The Internet technology blog of the DSS team

Supportability postings from the UK Dedicated Supportability Services Internet team


Technical Rollup Article - July 2005

  • Comments 1
  • Likes




WSUS Released
Microsoft Windows Server Update Services (WSUS) delivers core update management infrastructure in Windows with added support for updating Microsoft products, advanced network optimization, flexible update management capabilities, and essential status reports—all of which significantly increase administrative productivity and efficiency.

Security in Operation: Part Four -- by Jeffrey R. Jones
Read the final part of this four-part series on security in operation by Jeffrey R. Jones, Senior Director, Microsoft Security Business and Technology Unit. The series examines customer concerns and raises questions on using either a Microsoft Windows-based or a Linux-based operating system.
Also, read part one,
part two 
part three
part four:

Microsoft Security: Tip of the Month -- The Urgent Need to Implement E-Mail Authentication
Spamming, spoofing, and phishing continue to undermine the integrity of e-mail as consumers begin to lose confidence in e-mail and conducting business online. Fortunately the industry is making headway through a combination of innovative technologies that provide prescriptive guidance, effective legislation and enforcement, and industry collaboration. The most promising effort to date -- one that is demonstrating real results -- is e-mail authentication.

Social engineering - How the way we think makes us more vulnerable
It's often the obvious things that lead to security breaches. Matthew Stibbe looks at social engineering, and how the way we think makes us vulnerable to worms, viruses and other nasties.

New Security Planning Guides

The Microsoft Solutions for Security (MSS) team is proud to announce the release to Web of five new security planning guides:

The Administrator Accounts Security Planning Guide

The Secure Access Using Smart Cards Planning Guide

The Security Monitoring and Attack Detection Planning Guide

The Services and Service Accounts Security Planning Guide 

Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide

Microsoft Security Guidance Center: Recently Published 


Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide

The widespread availability of the Internet has led to significant changes in the way many organizations work. To maintain competitive advantage, organizations increasingly require employees to connect to corporate networks from remote locations such as homes, branch offices, hotels, Internet cafés, or customers' premises. These remote connections are usually implemented with virtual private network (VPN) technologies. 

The Services and Service Accounts Security Planning Guide

This guide is an important resource to plan strategies to run services securely under the Microsoft® Windows Server™ 2003 and Windows® XP operating systems. It addresses the common problem of Windows services that are set to run with highest possible privileges, which an attacker could compromise to gain full and unrestricted access to the computer or domain, or even to the entire forest. It describes ways to identify services that can run with lesser privileges, and explains how to downgrade those privileges methodically. This guide can help you assess your current services infrastructure and make some important decisions when you plan for future service deployments.

Identity and Access Management Series v1.2

This series of papers provides numerous identity and access management concepts, techniques, and solutions for use in heterogeneous IT environments.
Identity and access management combines processes, technologies, and policies to manage digital identities and specify how they are used to access resources.

Send your feedback, questions, and requests for future papers to


Security Clinics & Labs

Learn on your own schedule. At your own pace. In your own office.
Our free Microsoft® Security E-Learning Clinics follow the same content outline as our Security Webcasts, but deliver that information via a learner-centered format that offers unique user benefits. With an E-Learning Clinic, you can access the security topic you want, when you want it, and learn at your own pace. Each lesson can be paused, and all security topics are indexed for fast and easy repeat use. So sign on today for an E-Learning Clinic, and get free information that can help you better protect your organization against security threats. 

Hands-On Lab 2811: Applying Microsoft® Security Guidance Training

Summary:This hands-on lab allows students to apply information and guidance that can help improve security in a network based on Microsoft Windows®. Students can perform tasks related to security update management and implementing security on Microsoft Windows® server and client computers.

Audience: IT Pro

Price: Free, 180-day subscription

 Hands-On Lab 2812: Applying Microsoft® Security Guidance Training II

Summary: This hands-on lab provides students with information and guidance that can help in implementing and managing security in a network based on Microsoft® Windows®. The lab includes information about Microsoft Exchange Server, Microsoft Internet Security and Acceleration (ISA) Server 2004, and Microsoft Identity Integration Server 2003.

Audience: IT Pro

Price: Free, 180-day subscription

Microsoft's Vision for an Identity Metasystem

The Identity Metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers. Using this approach, customers will be able to continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate from old technologies to new technologies without sacrificing interoperability with others. 

Secure Startup – Full Volume Encryption: Executive Overview

Hardware-based Security for the Longhorn Client 

Help Protect Yourself Against Identity Theft

Identity theft avoidance guidance. 

What You Can Do About Spyware

Syware prevention guidance.

Don't Be Fooled by Phishing

Ways to avoid phishing fraud.



TechNet Webcast: A Look Inside the MSRC

June 30, 2005 9:00 A.M. Pacific Time

Get an inside look at how the Microsoft Security Response Center manages and resolves security vulnerabilities and incidents. This is an opportunity for you to hear first hand from Microsoft’s security response team, including asking questions and getting answers from our security experts at the MSRC. 

Attend a Free, In-Person TechNet Briefing

Hear directly from the Microsoft technology specialists who implement our products and technologies every day. 

TechNet Webcast: Information about Microsoft July Security Bulletins (Level 100)

On June 14, Microsoft released its monthly security bulletins. This webcast presents an overview of the bulletins' technical details, as well as an extensive question and answer

Upcoming Security Webcasts

On-Demand Security Webcasts



June 14, 2005 Enterprise Update Scan Tool (standalone version)

MS05-029, MS05-030, MS05-031, MS05-033

Enterprise Update Scan Tool (standalone version) for detecting needed updates prescribed in the security bulletins released in April 2005. 

Updating Your Deployment with Rights Management Services Service Pack 1 (SP1)

Updating RMS provides information to help you install to Microsoft Windows Rights Management Services (RMS) Service Pack 1 (SP1) in an organization with an existing RMS deployment 

Rights Management Services (RMS) Service Pack 1 (SP1) Technical Reference

The Rights Management Services Service Pack 1 (SP1) Technical Reference provides detailed information about the technologies that are used in an RMS system, including the RMS Web services and RMS client technologies.

Operating a Rights Management Services (RMS) Server

Operating an RMS server describes management tasks performed after RMS with Service Pack 1 (SP1) is deployed in an organization. This subject provides information to help you manage your RMS server, procedures for common administrative tasks, and resources for additional information as well as best practices information. 

263968 - Fix: Service Pack Installation May Save Standard Security Password in File

If you use SQL Server Authentication, also known as Standard Security, to install SQL Server 7.0 or SQL Server 2000, the system administrator ( sa ) password may be stored in clear text, or in an encrypted readable format in the SQL Server 7.0 and SQL Server 2000 setup files. 

Extended Security Update Inventory Tool

The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.

Microsoft WS-I Basic Security Profile 1.0 Sample Application

Preview release for the .NET Framework version 1.1

The Microsoft WS-I Basic Security Profile 1.0 Sample Application is a preview release of the work being done by the WS-I Sample Application Working Group members to demonstrate interoperability of secure Web services. 

Windows 2000 Authorization Manager Runtime

Download the runtime libraries for Windows Authorization Manager on Windows 2000. 

Visio Connector for Microsoft Baseline Security Analyzer (MBSA)

Visio add-in to view MBSA results on Visio network diagram.


Windows Platform


Four days to Tech-Ed 2005 Europe! July 5-8 - Amsterdam, Netherlands 

Microsoft Tech·Ed 2005 Europe offers you 12 targeted tracks focusing on developer and infrastructure content (split 50:50)

Find out about the latest information on Microsoft technologies and tools, whilst networking with industry leaders. Take part in four days of in-depth technical training and evaluation on current and soon-to-be released technologies. 

Windows 2000 Transitions to Extended Support June 30, 2005

On June 30, 2005, the Windows 2000 product family (including Windows 2000 Server, Advanced Server, Datacenter Server, and Windows 2000 Professional) transitions from the Mainstream Support to Extended Support phase. This transition marks the progression of Windows 2000 through its product life cycle, originally announced in 2002. The Windows 2000 family entered the marketplace in February 2000 and remains a robust, mature product as it enters its 5-year Extended Support life-cycle phase. 

Microsoft Product Lifecycle Information

Find information about your particular products on the Microsoft Product Lifecycle Web site.  

See a List of Supported Service Packs

Microsoft provides free software updates for security and non-security issues for all supported service packs. 

Microsoft Releases Update Rollup 1 for Windows 2000 SP4

This update consists of previously released recommended, critical and security updates for Windows 2000, rolled into one convenient package. Installing this item provides you the same results as installing the individual updates. After you install this item, you may have to restart your computer. 

Microsoft Update Overview

Microsoft Update is a new service - offered at no charge - that provides everything you get through Windows Update, plus High Priority updates for Office and other Microsoft applications. It’s a one-stop destination for updates that help keep your computer more secure, up-to-date, and performing at its best. Microsoft Update includes the Automatic Updates functionality already found in Windows Update so you can choose to install High Priority updates automatically. Microsoft recommends that users of Windows Update move up to Microsoft Update.  

Try the Windows Server 2003 R2 Customer Preview Program

Sign up to receive the customer preview program trial software for Windows Server 2003 R2, the update release of the Windows Server 2003 operating system. Windows Server 2003 R2 makes it easier and more cost effective to extend connectivity and control to identities, locations, data, and applications throughout and beyond your organization. Use only in a test environment. 

Roadmap to Longhorn Clarified

With the release of Windows Server 2003 SP1 and editions of Windows for the AMD and Intel x64 processors, the Windows team has returned its main development focus to Longhorn

Microsoft to Deliver Automated, All-in-One PC Health Service for Consumers

Windows OneCare is a comprehensive, simple-to-use consumer subscription service that will provide automated protection, maintenance, and performance tuning in an all-in-one package for Windows-based PCs.

Microsoft Shared Computer Toolkit for Windows XP – Public Beta Release

Introducing powerful new software tools for shared computers in schools, libraries, Internet cafes, and other public places. The Shared Computer Toolkit helps make it easy for anyone to set up, safeguard, and manage reliable shared computers running Windows XP. 

Comparing the Total Cost of Security Patch Management

Wipro Technologies, a leader in the IT services and consulting industry, surveyed 90 enterprise organizations that use both Microsoft Windows and open source software. Wipro compared the total cost of security patch management for both environments under similar conditions. The firm found that per-patching event, Windows-based systems required less effort to patch. The study also found that the costs of patching the tested systems were nearly comparable. Microsoft sponsored the study and Meta Group, a research firm audited it. 

Brace Yourself for the Self-Destructing E-Mail

Microsoft Windows Rights Management Services (RMS) Service Pack 1 (SP1) gives companies another tool for controlling access to applications.



Windows Server System Reference Architecture

Learn how to establish a strategy and roadmap for any enterprise environment based on Microsoft Windows Server System. The Windows Server System Reference Architecture (WSSRA) has been restructured to be easier to use. Now you can access guides by either service or function, or by both service and function. You can access the WSSRA on the TechNet website. 

Deploying Microsoft Windows Server Update Services

Comprehensive guidance on deploying Microsoft Windows Server Update Services (WSUS), including a description of how WSUS functions, and descriptions of WSUS scalability and bandwidth management features, as well as step-by-step procedures for installation and configuration of the WSUS server. You will find how to update and configure Automatic Updates on client workstations and servers that will be updated by WSUS, steps for migrating from Microsoft Software Update Services (SUS) to WSUS, and steps for setting up a WSUS server on an isolated segment of your network and manually importing updates 

Microsoft Windows Server 2003 TCP/IP Implementation Details

This white paper describes the implementation of the TCP/IP protocol stack in the Microsoft® Windows Server™ 2003 family and is a supplement to the Windows Server 2003 Help and Support Center and Technical Reference documentation. This white paper contains an overview of TCP/IP in Windows Server 2003 features and capabilities, a discussion of protocol architecture, and detailed discussions of the core components, network application interfaces, and critical client components and services. The intended audience for this paper is network engineers and support professionals who are already familiar with TCP/IP. Except where noted, the TCP/IP implementation for Windows® XP is the same as that for Windows Server 2003 

Improving Backup Service at Microsoft using Data Protection Manager

This case study details how Microsoft deployed Data Protection Manager to reduce the time and cost associated with backing up critical company data for its 130+ remote sites. Includes comparative data and best practices to consider when moving away from tape backup technology as a primary means of protecting an organization's critical information for remote locations 


Toolkit to Temporarily BlockDelivery of Windows Server 2003 Service Pack 1

While recognizing the security benefits of Windows Server 2003 Service Pack 1, some organizations have requested the ability to temporarily disable the automatic delivery of this update through Automatic Updates and Windows Update (6/21/2005). 

Get the Windows Server 2003Service Pack 1 Administration Tools Pack

These management tools help you remotely manage computers running Microsoft Windows 2000 Server and

Windows Server 2003. 

Microsoft .NET Framework 1.1Service Pack 1

Download the latest Microsoft .NET Framework 1.1 Service Pack (5/31/2005).

Microsoft Windows Server 2003Performance Advisor

Download this performance diagnostic tool for Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1 (6/17/2005). 

Excel XML Toolbox for Excel 2003

Work with custom-defined XML schemas, XML and the Excel object model, and SpreadsheetML. 

Wi-Fi Protected Access 2 (WPA2) Update Is Released for Windows XP SP2

Microsoft has released WPA2/WPS IE Update, a free download that updates the wireless client components in Microsoft Windows XP with Service Pack 2 to support WPA2. 


Dates and Venues

16th June, Architect Forum:Connected Systems

At this Architect Forum we will discuss strategies to achieve success when connecting applications across these boundaries, the increasing support and wide adoption across the industry, and finally how the Microsoft platform will support this process. These sessions will be lead by speakers from Microsoft, our customers and the industry.

29 June: IT Director's StrategyDay

New for 2005, the TechNet IT Directors Strategy Day will provide IT Directors, CIO's and Senior IT Managers with new insight into the UK and global technology environment, focusing on the themes that will be most significant in future. The day will help you understand how best to align your IT strategies with Microsoft's plans and enable you to interact with and provide feedback to key Microsoft personnel.

Dates and Venues

15 June: TechNet SecurityBriefing: Windows Server 2003 SP1 and Network&Perimeter Security

In this the latest TechNet Security Briefing we cover two key topics of interest to Security Professionals. Our London briefings are rising in popularity, so register today to ensure your place at this hugely informative evening. Session 1 looks implementing network and perimeter security. We demonstrate how to apply industry best practices to implement perimeter and network defences. After the obligatory break for beer and pizza, hear how Service Pack 1 improves Windows Server 2003 security.

21 June, Systems CentreTechnical Overview

This session will provide a technical overview of Microsoft System Centre 2005. Including how System Center consolidates management tasks a discussion of the components comprising System Center and how these tools work together.

27 June: Understanding the ActiveDirectory Platform in the Real World

This is a 'must attend' event for IT Professionals which focuses on Active Directory in the Real World. Whether you want to learn about the "gotcha's" of deploying Active Directory for the first time, are stuck pondering how to migrate your existing NT4 or Windows 2000 infrastructures, or need to extend the capability and value you are getting out of your existing deployment, this free full day event is for you.

See the complete list of UK TechNet Events and webcasts



Inside the Microsoft Security Response Center (Level 100)

Brush up on the Microsoft security response process for releasing security bulletins. Learn about handling security incidents and about the role that the MSRC plays in that process. Get free advice, resources, and tools, all of which are available for customers to help protect their environments.


Learn best practices to guide your security strategy during this monthly webcast series. Each webcast focuses on a specific security topic and includes commentary from industry experts outside of Microsoft.

Security Webcast Calendar  (Microsoft Word 240KB)

Security webcasts listed in an easy-to-use calendar format.
June 2005_v2.doc

Assessing Network Security (Part 1 of 2): Planning and Research (Level 200)

June 20, 2005 - 9:00 AM-10:00 AM Pacific Time

Network Isolation Using Group Policy and IPSec (Part 2 of 3): Understanding Network Isolation Using IPSec (Level 300).

June 22, 2005 - 9:00 AM - 10:00 AM Pacific Time

 Defense-in-Depth Against Malicious Software (Level 200)

June 22, 2005 - 11:00 AM-12:30 PM Pacific Time

Assessing Network Security (Part 2 of 2): Penetration Testing (Level 200)

June 27, 2005 - 9:00 AM-10:00 AM Pacific Time  

Security Myths (Level 200)

June 28, 2005 - 11:00 AM-12:30 PM Pacific Time

Network Isolation Using Group Policy and IPSec (Part 3 of 3): Advanced Network Isolation Scenarios (Level 300)

June 29, 2005 - 9:00 AM-10:00 AM Pacific Time



IIS News

Survey Results Show Fortune 1000 Chooses IIS

June 1, 2005: A new survey of the 2005 Fortune 1000 Web sites shows that Microsoft's Internet Information Services (IIS), ASP.NET, and ASP serve the majority of leading U.S. corporate sites.

Protect Against Exploit Code Related to Security Bulletin MS04-011

There is code available that can exploit issues addressed in the Microsoft security updates of April 13, 2004. Find out if your system is at risk and how you can protect it. 

ASP.NET Resources for IIS

Visit the ASP.NET Web site and check out the featured tools, blogs, webcasts, and other resources for IIS. Campaign Launched to Bolster IIS 6.0 Adoption

ENT News (May 18, 2004): Scott Bekker reports that Microsoft is starting a marketing campaign to single out the Internet Information Services 6.0 Web server component as a strong reason to upgrade to the server OS.

IIS 6.0 Helps Windows Server 2003 Win e-Business Foundation Ard from eWeek

Citing improved security features, including a "faster, more reliable and more secure" IIS 6.0, eWeek judges award top honors in the e-Business Foundation category to Windows Server 2003. They also recognized IIS 6.0 for its improved development platform.,1759,1559921,00.asp 

A Web Server You Can Count On

Windows & .NET Magazine (March 2004): Brett Hill writes about the improved reliability of IIS 6.0. Find out about application isolation, recycling worker processes, and more. 

IIS 6.0 Gets Kudos for HTTP Compression Tools

Check out this overview of Web servers that use HTTP compression. 

At Web Sites, Windows Outpaces Linux

CNET (July 18, 2003): Microsoft has seen a 300 percent increase in the number of Web sites hosted on its recently launched Windows Server 2003 software in the last three months—with a considerable amount of the new business representing moves away from Linux, according to a survey published this week.

Nearly 100,000 Active Web Sites Built on Windows Server 2003

ENT News (July 17, 2003): Researchers ... say Windows Server 2003 is closing in on its 100,000th active Web site in the three months since the launch of Microsoft's latest operating system. The official count is 88,400 active Web sites ...

Windows Server 2003 Uptake Strong

Netcraft (May 6, 2003): Windows Server 2003 is being rapidly adopted for production Web sites. In fact, thousands of Web sites were running Windows Server 2003 before its official release.

.NET Cure for Health Developers

Australian IT (March 10, 2003): Using Windows Server 2003, the .NET Framework, and IIS 6.0, Queensland Health rolls out a standard development environment for .NET design, development, and deployment.,7204,6106158%5E15316%5E%5Enbv%5E15306,00.html

Microsoft Exec: Windows Server 2003 Focuses on Customers

InformationWeek (February 18, 2003): Bill Veghte, corporate Vice President of Microsoft's Windows Server Division, highlights security in Windows Server 2003 and IIS 6.0.

Digex: IIS 6.0 Delivers the Goods

ENT News (January 30, 2003): One of the largest managed hosting companies in the world praises IIS 6.0 for its "outstanding" reliability and security.



The Cable Guy – June 2005 - TCP/IP Packet Processing Paths

With the inclusion of Windows Firewall in Microsoft® Windows® XP Service Pack 2 and Windows Server™ 2003 Service Pack 1 and the growing use of Internet Protocol security (IPsec) in organization intranets, information technology (IT) professionals need to know how unicast Internet Protocol (IP) packets are processed by the TCP/IP protocol and its associated components in Windows. Detailed knowledge of the IP packet processing path can make it easier to understand how to configure and troubleshoot packet processing and filtering components.

This article describes the basic architecture of the TCP/IP protocol for IP version 4 and the additional components that process packets. The packet processing path for unicast traffic sent, received, and forwarded by Windows-based computers.

IIS insider for June

 What's New in IIS 6.0 and ASPs on Windows 2003 Server? (January 29, 2003): Security, dual operating modes, and improvements in the use of ASP pages may make IIS 6.0 the best reason for developers to embrace Windows 2003 Server.

What You Need to Know About IIS 6.0: Better Reliability, Security, and Manageability

Windows & .NET Magazine (December 2002): A new process model, process recycling, and health detection technologies boost the reliability of IIS 6.0. The standards-based XML metabase means you can make changes while your Web site is live.



The IIS 6.0 Resource Kit

Check out the list of tools no IIS administrator should be without.

The IIS 6.0 Deployment Guide

Windows & .NET Magazine (June 3, 2003): The IIS 6.0 Deployment Guide earns high praise.



Update Your Server-Gated Cryptography Configuration

On July 16, 2004, a Microsoft cross-certificate issued to thawte to enable thawte's Server-Gated Cryptography (SGC) capability expired. If your Web site uses an SGC certificate issued by thawte, read the Knowledge Base article to find out what you need to do.;en-us;875450

Action: Update VeriSign Web Server Certificates for IIS

VeriSign's 128-bit Global Server Intermediate Root certification authority certificate for Microsoft Internet Information Services (IIS) and other Web servers expired on January 7, 2004. Update your servers' certificates to prevent error messages.;EN-US;834438


Windows Server 2003 SP1 enables WOW64 compatibility for 32-bit Web applications in IIS 6.0;en-us;895976&spid=2097

FIX: IIS 6.0 may send an "HTTP 100 Continue" response in the middle of the response stream when you send a POST request;en-us;898708&spid=2097

Branch Offices : A Focus on Server Infrastructure

Discover ways to reduce management and wide-area networking costs through Microsoft's branch office approach—highlighted by the Branch Office Infrastructure Solution, a set of prescriptive architectural guidance for remote office infrastructure.

(Windows 2003 R2 Beta and ISA 2004)



Bloggers Guide to BizTalk

The aim of The Bloggers Guide to BizTalk is to provide the best of the online content produced by the BizTalk blogging community in an easily accessible format. All the content in the guide has been created by BizTalk developers who wish to share their knowledge and ideas with others in the developer community. The subjects of these contributions and the level of their complexity are varied, so there is information available for those who are new to BizTalk, as well as for advanced developers.

Stefan Gossner's Weblog

Escalation Engineer for MCMS

Awesome blog entries from an MCMS consulantant on ASP.NET and Microsoft Content Management server.


Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment