I took the plunge.  I signed on the dotted line.  I’m locked for a year.  I’ll have high speed wireless wherever I go in my territory.  Now I need to get my boss to pay for it.  No problem, he’s easy.  Actually, it should be a no brainer.  I bet I spent more on WIFI hot spot charges last year. 

Now you might be thinking, gee Keith, what kind of speeds are your really going to get?  Heck I don’t know!!!  Here’s the quote from my provider at their website:

High Speed
Verizon Wireless BroadbandAccess is one of the fastest, fully mobile wireless Internet data solutions available. Quickly download complex files and view email attachments at typical speeds of 400-700 kbps, capable of reaching speeds up to 2 Mbps^. Access your mission-critical data and applications behind the corporate firewall and get the answers you need with customers in the field right there. ***

We’ll see what the real speeds are.  I doubt I’ll ever hit 2meg speeds.  From my research, it appears many of the 3G cell towers only have a T1 and considering that is shared bandwidth, I’ll likely never hit 1.5meg.  I’ll be happy with something close.

I’ll have an entire year to test this.  That’s my contract term.  I really didn’t want to sign up for a whole year but if the service doesn’t work as advertised, I’ll bail out and either eat the early term penalty ($150) or haggle with my provider over it. 

You might be wondering what I’m paying… well, fortunately we get a corporate discount although it isn’t a steep discount.  One of my colleagues tried to tell me it was $20 per month.  Unfortunately he was wrong.  That would be a killer price.  Some day we’ll all have cheap wireless internet access wherever we go. 

I endured the last fiscal year on the road without decent connectivity.  Sure, you can get really good connections in a hotel room now, but that doesn’t do jack when you’re at a meeting location like a theatre.  I swore I wasn’t going to do that in FY06 which started a couple of weeks ago.

I’d be interested in any observations some of you’ve had on this subject.  I was thinking 3G was the solution.  EDGE is to slow for my needs.  The problem is that 3G doesn’t seem to be available everywhere. 

Verizon Wireless has their BroadbandAccess.  This looks fast enough and fortunately their coverage handles many of the cities in my region (southern states).  It’s a little above what I want to pay but it’s certainly a candidate.

Any other suggestions? 

I’ve been saving my pennies.  I have enough saved to buy a really nice High Def TV.  I have no idea what to get.  I have decided it’s going to be a 50” screen.  Moving from a 36” analog TV to a 42” high def TV seems too small a jump.

Does anyone have recommendations on good consumer review sites?  I want to start doing my research and it would be nice to find some good sites with side-by-side comparisons, feature lists, explanations, etc.

Last week, I started researching teen blogs.  I figured I’m pretty tough skinned and could handle anything I find my children doing.  However, I stumbled across something even more horrifying…  As it turns out, I found out my dog Elvis has been sneaking around and has setup his own blog.  Needless to say, I was shocked!!!  I mean come on, who would care about a dog and his blog?  As it turns out, a lot of people.  Oh, and for all you cat lovers, those sneaky little feline critters have blogs, too. 

Normally I don’t repost stuff that is available from microsoft.com, but this is just too juicy to resist.  For months now it’s been fairly difficult to get your hands on the new version of SQL Server.  Usually Beta code is pretty easy to get.  Sure, you could download SQL Server 2005 Beta 2 Express Edition, but what about all of the other editions?

Well, the good news is that we’ve made all of the editions available for download.  See http://www.microsoft.com/sql/2005/productinfo/ctp.mspx  The new editions are feature complete Community Technology Previews meaning they are still pre-release code.  Not only can you get the various editions (Express, Workgroup, Developer, Standard, Enterprise), but you can also get the 32 and 64bit versions.  OMG!!!  If you are trying to figure out what the differences are between editions, see http://www.microsoft.com/sql/2005/productinfo/sql2005features.mspx for the table(s) of the features.

The SQL Server 2005 June CTP is very kewl.  My team is still using Beta 2 for our content but we end our seminars on that version in two weeks.  We’ll be back next quarter with the June CTP build or later, then it’s only a matter of time before we are running the released bits.  Anyone know when that is?  If you were poking around on some of the links above, you’d see we’ve announced the launch date (HINT).

Does the SQL dude above look like Robert Downey Jr. or what?

Have you ever wondered if your DNS mad skillz are really up to par?  Would you like to test your DNS implementation?  Are you tired of pouring over the standard text books and looking at whitepapers?  Hey, I don’t blame you one byte.  So stop fretting and head over to http://www.dnsreport.com/.  The site is simple and allows you to crank a number of tests against your domain to see if any problems are identified.

I stumbled across it trying to diagnose an email issue.  One of the domains I was hosting was seeing blockage from an email domain we were trying to send to.  The DNS Report test reported enough information to get us on the right track for resolution.

As you might recall, I am hosting five domains from my fiber connection.  All inbound and outbound email traffic flows through my Exchange 2003 server.  All of this is running on Windows Server 2003 Standard SP1 with protection provided by Sig Arms and ISA Server 2004.  I’ll be writing a lengthy article soon about the firewall rules, media server implementation, DNS implementation, webfarm, etc.  The SBS support dudes said I’d never get it working correctly…    By the way, it’s all on one box.  So how did I implement a primary and secondary DNS server?

I’ll be building a SBS 2003 SP1 box as soon as I get official media.  We’ll definitely put it to the test when that happens.  Stay tuned…

When you implement ISA Server 2004 on a connection, by default, it blocks all traffic.  Other than the hidden system rules, you’ll see only one firewall access rule and it denies all traffic in either direction.  In order to use a FTP client, you’ll need to create a firewall rule that allows the FTP protocol.  The site I use for storing screenshots and graphic elements requires passive FTP so I obviously needed to create a rule so that BlogJet, WS_FTP and other tools would work correctly.

However, even though I created the rule to allow the traffic from my home office network to the internet, things weren’t working correctly.  I could login to the site, but I could not add a file, rename a file, or delete a file.  Obviously it was time to look more closely at my rule.  I started poking around in the properties and stumbled across the Application Filter section at the bottom of the Parameters tab (see screenshot).  Application filters are very useful and allow you to extend rules in many ways.  I particularly like the streaming media application filters because it “streamlined” getting all of the ports opended correctly for my streaming server.

So getting back on topic, when I first looked at my rule, the FTP protocol had the “FTP Access Filter” application filter turned on.  At this point I backed out of the properties for the rule and went looking for information on this filter, and what it does.  In the ISA Server 2004 helpfile, I found the following information:

FTP access filter

The FTP access filter that is provided with Microsoft Internet Security and Acceleration (ISA) Server 2004 forwards File Transfer Protocol (FTP) requests from SecureNAT clients to the Microsoft Firewall service. The filter dynamically opens secondary ports, which are required by FTP, and performs necessary address translation for SecureNAT clients.

Although you could create a protocol for FTP, the protocol would not offer the full range of capabilities afforded by the FTP access filter. The following list describes the differences between a user-defined FTP protocol and the FTP access filter:

• The FTP access filter dynamically opens specific ports for the secondary connection, but the protocol definition opens a range of secondary ports.
• The FTP access filter can protect clients by performing the address translation required for the secondary connection.
• Because the FTP access filter includes a read-only FTP protocol definition, it can distinguish between read and write permissions, enabling you to fine-tune access permissions.

The FTP access filter uses the following protocol definitions, which are installed with the filter during the ISA Server installation:

• FTP client read-only
• FTP client
• FTP server

For instructions about applying FTP access filtering to a specific rule, see Configure FTP filtering. By default, the FTP access filter is applied to FTP and FTP server protocols. For more information on protocols, see Protocols. 

This filter has some cool capabilities and I’ll probably take advantage of some of them later when I publish a FTP server.  But at this point I didn’t really see anything that indicated to me how to fix the issue.  So I turned off the filter checkbox and ran some quick test.  Bingo!!!  Now I can access the FTP site, upload files, rename files, delete, etc. 

We all know about the kinetic energy of a head on collision.  I have a corporate Exchange mailbox.  I also have a hosted Exchange mailbox.  Each time I log on to either profile and retrieve new email using a “Send/Receive”, the current Offline Address Book (OAB) gets whacked by the incoming OAB data.

Unlike a head on collision with vehicles, size does not matter.  My hosted OAB is tiny compared to the OAB I receive from Microsoft.  So I set out to research if it was possible to force Outlook 2003 to look into a specific directory for the OAB.  It seemed logical that per profile settings would be the way to go.

Fortunately, a knowledgebase (KB) article on the subject has already been written that describes one solution to the problem. How to Change Location of Offline Address Book Files (KB 148493) goes on to describe modifying the settings that are used during profile generation.  You can create an email profile and specify the location of the OAB files using the OfflineAddressBookPath value.  This seems simple enough but I thought I would ask the rest of you if you have devised any other methods.

Any thoughts or tricks on this subject?

Update for 5/25 - Apparently I didn't read the entire article.  Supposedly, the method described is ignored by Outlook 2003.  Great.  Back to square one..

We’re currently delivering some sessions on Windows Server 2003 SP1 and SQL Server 2005.  The last demo of the Windows Server 2003 SP1 session takes an existing Windows Server 2003 i386 directory and slipstreams SP1 into it.  If you dig around on Microsoft.com, you’ll be hard pressed to find documentation on how to do this.  It’s mentioned in the readme for SP1, but you really don’t get a good example in the docs. 

In order to do the process demonstrated, you’ll need to order the CD.  See http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/cdorder.aspx for ordering instructions.  After you have the CD, you’ll notice srsp1.exe at the root.  You can dump the command line options using the srsp1.exe /? command.  Warning, this unpacks everything before it shows the options (see screenshot). I don’t particularly care for that, but I didn’t write the code.  I just get to whine about it.

If you look carefully, you’ll see some interesting options.  However, what you don’t see is the command line option we use in the demo. HA! Now you know why it’s important to come to a TechNet seminar.  Ok, that’s not the only place to get information, but it is interesting that searches in the MSN and Google search engines currently come up dry on the subject.

So how does an IT Dude do the slipstream?  Well, the key is to build a directory and do the merge.  You can see the demo (demo 5) at our TechNet website, or perform the following steps:

1. Create a directory and share it so that network installs can use it later.  We’ll create c:\DepShare.

2. Copy the contents of the i386 directory on the Windows Server 2003 CD to c:\DepShare.

3. Open a command console and go to the root of the SP1 CD, or if you copied the contents of the CD, change to that directory.  In our demo, we’ve copied the CD contents to c:\SP1.

4. Type srsp1.exe /s:c:\DepShare  and hit enter.

At this point, you should see the slipstream process begin.  It will take a few minutes to complete depending on the machine you are using for this merge.  For more information, see the Technical Center at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx

For merging SP1 with other updates, see How to Combine SP1 with Other Updates and Deploy to Multiple Computers.

I’m sure several years ago, many of you installed and used MS Reader to some degree.  I really like it because I love ClearType fonts.  I also like Reader because it has a Pocket PC version and gave me another excuse to justify having a PDA.  I purchased a few books and took advantage of the summer series where we gave away free copies of books each week.  That was an awesome promotion by the way.

As many of you are aware, being a Microsoft employee means you have the opportunity to test and run a variety of products.  This also means you get in the habit of building laptop images pretty frequently.  Unfortunately, this also means you’ll run through your six MS Reader activations pretty fast.  Thankfully, you can get more activations after you justify it to PSS.

But I wondered how many people are in the same boat?  Do you like MS Reader but can’t use it? If so, follow these steps:

• Go to http://das.microsoft.com/activate/en-us/default.asp
• Attempt activation using your Passport account.  Once you have received the message, quota's exhausted or limit exceeded, you will have the opportunity to submit a request for more activations.
• Submitting this request will produce an immediate request denied message.  ON this page, is a second request form, to PSS.  Submit the request here....you will be granted more activations.

I’m assuming this works for anyone and didn't just work for me because I am a Microsoft employee.  Hopefully this will help everyone answer the question correctly.

I’m fortunate enough to live in a place where I can get one of those kewl new fiber optic connections to the internet.  It’s called Verizon FIOS and has been steadily rolling out in North Texas and other parts of the USA.  This coming week I am converting my 15meg/2meg residential plan to a static ip address business plan (same speeds).  After the conversion takes place, I’ll have the opportunity to start hosting our email, web sites, etc. from the comfort of my home office network.  If you want information on the Verizon FIOS offering, click the image above for the residential packaging.  The business offerings are at http://biz.verizon.net/pands/fios/Default.asp. 

The question that comes to mind is what software I should use to run our websites and email?  Should I install SBS 2003 Premium SP1 or just run some standard editions of Windows Server 2003 SP1, Exchange Server 2003 SP1 and ISA Server 2004 SP1? 

Core Software Requirements

• Secure – the server must be secured behind a firewall.  I’m planning on implementing ISA Server 2004 regardless.  ISA will allow us to publish the websites, give us acces to email, VPN if needed, etc.
• Web hosting – the solution must be capable of hosting five public internet facing websites.  Each website is a different domain name.  The number of hits for each website is pretty small.  FrontPage extensions will naturally be used on IIS6.  SSL will be used on Outlook Web Access (OWA).
• Email – we’ll be receiving email from the five domains mentioned.  For instance, my mailbox must be able to receive email from at least four domains.  For each domain, we would like a “catchall” mailbox rule so that any email sent to the domain is received.  The number of mailboxes will be very low.
• DNS – all of the DNS records for the five domains will be hosted on our server.  Most likely we’ll have a completely different internal DNS namespace since it would be difficult which public DNS namespace to pick.
• Xbox Live – we have a number of Xboxes so Xbox Live must work.  The real requirement here is to have a network that is not strict NAT so that our connections can host some of the games.  I know ISA 2004 and Xbox Live is not a supported config, but I am confident I can create the appropriate firewall policies, or set the Xboxes on their own perimeter network.

My Hardware

The server will be low volume so I am not too worried about performance.  If things grow, I’ll buy a dual proc machine later when needed.   For now, it’s a Pentium 4 2.66 GHz processor, 3gigRAM, dual SATA 300gig hard drives, builtin Intel Pro 100 VM adaptor, Intel Pro 1000 MT Dual Port Server adaptor and various other standard components.  I highlighted the dual port ethernet card because it’s a nice design for those of you that want multiple networks without using a bunch of slots.  Intel also makes some quad port cards. 

So back to the original question.  Would we run into any problems running SBS S003 Premium SP1 (when it ships), or would Windows Server 2003 SP1, Exchange Server 2003 SP1 and ISA Server 2004 SP1 be a more flexible approach?  I really like the integration of the components in SBS but I also like a more modular approach.

What do you think?

Well at long last there is an update coming for Halo 2 and it will be available on Xbox Live tomorrow.  The update will fix a number of multiplayer exploits and that is welcome news for many of us that love the game.  In addition to the multiplayer fixes, the developers are changing some of the characteristics of the weapons.  One of the things I’ve had to really suppress in Halo 2 was the use of a melee attack (cracking a weapon over someone’s head).  Melee attacks in Halo 1 were deadly but in Halo 2, it was like tapping someone on their shoulder and inviting them to unload a clip on you.  Well, that is getting ready to change (for the better).  There are a number of other weapon changes.  I didn’t see anything mentioned about the battle rifle but I would not be surprised to see single shot mode, and more muzzle velocity and power.  See the Bungie website story for more information.

The update precedes a number of new maps on the way.  We’ll see two new free multiplayer map downloads before the end of the month thanks to Mountain Dew. Two additional maps will be available for purchase as premium downloads.  All four maps will be available before the end of April.  When June rolls around, we’ll release a DVD with a bunch of maps.  See the details of the map releases at the Xbox.com Halo 2 area. 

Man, this summer and fall is looking good.  New Halo 2 stuff, the next generation Xbox details on MTV May 12th, and I presume we’ll have some new hardware to play with for Christmas.  Yee Haw!!!

One of the questions that comes up at each of our Windows Server 2003 SP1 seminars is around the new firewall, and specifically how it handles program exceptions.  One of my attendees asked when the ports for a program are enumerated.  Are they discovered when you add the program and click OK or is this handled later?

Well, the good news is that the ports used by the program are not enumerated and opened at the time you add the program unless the program is running.

In our seminar, we use the Windows Server 2003 DNS service as our guinea pig.  So we add c:\windows\system32\dns.exe to the program exceptions list.  This isn’t the greatest demo in the world, but you get the idea.  In the case of DNS and the Virtual PC 2004 VM used in the seminar, the ports are opened because the service is running and responding to queries.

If you look at the screenshot below and the programs in my Windows XP firewall list, you’ll see some other interesting entries.

You first notice some greyed entries.  Those entries are controlled by group policy and are pushed to my machine.  As you can see, Microsoft has a number of IPsec policies in place on our network so they’ve opened the appropriate ports for that.  You’ll also see an entry for the new and improved MSN Messenger v7.0.  Would you rather just point to the .exe for Messenger or try and figure out all of the ports it uses for chat, pics, voice, video, etc.?  I’d rather just point to the .exe as demonstrated in the screenshot below.

After you’ve added the program to the list, the Windows Firewall will dynamically open ports needed by the program while the program is running.  When the program closes, all of the ports are closed as well.  This is a very flexible approach for programs you trust.  Never add a program to the exceptions list that you aren’t familiar with.

For more information, go to “Configuring Program Exceptions” in our beloved TechNet area.  Everything you ever wanted to know about Windows Server 2003 SP1 is at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx.  Enjoy! 

It’s been fun but decision time is rapidly approaching.  I mean after all, how many blogs can a person afford to invest time in?  I’m tempted to keep the technet.com blog totally work related and have everything else (family, hobbies, rants) on my personal domain blog.  What do you do?

During the blog adventure over the past few months, the hype meter around blogging has gotten crazy.  I mean is RSS going to solve world peace or what?

I have been looking at several sites to use.  Like many of you, I want to be able to share information and get feedback on our products and services like live seminars and webcasts.  So here are the sites I’ve looked at, and some thoughts on each:

blogs.technet.com/keithcombs – love the domain name.  Some of the styles are ok, but most of the colors were funky.  I did a few CSS overrides to come up with some colors I could live with.  Good statistical reporting (needed for the managers). Good spam controls.  BlogJet posting supported.  Only Microsoft employees are allowed to create a blog on this domain.  Anyone can reply if the blog allows it.

http://spaces.msn.com/members/keithco/ – kewl themes!  Ok, this is a fun consumer area although I doubt I’d use it for any of my business oriented communiques.  MSN keeps improving and this will be very welcome by many.  Easy to create and setup. Free. Picture support is integrated so you don’t need a separate server to store pictures.  BlogJet is not supported.  Dog slow.

http://keithcombs.blogspot.com/ – a decent selection of themes.  I really like the black theme I’m using.  As with the technet.com site, I changed some of the template settings to suit my needs (made the posting col wider).  Decent control of the site via the settings.  No statistics!  This is a show stopper for my needs.  BlogJet supported.

So it appears this is going to boil down to two sites short term.  The technet.com site for business, and blogspot for personal.  If after a few weeks I see that BlogJet wants to play nicely with b2evolution, then I’ll probably just use my domain.  It’s probably better that way since it will force me to update my website more often. 

Do you have a Sony PSP?  If you are also lucky enough to have Microsoft Windows XP Media Center Edition 2005, you might be considering converting a few of those recorded television programs into a format that can be viewed on your new toy.  Fortunately, there are a number of ways to do that.

The biggest challenge you face is converting the MCE file format to something other converters can understand.  The .DVR-MS file contains XML for information related to the date the program was recorded, channel recorded on, etc.  Many of the video converters have no knowledge of this XML wrapper so they cannot convert correctly. 

If you really want to know the gory details of the .DVR-MS format, see the Smart Client Development Center article, “Fun with DVR-MS”, by Stephen Toub.  This is a great little article for you propeller heads.

For those of us that like to install and run, Sony created a nice little software program called Image Converter 2.  I like this program for a couple of reasons.  First, it’s relatively inexpensive at $19.99 US.  The second reason I like it is because it works.  In fact, this program will take a .dvr-ms file and convert it to the required PSP MPEG4 format in one step. 

Image Converter 2 is simple to use and isn’t overly cluttered with a vast array of settings.  You can pick from four different output formats.  I settled on the 192kbps setting until I get some larger memory sticks.  I’ll likely move to the 384k setting later.  At first I was put off by not having a bunch of settings to mess with, then I realized I really don’t need any.  The program works, and it’s VERY fast.

There was one thing I didn’t like about the program.  By default, Image Converter 2 will automatically break the output into chunks if the movie is over 120 minutes.  You can alter this behaviour by changing the following registry setting:

[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Image Converter 2\2.1]
"MAX_MOVIE_SIZE"=dword:00003840

I doubled the setting for my machine (as shown above in hex) and will probably increase it again if I decide to convert a really long movie. 

Hello and welcome back.  It's been too long since my last post and that was for two different reasons.  The first was this new website and domain name.  technet.com ought to be easy to remember. :)  The second reason is I've been waiting for our official posting guidelines (think Scott and Rory).  I don't really plan to go out on the edge like a few people I know but I thought it would be prudent to see the guide.  I'm tired of waiting. :)

I am also apparently BlogJet challenged.  I didn’t realize .Text we still being used.  Here’s the correct setting for login.

Many of you have asked for a script we use in the TechNet ISA Server 2004 Technical Overview (TNT1–111) webcast.  The blockwebsites.vbs script creates a ISA firewall access rule and builds a list of websites that will be blocked.

This script is obviously useful for a number of reasons.  First, it could be used quite immediately to block websites you deem inappropriate to your companies day to day business.  Second, it is a good example of how to use a script and create a rule inside ISA Server 2004.

The following set of code is very similar to the script we run in the demos you saw during my webcast.  This sample is taken directly from the ISA Server 2004 CD so I would recommend reviewing the other samples that are there.  Enjoy!!!

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script creates a new URL set in the URLSets collection of the firewall,
' adds sites to the URL set, creates a new access rule, and adds the new URL set
' to the objects referenced in the URLSets property of the access rule.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub AddRuleAndUrlSet()

    ' Define enumeration values.
    const fpcInclude = 0
    const fpcSpecifiedProtocols = 1

    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim firewall    ' An FPCArray object
    Dim policyrules ' An FPCPolicyRules collection
    Dim urlsets     ' An FPCURLSets colection
    Dim urlset      ' An FPCURLSet object
    Dim newrule     ' An FPCPolicyRule object

    ' Get references to the array object (firewall), the policy rules collection,
    ' and the URL sets collection.
    Set firewall = root.GetContainingArray
    Set policyrules = firewall.ArrayPolicy.PolicyRules
    Set urlsets = firewall.RuleElements.URLSets

    WScript.Echo "Creating a new URL set containing sites to be blocked ..."

    Set urlset = urlsets.Add("Blocked Web Sites")
    urlset.Add "http://www.northwindtraders.com"
    urlset.Add "http://www.widgets.com"
    urlset.Save

    WScript.Echo "Creating a new access rule ..."
    Set newrule = policyrules.AddAccessRule("Deny Access to Some Web Sites")

    ' Define the source for the new access rule.
    newrule.SourceSelectionIPs.Networks.Add "External", fpcInclude

    ' Add the new destination URL set to the objects referenced by the URLSets property
    ' of the new access rule.
    newrule.AccessProperties.URLSets.Add "Blocked Web Sites", fpcInclude

    'Set the protocols to HTTP and HTTPS.
    newrule.AccessProperties.SpecifiedProtocols.Add "HTTP", fpcInclude
    newrule.AccessProperties.SpecifiedProtocols.Add "HTTPS", fpcInclude 
    newrule.AccessProperties.ProtocolSelectionMethod =  fpcSpecifiedProtocols

    ' Set the user set to which the rule applies.
    newrule.AccessProperties.UserSets.Add "All Users", fpcInclude

    'Save the changes to the new access rule.
    policyrules.Save
    WScript.Echo "Done!"

End Sub

AddRuleAndUrlSet

As usual, the TechNet ISA Server 2004 webcast generated a huge number of great questions.  I’ll be reviewing many of those and will post a few good ones here over time.

One question that comes up every time we deliver this content is how to block the various chat and peer file sharing programs.  It’s really very easy with ISA 2004.  The trick is to look inside the HTTP stream with a firewall policy rule.  Here are some steps:

1. Create a Firewall Policy New Access Rule allowing the internal network, users, etc. access to the external network (internet).
2. Go to the firewall policy container and right mouse click the rule you created.
3. Select the Configure HTTP menu item (see screenshot below).

1. Click the Signatures property page.
2. Click the Add button.
3. Fill out the dialog box with the appropriate information.  In the example screen shot below, we are blocking MSN Messenger.  A number of other common applications are listed in the table at the bottom of this article.

1. Click the OK button to save the application add.
2. Repeat for any other applications you want to block.
3. Apply the changes to ISA Server 2004.

Common Application HTTP Signatures

Enjoy!

It’s possible you may encounter a move error when migrating Exchange 5.5 mailboxes to an Exchange Server 2003 storage group.  In fact, several presenters on my team hit this error in front of live audiences last week.  Considering the session we were delivering is an Exchange 5.5 to Exchange Server 2003 Migration seminar, this could be pretty embarrassing. 

So what happened and how do you fix it?  Fortunately, the problem we encountered in our content was documented nicely in KB article 886700.   Since our content is in a Mixed Exchange environment we hit the MAPI logon failure.

There are two methods suggested as fixes in the KB article.  The first is to perform the move from an administrative workstation that is not the Exchange server.  Having a workstation on the network with the server admin tools is a likely scenario for most organizations.

For our content, we simply applied Exchange Server 2003 SP1 immediately after the install of Exchange Server 2003.  That fixed the problem, too.  We liked the SP1 fix because it meant we didn’t need to build another Virtual PC VM with the admin tools for NT4, Exchange 5.5, Windows Server 2003 and Exchange Server 2003.  I’ll probably do it anyway in my spare time... J

Why would anyone get excited about a giant orange spool?  Because that spool is a spool of fiber optic cable getting ready to be buried up and down my street!

Verizon is rolling out fiber optic internet services for select areas across the United States.  Keller, Texas was the first city in the US to get the offering.  Verizon is now expanding around Keller and since I live on the Keller border, they are laying the groundwork now.

The Verizon packages are as follows:

As you can see, the FIOS service is nicely priced and will certainly have plenty of bandwidth for my needs.  I can’t wait to test the 2meg upstream bandwidth with Xbox Live... J

See all of the details on this service at http://www.verizon.net/fiber