Microsoft Archives - ISInc


Latest Postings

March 25 2010

Enable Admin Audit Logging Exchange 2010

Exchange 2010 allows auditing of administrative actions. All actions can be audited or just specific cmdlets and parameters. To enable Audit Logging open the Exchange Management Shell and run the following commands.

Audit All cmdlets
Set-AdminAuditLogConfig -AdminAuditLogCmdlets *
or
Only audit New-Mailbox, all transport rules, all management, all set-transport cmdlets
Set-AdminAuditLogConfig -AdminAuditLogCmdlets New-Mailbox, *TransportRule, *Management, Set-Transport*

Set-AdminAuditLogConfig -AdminAuditLogParameters *

or

Set-AdminAuditLogConfig -AdminAuditLogParameters Database, *Address*, Custom*, *Region
Audits just the parameters that have Database, all parameters with *Address*, begins with Custom, ends with Region.

Set-AdminAuditLogConfig -AdminAuditLogMailbox [email protected]
All auditing is sent to the mailbox of AdminAudit.

Set-AdminAuditLogConfig -AdminAuditLogEnabled $True

 

SetAdminAuditLogEMS

All of the commands can be run on a single line if you prefer.

After creating a new mailbox by either using the EMC or the EMS, an email is sent to the AdminAudit Mailbox. Make sure the Mailbox is secured appropriately and archive or delete the mail after a specified amount of time. A command Set-AdminAuditLogConfig –AdminAuditLogAgeLimit DD.HH:MM:SS is not available for the RTM release of 2010 so be sure to watch the size of the mailbox.

Below is a screenshot of the message sent to the AdminAudit Mailbox after creating a new Mailbox and User.

AdminAuditLogEmail

October 23 2008

Microsoft Alert – Critical Product Vulnerability – October 23, 2008 Microsoft Security Bulletin Release (Out of Band)

Microsoft just released an alert to provide you with an overview of the new security bulletin released (out of band) on Thursday, October 23, 2008. Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644), to address a vulnerability in all currently supported versions of Windows. This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers. We request that you take action immediately by first assessing and preparing your own systems and networks and applying the security update, then reaching out to your customers to assist them in securing their systems and networks by applying the update.

 

Details about this security update are below, but here are your key resources:

 

·         The full bulletin for MS08-067 is available at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

·         We recommend that you use the Microsoft TechNet Security TechCenter as a source of security information: http://technet.microsoft.com/security

 

Summary

 

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests.

 

Recommendations

 

Microsoft recommends that you assess your systems and networks and apply this security update to secure your systems and networks and to help ensure that your computers are protected from attempted criminal attacks.

 

New Security Bulletin Technical Details

 

Identifier

MS08-067

Severity Rating

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software

All currently supported versions of Windows

Restart Requirement

The update requires a restart.

Removal Information

·         For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility

·         For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update

MS06-040 is superseded on these operating systems: Windows 2000 SP4, Windows XP SP2, Windows XP X64, Windows Server 2003 SP1, Windows Server 2003 X64, Windows Server 2003 SP1 for Itanium-based Systems.

Full Details:

http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

 

 

Regarding Information Consistency

 

We recommend that our customers use the Microsoft TechNet Security TechCenter as a key source of security information: http://technet.microsoft.com/security, and that you sign up for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx.  We strive to provide you with accurate information in static and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative. 

 

ISInc Support Options

If you are interested in ISInc support to keep your networks up to date, please contact us at 916-920-1700 to hear about our Managed Services options.

June 11 2008

Get your own free copy of Windows Server 2008 Standard Edition with selected Windows Server classroom training.

Get your own free copy of Windows Server 2008 Standard Edition with selected Windows Server classroom training.

ISInc is excited to offer you top level training on the latest technology, direct from the experts. You’ll learn the powerful new management tools and security enhancements of Windows Server 2008 and come away with the skills you need to configure, maintain, and troubleshoot Windows Server 2008, as well as a free copy of the software.

Enroll and attend any one of these three top Windows Sever 2008 training classes between June 27 and Dec 31, 2008 (while supplies last) and you’ll receive the Microsoft Windows Server 2008 Standard Edition— FREE.

This offer is available for a limited time and only while supplies last so act now. The following courses are the ones that include free software. Please contact ISInc at 916.920.1700 or at [email protected] for more information.

Course Number: 6416b Updating your Network Infrastructure and Active Directory Skills to Windows Server 2008

Course Number: 6421a Configuring and Troubleshooting Windows Server 2008 Network Infrastructure

Course Number: 6424a Fundamentals of Windows Server 2008 Active Directory

April 1 2008

Available Now: Windows Server 2008 Learning Snacks

Want to learn more about Windows Server 2008, but are short on time? Learning Snacks are short, interactive presentations about popular Windows Server 2008 topics and have been created by Microsoft Learning experts. Each Snack is delivered by using innovative Microsoft Silverlight technology and includes various media, such as animations and recorded demos. At the end of each presentation, you can view more Snacks, learn more about the topic, or visit a related Web site.  You will be prompted to install Silverlight before viewing any of the learning snacks when you select a program to watch.  Happy viewing! 

Of course, when you are done if you’d like even more information on Windows Server 2008, check out some of the new instructor-led Windows Server 2008 courses that ISInc is offering.  We are pleased that we are the only one in the valley offering a few of them, such as the Windows Server 2008 Readiness course.

Microsoft Windows Server 2008 Learning Snacks

Introducing Branch Office Server in Windows Server 2008
This free Snack describes the benefits that Windows Server 2008 provides for installing and maintaining a branch office network. It demonstrates the installation of a branch office network by using the new server core option. It also lists the benefits of Active Directory read-only domain controllers (RODCs) and BitLocker Drive Encryption.

Introducing Centralized Application Access in Windows Server 2008
This free Snack explains the operational benefits of centralizing applications by using Windows Server 2008. It examines the benefits of Terminal Services. It lists ways to provide remote users with access to centralized applications by using Terminal Services Web Access. It also describes the requirements for providing a single sign-on for remote users.

Implementing Active Directory Domain Services in Windows Server 2008
This free Snack describes the new options available in Windows Server 2008 for installing and configuring Active Directory Domain Services (AD DS) and auditing changes to it. It lists the features of read-only domain controllers (RODCs) and describes how to perform a nonauthoritative or an authoritative restore of AD DS data.

Implementing Network Access Protection in Windows Server 2008
This free Snack describes the benefits of implementing Network Access Protection (NAP) in Windows Server 2008. It describes how to configure network and health policies for various types of clients. It identifies the options for configuring Dynamic Host Configuration Protocol (DHCP) enforcement for NAP and demonstrates the steps for testing a NAP implementation with DHCP enforcement.

Implementing Windows Server 2008 Security
This free Snack examines and lists the features of Group Policy settings in Windows Server 2008. It demonstrates the steps for implementing Group Policy settings and the process of upgrading them. It also explains the purpose of security templates that can be imported into Group Policy settings.

Introducing Server Virtualization in Windows Server 2008
This free Snack explains the new virtualization features in Windows Server 2008 and lists the system requirements. It also demonstrates the steps necessary to install Windows Server virtualization.

February 6 2008

Windows Server 2008 Launch Course

Microsoft has selected ISInc to deliver this 3 day instructor-led course which provides students with an understanding of the primary product changes in Windows Server 2008.  This course is intended to allow individuals who already have experience with Windows Server to upgrade their skills for Windows Server 2008 and prepare for Windows Server 2008 certification exams. This course is based on an interim build of Windows Server 2008.  The course is 3 days and is being offered February 19-21 for only $299! If you are interested in attending, please go to www.msreadiness.com/coursedetail.aspx?id=6686 to register.  Space is limited so be sure to register early.