SCM makes configuration management for both desktops and your private cloud a snap! Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download!
Security Compliance Manager 2 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft® System Center Configuration Manager.
SCM 2 provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Our product baselines are based on Microsoft Security Guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.
Easily configure Windows® operating systems, Microsoft® Office applications, and Internet Explorer with industry leading knowledge and fully supported tools.
Take advantage of SCM 2 to import the configuration of a “golden master” reference machine or existing Group Policy. Compare your standards to industry best practices, customize them using rich knowledge, and seamlessly create new policies and DCM configuration packs in the user-friendly UI designed to work with System Center Configuration Manager 2007 R2.
Key Features Include:
· Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project!
· Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature!
· Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important!
· Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems!
Security home page: http://www.microsoft.com/scm Security Compliance Manager 2 library page: http://technet.microsoft.com/en-us/library/cc677002.aspx Download SCM 2.
Today’s blog post is around Windows 7/2008 R2 SP1 Installation along with Internet Explorer 9. As you all aware when you install Windows 7/Windows Server 2008 R2 with Service Pack 1, the default browser is Internet Explorer 8. Now, when you want to install Internet Explorer 9, there are several steps involved depending upon how do you choose to install IE 9. If you are downloading IE 9 package from the Internet and run the installation on a single machine it will download all the necessary pre-requisite packages and then performs the installation. Well, for a single machine that’s fine but what about large scale deployments in Enterprises, it will be difficult. In these cases, we prefer to integrate the Internet Explorer 9 packages with the Windows 7/2008 R2 installation media. Hence, when you deploy Windows OS, IE 9 packages is installed as a part of OS installation. You do not need to manually install it later on.
Following are the different deployment options available for IE 9 in your Organization or individual machines. I am covering the Image based deployment today, i.e. using Deployment Image Servicing and Management (DISM)
In this post I am going to talk about Slipstreaming Internet Explorer 9 packages using Windows 7/2008 R2 Service Pack 1 Installation Media/DVD. So what is Slipstreaming, well you can read this Wikipedia article http://en.wikipedia.org/wiki/Slipstream_(computing) Basically, Slipstreaming is a process of integrating patches, service packs into the main installation media, in this example Windows Operating System Files. To begin with first understand what are pre-requisite packages for installing IE 9. You can find the list of packages required for specific OS over here http://technet.microsoft.com/en-us/library/hh147968.aspx (Internet Explorer 9 Preinstallation Techniques)
Internet Explorer 9 Prerequisites for specific OS
Before you begin collect the necessary files. There are several steps involved for slipstreaming IE 9 packages into Windows Installation Media. In this example I will slipstream Internet Explorer 9 x64 package into Windows 7 x64 Ultimate Edition Media available via Retail channels. However, the same is applicable for Enterprise Edition as well as for all the full editions of Windows Server 2008 R2 SP1 media.
Now we are ready to perform our slipstreaming process. It’s a 3 step process. Let’s get going.
Step 1: Mount the install.wim file to a specific local folder along with specific Edition or all editions. The install.wim is located in the \Sources Directory on the Windows Installation Media. In this example we will mount ULTIMATE Edition to D:\MOUNT directory.
Get the Windows7/Windows Server 2008 R2 DVD Media & copy all files locally to D:\Windows7SP1x64. Now, go to Start –> All Programs –> Microsoft Windows AIK and launch Deployment Tools Command Prompt
Then, run the following command to see available editions on the Windows Installation DVD Media
This will show you following editions available. Note: In case of Enterprise edition there will be just 1.
Now, that we know how many editions available on the DVD media, let’s mount Ultimate Edition that has Index Number 4. Run this command to mount the Ultimate Edition files to D:\MOUNT
Step 2: Import the Pre-Requisite Packages located in the D:\IE9\IE9PRE directory and Internet Explorer 9 Package (IE9-Win7.CAB) located in the D:\IE9\IE9EXT to the mounted WIM File in the specific local folder.
Use the following command to import the Pre-requisites to the image mounted on D:\MOUNT
Use the following command to import the Internet Explorer 9 Package to the image mounted on D:\MOUNT
Step 3: Un-mount the install.wim using the /commit switch so the changes would be saved in the installation media
Once completed, you can use the WIM file to deploy Windows OS using bootable USB Drive or using WDS (Windows Deployment Server)
Here is the list of all the commands I used on 1 picture.
You can use the following sample script for slipstreaming the IE 9 package for all editions of Windows 7 x64 Retail DVD Media.
Save the file as IE9_SS_X64.BAT
@echo off cls mkdir C:\WIM C:\IE9.exe /x:C:\IE9 erase /F /Q "C:\IE9\IE9_SUPPORT.CAB" dism /Mount-Wim /WimFile:C:\DVD\sources\install.wim /index:4 /MountDir:C:\WIM dism /Image:C:\WIM /Add-Package /PackagePath:C:\IE9 dism /Unmount-Wim /MountDir:C:\WIM /commit dism /Mount-Wim /WimFile:C:\DVD\sources\install.wim /index:3 /MountDir:C:\WIM dism /Image:C:\WIM /Add-Package /PackagePath:C:\IE9 dism /Unmount-Wim /MountDir:C:\WIM /commit dism /Mount-Wim /WimFile:C:\DVD\sources\install.wim /index:2 /MountDir:C:\WIM dism /Image:C:\WIM /Add-Package /PackagePath:C:\IE9 dism /Unmount-Wim /MountDir:C:\WIM /commit dism /Mount-Wim /WimFile:C:\DVD\sources\install.wim /index:1 /MountDir:C:\WIM dism /Image:C:\WIM /Add-Package /PackagePath:C:\IE9 dism /Unmount-Wim /MountDir:C:\WIM /commit erase /F /Q "C:\IE9.exe" RD /S /Q "C:\WIM" RD /S /Q "C:\IE9" pause exit
For detailed demonstration you can watch my Zeollar Session covering the same http://www.zeollar.com/Session/275
Last week I blogged about the firmware update I received for my HTC Mozart running Mango RTM. Here is the quick summary.
I received 2 updates. First it updated Firmware from 2250.21.40600.707 to 2250.21.50001.707 on 8th Oct. http://blogs.technet.com/b/aviraj/archive/2011/10/08/htc-firmware-update-for-windows-phone.aspx?ocid=aff-n-in-loc--aa And Second updated Firmware from 2250.21.50001.707 to 2250.21.51001.707 on 21st Oct http://blogs.technet.com/b/aviraj/archive/2011/10/21/htc-update-for-windows-phone.aspx?ocid=aff-n-in-loc—aa
After installing this firmware update, as seen in the screenshot, it upgraded Firmware. Firmware revision from 2250.21.50001.707 to 2250.21.51001.707.
New Feature: INTERNET SHARING feature is now enabled on my HTC Mozart. You can connect up to 5 Guests i.e. 5 users can connect.
To enable INTENRET SHARING. Just to go Settings –> INTENRNE SHARING is now available. This will make your HTC Phone as a Wireless Broadcast Device.
For security you can setup a Password with Min. 8 characters.
Nokia World 2011 started and Nokia announced 2 Windows phones…
For Nokia World 2011 Event visit http://events.nokia.com/nokiaworld
The Nokia Lumia 800 is a stunning piece of industrial design that features a unique unibody polycarbonate chassis that’s available in 3 beautiful colors – black, magenta and cyan. Inside is a 1.4Ghz processor with a dedicated GPU, 16GB of storage, and a class-leading Carl Zeiss camera, all capped off with a 3.7” “ClearBlack” display that offers beautiful colors and razor sharp picture. It’s available for pre-order starting today on Nokia.com in select markets for approximately 420 Euros, and you’ll be able to buy locally from over 30 carriers and retailers in 6 European markets this fall, with carriers and retailers in Russia, India, Singapore, Taiwan and Hong Kong offering it for sale before the end of the year.
Here’s the official press shot:
Nokia’s First Two Windows Phones Are Here. Read more http://windowsteamblog.com/windows_phone/b/windowsphone/archive/2011/10/26/nokia-s-first-two-windows-phones-are-here-and-they-re-awesome.aspx
This article describes step-by-step instructions for how to disable Microsoft Internet Protocol version 6 (IPv6) or its specific components in Windows 7, in Windows Vista, in Windows Server 2008 R2, and in Windows Server 2008. We do not recommend disabling IPv6. For more information, see the "What are Microsoft's recommendations about disabling IPv6?" question in the following article:
IPv6 for Microsoft Windows: Frequently Asked Questions (http://technet.microsoft.com/en-us/network/cc987595.aspx)
If you must disable IPv6 or components of IPv6, use the following steps. They outline the recommended method. To disable IPv6 or its components, you must be logged on to the computer as a member of the Administrators group, or your user account must be granted permissions to edit the Windows registry.
For more details visit http://support.microsoft.com/kb/929852
Join Us in Our Historic Opportunity to End Polio Thanks to childhood vaccines, polio has been reduced by 99% and we are on the threshold of eradicating the second disease in history. Stopping the fight now is not an option. Together we can finish the job and end polio.
Join the movement http://www.gatesfoundation.org/polio/Pages/end-polio.aspx
Wish you all a very Happy Diwali and Prosperous New Year. May this Diwali bring you loads of happiness in your life. Avoid crackers and help environment.
Forza Motorsport 4 delivers an entirely new car experience. Check out the commercial for the biggest and best Forza Motorsport entry yet. Visit http://forzamotorsport.net/en-us/forza4.aspx
Couple of weeks back I blogged about HTC Firmware Update on my Windows Phone Mango Device over here HTC Firmware Update for Windows Phone
Today I received another update for Windows Phone Mango.
In this HTC Update for Windows phone Firmware revision remains the same but the RFU is updated from earlier 411408 to this current 417350.
The newest version of Windows Intune is now available. Sign up for a FREE 30-day trial and test it out on up to 25 PCs!
Sign up for Windows Intune today!
Windows Intune brings together Windows cloud services for PC management, endpoint protection, and a Windows 7 upgrade subscription. With its simple web-based console, it can help you manage and secure virtually all your users’ PCs through the cloud—whether they’re working onsite, at home, in a remote office, or on the road. All you need is an Internet connection and the Windows Intune client installed on each PC you wish to manage.
The October 17th release of Windows Intune is packed with exciting new features—such as the ability to distribute third-party software, manage Microsoft and non-Microsoft licenses, and get better control of remote PCs. It’s also easier to use, with context-driven menus, improved navigation, and color-coded alerts that you can sort according to your own parameters.
For more details visit http://windowsteamblog.com/windows/b/business/archive/2011/10/17/the-next-release-of-windows-intune-is-here.aspx http://windowsteamblog.com/windows/b/springboard/archive/2011/10/17/the-next-release-of-windows-intune-now-available.aspx
Finally Microsoft officially welcomes Skype. Skype is not part of Microsoft. Welcome to all the Skype Employees. Here is the official site http://www.microsoft.com/en-us/skype/
For complete Microsoft Press Release visit http://www.microsoft.com/presspass/press/2011/oct11/10-13SkypePR.mspx?WT.mc_id=aff-n-in-loc—aa
My deepest condolences to the Dennis Ritchie’s family & friends. I respect to the genius who created C Programming Language & jointly developed UNIX Operating Environment with Ken Thompson.
Today, I will talk about installing Internet Explorer 9 using Command-Line Options. Internet Explorer 9 Installer supports installing by using Command-Line Switches.
Note: This post is not about using Command-Line Switches for IEXPLORE.EXE In case you are expecting are there any Command-Line options available for Internet Explorer then visit http://msdn.microsoft.com/en-us/library/ee330728(v=VS.85).aspx
Anyways, back to our the main topic. To start with Internet Explorer 9 Installation, you need to download the specific installer depending upon your Operating System & the Platform i.e. x86 or x64
You can download Internet Explorer 9 Installers & Language Packs from this link http://windows.microsoft.com/en-IN/internet-explorer/downloads/ie-9/worldwide-languages
In this example I will be showing the example of installing Internet Explorer 9 using Command-Line switches on Windows 7. I have downloaded the following 2 files for Windows 7.
To see the available Command-Line options for Internet Explorer 9, run the installer with /? option. It will be like this IE9-Windows7-x64-enu.exe /? and hit Enter
Once you hit Enter, it will give you an option with the supported Command-Line Switches.
IE9-Windows7-x64-enu.exe /X:D:\IE9 (This command will extract the IE9-Win7.CAB file in the D:\IE9 folder) IE9-Windows7-x64-enu.exe /update-no (Do not check for Internet Explorer updates.) IE9-Windows7-x64-enu.exe /closeprograms (To start installation without rebooting)
Any comments and/on questions/feedback welcome, feel free to share it over here.
Microsoft Forefront Unified Access Gateway (UAG) Service Pack 1 (SP1) Update 1 is an update to Forefront UAG that provides a number of functionality updates and other improvements.
The following is provided by Forefront UAG Update 1: • Lync web services publishing—Forefront UAG now supports publishing Lync web services • Dynamics CRM 2011 publishing—Forefront UAG now supports publishing Dynamics CRM 2011 • SharePoint 2010 with Office Web Apps—Forefront UAG now supports publishing SharePoint 2010 with Office Web Apps • Improved browser support—Forefront UAG now supports more web browsers than in previous releases
New Delhi, 12th October, 2011: Microsoft Corporation India Pvt. Ltd. today launched the Windows Phone in India. With an all new rich and dynamic user interface of Live Tiles and Hubs, Windows Phone enables people to quickly find, connect and consume the things that they care about the most. The new OS sports a smooth transitional user interface called 'Metro', a visually appealing modern design language based on a set of principles which are modern, clean, alive in motion, and authentically digital.
For more details visit http://www.microsoft.com/india/msindia/pressreleases/microsoft-launches-windows-phone-in-india/317/
This post is about Sysinternals Process Monitor. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. You can watch my recently published video Sysinternals Tools for IT Professionals – PART I
This is how ProcMon looks like when it is showing all the activities.
One of the features in Process Monitor is BOOT LOGGING feature. To enable boot logging click on Options –> Enable Boot Logging
Once clicked, it will give following screen. First line is very IMPORTANT, it says Process Monitor is configured to log activity during the next boot.
You may choose Generate profiling events or not and click OK.
The moment to you click OK, it attaches the PROCMON20.sys driver and on next reboot it will start logging. You can check this with Sysinternals Autoruns.
Now, restart your PC.
Well, now that you have rebooted and you start using machine on regular basis. If you are using the system WITHOUT RE-OPENING PROCMON.EXE & SAVING THE LOGS, there is a file created in C:\Windows\Procmon.pmb by ProcMon Driver. This file is keep on growing by storing all logs/events so that you can access them later. THIS IS THE EXACT REASON YOU WILL END UP SEEING YOUR C: LOOKING LIKE THIS.
After system reboot, launch Procmon.exe, you will see following box. Click on Yes to save the collected data.
You will get an option to save the log data with .PML file extension. I have named the file BOOT.PML. Then it will start saving the data…
Meanwhile, go to Windows Explorer and the the Windows Folder. Inside the Windows Folder you will see the file Procmon.pmb, which has grown to about 3 GB in just about 10 minutes of boot time..
Once the complete data is saved in the BOOT.PML file, you will see the log data.
Well, now that you know what’s happening exactly, you need to close some applications or delete some temp data. Create some free space on your machine so that you can launch any application (including Procmon.exe ). make sure you do this quick fast because as long as you are not saving the logs, the file will be growing up continuously.
WHAT I WANTED TO HIGHLIGHT HERE IS THE FACT THAT THIS IS NOT A BUG IN THE TOOL BUT THE BEHAVIOUR OF THE TOOL. YOU MUST MAKE SURE THAT AFTER THE REBOOT YOU ARE SAVING THE LOGS TO AVOID GETTING INTO SUCH SITUATION.
Visit for more information http://www.yourbrowsermatters.org/#/home
Microsoft® Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2) introduces new functionality to Forefront TMG 2010 Standard and Enterprise Editions.
The service pack includes the following new functionality and feature improvements: New Reports • The new Site Activity report displays a report showing the data transfer between users and specific websites for any user. Error Pages • A new look and feel has been created for error pages. • Error pages can be more easily customized and can include embedded objects. Kerberos Authentication • You can now use Kerberos authentication when you deploy an array using network load balancing (NLB). To read the release notes, see the Forefront TMG Release Notes (SP2).
Microsoft respects your privacy. Refer to our online Privacy Statement. If you would prefer not to receive future promotional emails from Microsoft Corporation please go here to unsubscribe. These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. To set your contact preferences for Microsoft newsletters, see the communications preferences section of the Microsoft Privacy Statement. Microsoft Corporation (India) Pvt. Ltd. 9th Floor, Tower A, DLF Cyber Greens, DLF Cyber Citi, Sector 25A Gurgaon, Haryana 122 002 INDIA
Security rules are applied to measure a role’s relative risk for exposure to threats such as unauthorized or malicious users, or loss or theft of confidential or proprietary data. Examples of conditions that can affect whether violations of security rules are found by a Best Practices Analyzer scan include computers on which Windows automatic updating is turned off, or computers that are using nondefault port settings.
For more information about Best Practices Analyzer and scans, see Best Practices Analyzer.
For more details visit http://technet.microsoft.com/en-us/library/dd391934(WS.10).aspx?WT.mc_id=aff-n-in-loc—aa
Today, I received this new HTC Firmware revision for my HTC Mozart running Mango RTM.
Firmware revision from 2250.21.40600.707 to 2250.21.50001.707.