Archive for February, 2010

SQL Server 2005 SP4 or SQL Server 2008 SP2? That is the question…

Published February 25, 2010 Brian Egler Leave a Comment
Tags: ,

Recently, because of customer requests, Microsoft announced that SP4 for SQL Server 2005 would be released by the end of the calendar year 2010. It was also announced that SP2 for SQL Server 2008 would be released earlier in Q3 2010. To Microsoft’s credit, all is going according to plan. SQL Server 2008 R2 is due out in Q2 2010 as a functional release including Multi-Server Management and Self-Service Business Intelligence. However, not everyone is on the cutting edge.  It will be a relief to see SP4 for 2005. You see, SP3 was released way back in Dec 2008…that’s about 2 years between Service Packs…

Microsoft has developed a sound strategy for issuing updates to SQL Server. It’s called the ISM or Incremental Servicing Model. When a bug is fixed, a hotfix is issued. Periodically, cumulative updates (CUs) are issued which include all hotfixes since the last service pack. Service Packs are tested as a whole and usually go through some sort of Beta or CTP (“Community Technology Preview”) release to involve customer feedback so there’s a higher level of confidence applying them. We are now up to CU 7 for SQL Server 2005 SP3. So we can install SQL 2005, then SP3, then CU 7 to get to the latest build for 2005. I wish Microsoft would support slipstreaming with SQL Server 2005 so we could perform a single install to get to a certain baseline. Maybe with SP4? Thankfully, SQL Server 2008 SP1 now supports slipstreaming. But we still have to apply the latest CU 6 for that service pack. Confused? Imagine how the developers feel.

In the notes on “How to obtain Cumulative Update 7 for SQL Server 2005 Service Pack 3″ it states that “if you are not severely affected by any of these problems, we recommend that you wait for the next SQL Server 2005 service pack”. The typical CU cycle is 8 weeks. That means we might be up to CU13 before SP4 arrives. That’s a long time and lot of fixes to be waiting for. But if you have to stick with SQL Server 2005, at least you’ll have an early Christmas present from Microsoft SQL Server Release Services.

Cheers,

Brian

Related Courses:

Implementing and Maintaining SQL Server 2008 (M6231, M6232)

SQL Server 2005 Administration (M2780)

ZeuS on the LeuS: An IT Security Primer

Published February 23, 2010 Brad Werner Leave a Comment
Tags: ,

Yes, it’s true. As reported by Jordan Robertson for the Associated Press “Corporations, agencies infiltrated by ‘botnet’,” and now trickling its way to FOXNews.com (“Massive Hack Attack Shows Major Flaws in Today’s Cybersecurity“) and elsewhere, yet another incarnation of the ZeuS trojan and botnet is on the loose. According to the AP article, “Security experts have found a network of 74,000 virus-infected computers that stole information from inside [more than 2,400 organizations including] corporations and government agencies.” Just last week I was teaching a Global Knowledge course titled “Defending Windows Networks,” in which students use hacker tools to create trojan horse applications in two of the lab exercises.

What the recent news articles don’t spell out is something many of my students realized last week – just how incredibly easy it is for someone to use free software to create such software infections and infestations. You don’t need to be a software engineer, or an evil genius. All you have to know how to do is press a few buttons and maybe even type in a few parameters to spell out what you want your software robots to do. If you manage to implant such software within organizations around the net, you have a botnet. It’s almost too trivial.

Of course, one of the ways in which such bots can go viral and spread themselves into numbers such as 74,000 computers is that they are able to be morphed into many different strains. The Kneber strain of ZeuS has obviously evaded detection for some time although earlier forms of ZeuS from a year ago are readily detected by many organizations’ defenses. The FOXNews article notes that “NetWitness points out that over half the machines infected with Kneber were also infected with Waledac, a peer to peer botnet.” Indeed, there have been patches and scanner updates available to detect and quarantine Waledec outbreaks as well.

How do new strains of these pieces of software evade detection so successfully? A fundamental aspect of the Anti-Virus, Anti-Spam, and Anti-Malware industries is that these systems are predominantly reactive. When a worm, virus, or other sort of attack makes use of a security vulnerability, several things typically follow in reaction to it. Depending on the nature of the beast, operating system vendors such as Microsoft may develop and release patches such as hot fixes to protect Windows from software which makes use of these vulnerabilities, or equipment vendors such as Juniper or Cisco may release firmware updates to protect network equipment. Intrusion detection and prevention systems (IDS/IPS) and virus scanners are updated with signatures of the current strain of the attack.

As Marcus J. Ranum stated in “The Six Dumbest Ideas in Computer Security,” which I still refer students to even though it was written several years ago, the ways in which many organizations approach computer and network security is wrong. In fact, both in the “Defending Windows Networks” class last week and the “Managing, Maintaining, and Securing Your Networks Through Group Policy” course I’m teaching this week, most students noted that their organizations have classically used a “Default Permit” + “Enumerating Badness” approach which is the default in so many subsystems of Windows rather than the “Default Deny” + “Enumerating Goodness” combination which makes sense when you just look at the big picture for a few moments.

As the AP news article about ZeuS-Kneber+Waledec botnet notes “The unusual thing about the incident is not that it happened but that it was discovered.” Even that one sentence should be enough to motivate us to approach systems security differently.

-Brad

Related URLs:

http://m.apnews.com/ap/db_16036/contentdetail.htm?contentguid=iFqPI6h6

http://www.foxnews.com/scitech/2010/02/18/massive-hack-attack-shows-major-flaws-todays-cybersecurity/

http://www.ranum.com/security/computer_security/editorials/dumb/

Related Course:

Defending Windows Networks


What’s new with SQL Server 2008 R2?

Published February 22, 2010 Brian Egler Leave a Comment
Tags: , ,

SQL Server 2008 R2 CTP (Community Technology Preview) is available for testing. The official release is slated for the Q2 of 2010. I am in the process of testing the new features….

The SQL Server 2008 R2 (version 10.50) contains multiple projects one of which was previously called Project Kilimanjaro and was first announced at the 2008 SQL PASS Conference in Seattle. The main utility was then called Operations Manager which would allow monitoring and management of many SQL Servers from a central point. It has now evolved into the “SQL Server Utility”. I presume we’ll start calling this the SSU. With the SSU, you can create a Utility Control Point (UCP) on a SQL 2008 R2 instance which contains the central repository for configuration and performance data for many servers enrolled via the UCP.

In SQL Server 2008 we had the Data Collector that would produce a central repository for performance data for a single SQL Server. The repository was called a Management Data Warehouse (MDW) and produced attractive reports based on server and query performance. Now the model has been extended through the SSU to support many managed instances from the UCP with the central repository called a Utility Management Data Warehouse (UMDW). You can also set up resource utilization policies so you can control the monitoring of performance on the enrolled servers. You can monitor both data-tier applications or managed instances.

CTP documentation lets us know that the UCP and managed instances must be SQL Server 2008 R2 Enterprise Edition. Hopefully, by the time the product is released it will support managed servers for down-level servers and different editions. Presumably the requirements will stick for the UCP but allow monitoring of legacy servers (including 2008).

I’ve written a whitepaper on the new features of R2 that is available on the GK web site at:

http://www.globalknowledge.com/training/whitepaperdetail.asp?pageid=502&wpid=673

cheers
Brian

New Windows 7 Certification Boot Camps

Published February 19, 2010 Tim Hazell Leave a Comment
Tags: , ,

If you’re interested in getting certified in Windows 7 (or thinking about getting certified somewhere down the road), be sure to check out our new Windows 7 Certification Boot Camps.

We offer three different Windows 7 Certification Boot Camps.  Learn more by clicking on the links below.

Good luck!

-Tim

Windows 7 Certification Boot Camps:

MCTS: Windows 7 Certification Boot Camp

MCITP: Windows 7 Enterprise Desktop Administrator Boot Camp

MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp

Paddling Out to the Coming Wave – SharePoint 2010

Published February 18, 2010 Brad Werner Leave a Comment
Tags: , ,

If you’re a surfer, you are good at paddling out to sea. It’s a different sort of meditation than riding the wave in to shore, which many people find more exciting, more physically demanding, yet in a deeper sense more centering and relaxing than riding a chair-lift up the slopes to make your big alpine skiing run. Perhaps Nordic skiing is more akin to surfing than the Alpine flavor, but that’s beside the point. If you’re using either Microsoft’s Windows SharePoint Services (WSS) or Office SharePoint Server (MOSS) [or the older Portal Server], the time is ripe for grabbing your board and paddling out for the coming wave.

One of the reasons that now is the time is that, even if you don’t plan to deploy SharePoint 2010 technologies (still in beta) until the year 2011 (or even 2012), it is good to take time to plan your strategy. Take time to paddle out before the wave comes – connect with the technologies so that you’re ready for SharePoint 2010 in body, mind, and spirit.  It’s not rocket science, nor is it surfing, so let’s take a look at the cast of characters, the elements, the building blocks of a SharePoint 2010 farm.

Like earlier versions of SharePoint technologies, SharePoint Foundation 2010 (think WSS 4.0), SharePoint Server 2010, and their cousins for Internet applications, can be deployed to a single stand-alone server, or to a distributed farm. Whether your deployments warrant one or more servers, the key services are the web front-end services, the application services, and the database services. All services must be hosted on 64-bit (x64) servers as 32-bit hosting is no longer an option. Here are some of the requirements:

  • Windows Server 2008 R2 or Windows Server 2008 64-bit with Service Pack 2: the operating system platform for SharePoint 2010 must be 64-bit. If you’re planning to deploy on Server 2008 SP2 rather than Server 2008 R2, be sure to upgrade Windows PowerShell to version 2.0.
  • SQL Server 2008 or SQL Server 2005 SP2: the database platform must be hosted on 64-bit servers. On a stand-alone server with an Express version, you’ll be hosting on 64-bit Windows Server anyway, but in a bigger farm, SharePoint also requires that the other servers also be 64-bit.
  • In farm configurations, the farm configuration in the SQL databases is bootstrapped via Active Directory Domain Services (or in some cases Active Directory Lightweight Directory Services) even in small farms in which one server is used for the web, app, and database components. Of course, performance and capacity factors usually demand more than one server in the farm, and the AD DS (or AD LDS) requirement is more obvious. Standalone configurations could be deployed with AD if necessary.

Just remember to be purely 64-bit and get ready with PowerShell v2.0. Yes, you guessed it, we don’t need to use those crazy PowerShell scripts for SharePoint management anymore. That’s right, you don’t have to type those magic incantations only after manually loading assemblies and referring to the classes by their true names – unless you really want to. The SharePoint cmdlets are coming to the SharePoint 2010 Management Shell. More on that later.

Here’s to a sure-footed surfing experience with SharePoint 2010 for you.

Cheers!

-Brad

White Paper Wednesday!

Published February 17, 2010 Tim Hazell Leave a Comment
Tags: , ,

New white papers are out, download them today by clicking the links below.  Drop a comment on the blog and let me know what you thought of the paper.  Or, if you have a topic you’d like one of our instructors to write a white paper on, let me know!

Happy reading.

-Tim

Top 10 Skills in Demand in 2010

Find out which IT and business skills are most in demand for 2010.

Windows 7 and AppLocker

Introduce yourself to AppLocker and find out how it differs from earlier software restriction technologies.

Great new features for Media Center in Windows 7

Published February 16, 2010 Mark Menges Leave a Comment
Tags: , ,

I have owned a laptop running Windows XP Media Center Edition 2005 for several years. I was intrigued by the concept of being able to record television onto a hard drive for playback at a convenient time.  Media Center can also be used to organize audio and picture files into Libraries. I discovered, however, that TV recording required a hardware-based TV tuner.  I was also put off by the buggy “10-foot interface” in Media Center which was designed to be operated by a Television Remote at least 10 feet from a TV display. I was not prepared to buy a tuner,  and Media Center did not have much in the way of other  content.  I also did not have a Media Center Extender device such as the Xbox 360, which can be plugged into a TV anywhere on a home network to play content from Media Center. I used Media Player instead to play DVD and to watch Internet TV.

Fast forward a few years and after upgrading  the same laptop to Windows 7 I find that Media Center has entered the Internet age and has some terrific features. Windows 7 Home Premium, Windows 7 Ultimate and Windows 7 Enterprise Edition all include Windows Media Center.  Media Center was updated to InternetTV 3.2.1 through Windows Update in October, 2009. With Internet TV Media Center now has full episodes from PBS and CBS and Sports Scores from Fox Sports.  There is a subscriber- based Boxing channel and sports news from the NFL, NBA,NHL, PGA Golf and NASCAR. You can select your favorite players for your own Fantasy Football Team.  There is classic TV such as Star Trek and The Twilight Zone and zillions of Internet Radio channels.

A membership to Cinema Now will allow you to download movies to your hard drive permanently and burn them to a DVD. But the big news is the Netflix plug-in which allows Netflix subscribers to play movies from Netflix’s vast catalog on Media Center and Media Center Extender Devices.

With InternetTV and the new plug-ins Media Center has much broader appeal than ever before. The possibilities for the future are almost endless.  Maybe 3D TV?

Stay tuned.

-Mark

Cool and Codeless – SharePoint 2010

Published February 12, 2010 Brad Werner Leave a Comment
Tags: , ,

Content is king, or queen, or maybe just the Count of Monte Codeless. Many of my students in class this week will probably go straight to Microsoft SharePoint Server 2010 rather than the Windows SharePoint Services (WSS) 3.0 or Microsoft Office SharePoint Server (MOSS) 2007 which we were focusing on this week.

Even with SharePoint 2007, the degree of dynamic behaviors which can easily be configured into web sites seemingly without writing code in the classic sense is quite powerful. The newer SharePoint 2010 offerings coming up from Microsoft soon (perhaps June 2010), go even further.

At the bottom of the SharePoint 2010 line-up is the successor to Windows SharePoint Services 3.0. So you think it’s called Windows SharePoint Services 4.0? Well, that’s just not a cool enough name; the new name is SharePoint Foundation 2010, but it’s like WSS 4.0 by any other name – sweeter than WSS 3.0 actually. For example, the blog and wiki features which were introduced in WSS 3.0 have been substantially upgraded and polished for greater ease of use. This makes generating easy-to-read relevant content even less painful. Announcement lists, syndicated (RSS) feeds, and these updated blog and wiki versions can be a powerful mix together for enhancing communication and collaboration among employees, suppliers, customers, or any community.

If SharePoint Foundation 2010 is not powerful enough to meet the needs of your department or organization, or at least not for all SharePoint server farms that you’re deploying, like the relationship between WSS 3.0 and MOSS 2007, SharePoint Foundation 2010 has a bigger sibling as well – more than one actually. Like MOSS 2007, there are Standard and Enterprise editions of SharePoint Server 2010, or are there? The standard and enterprise degrees of SharePoint 2010 functionality beyond the SharePoint 2010 Foundation are distinguished by the Standard and Enterprise types of Client Access Licenses (CALs) for SharePoint Server 2010. Many organizations can benefit from that flexibility when some people in the SharePoint community need the business intelligence and workflow support of the enterprise edition and others simply needs SharePoint services at the standard level.

Due to the growth and maturity of using portals for Internet-facing and project-protected deployments, Microsoft is expected to release SharePoint Server 2010 for Internet Sites, also in Standard and Enterprise editions, yet not just differentiated with different CALs, but with distinct server licenses for each edition. This should allow deployment to fast-changing user communities without having to count the growing number of users who need CALs on a daily basis.

Think about this line-up for a moment. Small workgroups or even large deployments which just need basic Foundation level functionality can use SharePoint Foundation 2010. For communities like corporate or government employees, which are hopefully fairly stable, client access licenses for Standard or Enterprise functionality beyond the foundation level can be purchased for use of services hosted on SharePoint Server 2010. For potentially massive degrees of users, two levels of functionality can be purchased of SharePoint Server 2010 for Internet Sites, Standard or Enterprise editions.

But how do you author content for all of these types of environments? Of course, Microsoft Office 2010 client applications, or cloud-like Web App versions of them, email, SOAP, plain-old browser access and many other methods can be used to store, retrieve, convert, and otherwise work with documents, information, records, messages, graphics, videos, Silverlight, Flash, and more.

What about structured forms-based content and applications? As a portal, SharePoint 2010 can be used for accessing back-end applications in foundation, standard, and enterprise styles like WSS 3.0 and MOSS 2007. Naturally InfoPath 2007 or the newer Office 2010 version could be used to work with form layouts. SharePoint Workspace 2010 (think Groove 2010) for offline editing of SharePoint sites, Expression Web 2010 for rich web content (with or without SharePoint), and of course SharePoint Designer 2010 can be used for working with SharePoint Foundation, Server, and Server for Internet Sites versions of SharePoint 2010.

As SharePoint evolves, the elements of it, and the other software which works with it (which come from different origins, not all within Microsoft) comes together and stands to enable more powerful, fluid, usable collaboration between us humans. Are you ready for the coming wave? Uh, no, I wasn’t talking about Google Wave, the article was about Microsoft SharePoint, right?

-Brad

Microsoft Office Communicator’s Call Coverage Capabilities

Published February 11, 2010 Uncategorized Leave a Comment
Tags: ,

When Microsoft released OCS R2; they added two significant call coverage features.  When we use the term call coverage, the idea is the ability to call a pilot or pivot number which then in turn cases other phones to ring in hope of getting the call answered.

Generically we will focus on Team ring and Response Group.  Both have the idea on hunting down or ringing different endpoints trying to get an off hook or answer event.

The first component team dialing is based upon an initial call going to an individual in the company and then the phone call gets forwarded to a team of individuals trying to get a call answered.

The second component deals with an inside or outside endpoint calling a number directly and having an Auto Attendant (AA) answer the call and then by using a tree, select a group of endpoints to send the call to.

So both components mentioned above does by definition call coverage but which component you need to configure or use depends upon how call coverage component is initiated.

Now let’s look at team ring dialing.  The main purpose of this is to have a call answered if the original receiver of the call is not readily available.  The person setting this up would be considered the ‘Ring Leader’ and the leader would add members of his/her team and then configure how the ring feature will occur when a phone call is sent to the leader.  The leader may choose an option so that the call coming in will ring the leader and all team members simultaneously or ring the leader first then after no answer to continue ringing each team member.  For the second ring option, the ring leader may specify how long the call should attempt to ring his/her line for ringing for other team members.

Response Groups are quite different.  First of all, a pilot number is created and is dialed directly.  The call is then answered by an automated attendant who plays recorded prompts setup by the administrator.  The automated attendant presents a menu of options to choose from to further direct the call to the right party or parties.  Additionally, response groups have automatic voice recognition (ASR) feature enabled by default for possible mobile users needing hands free support and has queuing support if all parties are currently busy in a call or not available.

Related Course:

Implementing and Maintaining IM/Presence, Conferencing, and Telephony Using Microsoft Office Communications Server 2007 R2 (M50214)

Network locations and the Windows 7 Firewall

Published February 9, 2010 Mark Menges Leave a Comment
Tags: ,

I would be easy to underestimate the importance of a good firewall in protecting your computer when it is connected to the Internet. Studies have found that a computer could be affected by a trojan, worm, or network attack in a matter of a few minutes if it did not have a firewall installed. Windows XP has a built-in firewall that is enabled by default. The Service Pack 1 version of the firewall gave fairly good protection against attack but the Service Pack 2 version was much improved. If you are running Windows XP you should update your system to Service Pack 2 or more preferably Service Pack 3 to secure your data.

Windows Vista included an updated security model for Internet communication. As new Vista network connections are created—wireless, dialup, VPN– each connection must be classified as a Public, Private or Domain network location.  A network location designation changes networking and firewall settings to reflect the possible threats on a network.  A network at a public location such as a restaurant,  hotel or airport poses the greatest risk and should be designated as a Public network. Windows Vista launches a dialog window whenever a new connection is established and prompts the user to choose a location.  Windows Vista allows fine tuning of Network location firewall settings by using the Windows Firewall with Advanced Security snap-in. The Advanced firewall includes inbound and outbound firewall rules that can precisely control what traffic is allowed through the firewall. The rules can apply to one, two or all of the network locations.

Windows 7 builds on the firewall capabilities introduces by Windows Vista with new features for the Standard Firewall. The Windows 7 Standard Firewall allows enabling or disabling the firewall and the setting of notifications on a per-location basis. The Standard Firewall also permits the granting of inbound exceptions on individual network locations, a feature previously only available on the Advanced Firewall.  Managing the Standard Firewall is easier on Windows 7 than on any previous version of Windows.  Windows 7 also includes Internet Explorer 8 which and run in Protected Mode, a Phishing filter and User Account Control, making it the safest Windows OS yet.

-Mark

Next Page »

Subscribe in a Reader

Subscribe by Email

Follow us on Twitter

Featured Courses