If you are in charge of maintaining the security baseline at your company, you know that there are two key problems you face.  First of all, there are a LOT of security settings to tweak within Windows.  The services you harden and lock down on a Domain Controller are very different from those that you harden on a Web Server.  We’ve provided some excellent and comprehensive recommendations in the following guides:

• Windows Server 2008 Security Guide
• Windows Server 2003 Security Guide
• Windows Vista Security Guide
• Windows XP Security Guide
• 2007 Microsoft Office Security Guide

The other problem is that security settings can drift away from the baseline over time as you install additional software, disable certain security features for troubleshooting purposes, etc.

Enter Project Sundance from the Solution Accelerator team.  It includes Security Baseline Toolkits for Office 2007, Windows Server 2003 and 2008, as well as Windows Vista and XP.  The toolkits contain the relevant Security Guide, along with the recommended baseline security settings in a file that can be rapidly turned into Group Policy objects and pushed out to clients in your domain through the GPOAccelerator tool.

How easy?  I can show you in screenshots :)

And here is what you end up with.

There are some other goodies that come along with Project Sundance.  You get an Attack Surface Reference spreadsheet which lets you know what files, services, ports, and role dependencies are involved with each role (Web, Directory Services, DNS Server, etc).

The toolkit also comes with 18 Configuration Packs to use with the desired configuration management feature of Configuration Manager 2007 SP1. This monitoring capability helps to ensure that your security baselines do not change or drift from their prescribed values.

So… A lot of moving pieces, and Project Sundance can help you stay on top of them.  Project Sundance is in beta, and the Solution Accelerator team is looking for feedback, so head on over to the connect site to join the Beta.

When the Zune 120 was released a few months ago, I picked one up to replace my iPod, and I haven’t looked back.  I absolutely LOVE it.  The only thing that could possibly  make it better is if the Zune team released it in some color other than black.

Well… now that I have spent my discretionary music player budget for the year, guess what was announced today?

Blue. And Red. 

Damn.

I guess that’s what happens when you live on the cutting edge.

You can buy (and personalize) one here: http://www.zuneoriginals.net

While we’re Zuning it up here, make sure to pick up your free Zune Pass to get 14 days of free music.

Huge collection of wallpaper/backgrounds for your Zune.

http://www.zune.net/en-us/mp3players/backgrounds/default.htm

Looks like I’m going buck-wild with the Zune stuff today :)

With my Zune Pass, I can download as many songs from as many artists as I would like.  That’s great for filling up my Zune, but in the end you want to be able to kick back and listen to some great tunes.  While some people like listening to individual albums, I enjoy having a nice mix. 

If you are in 9th grade and making a CD for the cute girl in homeroom, it’s okay to do it manually, but I like to use the autoplaylist feature of Zune.

In the bottom-left of the Zune software, hover over the icon that looks like a list, and choose “New autoplaylist”.

You can now select from a TON of criteria.  You can add multiple artists, have it only add songs you like or haven’t rated, include or exclude certain Genres, only include songs you added recently, with a certain number of plays…

The options are pretty limitless!

What songs and artists do you have in your Zune autoplaylist?

If you have played with the Zune 3.0 software and let it sit for a few minutes, you’ve probably seen the cool new “Now Playing” screens that come up with pictures of the artists, their bios, playcounts, etc.

If are impatient and don’t want to wait for the screen to come up, you can make it happen.  Just click either place indicated below.

Scott Hanselman has already done a good job of covering it, but if you do any sort of web development, you know it can be a pain in the butt to download, install, and configure all of the necessary components (Visual Studio 2008, SQL Server 2008, IIS, etc).  The new Web Platform Installer is an awesome tool that downloads and installs everything for you.  From the site:

Overview

The Web Platform Installer (Web PI) is a simple tool that installs Microsoft's entire Web Platform, including IIS, Visual Web Developer 2008 Express Edition, SQL Server 2008 Express Edition and the .NET Framework. Using the Web Platform Installer’s user interface, you can choose to install either specific products or the entire Microsoft Web Platform onto your computer. The Web PI also helps keep your products up to date by always offering the latest additions to the Web Platform.

New Updates! Now supporting Windows XP and Windows Server 2003, Web PI makes it easy to install and stay up-to-date with the Microsoft Web Platform. This updated release lets you install ASP.NET MVC, Visual Studio Tools for Silverlight, and much more!

System requirements

• Supported Operating Systems are: Windows Vista RTM, Windows Vista SP1, Windows XP, Windows Server 2003, Windows Server 2008
• You must have administrator privileges on your computer to run Web Platform Installer
• .NET 2.0 Framework
• Supported Architectures: x86 and 64-bit

I am going to try to teach myself web development in my copious spare time, so this installer is a really nice way to get all of the prerequisite software up and running.

Get it here: http://www.microsoft.com/web/channel/products/WebPlatformInstaller.aspx

Wow… not sure how I missed this (especially as Scott covered it recently)!  A perfect companion to the Microsoft Web Platform Installer is the Web Application Installer.  Whereas the former installs and configures all of the plumbing (SQL, IIS, .Net, etc), the  Web Application Installer installs the web applications that run on top.  From the site:

Overview

The Web Application Installer Beta is designed to help get you up and running with the most widely used Web Applications freely available for your Windows Server. Web AI provides support for popular ASP.Net and PHP Web applications including Graffiti, DotNetNuke, WordPress, Drupal, OSCommerce and more. With just a few simple clicks, Web AI will check your machine for the necessary pre-requisites, download these applications from their source location in the community, walk you through basic configuration items and then install them on your computer.

System requirements

• You must have administrator privileges on your computer to run Web Application Installer Beta.
• Supported Operating Systems are: Windows Vista SP1 or Windows Server 2008.
• Supported Architectures: x86 and 64-bit.
• Run the Web Platform Installer before you get started to get your platform (IIS,ASP.NET, SQL, and more) components installed.
• Many applications also require PHP and MySQL to get started.
  • To install PHP, go here.
  • To install MySQL, go here.

Very cool! Get it here: http://www.microsoft.com/web/channel/products/WebApplicationInstaller.aspx

SharePoint and Office go together like peanut butter and chocolate, like Captain & Tennille, like bees and honey.  Despite using SharePoint to hold and version my documents for the last year or so, I have somehow completely overlooked an AWESOME feature.  If you are not using it yet, give it a shot.

SharePoint Collect Feedback workflow

Why is it that I store documents (nicely versioned) in a document library, but revert to e-mail attachments when gathering feedback?  I end up with a full inbox and multiple copies of the same document, all with different suggestions.  I also end up with those people that will just not give feedback (they save the complaints for after the document has been finalized and published.

(*note, the cool artsy graphics below are shamelessly stolen from the Training presentation: SharePoint Server 2007—Workflows II: Collect feedback for a file).  Screenshots are (mostly) mine.

The collect feedback workflow sends a task to all reviewers with a link to the document, requires the document to be checked-out for changes to be made (so you have one version of the truth), sends reminders, and lets you see who has (or has not) provided feedback.

Before you start the workflow, make sure that you have enabled “Track Changes” on your document so that reviewers can add comments and you can see what changes were made by which person.  You will also want to make sure that the reviewers have “contribute” permissions to the document library, or they will not be able to make changes.

You can kick off the workflow one of two ways… from the Document Library, click on the drop-down menu for the document, and choose Workflows, then “Collect Feedback”

Alternatively, open the document directly from the document library (it must be checked in to start the workflow), click on the Office Pearl and choose Workflows, and then Start the “Collect Feedback” workflow.

You can then add the reviewers who will receive a task to provide feedback on the document, and can also set a due date (after which SharePoint will send reminder emails if they have not provided feedback).

You can also track the status of the workflow and tasks, and add or update reviewers.

Reviewers will have to check out the document to work on it, and can change the status of their task to “complete” once they are done reviewing the document and providing feedback.

Resources:

• Quick Reference Card for Collect Feedback Workflow
• Training Presentation on Collect Feedback Workflow
• Official article on the Collect Feedback Workflow

On Friday, I blogged about “Project Sundance”, which is an upcoming release from the Solution Accelerators team that combines the Vista/XP/2003/2008/Office security guides with the Configuration Manager Desired Configuration Management (DCM) packs for security, along with the GPOAccelerator tool into one package. 

Boy, that rolled right off the tongue.  There’s a reason why I’m not in marketing, but as a security geek this really is the bee’s knees.

In short, if you want to setup, deploy, and monitor a security baseline for your network, Project Sundance is for you.

Anyhoo…

Project Sundance is currently in beta, and the development team is holding a LiveMeeting on Wednesday from 11AM – Noon PST to demo the toolkit and get feedback on how they can make it work better for you.  So, be there or be square. I have it blocked on my calendar :)

Bonus points: I don’t know what they are planning on calling the final product, but if you have a suggestion that is better than Microsoft Security-guides-along-with-Config-Manager-DCM-packs-and-GPOAccelerator-Toolkit-SP1 R2 2009, let me know and I’ll forward your suggestion to the team :)