Kevin Remde's IT Pro Weblog
SQL Server 2005 Tidbit 015
Fifteen. It’s a one, followed by a 5. 15.
Credit for this one goes to my friend and teammate Matt Hester...
Q: Can you rename the SQL 2005 SA account?
A: Yes, as a matter of fact, you can! With the new security model there are some great ways to really secure the SQL Instance. You can rename the account with the ALTER LOGIN statement. This is a great way to reduce surface area for your SQL instances. Here is an example:
ALTER LOGIN sa WITH NAME = [new name here];
Additionally you can disable the account as well:
ALTER LOGIN sa DISABLE;
You can download a great presentation on the new Security enhancements for SQL 2005 here:http://download.microsoft.com/documents/australia/msdn/Session_2_Greg_Low.ppt
Got an IT question? Give me a comment, or contact me.
Here are the promised resources for the webcast I delivered today (September 7, 2005) on “A Technical Overview of Microsoft Virtual Server 2005”.
The content session number TNT1–154.
Hope you find these links useful, either as you watch the webcast live or later when it’s available On-Demand.
TNT1–154 Additional Resources
Virtual Server 2005 Product Overview
Virtual Server 2005 Frequently Asked Questions
Virtual Server Technical Overview (Whitepaper)http://www.microsoft.com/windowsserversystem/virtualserver/overview/vs2005tech.mspx
Virtual Server Technical Overview (Whitepaper)
Virtual Server R2 (formerly SP1) Beta Program
http://www.microsoft.com/windowsserversystem/virtualserver/evaluation/sp1beta.mspxVirtual Server Migration Toolkit
Virtual Server Migration Toolkit Frequently Asked Questions
Server Consolidation with Virtual Server Migration Toolkit (whitepaper)
Automated Deployment Services (ADS) 1.0
Free Live TechNet Eventshttp://www.technetevents.com
TechNet Events Bloggershttp://www.techneteventsbloggers.net
Official Series Content Resource Pagehttp://www.microsoft.com/technet/tnt1-121
Free Windows Server 2003 Virtual Labs:http://www.microsoft.com/technet/traincert/virtuallab/windowsserver2003.mspx
Windows Server 2003 Evaluation kit:http://www.microsoft.com/windowsserver2003/evaluation/trial/evalkit.mspx
Windows Server 2003 Training and Events:http://www.microsoft.com/windowsserver2003/techinfo/training/default.mspx
Microsoft Events page:
Bill Steele is a developer and a skilled presenter on our MSDN team. He is also a former military pilot and currently owns one or two small planes.
Recently he was given the okay to take some time off to help out in the hurricane Katrina relief efforts. A couple days ago he sent this email update to the rest of us on the team:
Well... Today is the first day of Internet access since I started this adventure. I'm flying out of Baton Rouge International... and have so far moved enough meals to feed about 6000 people. When I say meal, I mean MRE... Meal, Ready to Eat. I've been reacquainting myself to them as well... wow... I forgot how good some of them were. I've also been delivering bottled water and some medical supplies. My plane can handle about 700 meals with a bottle of water each and a couple boxes of medicines each trip. (That puts me slightly over gross, but who's counting - we do remove the meals from the cardboard boxes to lighten the load a bit... and I only get about 50 gallons of fuel - since each trip is less then 1 hour.) Anyway, I've had to stop for a little while while some maintenance on my plane is done... I lost the left mag on the left engine on my last take off . The maintenance staff over at "Million Aire" are fixing me up no charge... that's very cool. I have to tell you, most of my flights have been to the lower part of Mississippi which was just hammered. I flew into one airport that was so badly damaged that I literally landed on an access road, because the runway didn't exist. The control tower actually fell over from the wind. It's a real mess in some places. I did a small tour of the coast line for some damage assessment purposes (I've had relief coordinators with me on every flight) and it's just shocking to see the magnitude of the damage. I've lived through some pretty bad tornados at home and the damage looks similar, but it's just so much more massive. Tornados cut paths... there's no paths down here... just destruction everywhere. Anyway, the food deliveries are actually winding down because either the people are leaving or they now have "ground transportation of goods" which means that I'll move into a new type of role shuttling medical supplies and people. (I removed the seats from my plane so we're going to have to reinstall them as well.) There are about 50 planes doing this work... and we're all running about 6 or 7 trips a day. We've got good sleeping quarters... a nearby Holiday Inn Select hotel and plenty of food... when I get hungry, I was just stealing an MRE. The best so far is the Chili Mac... nice and spicy. I'm getting ready to enjoy a Boneless Pork Chop dinner right now, however... you guessed it... it's an MRE as well. By the way... I see we're sending down the MSAM Buses... that's very cool! The thing this is really lacking down here is communications... nothing works. I'm currently using a US National Guard mobile communications van for this access - it's actually a Humvee with a bunch of antennas on it. We get to use it for about 1 hour a day (when it's available.) Oh well... I'll let you know the progress the next time I can. Bill
Bill also wanted me to mention that if you want to help him and other pilots like him who are volunteering so much of their time and resources there are ways to do that:
My hat’s off to you, Bill. You make us all extremely proud.
SQL Server 2005 Tidbit 014
Q: What if I do no want to give SQL 2005 Management Studio to my Developers how to I give them access to the databases?
A: Matt was talking with some of his event attendees, and they recommend that you use SQL 2000 query analyzer for that type of access. During their testing this worked fine with the 2000 QA specifically if you used SQL 2005 Express.
My thought on this is that you should go ahead and USE THE MANAGEMENT STUDIO. The issue isn’t one of what tool is installed, but of security. If you’ve set things up right, you won’t be giving your developers anything they shouldn’t have… and you WILL be giving them a tool they can use powerfully.
With all the focus on SQL Server 2005 our team has been doing lately, I was very glad to find this web site. The team that builds the SQL Server engine has a blog of their own: SQL Server Engine Tips.
One post in general got my attention – the team is requesting your feedback on Database Mirroring. In fact, they’re even providing scripts you can use to play with Database Mirroring and familiarize yourself with it.
Here is their “Feedback requested on database mirroring” post. Help ‘em out!
VERY interesting developments on the MS vs. Open Source battlegrounds…
Yes, perhaps I’m a bit biased, considering who signs my paycheck. But to me, Stuart Cohen sounds scared. This eWeek article talks about him and OSDL turning down Microsoft’s offer of a joint, co-sponsored “independent” research study. And what were they afraid of? Well.. Cohen pretty much accuses Microsoft of taking parts of studies and only selling the news that is good for Microsoft in the midst of overwhelming bad news. He accuses us of lieing.
“What do you think about that, Kevin?”
Bullsh**. Yep… I’m getting opinionated here… probably not something I should do on a Microsoft-owned blog.
Have you seen http://www.microsoft.com/getthefacts ? Have you, Mr. Cohen?
The site has a HUGE amount of information.. white-papers and research (yes, many sponsored by Microsoft, but some not) on
These are not just snippets, either. The complete studies are included when practical, and if not, they’re linked to and made available elsewhere. Add to that the wealth of great case studies in categories of
Perhaps we highlight the good points in our marketing. That’s granted. That’s what MARKETING does, afterall. But we do not hide any of the findings. If we did so, you would have a valid concern. But your accusation is weak, defensive, and without merit. And frankly, sounds a bit whiney to me, too. Get the facts, Mr. Cohen.
What also infuriates me about the eWeek article is that it only gives Cohen’s side of the story. I’d like to know more details about how Martin Taylor approached them, and what the specifics were.. but we’ll probably never know. The original discussions were supposed to have been kept secret.
No doubt someone posted about it on their blog. Stupid bloggers.
Have you seen Start.com?
Have you seen it lately?
Eileen Brown reminded me of it this morning… Very cool.
Chris Avis also has a couple of posts on it as well. (Post 1, and Post 2)
SQL Server 2005 Tidbit 013
Q: How do I upgrade SQL 2005 beta to the Full SQL 2005?
A: There will not be a setup-based upgrade from preRTM to RTM. You will need to un install the preRTM and then install RTM. The un install will not remove your user databases. Once you reinstall you can connect those databases to the new install. They will automatically upgrade when they're installed. One word of caution: it's best to move between the same editions (i.e. Beta -> Developer, Standard -> Standard, etc).
Last week was a sad one. Horrible storm. Horrible flooding. Horrible people taking advantage of both. Devastated neighborhoods, cities, and lives.
Yet out of the worst tragedies often come the best, most encouraging stories about people and their willingness to help others.
I’m proud to work for a company that has both the will and the resources to help in these situations. At Microsoft we have a great internal web site dedicated to giving, and naturally right now the relief for hurricane Katrina victims is top on the list.
And even beyond that, my team at Microsoft (internally known as the Seminar Sales Team, and externally you see us as “Microsoft Across America”) has… shall we say.. “detoured” some valuable assets in order to help in the hurricane relief efforts.
That’s right! We’re sending in the trucks!
Three of our Microsoft Across America “Mobile Experience” trucks are heading to our home base in Dallas so we can off-load the un-needed AV equipment and event supplies, and loading them up with food and water. Then we’re sending them east to help out the Red Cross as mobile communication / command centers. These trucks have Satellite internet access, with WiFi, so they’ll be quite useful in helping currntly disconnected people get in touch with their families to let them know they’re okay.
So… I’m not going to have one of these trucks parked outside of my events in Des Moines and Minneapolis in a few weeks… and I’m extremely PROUD of the reason why!
(UPDATE: Here's the Microsoft Across America Program Manager's blog, with stories and photos coming right from the folks who man the trucks.)
SQL Server 2005 Tidbit 012
An even dozen Tidbits.
Q: In Mirroring with automatic failover, how do the SQL Client applications fail over when the mirror fails?
A: It really depends on the client application and how it was written. Client applications written using ADO.NET 2.0 will automatically fail over when the database fails over. However other clients will have to manually fail over. Basically the new SNAC (SQL Native Access Client) has information about the mirror, and about where to connect if the principle connection goes down. If the principle drops, the application will try the mirror. If a failover has occurred, then the mirror is able to respond and all is good. If the mirror drops (or doesn’t answer at all), the app will then again try the original principle, and so on.
Mirroring has always generated some great questions. John Baker has a great post on mirroring.
SQL Server 2005 Tidbit 011
SQL Tidbits Galore!
Q: Can I put Visual Source Safe components into SQL 2005?
A: Yes. If you have installed the Microsoft Visual SourceSafe 6.0 client components on your machine, SQL Server 2005 Management Studio will automatically detect that the VSS plug-in is available. As noted above, you can find the VSS plug-in listed in the Tools/Option dialog, by selecting the Source Control and then Plug-in Selection node. Also, the Source Control option in the File menu drop down becomes active, and from there you add an existing Management Studio solution to source control, or open a Management Studio directly from source control. You can enable multiple source control systems, and change from one to another. For more information on this check out this article: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsql90/html/TSQLQueries.asp
SQL Server 2005 Tidbit 010
Q: How does SQL 2005 handle online databases during the upgrade, what about the applications that are in use?
A: This questions was very interesting to me so I did some checking. The best bet to see how this is going to work, is to use the Upgrade Advisor, this will give you great advice on any potential database or application issues. However ultimately for any upgrade, some good ole’ fashion testing is in order. For more information, and to down load the Upgrade Advisor look here: http://www.microsoft.com/downloads/details.aspx?FamilyID=cf28daf9-182e-4ac2-8e88-f2e936558bf2&DisplayLang=en
My friend and teammate Kai Axford delievered an EXCELLENT webcast just a few minutes ago, for which I had the honor of covering the Q&A. The webcast was all about ways to secure your messaging using Exchange 2003, Outlook 2003, ISA Server 2004, S/MIME, PKI, OWA… Great stuff!
Here is the link to the webcast for On Demand Viewing.
And below I’ve listed the Q&A from the session, so you webcast viewers can take advantage of the resource links directly. I hope you find them useful!
Here’s the link to Brian Komar's PKI Security Book Kai mentioned:
How to protect SMTP using Transport Layer: Check out "How to help protect SMTP communication by using the Transport Layer Security protocol in Exchange Server" http://support.microsoft.com/?id=829721
Securiing email using S/MIME and Exchange Server 2003:Read the “Exchange Server 2003 Message Security Guide” available at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx.
“Please ask Mr. Kai to not speak so loudly into the microphone. Thank you.”This just happens when he gets exctied. Hopefully he toned it down enough for you later in the webcast.
“If I install S-MIME in my organization, I will have impact with the users that have out of my company?”Not necessarily. As Kai said, it has everything to do who you trust and how those who trust you have access to a trusted root authority. The impact will be in getting the public keys out to recipients of emails that you want to sign or encrypt, so that they can take advantage of it.
“What is Certificate Services?”http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/63e3ba1c-cc23-40b1-9ca2-853869677318.mspx
“But what is the real-world impact of switching to S-MIME in an organiztion as it pertains to outside trusts, ie. hotmail, sbcgloabl, yahoo, etc.?”Their client will have to support certificate authentication. (S/MIME). It's pretty common now. AND they will have to install the public key you provide them.
“What's that desktop bkgrd called with the host ip and domain script?”He's probably run a tool to build that. I know there is one like it at SysInternals.com called "BGInfo". http://www.sysinternals.com/Utilities/BgInfo.html
“The installation of certificate services were done in the exchange servers with the mailboxes user?”Certificate Services is outside of Exchange in Exchange 2003. It is a free component that you can install on any Windows 2000 or 2003 Server. It’s included with the OS.
“Thanks, so of this way, is not necessary any configuration between exchange server and certificate server?”Other than that checkbox Kai showed earlier for supporting certificates, no.
For more PKI / S/MIME information: Read the “Exchange Server 2003 Message Security Guide” available at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx
“Where can you get the certificates services ? is this something already in windows 2000 /2003 or is this something that has to be downloaded from microsoft.com if downloaded what is the website address ?”FREE.. and you already have it. It's an installable component of the server product.
More information on using Windows Rights Management: See http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
“WRM can be deployed to all users into a organization?”|Yes.
“Does WRM protect email from being forwarded when sent to an email system other than Exchange?”Yes. It stops on your end before it goes out.
“Is Windows IRM free or cost money ?”
Windows Rights Management Servce is a product. It does cost money. See:http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
“What is the diference between sign and encrypt the message? when the message goes signed can be spyed?”Signed just means you can be sure that it came from who it says it came from, but doesn't mean the message itself is encrypted... so yes, if you're not using some other encryption, the message can be read.
For a complete list of the other ports required in the Exchange front-end and back-end server,see “Front-End and Back-End Topology for Exchange Server 2003 and Exchange 2000 Server” at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/febetop.mspx
For more information about Exchange Server 2003 RPC over HTTP(S) deployment configurations, see “Exchange Server 2003 RPC over HTTP(S) Deployment Scenarios” at http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx
“Asked: is there other solution such as certificate services of other providers?”Yes. S/MIME and email signing and encryption doesn't have to use the Microsoft certificate services. It will work with any standard PKI you want to use.
“Does it work on a 2003 exchange cluster server?”Yes.
“What is the e-mail addres of Kai? Can he receive questions to his e-mail?”
firstname.lastname@example.org. Yes, he's happy to get emailed questions from you. But try me first. :)
Using ISA Server 2004 with Exchange Server 2003:see http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx
“Can we get a hold of those scripts that change the IPs?”
Email Kai. He may be able to get them to you.
Deployment Scenarios for RPC over HTTP(S):http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/ee9b228f-db48-4860-8bfd-3195881b8980.mspx
For more information about limiting client access to Exchange Server,Refer to Article ID: 328240 at http://support.microsoft.com/kb/328240
For more information about the Outlook 98 and Outlook 2000 version of the e-mail security enhancements, refer to “Outlook 98 E-mail Security Update” at http://www.microsoft.com/technet/archive/office/office97/support/out98sec.mspx and “Outlook 2000 SR-1 Update: E-mail Security” at http://www.microsoft.com/technet/prodtechnol/office/office2000/support/o2ktool.mspx
For a list of the restricted file types, see the “Outlook E-mail Security Update— Frequently Asked Questions” at http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspxor “Attachment File Types Restricted by Outlook 2003” at http://office.microsoft.com/en-us/assistance/HA011402971033.aspx
For more information about setting the Level1Remove registry key see “Administrator-Controlled Settings vs. User-Controlled Settings” at http://office.microsoft.com/en-us/assistance/HA011402961033.aspx
For more information about configuring Outlook security settings, see “Customizing Security Settings by Using the Outlook Security Template” at http://office.microsoft.com/en-us/assistance/HA011402931033.aspx
For more information about using ISA Server 2004 with Exchange Server 2003, see http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx
For more information about installing an SSL certificate on your server, read the Knowledge Base article 298805 at http://support.microsoft.com/default.aspx?scid=kb;en-us;298805
For more information about additional security-related features, read “How to manage Outlook Web Access features in Exchange Server 2003” at http://support.microsoft.com/?kbid=830827
To download the Outlook Web Access administration tool, go to http://www.microsoft.com/downloads/details.aspx?familyid=4bbe7065-a04e-43ca-8220-859212411e10&displaylang=en
OWA Publishing through ISA Server 2004:http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx
Exchange Server 2003 SP2 is coming!http://www.microsoft.com/exchange/downloads/2003/sp2/overview.mspx
Exchange Book:Answered: http://www.amazon.com/exec/obidos/tg/detail/-/0735619905/103-8014442-7447030?v=glance
“Great Job man”
One of the last times I posted something about Windows Vista my blog got lots and lots of hits. I also used the same animated graphic in that post. So… either Windows Vista is hot, or this picture is.
Anyway… I’m working on a Windows Vista presentation. I have one hour to convince folks not only that Vista has a lot of cool new functionality and features, but that Vista is a necessity in their businesses. Tough sell? Maybe… if you don’t know exactly what it can do to help your business.
“What do you want from me, Kevin?”
My question to you is: What would you want to know more about? Is there something you’ve heard of in Vista that you think a 60 minute talk should cover or “clarify” for you?
For example, the three main bullets on the Windows Vista intro web page currently hint at some really great stuff…
“Confidence”. “Lower IT Cost”. “Get more out of…”. “ways to organize”. “seamlessly connects”. “maximize”. “and”. “to”….
Anything else jump out at you? Please enter comments!
“Where are you going to be delivering this presentation?”
I’m glad you asked! I’ll be speaking at three events being put together by Angelbeat.com:
I’d love to see you there!
PS – Their website says that the “Microsoft Keynote” (that’s me) will be about “Windows Vista, Windows Mobile 5.0, and Collaboration Technology”. Either they’ll be updating their web site soon to just say “Windows Vista”, or I’ll be learning a whole lot about Windows Mobile 5.0 in the next couple of weeks.
SQL Server 2005 Tidbit 009
Ooops.. missed a day. Well.. let’s get back into these!
I got this from my coworker and friend, Matt Hester...
Q: Can you upgrade Small Business Server SQL 2000 to SQL 2005?
A: The feedback I have gotten is that technically you can upgrade to SQL 2005 but it is not supported!. However, Windows Small Business Server 2003 R2 will add SQL Server 2005 Workgroup Edition for SBS Premium Edition customers. There are also a lot more enhancements to this moving forward. For more information on SBS and SBS R2: http://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.mspx —
SQL Server 2005 Tidbit 008
This tidbit comes as a result of a question an attendee from one one of our live TechNet Events emailed me."
“Database mirroring, or parts of it, is available in Standard Edition of Yukon. What's the difference between what you get with Enterprise Edition and Standard Edition?”
Mirroring is supported in both Standard and Enterprise Editions of SQL Server 2005. According to the feature comparison page, in Standard there is only a single REDO Thread (on the mirror instance), and the "safety setting" is always on.
And again – here is a great resource on Mirroring: http://download.microsoft.com/download/f/8/5/f8520d64-f109-4111-b0b0-51f1f6d2d220/ProSQLServer2005_Ch15_ForTechEd.pdf
Wow. I don’t get a lot of comments on my blog. Aparently nobody reads it. Or perhaps I’m not controversial enough to promote discussion often enough. I’ll have to change that…
Or should I?
WARNING: Long Blogger Chain Here…
Robert Scoble recently pointed to an article by Dave Taylor who was talking about Aaron Wall… a person being sued for comments left in his blog comments area. It wasn’t something Aaron said in his blog, but something that Aaron or his company left buried in the comments, probably unknowingly, that got him sued.
“What I find most telling about this lawsuit is that it's aimed directly at a blog and a blogger, not related to what the blogger is writing about, but about what others are adding in his comments.”
“What I find most telling about this lawsuit is that it's aimed directly at a blog and a blogger, not related to what the blogger is writing about, but about what others are adding in his comments.”
That’s just downright scary. I and many of my coworkers like to leave comments wide open, just because we want to promote good discussion, and also often are travelling and have longer periods where we might not be able to moderate all the comments.
Perhaps a new, longer, more complete disclaimer will have to be added to the margin, removing myself from any responsibility for whatever garbage, slander, or confidential information some bozo might post to my blog.
I’ll have to ask my friend Chris Avis or some other former BBS SysOp what legal disclaimer they might have used way back when “comments” were “unmoderated” in the open discussion areas…
What do you think? Comment away!...
We’ve extended support for Software Update Services 1.0.
Originally the drop-dead end of support was going to be at the end of June next year, but due to the timing and customer needs, the date has moved to December 6. In fact, as of a couple days ago, you could no longer download SUS.
“My brain hurts! What happens when support ends?!! OOo!”
It means that there will no longer be any updates that will synchronize with it. By then, it’s hoped, you’ll be able to move to WSUS (Windows Server Update Services). Here’s a KB article describing the SUS 1.0 Support Life Cycle.
“OOoooo! Will it hurt?!”
No! It’s full of great improvements (reporting, targeting, missing update detection.. loads of wonderful things!) and it’s FREE.
“How do I get it?! HOW DO I GET IIIIT?!”
Download it here.
“I have more questions!!! Oooo!”
Try this: The WSUS FAQ Page.
…<sigh> Yes… this was a silly blog post. Quite silly.
(Apologies and appreciations to Python, Monty Ltd.)
Okay all you Family Guy fans… some of you might be old enough to remember this music video on MTV.
“What? MTV played music videos?”
Anyway, credit to Michael J. “Brother” Murphy for finding this gem.
SQL Server 2005 Tidbit 007
Number 7 comin’ atcha!
This tidbit comes as a result of a question an attendee from one one of our live TechNet Events emailed me.
"Can backups, etc, generated from a maintenance plan in Yukon have the same file name instead of a unique name?”
I can't find any information on this specifically, although I know that one of the plan steps you can create is just a T-SQL step, where it launches whatever script you want to launch. That could be a BACKUP DATABASE MyDatabaseName TO DISK = '\\MyServerName\Backups\MyDatabaseName.bak' (or a disk location, or some other defined device)With options to append or overwrite, etc.
Here is the promised “Best of” Q&A from the webcast I delivered yesterday (Aug 24, 2005) on Windows Server 2003 System Administration (Part 2 of 2).
A huge THANK YOU to Harold Wong and Kelley DuBois for handling the Q&A. They get most of the credit for these awesome answers.
“The website for MBSA says that it is designed for small to medium sized business. Is there a reason it's not for large?”
It's a question of scale. If you have over 2000 nodes you want to move to a higher end management system like SMS that will scale out to support networks of that size.
“Can you scan for a list of servers in a text file?”
Not in the GUI interface. You can, however, use the command-line version that is installed with it, MBSACLI.EXE. This one can allow you to script scans of a list of machines.
“I can't find an article at this moment, but it is mbsacli.exe /listfile targets.txt - you can check it by quering mbsacli.exe with /? Parameter”
YES! Using the command line you can script it. See http://www.microsoft.com/technet/Security/tools/mbsa1/scripts.mspx
“Any areas/uses in which MBSA beats 3rd party security scanners like Retina or XSpider?”
We can not comment on the efficiency of third party scan tools. MBSA is offered as a free resource for our customers. If budget is less of a consideration for you, we would encourage you to compare third party solutions and based on cost and feature sets select the solution that does what you want it to do.
“WSUS work like GPs?”
No, the difference is that WSUS enables IT administrators to deploy the latest Microsoft product updates to Microsoft Windows Server 2000, Windows Server 2003, and Windows XP operating systems. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. Policies, on the other hand, allow for settings to be applied to all machines, and for those that are part of a domain, an administrator can use the application of Group Policy objects to set policies that apply across a given site, domain, or organizational units (OUs) in the Active Directory® directory service.
“Any timelines for when WSUS scanning technology will be able to detect and deploy to apps like Visual Studio 2003, ISA Server, PowerPoint Producer, etc? KB 895660 details where WSUS technology is lacking. . http://support.microsoft.com/?scid=kb;en-us;895660 ”
The dev team is working to expand the functionality of WSUS in new and appropriate ways. We have no public timeframe for a new release or update of the current system.
“Does MOM have the capabilities to handle Updates?”
Use MOM to monitor and report on your network Use SMS to deploy updates http://www.microsoft.com/mom/evaluation/faqs/default.mspx#ECAAA
“What build of WSUS is he using?”
Using the most recent downloadable version – WSUS 1.0
“Does a computer (standalone) have to be joined to a domain to be under a WSUS servers control?”
No, the machines are never under the control of the WSUS server, rather the clients configured to use WSUS request pull updates from the server at the scheduled interval. Configure your non-domain machines in the local security policy to point to your WSUS server.
“Can the WSUS server update itself?”
Yes. It’s a good idea, though to make sure that the server is fully updated before WSUS is loaded.
“Do the users computers have to be logged on as local admins to install updates using WSUS?”
No. See http://www.microsoft.com/downloads/details.aspx?FamilyId=3BA03939-A5A9-407B-A4B0-1290BA5182F8&displaylang=en
“Does SMS do uninstall of applications easily too? For instance weather bug! :)”
Sure can...If you choose Specify a Custom Command Line, on the Custom Command Line page that appears, type the new run command line (which should be the command that is installed on the client and executes the application from the server). Then, if you have created an uninstall script and registered the program with Add/Remove Programs, type the Uninstall key. For more information, see "Setting Up Removal for Client Applications" later in this chapter. When you click Next, the wizard displays the Migration Status page. For more information, see "Analyzing and Migrating Individual Programs" earlier in this chapter.
“Sorry If I missed this, but do all the applications need to be installed on the sms server to create the package? Or is there a package client for creating the packages on another computer?”
Check out http://www.microsoft.com/technet/prodtechnol/sms/sms2003/opsguide/ops_75tj.mspxfor details on how to create a package in SMS.
“How much does MOM 2005 cost?”
See http://www.microsoft.com/mom/howtobuy/default.mspxfor details---in the $500-$1000 range
“Where can we find those [MOM Management] packs?”
Management packs are provided by the vendor. So Microsoft provides a variety of packs for our products and many third party vendors have created packs for MOM, in those cases contact the vendor.
“For instance SQL Server 2000 and BizTalk server 2002 and 2004.”
See the catalog http://www.microsoft.com/management/mma/catalog.aspx
“Does MOM require SMS?”
No, but they go great together.
“So, a MOM+LanDesk combination would work fine?”
I am unfamiliar with that product but if it is a management system—yes.
The SBS Support team has launched their own blog, with the promise of doing a podcast in the near future, too.
And here is their first post.
Of course you might also want to subscribe to the “SBS Diva”.
SQL Server 2005 Tidbit 006
SQL Server 2005 Tidbit 6...
"Will linked servers work between different versions of SQL Server? i.e. SQL Server 2000 and Yukon and vice versa.”
…or for anyone who wants to learn more about the tools available for Security Update management, there is what looks to be a very useful webcast getting into greater detail about using MBSA 2.0, WSUS, and SMS going on tomorrow.
“Hey! Those are three of the four topics you discuss today!”
Right! My session (a part of the Windows Server 2003 Administration Webcast Series) is an introduction to these tools, showing you some of the basics. The session tomorrow (a part of the Management Webcast Series) will focus more on using these tools together specifically for the sake of Security and managing the roll-out of updates.
Here are the details:
Thursday, August 25, 200511:00 A.M.–12:30 P.M. Pacific Time
View this top-rated breakout session from Microsoft Tech·Ed 2005 in Orlando, Florida, and learn about Microsoft's strategy for update management.
SQL Server 2005 Tidbit 005
SQL Server 2005 Tidbit number FIVE..
"Can 2005 Express be part of the multiserver environment? In SQL Server 2000, target servers running MSDE cannot be enlisted.”
According to the SQL Server 2005 Express information page (http://www.microsoft.com/sql/express/default.mspx), SQL Express can participate as a Transactional and Merge Replication Subscriber, as a client for the SQL Service Broker, and will support distributed transactions. Sweet!