danielvs

Deploy SMS 2003 Inventory Tool for Microsoft Updates (ITMU) and WSUS

Everyone who uses SMS 2003 SP1 should deploy the SMS 2003 Inventory Tool for Microsoft Updates!

Systems Management Server (SMS) 2003 SP1 uses the Inventory Tool for Microsoft Updates (ITMU) to determine the update compliance of managed systems. This tool provides integration with updates offered by Windows Update and Microsoft Update. The tool shares the same security update, update rollup, and service pack data as offered by Microsoft Windows Server Update Services (WSUS).

SMS 2003 SP1 is updated to incorporate WSUS technology for scanning and deployment with support for the following products:

• Microsoft Windows XP Embedded
• Microsoft Windows 64-bit edition (based on Windows Server 2003 SP1 code)
• Microsoft Office XP and Office 2003
• Microsoft Exchange 2000 and Exchange 2003
• Microsoft Windows 2000 Service Pack 4 and later
• All Windows components (such as MSXML, MDAC, and Microsoft Virtual Machine)
• Microsoft SQL Server 2000 SP4 and SQL Server 2005
• Additional products as published to the Windows Updates catalog

ITMU includes the following components:

• Scan tool for Microsoft updates. Enables you to scan your Windows desktops and servers for installed and missing Microsoft updates similarly to how Microsoft Baseline Security Analyzer (MBSA) determines compliance for Microsoft security updates.
• Synchronization of the Windows Updates Catalog. Downloads the WSUS scan catalog on a recurring schedule.
• The latest Windows Update Agent. The Windows Update Agent version 5.8.0.2469 is installed on the Windows operating system to support Windows Update detection and deployment.
• New SMS Advanced Client release and updated Distribute Software Update Wizard.

Important note: This inventory tool can be used only within an SMS 2003 SP1 site hierarchy with certain hotfixes applied! Check here for Obtaining Required Components for SMS 2003 Inventory Tool for Microsoft Updates with links to the needed components. The following list identifies the required Microsoft components:

• Knowledge Base Article 901034.
• Knowledge Base Article 900401.
• Knowledge Base Article 900257.
• Microsoft Windows Installer 3.1.
• Windows Update Agent 5.8.0.2469.

See the SMS ITMU preinstallation guide for detailed instructions on how to deploy these requirements to your SMS environment.

• ITMU Pre-Installation Process Flow Chart. They created a flow chart of the pre-installation process of installing the ITMU, based on the ITMU Pre-Installation Guide.  This flow chart will help you "visualize" the process of preparing your SMS environment for the ITMU.
• Preparing for the Inventory Tool for Microsoft Updates (ITMU) – Updating Windows Installer.  This post describes how to query for systems that need Windows Installer 3.1.
• ITMU and the Windows Update Agent. This post describes which issues you can encounter when updating the Windows Update Agent to version 5.8.0.2469 and how to solve them.
• Update 11-08: Products currently supported (and not supported) with the ITMU . This post describes the differences between the different patch tools SMS can use and which ones are still needed to patch certain products like Bizztalk server, Exchange 5.0 & 5.5, SQl 7.0 & 2000, etc.
• Update 11-08: SMS 2003 Inventory Tool for Microsoft Updates (ITMU). This post contains links to help you get the ITMU installed properly. Here they link all new information.

Well, with all this information I hold my comment: Everyone who uses SMS 2003 SP1 should deploy the SMS 2003 Inventory Tool for Microsoft Updates!
SMS = Secure My System, Daniel.

Virus in Monad? Virus in Windows Vista?

There’s been some commentary the past couple of days regarding a potential Windows Vista virus as posted by the Register: Hasta la Vista, baby.

Virus writers created 5 proof of concept viruses targeting the scripting language MSH (codenamed 'Monad') and it was uncertain if the new scripting tool would ship as part of Windows Vista or was shipped with the Windows Vista Beta 1. I already felt a headache developing; people concerned and/or pointing that Windows Vista is not secure, etc.

Well, I think Vista will be secure and now Microsoft has confirmed that Monad will not ship as part of the next version of its operating system, Windows Vista (headache is suddenly partially gone). Phew.

In the Security Response Centre's blog Stephen Toulouse, a program manager in a posting said: “Monad is not included in the beta release of Windows Vista or in Windows Server 2003 R2. Monad will not be included in the final version of Windows Vista and there is no relation between Monad and Windows Vista Beta 1.”

In the Windows Server Division WebLog there’s also a posting about this subject stating Monad is not planned to be in the release of Longhorn Server at this time.

The Register also released an article “Microsoft quells Vista virus concerns” to address this matter and ends it with the following line: "These, it's now clear, are not Windows Vista viruses but MSH viruses."

For all you folks out there being critical (like me) and thinking: Yeah, right! Monad is pulled from Windows Vista due to the virus story here is another post by Stephen Toulouse clarifying this is not the case. 

Finnaly, I would like to point you to the post on Kevin Remde's WebLog called Vista Shmista. It basically has the same info but the animation with his post is super funny (headache totally gone, it’s a bright sunny day).

Vista Fever, Daniel

The SMS 2003 SP2 (Beta) Program Is Open For Enrollment

Evaluate Systems Management Server 2003 SP 2 (Beta). Nominate yourself and get started now!

The SMS 2003 SP2 (Beta) program is currently open for enrollment. Please note that:
• Enrollment for the SMS 2003 SP2 (Beta) is open for a limited time.
• Enroll your organization for evaluation of SMS 2003 SP2 (Beta) if you are willing to provide feedback to Microsoft. We consider customer feedback from Beta programs critical to our ability to successfully deliver a product that meets customer needs. If your interest is just in learning more about this solution, please keep checking the Web site over the coming months for new product information.

Maybe you don't want to participate in this beta program and wait for the RTM? Maybe you don't want to upgrade at all? In my opinion everyone who is using SMS 2003 with patch management functionality should consider to upgrade to SMS 2003 SP2 RTM when it arrives.

Greetings, Daniel.
 

SyncToy v1 Beta for Windows XP : The Smart Way to Copy Files!

Yes! It's finally there, The Smart Way to Copy Files! SyncToy v1 Beta helps you copy, move, rename, and delete files between folders and computers quickly and easily.

Increasingly, computer users are using different folders, drives, and even different computers (such as a laptop and a desktop) to store and retrieve files. There are new sources of files coming from every direction: digital cameras, e-mail, cell phones, portable media players, camcorders, PDAs, and laptops. Yet managing hundreds or thousands of files is still largely a manual operation. In some cases it is necessary to move files from one place to another; in other cases there is a need to keep two storage locations exactly in sync. Some users manage files manually, dragging and dropping from one place to another and keeping a mental card catalog in their heads. Others use one or more applications of one sort or another to provide this functionality for them.

Now there is an easier way. SyncToy is a free PowerToy for Microsoft Windows XP that provides an easy to use, highly customizable program that helps users to do the heavy lifting involved with the copying, moving, and synchronization of different directories. Most common operations can be performed with just a few clicks of the mouse, and additional customization is available without adding complexity. SyncToy can manage multiple sets of directories at the same time; it can combine files from two folders in one case, and mimic renames and deletes in another. Unlike other applications, SyncToy keeps track of renames to files and will make sure those changes get carried over to the synchronized folder.

I was in desperate need of this one. I use a tablet for my daily work, emailing, study, creating ppt's etc. For demo's/presentations I have a 2 GB RAM laptop with an external 250 GB hard drive in order to get all my demo's running at max speed in a virtual environment (I use both Virtual PC and Virtual Server). I end up syncing data between my tablet, laptop and external drive every week with robocopy. With robocopy you can  use the -mir command to mirror a directory but it stil lacks a graphic interface. Internally some guys created an GUI for robocopy but I'll go for the SyncToy! 

Enjoy SyncToy, Daniel.

Update: Here is the link to the Microsoft PowerToys for Windows XP which consists of the following tools:

• RAW Image Thumbnailer and Viewer
  Are you a serious photographer? Now you can organize and work with digital RAW files in Windows Explorer (much as you can with JPEG images). This tool provides thumbnails, previews, printing, and metadata display for RAW images.
• ClearType Tuner
  This PowerToy lets you use ClearType technology to make it easier to read text on your screen, and installs in the Control Panel for easy access.
• HTML Slide Show Wizard
  This wizard helps you create an HTML slide show of your digital pictures, ready to place on your Web site.
• Open Command Window Here
  This PowerToy adds an "Open Command Window Here" context menu option on file system folders, giving you a quick way to open a command window (cmd.exe) pointing at the selected folder.
• Alt-Tab Replacement
  With this PowerToy, in addition to seeing the icon of the application window you are switching to, you will also see a preview of the page. This helps particularly when multiple sessions of an application are open.
• Tweak UI
  This PowerToy gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more.
• Power Calculator
  With this PowerToy you can graph and evaluate functions as well as perform many different types of conversions.
• Image Resizer
  This PowerToy enables you to resize one or many image files with a right-click.
• CD Slide Show Generator
  With this PowerToy you can view images burned to a CD as a slide show. The Generator works downlevel on Windows 9x machines as well.
• Virtual Desktop Manager
  Manage up to four desktops from the Windows taskbar with this PowerToy.
• Taskbar Magnifier
  Use this PowerToy to magnify part of the screen from the taskbar.
• Webcam Timershot
  This PowerToy lets you take pictures at specified time intervals from a Webcam connected to your computer and save them to a location that you designate.
  

I mainly use Image Resizer and Open command Window Here. In explorer I can now select a picture and with the right click context menu resize it or select a folder and with the right click open a CMD box there. Handy!

Power! Daniel

Exchange/Outlook 2000 or earlier issue after you upgrade the Global Catalog (GC) to Windows Server 2003 (KB903295)

I’m not an Exchange expert but I do know that in order to work properly the Exchange server needs a Global Catalog (GC) for name checking, etc. There seems to be an issue when you upgrade this GC to Windows Server 2003:
After you upgrade the global catalog to Windows Server 2003, you receive an error message when you use Outlook 2000 or an earlier version to resolve aliases or to connect to a server that is running Exchange Server (KB903295)

RESOLUTION
To resolve the issue, follow these steps:
1. On the global catalog that was upgraded to Windows Server 2003, click Start, point to All Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
2. Expand Local Policies, and then click Security Options.
3. Set the policies as listed in the following table.

4. Close the Domain Controller Security Policy console.
5. Click Start, click Run, type gpupdate /force, and then click OK.
6. On the Exchange server, click Start, click Run, type services.msc, and then click OK.
7. Locate the Microsoft Exchange System Attendant service, click Restart Service on the toolbar, and then close the Services console.

Greetings, Daniel

MOM 2005 SP1 download

Download MOM 2005 SP1 to get enhancements, such as broader OS and database support and support for x64 platforms.

Microsoft Operations Manager (MOM) 2005 with Service Pack 1 (SP1) offers the latest security enhancements and features, including:

• Broader OS and database support, including Windows Server 2003 SP1 and SQL 2000 SP4, which enables you to leverage the latest Windows Server System software.
• Support for x64 platforms which allows MOM 2005 to run on and monitor the latest high performance hardware.
• License usage alerting which enables you to receive alerts when product usage exceeds the configured threshold of licensed OMLs.
• Many customer-requested enhancements to better support enterprise scenarios:
  • Support for disjoint namespaces with mutual authentication
  • Support for NETBIOS names containing dot
  • Improved robustness of heart beating and Microsoft Connector Framework

A friend of mine will be very happy because he was in real need of this SP. Check te post of Stefan Stranger, he outlined all the fixes and issues solved with the MOM 2005 SP1

Greetings, Daniel

MOM ExPA MP should be improved?

Ok, here some criticism about the MOM ExBPA MP.

I’m sure you all agree with me that MOM 2005 rocks!

If you administer Exchange Servers you should definitely use the Exchange Best Practise Analyzer tool (ExBPA). A month ago version 2.1 was released on the web.

With the ExBPA you do not monitor your servers but you do get the following functionality:

• Identification of Exchange server configuration issues which could result in poor performance, scalability and unplanned downtime
• Automated analysis and root cause identification
• Support for third-party software and hardware
• Self-updating database and help content
• Links to over 500 articles on the Web
• Works with Exchange Server 2003, Exchange 2000 Server and Exchange Server 5.5 (in mixed mode topologies)

Therefore every Exchange server should have ExBPA installed (I mean, it’s free and you get lots of valuable info with it), the ExBPA rocks!

Check these sites for the ExPA tool and the ExBPA download, There is some good techy info on this blog from the ExBPA team and off course you want the link to download the MOM ExBPA MP.

If you monitor your Exchange servers with MOM you should also deploy the ExBPA MP. With this MP you can deploy the ExBPA tool on all your Exchange servers. Ok, that’s cool. Off course you get al your ExBPA alerts in MOM so what my criticism?

Well, MOM has a neat Knowledge Base; the ExBPA has also a nice Knowledge Base but those are NOT integrated through the MOM ExBPA MP! Instead of importing all the knowledge from the ExBPA into the MOM MP they only created a rule to forward all ExBPA alerts from the event viewer to MOM. I also want to see all the ExBPA knowledge in MOM if I receive an alert. Now I still have to open the ExBPA and check for the solution. L

Let me know what you think. Are you also in love with by MOM? Do you think the ExBPA tool is solid gold? Do you also use the ExBPA MP? Do you want it improved or am I too demanding?

Greetings, Daniel.

Animations do not work in Access 2002 Help running on Windows Server 2003! (KB816677)

Ok, this recently updated KB article caught my attention: Animations do not work in Access 2002 Help running on Windows Server 2003

This issue occurs because the animation in Access 2002 Help requires that you first install Macromedia Flash Player. However, you are not prompted to automatically install the Flash Player because of the increased security that is introduced in Microsoft Windows Server 2003.

Well, so far so good, and the resolution is to install Macromedia Flash Player. Hmmm...and that makes me wonder, why would an administrator install the flash player on a server? Furthermore, why would an administrator install Office and/or Access on a server?? And what kind of administrator is in need of the animated help for Access on a server???

My resolution would be something like: Please remove Access and/or Office from your server, it's already difficult enough to secure this box, you do NOT want to be bothered with Office patches!

Can someone enlighten me?

Greetings, Daniel

Microsoft's Virtualization Support Policies (KB897613,KB897614,KB897615)

The first article Microsoft Virtual Server Support Policy (897613) addresses support provided by Microsoft for Windows Server System software running within a Microsoft Virtual Server environment. Microsoft supports Windows Server System software running within a Microsoft Virtual Server environment subject to the Microsoft Support Lifecycle policy and use of the virtual hard disk (.vhd) format.

• Microsoft Speech Server. Speech Server requires telephony hardware not available in a virtualized hardware environment, and thus Speech Server is not supported when run within Virtual Server.
• Microsoft Certificate Server. Certificate Server is supported starting with Windows Server 2003, Standard Edition SP1 and Windows Server 2003, Enterprise Edition SP1 as the host and guest operating systems.
• Microsoft ISA Server. ISA Server is currently not supported running within Microsoft Virtual Server. Support for ISA Server within Virtual Server is expected in a future release.
• Microsoft Exchange Server. Exchange is currently not supported running within Microsoft Virtual Server. Exchange will be supported within Virtual Server starting with Exchange 2003 Service Pack 2 and subsequent releases.
• Microsoft SharePoint Portal Server. SharePoint Portal Server is currently not supported running within Virtual Server. Support for SharePoint Portal Server within Virtual Server is expected in a future release

The final article Support policy for Microsoft software running in non-Microsoft hardware virtualization software (897615) addresses support provided by Microsoft for its software running in conjunction with non-Microsoft hardware virtualization software. There seems to be third parties who also have software on the market providing this functionality (never heard of them, hee,hee).

Greetings, Daniel.