The next version of Windows Home Server, codenamed Vail, is expected to be a 64-bit only server, based on Windows Server 2008 R2 and could well be Microsoft's first 64-bit only consumer product. It is scheduled to be launched next year and will come with a re hauled user interface.
Microsoft has finally released Windows Home Server Power Pack 2 which is a free package that significantly improves WHS's core set of features especially and will be available as a Windows Update.
The current service pack would improvement remote access configuration, enhance functionality for PCs running Windows Media center.
Windows Home Server is essentially a more media friendly server operating system that allows home users to back up, access, share, and store content in a centralised vault.
Users will need Windows Home Server with Power Pack 1 installed on their home servers before installing Power Pack 2. Microsoft Windows Home Server Power Pack 1 can be purchased from for as little as £73 and comes in a 1 server - 10 Client Access Licenses.
Source: ITproportal
Thursday, March 26, 2009
Tuesday, March 17, 2009
Security Configuration Wizard in Windows 2003 Server
New in Windows Server 2003 SP1 and R2, Microsoft has made available a tool that will help you to determine exactly what is running on your Windows Server 2003 system and be able to reduce the surface area of your server, thereby making it less vulnerable to an attack. In short, through the use of the Security Configuration Wizard, you can take a very granular look at your system and disable non-required functionality.
The Security Configuration Wizard does not automatically install when you install SP1 or R2. Follow these steps to install:
1. Go to Start | Settings | Control Panel
2. Choose Add or Remove Programs.
3. Choose Add/Remove Windows Components
4. Select the check box for Security Configuration Wizard, click Next. Make sure you have your source media available.
After installation is complete, the Security Configuration Wizard is available from Start > All Programs | Administrative Tools | Security Configuration Wizard.
When you initially run the tool, you need to provide a server to use as a baseline. Further in the Wizard, you will see a complete list of the potential roles for your server, from both a server and a client perspective. For example, you might have one server that runs the SMS 2003 server, and another that has the SMS 2003 client installed. Select the roles for this server. You can also choose whether to enable administrative services, such as BITS (Background Intelligent Transfer Service), Browser, Browse Master, Remote Desktop, SQL Server Agent, and more. Microsoft can't be on top of every possible server service on your server, so the Wizard also provides you with the capability to either ignore or disable any services that are not on the lists.
Beyond services, the Wizard also allows you to specifically allow or deny specific TCP/IP ports. Also, you can use the tool to restrict access to a specific TCP/IP port to a single computer or a range of IP addresses. For example, if you want to allow only people on your administrative network permission to establish any kind of connection using Remote Desktop, you could restrict port 3389 to just that subnet.
You can also make policy changes that affect the handling of SMB file and print traffic. For example, if your server has enough excess capacity, you can require signing for all SMB traffic to prevent man-in-the-middle type attacks on your clients. The same goes for signing all LDAP traffic. In the policy, you can indicate that all clients that connect run a version of at least SP3 for Windows 2000 to help protect LDAP information on your network.
Other areas addressed in the tool:
* Audit settings: Determine if you want to enable auditing and, if so, if you want to log successful, or both successful and unsuccessful activities.
* IIS: Which IIS extensions do you want to enable? For example, ASP.NET 1.1, ASP.NET 2.0, Server Side Includes, WebDAV, etc. Also, which virtual directories should be enabled? You might want, for example, to block access to the IISAdmin folder.
The Security Configuration Wizard does not automatically install when you install SP1 or R2. Follow these steps to install:
1. Go to Start | Settings | Control Panel
2. Choose Add or Remove Programs.
3. Choose Add/Remove Windows Components
4. Select the check box for Security Configuration Wizard, click Next. Make sure you have your source media available.
After installation is complete, the Security Configuration Wizard is available from Start > All Programs | Administrative Tools | Security Configuration Wizard.
When you initially run the tool, you need to provide a server to use as a baseline. Further in the Wizard, you will see a complete list of the potential roles for your server, from both a server and a client perspective. For example, you might have one server that runs the SMS 2003 server, and another that has the SMS 2003 client installed. Select the roles for this server. You can also choose whether to enable administrative services, such as BITS (Background Intelligent Transfer Service), Browser, Browse Master, Remote Desktop, SQL Server Agent, and more. Microsoft can't be on top of every possible server service on your server, so the Wizard also provides you with the capability to either ignore or disable any services that are not on the lists.
Beyond services, the Wizard also allows you to specifically allow or deny specific TCP/IP ports. Also, you can use the tool to restrict access to a specific TCP/IP port to a single computer or a range of IP addresses. For example, if you want to allow only people on your administrative network permission to establish any kind of connection using Remote Desktop, you could restrict port 3389 to just that subnet.
You can also make policy changes that affect the handling of SMB file and print traffic. For example, if your server has enough excess capacity, you can require signing for all SMB traffic to prevent man-in-the-middle type attacks on your clients. The same goes for signing all LDAP traffic. In the policy, you can indicate that all clients that connect run a version of at least SP3 for Windows 2000 to help protect LDAP information on your network.
Other areas addressed in the tool:
* Audit settings: Determine if you want to enable auditing and, if so, if you want to log successful, or both successful and unsuccessful activities.
* IIS: Which IIS extensions do you want to enable? For example, ASP.NET 1.1, ASP.NET 2.0, Server Side Includes, WebDAV, etc. Also, which virtual directories should be enabled? You might want, for example, to block access to the IISAdmin folder.
Thursday, March 12, 2009
Way to Change Computer Name on Windows Server 2008
Default installations of Windows Server 2008 give the server a name like WIN-94CX1930EF21 or some other obscure pattern that doesn’t fit into most computer infrastructures. You can change the computer name using the netdom command. Netdom (which isn’t a new tool) is an easy way to change the computer name after Windows Server 2008 is installed on Core Editions. You can also use it on the full installation versions.
It’s pretty straightforward to use the netdom command. For example, let’s go from the default name WIN-94CX1930EF21 to a computer name of SERVER13. This is the command you would enter:
netdom renamecomputer WIN-94CX1930EF21 /Newname SERVER13
Once this is complete, you get a friendly prompt that renaming a system may cause certain services to fail. Because of this warning, it is a good idea to rename the server early in the build process.
The server is successfully renamed after the requested system reboot.
If you want to join the system to an Active Directory domain, the same command is used except extra parameters are required. If the computer account already has the correct name, a command like the following will join a Windows Server 2008 server to a domain:
netdom join /DOMAIN:RWVDEV server13 /userD:RWVDEV\Administrator /password:*
It’s pretty straightforward to use the netdom command. For example, let’s go from the default name WIN-94CX1930EF21 to a computer name of SERVER13. This is the command you would enter:
netdom renamecomputer WIN-94CX1930EF21 /Newname SERVER13
Once this is complete, you get a friendly prompt that renaming a system may cause certain services to fail. Because of this warning, it is a good idea to rename the server early in the build process.
The server is successfully renamed after the requested system reboot.
If you want to join the system to an Active Directory domain, the same command is used except extra parameters are required. If the computer account already has the correct name, a command like the following will join a Windows Server 2008 server to a domain:
netdom join /DOMAIN:RWVDEV server13 /userD:RWVDEV\Administrator /password:*
Source: http://blogs.techrepublic.com.com/datacenter/?p=594
Wednesday, March 4, 2009
Amazon Extends EC2 Windows Support Into Europe
Seattle-based Amazon Web Services LLC, the web services subsidiary of Amazon.com, announced this morning that it has extended support for Microsoft Windows server and Microsoft SQL Server into Europe. The firm said the Amazon EC2 Windows support--which was launched in October for users in the US--will be available to its EU Region customers today, including access to the new features in the AWS Management Console, Amazon's interface for managing EC2 instances.
Amazon has been rolling out its cloud computing services to Europe after ironing out the services in the US: the firm only rolled out local, EC2 support in Europe in December. Amazon's EC2 services running Windows includes support for ASP.NET, AJAX, Silverlight, and Internet Information Server (IIS), along with SQL Server Express and SQL Server Standard.
EC2 is Amazon's cloud computing service, which allows customers to create virtual server images in either Linux or Windows via an API; those servers can be used to scale out web applications or create cloud computing farms, billed by how much CPU and traffic is send to those servers.
Source: http://www.nwinnovation.com/amazon_extends_ec2_windows_support_into_europe/s-0020241.html
Amazon has been rolling out its cloud computing services to Europe after ironing out the services in the US: the firm only rolled out local, EC2 support in Europe in December. Amazon's EC2 services running Windows includes support for ASP.NET, AJAX, Silverlight, and Internet Information Server (IIS), along with SQL Server Express and SQL Server Standard.
EC2 is Amazon's cloud computing service, which allows customers to create virtual server images in either Linux or Windows via an API; those servers can be used to scale out web applications or create cloud computing farms, billed by how much CPU and traffic is send to those servers.
Source: http://www.nwinnovation.com/amazon_extends_ec2_windows_support_into_europe/s-0020241.html
Wednesday, February 25, 2009
How to Choose IT Network Server Support Company?
Whether you are a large company or small, you would always require tech help. You will find that something can foretell your technical support requirement based on what your company's future plans are. Choosing a good small business computer support services will ensure that your IT network is going to stay in good shape and that you will be able to work in a trouble free environment. On the other hand, choosing a company poorly rated could get you into a contract which will put you in a difficult situation down the line. This decision can make or break your tech support.
Small businesses necessitate that additional steps must be taken to secure data on their desktops and workstations. To get the work done, you can look forward to any good server support company like iYogi, Dell, Microsoft etc...
If you are in a situation where you are looking for a great small business tech support company, you can't go wrong by doing a lot of research. What tech support companies are devoted to giving companies of your size and your industry good services? Who is well known for good tech help service, and who is getting blasted on reviews sites for poor standards? While you should always take what you see on review sites with a grain of salt, you will find that there is usually some truth to them. A lot of complaints or a history with the Better Business Bureau is something that should make you wary.
Look at the maximum amount of downtime that they promise. When a problem happens, what is the maximum amount of time that it will take for them to fix it? In many ways, this is something that can be quite indicative of what their tech support service is like. Make sure that their business tech support will cover you at all times of the day and take some time to plan out a worst case scenario. What are you looking at when you are considering entering into their services? Unless you can live with their lowest promised rates, you will want to go to someone else. Figuring out what your options are and what you can do when you are looking to get their attention is something that goes a long way towards getting you the results and the tech support company that you need.
Thursday, February 12, 2009
Windows Server 2008: Active Directory Domain Services Auditing Capabilities Explained
Active Directory Domain Services Auditing has remained fairly consistent since the first release of Active Directory in Windows 2000 Server. However, Microsoft has introduced new Active Directory Domain Services auditing capabilities in Windows Server 2008. Active Directory Domain Services auditing in Windows Server 2008 provide more granular auditing capabilities and more control.
Source: http://www.enterpriseitplanet.com/networking/features/article.php/3797931
This article takes a deeper look at the new Active Directory Domain Services auditing capabilities in Windows Server 2008.
New Default Auditing Settings in Group Policy
Windows 2000 Server and Windows Server 2003 enabled auditing for a number of policies by default. However, Windows Server 2008 does not define these global audit settings by default. These settings are instead defined by using the new auditing subcategories. This may seem as though auditing is not configured by default, however this is not the case. The configuration of the global audit settings is inherited by the subcategories below that global audit setting. Therefore, Microsoft chose to configure specific subcategories by default, which is covered in the next section.
New Auditing Subcategories
As previously mentioned, Windows Server 2008 introduces auditing subcategories. The following table shows the subcategories below each global audit setting, as well as the default configuration for each audit subcategory.
Global Audit Setting | Subcategory | Default Setting |
| Audit Account Logon Events | Kerberos Service Ticket Operations | Success |
| Other Account Logon Events | No Auditing | |
| Kerberos Authentication Service | Success | |
| Credential Validation | Success | |
| Audit Account Management | Computer Account Management | Success |
| Security Group Management | Success | |
| Distribution Group Management | No Auditing | |
| Application Group Management | No Auditing | |
| Other Account Management Events | No Auditing | |
| User Account Management | Success | |
| Audit Process Tracking | Process Termination | No Auditing |
| DPAPI Activity | No Auditing | |
| RPC Events | No Auditing | |
| Process Creation | No Auditing | |
| Audit Directory Service Access | Directory Service Changes | No Auditing |
| Directory Service Replication | No Auditing | |
| Detailed Directory Service Replication | No Auditing | |
| Directory Service Access | Success | |
| Audit Logon Events | Logoff | Success |
| Account Lockout | Success | |
| IPsec Main Mode | No Auditing | |
| IPsec Quick Mode | No Auditing | |
| IPsec Extended Mode | No Auditing | |
| Special Logon | Success | |
| Other Logon/Logoff Events | No Auditing | |
| Logon | Success and Failure | |
| Audit Object Access | File System | No Auditing |
| Registry | No Auditing | |
| Kernel Object | No Auditing | |
| SAM | No Auditing | |
| Certification Services | No Auditing | |
| Application Generated | No Auditing | |
| Handle Manipulation | No Auditing | |
| File Share | No Auditing | |
| Filtering Platform Packet Drop | No Auditing | |
| Filtering Platform Connection | No Auditing | |
| Other Object Access Events | No Auditing | |
| Audit Policy Change | Authentication Policy Change | Success |
| Authorization Policy Change | No Auditing | |
| MPSSVC Rule-Level Policy Change | No Auditing | |
| Filtering Platform Policy Change | No Auditing | |
| Other Policy Change Events | No Auditing | |
| Audit Policy Change | Success | |
| Audit Privilege Use | Non Sensitive Privilege Use | No Auditing |
| Other Privilege Use Events | No Auditing | |
| Sensitive Privilege Use | No Auditing | |
| Audit System Events | Security System Extension | No Auditing |
| System Integrity | Success and Failure | |
| IPsec Driver | No Auditing | |
| Other System Events | Success and Failure | |
| Security State Change | Success |
Source: http://www.enterpriseitplanet.com/networking/features/article.php/3797931
Wednesday, February 4, 2009
SBS 2008 to SBS 2008 Migration Fails When "Windows SBS User Policy" Edited
Windows Small Business Server 2008 creates a group policy called "Windows SBS User Policy", one of the tasks of this group policy is to add a few shortcuts (OWA, RWW, and WSS) to IE on SBS clients. If this list is modified AND you attempt a SBS 2008 to SBS 2008 migration the migration will irrecoverably fail. You will receive this following installation issue and be unable to complete the migration:
The installation of Windows Small Business Server 2008 cannot finish.
At this point, you must restore the original server from backup and completely start the migration process over. To avoid this issue please complete the following steps prior to a SBS 2008 to SBS 2008 migration:
Note: This only needs to be done if the policy has been edited. If you're not sure, there is no harm in doing these steps as a precaution.
- Open gpmc.msc and edit the "Windows SBS User Policy".
- Navigate to User Configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance -> URLs.
- View the properties of Favorites and Links.
- Make a note of all the Favorites and Links (This has likely been customized from the default).
- Remove all the Favorites and Links and save the policy.
Once you complete the migration, the favorites for OWA, RWW and Companyweb will be automatically recreated. You will then have to manually re-add your custom URLs.
SBSSetup.log Errors:
[908] 080925.155308.3044: Setup: Task ConfigureIE succeeded.
[908] 080925.155308.3200: TaskManagement: In TaskScheduler.RunTasks(): The "ConfigureIE" Task or the "NET" TaskProcessor threw an Exception during the ITaskProcessor.Run() call:System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility._normalFavoritesEX()
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility..ctor()
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility.DelIEFavorites(String keyName)
at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureIE.Run(ITaskDataLink DataLink)
at Microsoft.WindowsServerSolutions.TaskManagement.TaskProcessors.NetTaskProcessor.Run(Task currentTask, ITaskDataLink dataLink)
at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink, IDictionary`2 taskProcessorMap)
at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName)[908] 080925.155308.3200: Setup: An error was encountered on the TME thread: System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility._normalFavoritesEX()
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility..ctor()
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility.DelIEFavorites(String keyName)
at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureIE.Run(ITaskDataLink DataLink)
at Microsoft.WindowsServerSolutions.TaskManagement.TaskProcessors.NetTaskProcessor.Run(Task currentTask, ITaskDataLink dataLink)
at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink, IDictionary`2 taskProcessorMap)
at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName)
at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter._RunTasks(Object sender, DoWorkEventArgs e)
[2228] 080925.155308.5384: Setup: _UnhandledExceptionHandler: Setup encountered an error: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: The TME thread failed (see the inner exception). ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility._normalFavoritesEX()
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility..ctor()
at Microsoft.WindowsServerSolutions.ClientSetup.IEUtility.DelIEFavorites(String keyName)
at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureIE.Run(ITaskDataLink DataLink)
at Microsoft.WindowsServerSolutions.TaskManagement.TaskProcessors.NetTaskProcessor.Run(Task currentTask, ITaskDataLink dataLink)
at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink, IDictionary`2 taskProcessorMap)
at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName)
at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter._RunTasks(Object sender, DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
--- End of inner exception stack trace ---
at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter.TasksCompleted(Object sender, RunWorkerCompletedEventArgs e)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at System.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry tme)
at System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry tme)
at System.Windows.Forms.Control.InvokeMarshaledCallbacks()
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Int32 dwComponentID, Int32 reason, Int32 pvLoopData)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at Microsoft.WindowsServerSolutions.Common.Wizards.Framework.WizardFrameView.Create()
at Microsoft.WindowsServerSolutions.Common.Wizards.Framework.WizardChainEngine.Launch()
at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass._LaunchWizard()
at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass.RealMain(String[] args)
at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass.Main(String[] args)
[2228] 080925.155308.5696: Setup: Removed the password.
[2228] 080925.155308.5696: Setup: Deleting scheduled task at path Microsoft\Windows\Windows Small Business Server 2008 with name Setup
[2228] 080925.155308.5852: Setup: Removed SBSSetup from the RunOnce.Source & inspiration: http://blogs.technet.com/sbs/archive/2008/12/16/sbs-2008-to-sbs-2008-migration-fails-when-windows-sbs-user-policy-edited.aspx
Subscribe to:
Posts (Atom)