If you’ve already subscribed to the Microsoft Security Notification Service, you already know about these.  But in case you missed them, there are some big/important/critical security updates that were released today:

New: Microsoft Security Bulletins for July 2005
This month's security updates affect Microsoft Windows and Microsoft Office.
Review the latest Security Bulletins.

Don’t delay!  Take advantage of the resources provided, please!

Blogging in the "better late than never" category...

Robert Scoble interviewed Steve Balmer and posted the video up on Channel9 last week.  It's a great look at where Steve's head is at with regard to Developers, Microsoft Evangelism, and Blogging, so I thought you might be interested.

If you’re like me, sometimes vacations are hard to take.  You know you should.  You schedule them in advance.  You should visit your parents, or build memories with the kids, or whatever your reason is.  It’s something you simply must do.  But still, sometimes when the appointed time rolls around, it’s just hard to get away.  You go, but it takes your head a few days to really get into it.  Maybe you bring your laptop and even after a few days, you’re still working even though you’re in a different location.

This, however, was not the case this time.  Whoo-boy, was I ready for the break!  And so were the rest of the family!  Eight days ago we pointed the Family Truckster (rented RV, actually) westward, and we were off to see Yellowstone.  We returned yesterday, having had our fill of mountainous scenery, wildlife, geothermal activities, horseback riding, and white-water rafting.  (And I have the pictures to prove it!) 

Today we finished unpacking, cleaned and returned the RV, and I even had time to pick up the new Weber Grill that I purchased for my birthday.  It’s a hot, but beautiful day.

Tomorrow I start a week of SQL Server training.  Then mid-week of the following week I head to Atlanta, GA for a big global Microsoft meeting.

Ah… Life is good.  And life in the summer in Minnesota after having just had a marvelous time with the family; even more-so.

And perhaps you’re one of the many people supporting a midsized business who have told us that you find it difficult to navigate Microsoft.com to find the resources that fit YOUR needs.

Here’s our solution to your problem!

Last Thursday Microsoft launched a new web resource for midsize business, specifically addressing and linking to resources that will be most useful to YOU. 

What do you think?  Will this help?  Seriously.. what would you like to see this site grow into?

Here is my TechEd 2005 Video Blog entry #7!  We’re all headed towards the exits after the Attendee Party at Universal Studios – Orlando.

You can also view it at The Blogcast Repository. 

I saw a link recently to a spoof/parody site (domain and all) called “GetInternetExplorer.com”.  It even looks and links into the Microsoft site in various ways. 

Cute.  Funny.  Somewhat malicious.

Some of it is outdated (IE does support tabbed browsing now), but if you take it with a grain of salt, it’s definitely worth a good chuckle.

It’s unfortunate that there are still some who see Microsoft this way. 

What do you think? 

Here we are with TechEd 2005 Video Blog entry #6!  This is a short couple of samples of the music that was heard on Wednesday, both at the Influencer Appreciation Party, and at the bar next door.

(Found out the name of the band that was playing there, too.  “Pointe Blank”.  Quite a good cover band!)

You can also view it at The Blogcast Repository. 

TechEd 2005 Video Blog entry #5! 

Chris Henley and Bryan Von Axelson came to me with a great idea: Let’s shoot some footage of the SQL Server Chopper to promote the contest going on now.

Remember: www.SQLServerChopper.com!

You can also view it at The Blogcast Repository. 

Independence!  Freedom!

No longer are we subjects of the British Crown!

I think they celebrate this in the UK.  By now they are probably happy to be rid of us, too.

Microsoft Baseline Security Analyzer (MBSA)

MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

Here is the MBSA home page containing all versions, including this information about 2.0.

“What’s new?”

MBSA 2.0 offers an intuitive user interface and more informative dialogs compared to previous versions. Using the new Windows Update Agent and Microsoft Update catalog, MBSA 2.0 has automatically expanding product support.
 

Users who primarily have:

•	Windows 2000+ SP3 and later
•	Office XP+ and later
•	Exchange 2000+ and later
•	SQL Server 2000 SP4+
•	Other products supported by Microsoft Update

in their environment should switch to MBSA 2.0 today.
 

MBSA 2.0 is compatible with Microsoft Update (MU) and Windows Server Update Services (WSUS) and the SMS Inventory Tool for Microsoft Update (ITMU). MBSA 2.0 offers customers improved Windows component support, expanded platform support for XP Embedded and 64-bit Windows, as well as more consistent and less complex security update management experience.

 

Here we are with TechEd 2005 Video Blog entry #4 already!  These are some out-and-about video shot at TechEd 2005 on Monday, June 6. (8min 16sec)

You can also view it at The Blogcast Repository. 

WARNING: This video contains an obscure Jimmy Buffett reference.

No… not THAT R2! 

I’m talking about the next version of Windows Server 2003!  Coming later this year, R2 will have some great new features.

“What are the new features?”

Well… rather than list them here, let me point you to Bruce Cowper’s blog entry for a good description and an exhaustive list of links to additional information and whitepapers.

Man... Better late than never!  I'm finally finding the time to edit these! 
This video – “Travelin’ Thru” – is the third of my Video Blogs shot at Microsoft TechEd 2005.

You can also view it at The Blogcast Repository.  (Another BIG THANK YOU to them for letting me host these there.)

Watch (subscribe to) this blog for new TechEd video blog installments coming soon!

Microsoft UK IT Evangelist Mat Stephen has posted a most excellent article – 

Business Intelligence (BI): The way it is, without the blah blah 

Written in plain English**, this really helped me further get my head around “OLAP” and “Cube”, and “English”. 

“Having been to a Gartner BI conference, I’m quite convinced they would find it a challenge to describe something as simple as flicking a light switch in anything less than a 500k pdf.”

For those of you interested in all-things-SQL, Mat’s blog is an excellent resource.  You should subscribe to it.  (Remember: RSS is NOT “Rocket Science Surgery”)

**Yes, there are even references to Cricket.  And as an added bonus, he pokes fun at Donald Rumsfeld.

Microsoft Security Advisory (891861)

Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4)

The links above are to the KB article and the landing page for this update that just went live yesterday (June 28).  If you’re supporting Windows 2000, you should definitely consider rolling this out.

If you need more information first, check this out first:
900345 : Problems that are fixed in the Update Rollup 1 for Windows 2000 Service Pack 4 that is dated June 28, 2005

I don’t see the connection between powerful database management tools and food!

Why are they picking on DBAs?! 

I had to laugh when I saw this banner ad today.  It hits a little too close to home…

I mean… I’ll skip the gym.  That’s not a stretch for me.  But to give up the fries?!

Oh, maybe for the sake of downloading preview copies of SQL 2005 or Visual Studio 2005 I would.

Got this via an email to my district here at Microsoft, so I hope the source of the email doesn’t mind me sharing the public bits with all of you, because this is great stuff!

---

The Microsoft Solutions for Security (MSS) team is proud to announce the release to Web of five new security planning guides:

• The Administrator Accounts Security Planning Guide
• The Secure Access Using Smart Cards Planning Guide
• The Security Monitoring and Attack Detection Planning Guide
• The Services and Service Accounts Security Planning Guide
• Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide

The Administrator Accounts Security Planning Guide
This guide is designed to be an indispensable resource when organizations plan their strategy to secure administrator-level accounts in Microsoft Windows NT–based operating systems such as Windows Server 2003 and Windows XP. It addresses the problem of intruders who acquire administrator account credentials and then use them to compromise the network. The main goal of this guide is to provide prescriptive guidance in terms of the steps an organization can take to secure local and domain-based administrator-level accounts and groups.

The Secure Access Using Smart Cards Planning Guide
This guide is designed to help IT security professionals understand how to plan and implement secure access using smart cards for administrator accounts and remote access user accounts. It enables the reader to understand how to secure access using smart cards and examines the issues and challenges.

The Security Monitoring and Attack Detection Planning Guide
This guide is designed to help IT security professionals understand how to use the security event logs in Microsoft Windows as the basis for monitoring security and detecting attacks on a network. The guide helps the reader to identify relevant security events and interpret sequences of events that might indicate that an attack is in progress.

The Services and Service Accounts Security Planning Guide
This guide is designed to be an important resource when organizations plan their strategy to run services more securely under the Microsoft® Windows Server 2003™ and Windows® XP operating systems. The guide addresses the common problem of Windows services that are set to run with the highest possible privileges, which an attacker could compromise to gain full and unrestricted access to the computer, domain, or even to the entire forest. It describes ways to identify services that can run with lesser privileges and explains how to downgrade those privileges methodically. This guide can help organizations assess their existing services infrastructure and make some important planning decisions in relation to future service deployments.

Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide
This guide is designed to help IT security professionals understand how to plan and implement Virtual Private Network (VPN) Quarantine services featured in Windows Server 2003 Service Pack 1. The guide enables the reader to understand the approaches to VPN quarantine and examines the issues faced.

Where to Find the Guides
These guides were developed, reviewed, and approved by teams of authoritative experts in security management. They are available on Technet and the Microsoft Download Center. In addition, the guides are available on the TechNet Security Center at http://www.microsoft.com/technet/security.

Microsoft Shared Computer Toolkit for Windows XP (Beta)

Earlier this year we employees heard about this very cool toolkit that was in the works. It’s designed to help you lock-down and support computers that are running as shared resources.  Here are the details from the tool’s web page:

Overview

Shared computers are commonly found in schools, libraries, Internet and gaming cafés, community centers, and other locations. Often, non-technical personnel are asked to manage shared computers in addition to their primary responsibilities. Managing shared computers can be difficult, time-consuming, and expensive. Without restrictions, users can change the desktop appearance, reconfigure system settings, and introduce spyware, viruses, and other harmful programs. Repairing damaged shared computers costs significant time and effort.

User privacy is also an issue. Shared computers often use shared accounts that make Internet history, saved documents, and cached Web pages available to subsequent users.

The Microsoft Shared Computer Toolkit for Windows XP provides a simple and effective way to defend shared computers from untrusted users and malicious software, safeguard system resources, and enhance and simplify the user experience. The Toolkit runs on genuine copies of Windows XP Professional, Windows XP Home Edition, and Windows XP Tablet PC Edition.

Are you supporting shared computers?  If so, please share your experiences as a comment here.  We’d love to hear what you’ve done, or if you’ve found this toolset useful.

Hi Peoria!

Nice to meet you!

Here are the questions (with answers) I jotted down at our TechNet Briefing in Peoria, IL.

Also, for your convenience, here is the link to my blog post containing the link to that resource document I handed out.

—

Q: If I have an application exception defined in the Windows Firewall, what happens if that application crashes unexpectedly?  Will those ports that were opened for it remain open?

A: UPDATE: The word I have on this is that if the application fails, the firewall will notice this and will not leave the ports open.  They may be open for a very brief time, but not long.

Q: How do I know if my processor supports hardware DEP (Data Execution Prevention)?

A: First of all, let me point you to a GREAT KB Article (875352) which contains a detailed description of DEP. 

As I mentioned in our briefing, both Intel and AMD have processors that support Hardware-level DEP. 

Intel calls the technology their “Execute Disable Bit”.  Here is the page that describes their support, with links to their products that support it.

This press release from AMD describes their support also.  DEP support is currenly only in their A64's and the Socket 754 Sempron lines.

Q: In the SQL Server 2005 Management Studio, can I work with logs on remote SQL Servers?

A: Yes.  The SQL Server logs tool is found under the Management function for the database server you are connected to in the Object Explorer.  That server can be local OR remote. 

Q: Are there any new “process throttling” capabilities?  [Other database products]  have a way to watch for processes that run out-of-control…taking up too many resource (CPU, Memory) from the rest of the system.  I don’t see a way to do it in 2000 and I’m hoping that 2005 has a solution.

A: UPDATE: I received the following response in the TechNet Discussion Groups:

Hi

sp_configure's 'query governor cost limit' can limit the time a quyery runs.

In terms of using other resources, they are ungoverned, even with SQL Server
2005.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

Thanks, Mike!

We love MVPs!  And those newsgroups!  http://www.microsoft.com/technet/community/newsgroups/default.mspx

—

If you have a followup question or comment, feel free to enter it by clicking the comment link below.

 Bozos…

I have never been one to go for conspiracy theories.  I don’t think that there’s some central organization that is setting gasoline prices at artificially high levels, or running the world’s economy because they are under the direction of aliens who want to maintain the appearance of all of us being able to determine our own fates.  However, recent events are causing me to suspect that certain industries may in fact LIE to their customers in order to save a few $’s.

Here’s my story.  Monday, two days ago, found me traveling to Peoria, IL from Minneapolis.  I have one stop in Chicago.  I’m traveling on [Airline Name Deleted] Airlines.   

Anyway, the flight from Minneapolis to Chicago was just fine.  No concerns.  So now I’m waiting my flight to Peoria.  “Hmm… I don’t see a plane out there.”… not usually a good sign.  But soon an announcement of my plane’s delayed arrival from somewhere else leads me to believe that there is hope.

However… many minutes later, after the plane has emptied, there is announcement that they are “working on a mechanical issue” and that they “would let [us] know in 30 minutes what the status is.”  Uh oh…

30 minutes pass.  True to her word, here’s the announcement. “We’re sorry, but the flight has been cancelled.  The rest of our flights to Peoria are pretty full today.  Come to the desk and we’ll give you some options.”

The options were: Risk standby on [Truly Aggravating] Airlines or some other airline, take a bus voucher for a 3–3/4 hour ride, or let them put me in a hotel for the evening and take a flight tomorrow.

Hmm… well, the flight tomorrow wasn’t an option.  Tomorrow is why I’m going to Peoria.  My briefing attendees won’t sit there waiting for me to arrive on the morning flight.  And it was being said that the standby option probably wasn’t going to work because those flights had been sold full, too.  So I guess that will be one bus voucher for me.  Thanks.

“Oh, and sir… the next bus leaves in 10 minutes.. so I don’t think you’ll make it, but you can try.  Go and collect your bag at carousel ten.”

Cool.  Go get my bag.  I walk briskly to carousel 10 (which is a LONG walk.  Any walk in O’Hare is a long walk.)  C’mon bag!  

So I waited.  And watched.  And counted the minutes.  And watched the 3:00pm bus departure time come and go… but still no bag.  Frustrated, as you can imagine, I went to the luggage claim desk.  The “friendly” woman there informed me that my bag is on it’s way to Peoria on one of the later, “full” flights, so I should get it from the Peoria airport when I get there.

Splendid.  So my bag is getting better treatment than I am, apparently.  It better, though.  It’s got several hundred dollars worth of Microsoft Software inside it.

Anyway… I go to the bus terminal.  Yes indeed, I missed the 3:00 bus by 10 minutes.  And I found out that the next one departs at 7:00pm!  <sigh>  well… I got nothing but time (and a heavy laptop bag), so I head back to the terminal figuring, “I’ve got the bus ticket.  There’s no harm in going to the [Stupid] Airlines ticket counter and asking if there were please-oh-please some other option.”

One the way to the ticket agent, I decided that I might just double-check the baggage-claim-carousel-from-hell to see if my bag might have suddenly appeared.  Guess what?!  A miracle!  My bag was there, going ‘round in circles!  Lesson learned: Never trust what [*@!*$#!] Airlines employees tell you – especially when their stories don’t match.

Somewhat relieved that I had at least claimed my week’s belongings, I head to the ticket counter and explain my exasperation.  (I was really polite.  Seriously.  More polite than they deserved, which is ALWAYS a good thing.)  Unfortunately my exasperation or even my most polite smile couldn’t coax all the clickety-clacking on her circa 1976 keyboard to find me a flight to Peoria this evening, on any airline.  I said, “Well.. then can you get me a one-way rental car?” 

“Nope.  We don’t do rental cars.” 

[smiling, mostly] “Can I have a second opinion?”

“I’ll get the supervisor.”

“Great.  You to that.”

Several minutes pass… and finally an obviously overworked supervisor du jour comes over.  “How can I be of assistance?”

<gasp>  “Okaaaaay…. What do you recommend I do that won’t mean I have to sit around here for four hours and then another three-and-a-half hours on a bus?” 

“I can give you this $5 voucher for a snack.”

<bigger gasp>  “Um… (still smiling politely, but feel like I’m talking through gritted teeth..) Unless you know of a cab driver who will accept a $5 snack voucher in exchange for a trip to Peoria, this is not going to help much.”

“I’m sorry sir.  That’s all I can do.  Well… actually, I can also give you this $10 voucher for dinner.  But that’s really all I can do.”

“ummm… <sigh>  I guess I’m traveling by bus then.  Thank you.”  (See?  I am way too polite.  Thinking about it later, I’m kicking myself that I thanked them for so little.)

So off I go, big bag and heavy laptop bag and all, back over to the bus terminal.  On the way I use my “$5” to buy $4.85 worth of coffee and bottled water at a Starbuck’s kiosk. (“Can’t give you change, Mr. Customer Sir.  Not for a voucher.”)  And then at the bus terminal I use my $10 to buy about $8.50 worth of Uno’s pizza and a Snapple. (“Can’t give you change, mack.  Not for a voucher.”) 

Well…to cut to the end of this Monday saga; I catch the bus.  And because I’m going to the Peoria airport on a voucher, I have to be the very last stop.  (“Gotta do the regular route first, buddy.  You’ve only got a voucher.”)  Rental car folks kept their word, though… they were there waiting for me to arrive, even after their closing time.  Big points for Avis.  They do “try harder” when it means some nice lady waits around an extra half hour late in the evening just for little ol’ me.  Very nice!

Is that the end of my story? NO!  Tuesday night I leave our event (Had a great time!  Thanks again, Peoria!) and head to the airport.  Check the bag.  Head to the gate.  Board says it’s still on time.  Cool.  Head to the wash room.  And just as I’m washing my hands, I hear the announcement.  “Flight #xyz from arriving from Chicago has been cancelled.  Because of this, flight #abc, the flight that Kevin A. Remde is on, has been cancelled.”

I’m sure many people in the terminal heard the echoed “NOOOoooooooo!” emanating from the Men’s room. 

Unbelievable.  So… back to the ticket counter, where they put me on a later flight on yet-another-but-obviously-more-reliable airline.  Fortunately, and thankfully, I actually SEE them hand my bag from one company to the other… and this new flight to Chicago goes just wonderfully – made better by the fact that one of my coworkers was also on the flight, so we each had someone to talk to.

—

So where does this leave me?  I’m sitting here writing this, on Wednesday afternoon, at O’Hare gate G7 (oooh.. that may have given away the Airline. <heh>), having had two days prior of cancelled flights.  I’m waiting for a plane to arrive at the gate that will take me to Madison, Wisconsin.  It’s not here yet.  Hmmm… 

And as you can imagine, I’m wondering… will it happen again?  Is it true that “bad things come in 3’s”, or will it be “the third time’s the charm”?  And did [really frustrating] Airlines make money on Monday when they cancelled my flight, because it only cost them $45 for a $30 bus ticket and $15 (really $13.35)

So I’m also wondering: Maybe they lied. <gasp!> Conspiracy!  Could it be?!  Maybe “mechanical problems” sometimes is just code for “in this case we think we can save some big bucks by making you all make other arrangements and we’re willing to risk pissing you off because we know right now you have no other options so just shut up and take this voucher [forced smile]”.

There is something I’m not wondering, however.  In fact, I’m absolutely certain… Unless I get some satisfaction from them in the form of at LEAST a letter of apology, I will NOT be traveling on [Poopy-Pants] Airlines ever again if I can help it.

Anchorage!  I’m way over-due posting this…

Check it out!

Sorry for the delay.  I enjoyed a couple of days in your lovely state, taking a tour out of Seward, seeing lots of glaciers and amazing wildlife.  I know it’s all just the usual terrain there to you.. but to a Minnesota boy, it’s simply awesome!

So after an all-too-brief stop off at home on Sunday, it was back on the road for me.  (Peoria – your Q&A is next up!)  

Here are the questions (with answers) I jotted down at our TechNet Briefing in Anchorage.

Also, for your convenience once again, here is the link to my blog post containing the link to that resource document I handed out.

—

Q: Do the 64 bit processors support DEP?  What about the 64 bit versions of Windows?

A: Yes, and yes. 

Q: When will the SQL 2005 pricing be announced?

A: How about SEVERAL MONTHS AGO?  I apologize that I missed this one.  According to a Feb 24 article I found at ENT Magazine, the pricing was announced WAY early… like back in February.

Q: If I slipstream updates or an SP into a build image, will those updates or SPs show up in the Add/Remove Programs list?

A: No. 

Q: What is the certification path for SQL 2005?  Are there any updates announced yet for new MCDBA requirements?

A:  I looked all over the MCDBA site, and didn’t see anything about 2005.  I will check with other sources and update this post if I find anything more.

—

If you have a followup question or comment, feel free to enter it by clicking the comment link below.

…then the “Microsoft Windows Small Business Server 2003 with SP1 Transition Pack” is for you!

Here are some note about the tool:

Using Windows Small Business Server 2003 Transition Pack you can upgrade your computer running Windows Small Business Server 2003 to Windows Server 2003, Standard Edition, and the standard versions of the server applications. After performing this migration, you will be able to do the following:

• Transfer the operations master role to another domain controller.
• Establish trust relationships to and from another domain, or add child domains to your existing Active Directory forest.
• Move server applications to another server. After the migration, you can move the server applications off of the original server. You might choose to move one or more applications to a separate server to improve the performance of the application. For example, if you are going to add more than 75 users, moving Exchange Server 2003 to a different server can help that application to perform better with the new user load.
• Enable Terminal Server.
• Increase your maximum number of users.
• Increase the maximum number of processors supported from two to four.
  

After you have migrated your server:

• You will still be able to use the Windows Small Business Server tools; however, they will no longer be supported and you will not be able to reinstall or remove the tools.
• You will no longer be able to run Windows Small Business Server 2003 Setup to modify (add, remove, re-install) the server applications.
• Your business will be licensed for one copy of Windows Server 2003, Standard Edition, and the standard versions of the server applications.
• You will have five client access licenses (CALs) for each server application. If you have more than five users, you must purchase additional CALs for each of the individual server products. For information about purchasing additional CALs, see the individual server product pages at the Microsoft Web site(http://www.microsoft.com/servers/howtobuy/default.asp).
  

This week is another travelin’ TechNet Briefings week for me.  I’ll have the pleasure of presenting live events in Illinois and Wisconsin:

June 21 – Peoria, IL

Peoria Civic Center
201 SW Jefferson Street    
Peoria, ILLINOIS    61602 
Phone: 303-673-8900

June 23 – Madison, WI

Sheraton Madison Hotel
706 John Nolan Drive    
Madison, WISCONSIN    53713 
Phone: 608-251-2300

Click on the date above if you are interested in registering. 

Not sure if you should?  Well.. here’s what we’re covering this time around…

Microsoft Windows Server 2003 Is Evolving
With the recent release of Windows Server 2003 SP1, now is the best time to see the benefits of these significant updates.  Are you prepared for the changes this upgrade will have on your network system?  This is a great opportunity to see how SP1 may change your entire network infrastructure for the better.  Join our experts at this technical briefing.

Microsoft SQL Server 2005 is coming
It has been 5 years since a major Microsoft SQL Server release. In a technology timeline, that could be considered a lifetime!  Attending this session is your first step in preparing for a change that could give you a technical knowledge advantage over all the other IT Professionals working with corporate data.  Get prepared for the change coming soon.

Click the links above to register, or visit the TechNet Briefings site (www.technetbriefings.com) for session topics and links to registration and additional resources.

Tell your friends!  Invite your user groups!  And please introduce yourself and tell me you saw this on the blog.

Kevin