Calendar

August 2007
M T W T F S S
« Jul   Sep »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Subscribe

  • Subscribe via Feedburner
  • Subscribe in Yahoo
  • Subscribe in NewsGator Online
  • Add to Newsburst from CNET News.com
  • Add to Google
  • Add to My AOL
  • Add to netvibes
  • Subscribe in Bloglines

Archive for August, 2007

Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

Published by ryangl August 21st, 2007 in Virtual PC, Virtual Server and Windows Server 2003. Comments

Microsoft has released a security update for supported releases of Microsoft Virtual PC 2004, Microsoft Virtual Server 2005, Microsoft Virtual Server 2005 R2, Microsoft Virtual PC for Mac Version 6.1, and Microsoft Virtual PC for Mac Version 7 that are affected by this vulnerability.

Microsoft recommends that customers apply the update at the earliest opportunity

Versions that are not affected by this vulnerability:  Microsoft Virtual PC 2007 and Microsoft Virtual Server 2005 R2 SP1

The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.

The security updates for all affected versions of Virtual PC and Virtual Server can be found here.

Known Issues with the updates:

Known issues with this security update

•  If the you install the 64-bit version of update 937986 on a 32-bit operating system, the installation fails. This issue occurs because the Advpack.dll file experiences an error when creating the process for the update. You receive a warning dialog box that states that the update did not install.

•  When the update 937986 is applied on a remote machine by using Terminal Services, the update does not replace the vulnerable files if the /console option is not used. To avoid this issue, you must use the /console option as shown in this example: 

mstsc /console /v:<machine name>

•  This update is not supported in Windows Vista. If your computer is running Windows Vista, we recommended that you use either Virtual PC 2007 or Virtual Server 2005 R2 SP1 depending on your requirements. Neither of these two applications has the vulnerability described in Microsoft Knowledge Base article 937986.

How to enable Remote Desktop on Windows 2008 Server Core

Published by ryangl August 21st, 2007 in Tools and Windows Server 2008. Comments

Have you taken a look at Windows 2008 Server Core yet? 

core

What’s that?  Looks like you just opened a command prompt.  Nope that’s all you see with Windows 2008 Server Core, at least from the local console. 

You’re going to want to setup Remote Desktop in order to be able to remotely connect to this server, and its not as easy and going into System and enabling it!

Here are the instructions

1.  Logon into the server console.

2.  Depending on what OS you are going to connect from, do the following: 

To enable remote administration from Windows Vista/Windows 2008, Enter:

 ”Cscript %windir%\system32\SCRegEdit.wsf /ar 0

and press the “Enter” button.

To enable remote administration from Windows XP/2003 and earlier operating system, Enter

 ”Cscript %windir%\system32\SCRegEdit.wsf /ar 0” and press the “Enter” button.            
 ”Cscript %windir%\system32\SCRegEdit.wsf /cs 0” and press the “Enter” button.  

 

Allowing scripts to be run via PowerShell

Published by ryangl August 16th, 2007 in Active Directory, Downloads, Management, Powershell and Tools. Comments

Running scripts via Powershell is disable by default.  There is a key to note that you can run commands or cmdlets from the PowerShell console, just not scripts.  To enable this feature you can do one of two things, however one trumps the other:

Via PowerShell

Modify your ExecutionPolicy via the Set-Execution cmdlet

First run Get-ExecutionPolicy to see what level you are at.  By default, this setting is set to Restricted. 

To see what settings are available for you to set, you can type

Get-Help Set-ExecutionPolicy

This output shows that we have four options:  Restricted, AllSigned, RemoteSigned, and Unrestricted.

To set your ExecutionPolicy to Unrestricted (not recommended for production) you would enter:

Set-ExecutionPolicy Unrestricted

To validate you settings after running the Set-ExecutionPolicy, run:

Get-ExecutionPolicy

From the command above, your ExecutionPolicy is now set to Unrestricted.  You can now run any scripts you like, signed or unsigned. (Bet your administrator is happy to hear that!)

Now for the other method for setting this policy

Via Group Policy

Seeing how the first method would be a nightmare to manage, Microsoft has released the ADM files for PowerShell that allow you to configure this setting via Group Policy.  Any settings made via Group Policy will overwrite those set manually via the PowerShell Console. 

powershellADM 

You can download the PowerShell ADM here

Active Directory Account Management using PowerShell

Published by ryangl August 14th, 2007 in Active Directory, Management, Powershell, Windows Server 2003 and Windows Server 2008. Comments

 PowerShell and the Quest Active Directory cmdlets are a dream come true for any AD Administrator.  Methods that used to take more complicated means are now simple one-liners.  

One of the nice improvements of AD cmdlets 1.0.4 is the way you can get enable, disable, and unlock AD user accounts with simple one-liners.

Here are a few oneliners demonstrating the new functionality:

#Get all disabled accounts
Get-QADUser -Disabled $true

#Get all locked accounts in the accounting department
Get-QADUser -Locked $true -Department Accounting

#Enable all the disabled accounts
Get-QADUser -Disabled $true | Enable-QADUser

#Unlock a specific user account
Unlock-QADUser DSotnikov

Dmitry’s PowerBlog: PowerShell and beyond

Microsoft Windows 2008 - Death to linux-based server appliances?

Published by ryangl August 14th, 2007 in Linux, Management and Windows Server 2008. Comments

With Windows 2008, more notably Windows 2008 Core, will this mean the end of Linux-based server appliances?  More than likely not, just due to pure licensing costs, but that doesn’t mean Redmond will not make it interesting in the coming years.  With the release of Windows 2008 Core, Microsoft has the ability to offer hardware appliances with Core stamped on them.  But then again, Microsoft isn’t in the hardware business, at least not yet.

Like many organizations, we have several “appliances” in our data center that perform specific tasks. All of our appliances are Linux-based, hardened devices that are efficient with a small attack surface. Linux is a better choice over the bloated, large attack surface presented by current Windows Server operating systems. But things may change with Longhorn.

Microsoft Longhorn: A shot across the Linux bow

The little things

Published by ryangl August 4th, 2007 in Powershell and Tools. Comments

I once had a coach in high school that would always, and I mean always stress the little things.  “Its the little things that make the big things”; we would hear that daily.  After playing around with Powershell at home, I started laughing because I heard that voice say that phrase as I used a single line to organize all of my scattered .iso files on my 1TB external drive. 

I always wanted to re-organize the files on this drive, but using any search feature took a long time, and time is not something I have much of.  So again, the little things.

From the PowerShell console, I was wondering in what locations were all of my ISO files?  I entered:

Get-ChildItem -path E:\ -Recurse -Include *.iso > ISO.txt

This command searched for every ISO on the external drive (E:) and piped it out to a text file.  Viewing that text file, I found out what I thought…I had ISO files everywhere.  No big deal, I’ll just modify the command above to move everything to a central repository.

Get-ChildItem -path E:\ -Recurse -Include *.iso | move-item -Destination e:\ISO\

Easy peasy, command completed and now i’m going to re-run my audit of where my ISO files are and we see that they are now all located in the -Destination directory.

Clean-up made simple!

Books

PowerShell

Other PowerShell Books
Server 2003 & Server 2008

Other Microsoft Books