt from the Windows team blog, at
We are also pleased to announce Windows Thin PC (WinTPC), an upcoming SA benefit. WinTPC is a smaller footprint, locked down version of Windows 7, designed to allow customers to repurpose their existing PCs as thin clients. PCs with WinTPC will not require the VDA license that regular thin clients will need to access VDI desktops. WinTCP is expected to be available for download from the Microsoft Connect Site in Q1 2011.
It does as the title says, it does some registry work and it also sets some stuff in the default user profile. That section may be useful for anyone setting certain settings in the default user profile that can't be set for users through group policy.
http://myitforum.com/cs2/blogs/rbennett806/pages/vbscript-to-customize-the-os-during-deployment.aspx
How to create a notification window with Microsoft Visual C++ 2010 Express Edition.
http://myitforum.com/cs2/blogs/rbennett806/pages/how-to-create-a-notification-window.aspx
This guy is good. Nice little script for those that can't use PXE.
http://myitforum.com/cs2/blogs/rbennett806/pages/vbscript-to-eject-winpe-discs.aspx
Respository of collection queries.
http://myitforum.com/cs2/blogs/rbennett806/pages/collection-queries.aspx
Coolest part of the blog post, go to http://www.html5test.com to test your browser's HTML5 compatibility.
http://www.theregister.co.uk/2011/02/14/ie_9_release_candidate_review/
Short video on setting your execution policy through group policy.
Even though IE9 has worked out for me since beta and is 100x better in RC. We may not be ready to push IE9 widely once it's released. For those of you that run your own WSUS, you may want to download the IE9 blocker.
Nice post on what's new in IE9 RC.
http://blogs.msdn.com/b/ieinternals/archive/2011/02/11/ie9-release-candidate-minor-changes-list.aspx
Best improvement, see below:
- The prefix JavaScript: is stripped from any text pasted into the IE9 address bar. This mitigates a socially-engineered XSS attack common on social networks wherein users were tricked into performing self-inflicted XSS injections upon themselves. No, CTRL+C,ALT+D,CTRL+V, ENTER will not give you magical powers.
SP1 will be availabe to volume license customers (us) on February 16th!
Overview of SP1
http://technet.microsoft.com/en-us/library/ff817622(WS.10).aspx
Windows Server team write up on SP1
shortlink: http://bit.ly/hPvpoT
Deployment Guide for Windows Server 2008 R2 with SP1 and Windows 7 with SP1
http://technet.microsoft.com/en-us/library/ff817650(WS.10).aspx
Documentation for Windows 7 and Windows Server 2008 R2 Service Pack 1 Release Candidate (KB976932)
shortlink: http://bit.ly/eduyxe
Issues with RSAT if you try to install RSAT after you install SP1
http://blogs.technet.com/b/askds/archive/2011/02/10/rtm-rsat-and-sp1-win7-shot-over.aspx
And a follow up blog post
http://windowsteamblog.com/windows/b/bloggingwindows/archive/2011/02/16/windows-7-sp1-follow-up.aspx
Information on what's new in IE 9 RC!
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32e9790f-b30d-4b66-bec3-01b715e17a00
In development now, but beta in March. And then, for all you MDOP subscribers, they're working at adding it to the MDOP package.
I signed up for the Beta notice, so I'll post again when it's released.
Nice write up and usage of powershell for troubleshooting Windows 7.
Some unpatched vulnerabilities in Office 2003 and 2007 have been publicly released by DVLabs. Migitation strategies are listed in the article.
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft
Good article. Especially for everyone with servers that may be doing static IPs.
Great book on working with WMI with PowerShell, it gives a really good overview of WMI and WQL also. Well worth downloading to learn to use PowerShell in WMI and as reference.
It's really a PDF, not an eBook (since the standard is .epub now)
http://www.ravichaganti.com/blog/?p=1979
Good article on IT maturity at an organization.
Gartner says ConfigMgr can execute better than anyone else. But, lacks a bit in completeness of vision. It's due time for MS to add non-Windows support natively...
From the article: The PCCLM market continues to mature; however, most of the vendors decreased in Completeness of Vision, because they are behind the market in meeting several emerging requirements, including non-Windows device management, desktop virtualization management and software as a service.
http://www.gartner.com/technology/media-products/reprints/microsoft/vol2/article6/article6.html
Here come the Adobe patches...
http://www.adobe.com/support/security/bulletins/apsb11-03.html
Former Director of NTS, Carolyn Parnell, is the new State of Minnesota CIO!
http://civsourceonline.com/2011/02/02/minn-governor-names-new-state-cio/
Two support useful links are given in the following post.
The links themselves:
How to obtain error code descriptions in System Center Configuration Manager 2007 reports
http://support.microsoft.com/kb/944375/en-us
Custom Error Codes for Configuration Manager 2007
Good read on IPv6. Just a note, he's not saying leave all the tunneling protocols on, just IPv6.
http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx
After a wonderful sequencing session today I found out a service pack is coming out for App-V 4.6. It has some nice new features! Find out more about it at the link below:
http://kirxblog.wordpress.com/2010/11/24/a-preview-on-app-v-46-sp-1/
Nice script to do exactly as it's titled. You can pass it an array or if no items are passed it'll grabe the local machines information.
It also touches on security issues while transitioning to IPv6. Sooo, our security team had valid concerns...
http://www.securityweek.com/ddos-attacks-exceed-100-gbps-attack-surface-continues-expand
OK, enough love for OIT-SEC tonight.
They use the acronyms FDCC and NIST almost more than Paul Dokas did. But, it's a good thing... especially since Microsoft did the work for us!
Very nice addin once we get rolling with DCM (Desired Configuration Management) see http://technet.microsoft.com/en-us/library/bb680553.aspx
It's been in beta for awhile, but it's finally released and widely available.
Overview
The Chem4Word Project (http://research.microsoft.com/chem4word) began in 2008 as a collaboration between Microsoft Research and the University of Cambridge, designed to make it easier to insert and modify chemical information (labels, formulas, 2-D depictions, etc.) from within Microsoft Office Word, and also to have the chemical information stored and manipulated in a semantically rich manner.
It finally happened, fake AV is using a real AV's name.
For you security conscious folks out there that speak Itailian. :)
http://www.notageek.it/group-policy-workaround-kb2501696-cve-2011-0096.html
It's in Italian, but with good screen shots and you can download the admx template. I haven't tested this, but am on a list where different admins have. I did crack the .admx and it looks good, but make sure to test in your environment, the .adml will give you an overview in english of what the .admx does. Both a veiwable in notepad.
