If you've ever attended or given a presentation, you'll get a kick out of this video.  My laughing is causing my cube neighbors to give me dirty looks right now ;)

Thanks Loke!

There are a million different resources out there, from MSLearning to Exam Cram books, to MSPress books, to sites that provide exam questions word-for-word (making the value of the certification worthless to those that cheated to pass).  The Microsoft Learning site is probably a good place to start for official guidance on resources.

That having been said, I am an MCSE:Security on Windows 2003 I have often been asked what the best way is to study for an exam.  Nobody ever believes me when I say this, but… I think the following is by far the best way to actually LEARN the topics covered on the exam (rather than cramming answers just to pass a test, leading to a “paper MCSE”).

Print up the exam objectives that are on the public exam page (ie http://www.microsoft.com/learning/exams/70-291.mspx). Then head over to TechNet (http://technet.microsoft.com/en-us/windowsserver/default.aspx), and read through the documentation, best practices, and step-by-steps that cover the exam objectives.

For example, the first several exam objectives on the 70-291 relate to DHCP. So, read the following: http://www.microsoft.com/technet/network/dhcp/dhcp.mspx. In addition, load up 2003 Server (or 2 or 3 images) on to Virtual Server or Virtual PC, and practice working with the technology.  I list some preconfigured images here that you can start with.  Practice creating scopes, creating your own domain, joining client machines to the domain, changing scope options, setting up WINS… whatever it is the exam will be covering. Walk through the Step-by-Step guides on Technet (http://search.technet.microsoft.com/search/Default.aspx?brand=technet&locale=en-us&query=step+by+step), SPECIFICALLY those listed on this page: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/default.mspx.

Not only will the test be very simple once you go to take it (because you will have hands on experience with those technologies), but you will actually have experience that you can take into the real world.

Just my 2 cents! :)

BTW... the Learning Group will be doing a webcast next month to discuss the steps we take to protect the integrity of our Exams.  They will answer questions such as:

• how can I tell if a test-prep site is legitimate?
• why are betas not offered in <fill in the blank> country?
• does Microsoft ever actually do anything about cheaters?
• what can I tell my friend about the exam I took? does it really matter?
• what exactly am I agreeing to when I ok the exam non-disclosure agreement (NDA)?
• what's up with TestKing?

Learn more (and register for the webcast) here: http://blogs.msdn.com/trika/archive/2007/04/24/protecting-the-integrity-of-ms-certification.aspx

Michael Howard (of the Secure Development Lifecycle team at Microsoft) has posted a detailed analysis of the recent MS07-017 security vulnerability, and the lessons learned from examining the code responsible for the vulnerability.  Great read.

A core tenet of the SDL is to take and incorporate lessons learned when we issue a security update, and there is a great deal to learn from the recent animated cursor bug, MS07-017, so I want to spend a few minutes to go over some of the things we have learned from this bug.

First of all, this code is pretty old; is in Windows 2000, and predates the SDL. The SDL has parts (i.e., design review, threat modeling, testing, and security push) that focus on the product as a whole, and parts (i.e., code review and use of tools) that are focused on code. In the Windows Vista process, we banned certain APIs, like strcpy and strncpy, and changed well over 140,000 calls to use safer calls. memcpy wasn’t on that list. We also built in a lot of defense-in-depth measures because we know that the SDL can’t catch everything. Let’s start by looking at some of the defense-in-depth measures we have in place that didn’t stop the threat:

Read the rest of the post here.

Saving me from having to type up a list of all the resources that are available to support the Windows Server "Longhorn" Beta 3 launch, the Windows Server Team Blog has a comprehensive post with all the links you will need...

Today we reach another major milestone on the road to Windows Server "Longhorn" with the availability of Beta 3. In addition to being feature-complete, Beta 3 is also our first public release, meaning that millions of IT professionals and developers worldwide can now begin evaluating the product simply by downloading it from our web site. Beta 3 is released in English, German and Japanese, with five separate editions available to download today.

Of course, with so many people eager to get their hands on the product, we've had to come up with some interesting ways to distribute Beta 3. Downloads are only one option, so in the coming weeks, we also will offer the ability to order a Beta 3 Evaluation Kit DVD for those of you who can resist the overpowering urge to download right away (hey - the x86 editions are only 1.78GB - what are you waiting for?) and for those of you who just like receiving shiny round things in the mail. You'll also see Beta 3 DVDs given away at upcoming events around the world, and we're even working with some of your favorite technology publications to have Beta 3 included with them too.

We also are making sure that once you get your copy of Beta 3, you'll know what to do with it. We've launched a new Windows Server "Longhorn" Technical Library on the Windows Server Tech Center, we have a detailed Reviewers' Guide available to download and read, and perhaps coolest of all, we've teamed up with the folks in our Microsoft Learning group to develop free (that's right - FREE) self-paced e-learning clinics. These interactive, multimedia-based clinics provide eight hours of training on topics like server management, centralized application access, branch office management, and security and policy enforcement. They keep track of which sections you've completed, so you can start and stop them whenever you like, and you can even download them for offline use to keep you company on transatlantic flights.

For those of you who are MSDN or TechNet subscribers, you've been watching our progress in the eleven months since our Beta 2 release by availing of our Community Technology Preview builds, but if you haven't been keeping an eye on the changes, there is a ton of new stuff to experience: Server Manager has been revamped; the Server Core installation option has a bunch of new roles and features; Windows PowerShell is now in the box; Terminal Services gets TS Easy Print and the new TS RemoteApp management interface; Network Access Protection has greatly improved setup and integration; IIS7 does XCOPY deployment; and lots, lots more...

Speaking of IIS7, another thing we're announcing today is the general availability of the IIS7 "Go Live" license - this will allow anyone to take advantage of the improved security, reliability and manageability of IIS7 in a live, production environment. This license only covers web workloads, but if you think we should offer a "Go Live" license for other server roles, leave a comment below to let us know.

The price is right!  Take some training on Longhorn while you are downloading from the link in my last post.

Collection 5934: Introducing Microsoft Windows Server Code Name "Longhorn" (Beta 3)

In this online collection composed of four clinics, you are introduced to the new features and functionality in Windows Server "Longhorn". This includes server virtualization, security and policy management, branch office management, centralized application access, and server management. This online collection is composed of a rich multimedia experience.

It is intended for IT Professionals who are interested in the new features and functionality in Windows Server "Longhorn".
To get the most out of this collection it is recommended that you have experience implementing Windows Server 2000 or Windows Server 2003.

This offer includes the following:

E-Learning

Clinic 5936: Introducing Security and Policy Management in Microsoft Windows Server Code Name "Longhorn" (Beta 3)

Clinic 5937: Introducing Branch Office Management in Microsoft Windows Server Code Name "Longhorn" (Beta 3)

Clinic 5938: Introducing Centralized Application Access in Microsoft Windows Server Code Name "Longhorn" (Beta 3)

Clinic 5939: Introducing Server Management in Microsoft Windows Server Code Name "Longhorn" (Beta 3)

Woohoo! Get it now before the Download Servers are overwhelmed.  I see it is up on Connect (if you had previously been accepted into the Beta), and you can download it as an IT Pro or Developer from the Beta 3 site.

What's the address you ask?  You'll have to watch this video to find out ;)

I will post some technical information over the next few days, but in the meantime, feel free to browse the Windows Server Code Name "Longhorn" Technical Library.

For the Exchange Admin in your life...

Available in 1024x768, 1280x1024, and 1920x1200 from the Exchange Team blog.

Get it while its hot!

The Microsoft® Solution Accelerator for Business Desktop Deployment (BDD) is best-practice guidance for desktop deployment. BDD is targeted at companies that want to reduce deployment time, effort, and cost by increasing the level of automation. It allows administrators to deploy desktops with Zero Touch and Lite Touch interaction at the target PCs. This accelerator also helps organizations move to a managed environment with standardized desktop images.

BDD 2007 was released in January 2007. It includes all guidance, scripts, and tools. Included in this were several object code-only components; source was not originally provided. Because customers and partners may need to make modifications, enhancements, or bug fixes to these components, the source code is now being provided.

The source code is being provided as is, with no support, and it can be used as specified in the included license terms. The source code is current as of the release date of BDD 2007, but since BDD development is continuing, it is likely that future changes will require at best reintegration of any changes made, or at worst complete reengineering of the customizations made due to design changes implemented in the next version of BDD.

The release is not designed to be used as a stand-alone component as it contains only the files not included in the original BDD 2007 release. After making customizations, the customized executable files can overlay the files installed by the BDD 2007 installer.
To view the BDD accelerator online at TechNet, click here.
Send feedback to the BDD team directly at SATfdbk@microsoft.com

It looks like the Microsoft Forefront Server Security team has a new blog up:

Hello all and welcome to the new blog for the Microsoft Forefront Server Security products. Many of you may be familiar with and/or running our products under one of our previous handles. Whether you are a long time Sybari Antigen user, a recent Microsoft Antigen user, or a brand new user of Microsoft Forefront Security for Exchange Server 2007 and/or SharePoint 2007, this is the place for you to get information straight from the team of people that deliver the product line to you.

It looks like they are going with the tried and true "default theme" for now, but we'll see how the blog fleshes out over time... :)

What is Forefront Server Security?  There is a nice overview here: http://www.microsoft.com/forefront/prodinfo/overview.mspx

I have previously noted that Beta 2 of System Center Virtual Machine Manager was on it's way.  Tonight it dropped. Here is a preview of the major upgrades in this release (and this is just touching on a significant list of improvements and feature enhancements):

• Completely new, easy-to-use and intuitive UI based on the System Center look-and-feel (same as System Center Operations Manager 2007, Service Desk and System Center Essentials)
• Physical-to-Virtual (P2V) Conversions (Windows Server® 2000 or Windows Server 2003 are supported)
• Virtual-to-Virtual (V2V) Conversions – Using the Windows PowerShell® interface, converts a VMWare disk or a whole VM to the analogous VS vhd\vm representation
• 64-bit VMM server support
• Every VMM component is now remotely installable, including the VMM server, library server, delegated provisioning portal, administrative console and data store
• Full Windows PowerShell support with documentation – automate away!
• Better overall performance and scalability
• Every feature from Beta 1 with more functionality and enhancements

You can read about the new features in SCVMM Beta 2 at (http://go.microsoft.com/fwlink/?LinkId=87357).

Documentation for Virtual Machine Manager Beta 2 can be found on the connect.microsoft.com Web site, which requires Windows Live ID authentication. For Beta 2, the following resources are available:

• System Center VMM site on Connect
• Virtual Machine Manager Beta 2 System Requirements
• Virtual Machine Manager Planning and Deployment Guide 

I just picked up the following book from the Microsoft internal library:

You Don't Have to Go Home from Work Exhausted! by Anne Mcgee-Cooper

If only I had time to read the book.  I'm so tired...  ;) 

I know the transition from IPV4 to IPV6 is inevitable, but I am going to go kicking and screaming...

In any case... IPV6 has apparently been enabled on my subnet at work.  Here's what ping looks like now:

Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\me>ping computername

Pinging computername.redmond.corp.microsoft.com [fe80::1883:22cf:62c4:87a9%9] from fe8
0::1883:22cf:62c4:87a9%9 with 32 bytes of data:

Reply from fe80::1883:22cf:62c4:87a9%9: time<1ms
Reply from fe80::1883:22cf:62c4:87a9%9: time<1ms
Reply from fe80::1883:22cf:62c4:87a9%9: time<1ms
Reply from fe80::1883:22cf:62c4:87a9%9: time<1ms

Ping statistics for fe80::1883:22cf:62c4:87a9%9:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Bleh!

Courtesy of Gizmodo, this is pretty funny...

The original product name that was almost approved was: Microsoft Windows Presentation Foundation Live Rich Client ActiveX Player R2 Ultimate Edition Service Pack 1 CTP (or WPFLRCAPR2UESP1CTP for short)

Find out more at Tim Sneath's blog.

In a preconfigured Virtual Machine environment no less!  From the Virtual PC Guy's Blog:

Here is another interesting virtual machine.  The Visual Studio team have made Beta 1 of the next release of Visual Studio (codenamed 'Orcas') available as a virtual machine.  It is quite a large download - but it provides a relatively easy way to checkout the beta without messing up your existing development environment.

One thing to note - the default configuration only has 384mb of memory configured for the virtual machine.  You will want to increase that if you have enough physical memory in your computer.

And from the Download Page:

Visual Studio Code Name “Orcas” delivers on Microsoft’s vision of smart client applications by enabling developers to rapidly create connected applications that deliver the highest quality rich user experiences. This new version enables any size organization to rapidly create more secure, manageable, and more reliable applications that take advantage of Windows Vista, 2007 Office System and the Web. By building these new types of applications, organizations will find it easier than ever before to capture and analyze information so that they can make effective business decisions.
For an overview of Visual Studio Code Name “Orcas” and to see the list of features that are available in this beta release please review the Visual Studio Code Name “Orcas” Overview Whitepaper located here.

This beta release is available in English and Japanese only.

This beta targets early adopters of the Microsoft technology, platform, and tools offerings. It enables developers to experience the upcoming toolset and underlying platform improvements. We designed this release to enable developers to try out new technology and product changes, but not to build production systems. This limitation is fully covered in the EULA that accompanies this beta.

Are you setting up a router or a firewall, perhaps setting up a domain trust, connecting some Forests, or remotely managing your environment, and you need to know what ports must be opened for (Active Directory, MOM, SMTP, whatever…) to work?

We have a KB article for that:

KB 832017
Service overview and network port requirements for the Windows Server system

For example, the following port are needed for Active Directory:

Active Directory (Local Security Authority)

Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephemeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in the following article in the Microsoft Knowledge Base:

224196 (http://support.microsoft.com/kb/224196/) Restricting Active Directory replication traffic and client RPC traffic to a specific port

Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP.

System service name: LSASS

The article is updated regularly, and is very handy to have bookmarked!

It can be done! By default, the search function built into Windows Vista will only search indexing local volumes and directories. You may have some file shares, however, that contain a large number of documents that you would like to rapidly search.

Here is how you enable the Windows Vista instant search to index file shares:

• Download the Add-in for Files on Microsoft Networks to add this support (*Note: this add-in does not work properly on Vista X64 Edition). 
• Install, Reboot
• Once installed you can navigate to the Indexing Options control panel / advanced options / and then select the "Add UNC Location" tab to add a new UNC location (ie \\server\share).
• Hit OK, and Windows Vista will now start indexing that share, so you can very rapidly search the contents of files available on the server.

Additional WDS Links:

Additional add-ins for Windows Desktop Search

Windows Desktop Search 3.0 Admin Guide

Windows Desktop Search 3.01 for Windows Server 2003 (KB917013)

Windows Desktop Search 3.01 for Windows XP (KB917013)

If you are just getting started on some Microsoft Certifications, you will definitely want to take a look at the new generation of technology specific certifications, or at the Windows 2003 MCSA/MCSE track.

If you have started the Windows 2000 track (and just haven't gotten around to finishing up your certification), or if you have been meaning to take the upgrade test to turn your Windows 2000 MCSA/MCSE into a Windows 2003 MCSA/MCSE, now is the time to start cramming.  As announced by Trika Harms zum Spreckel on her blog, the following certifications will be retired next year:

• 70-292: Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA Certified on Windows 2000
• 70-296: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE Certified on Windows 2000
• 70-232:  Implementing and Maintaining Highly Available Web Solutions with Microsoft® Windows® 2000 Server Technologies and Microsoft® Application Center 2000
• 70-210: Installing, Configuring, and Administering Microsoft® Windows® 2000 Professional
• 70-214: Implementing and Managing Security in a Windows 2000 Network Infrastructure
• 70-215: Installing, Configuring, and Administering Microsoft® Windows® 2000 Server
• 70-216: Implementing and Administering a Microsoft® Windows® 2000 Network Infrastructure
• 70-217: Implementing and Administering a Microsoft® Windows® 2000 Directory Services Infrastructure
• 70-218: Managing a Windows 2000 Network Environment
• 70-219: Designing a Microsoft® Windows® 2000 Directory Services Infrastructure
• 70-220: Designing Security for a Microsoft® Windows® 2000 Network
• 70-221: Designing a Microsoft® Windows® 2000 Network Infrastructure
• 70-226: Designing Highly Available Web Solutions with Microsoft® Windows® 2000 Server Technologies
• 70-222: Migrating from Microsoft® Windows NT® 4.0 to Microsoft® Windows® 2000
• 70-244: Supporting and Maintaining a Microsoft® Windows NT® Server 4.0 Network
• 70-224: Installing, Configuring, and Administering Microsoft® Exchange 2000 Server
• 70-225: Designing and Deploying a Messaging Infrastructure with Microsoft® Exchange 2000 Server
• 70-223: Installing, Configuring, and Administering Microsoft® Clustering Services by Using Microsoft® Windows® 2000 Advanced Server
• 70-234:  Designing and Implementing Solutions with Microsoft® Commerce Server 2000
• 70-230: Designing and Implementing Solutions with Microsoft® BizTalk Server 2000, Enterprise Edition
• 70-227: Installing, Configuring, and Administering Microsoft® Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition
• 70-086: Implementing and Supporting Microsoft® Systems Management Server 2.0

Looking to run a database (maybe to learn SQL or to host your recipe collection)?  SQL Server 2005 certainly fits the bill (and there is a free edition here), but if you want to try some of the other options available on the interweb, the two following guides from the Port 25 TechNet team will get you up and running:

PostgreSQL on Windows: A Primer

This paper will cover the installation and initial configuration of PostgreSQL 8.2 on Windows up to a point where a database is created and plpgsql is installed in it.  We assume an ability to walk through the install wizard in general, though screens that do require additional information will be covered (with screenshots).  Important options in the postgresql.conf and pg_hba.conf will be covered, as will database creation in PgAdmin III.

MySQL on Windows: Configuration & Install

This week, the lab looks at configuring and installing MySQL -  an open source relational database management system which is typically used for web applications.

This paper will provide an overview of configuring & installing this software on Windows. MySQL does not have as many features as PostgreSQL, however, and one would expect it to perform substantially better than PostgreSQL on Windows because of its thread-based architecture (PostgreSQL uses a process-based architecture instead).
Note: This paper represents testing and documentation in a lab environment. User Account Control (UAC) is an essential security component to Windows and Microsoft does not recommend turning off UAC in production environments.

 The Windows media team has been hard at work on an updated plugin for FireFox that will enable you to watch Windows Media files within FireFox, which has now been released through Port 25 (the team at Microsoft that works on interoperability with Linux, FireFox, and the like).

Now when you go to a website with an embedded .wmv file, FireFox should automatically prompt you to install the missing plugin.  That didn't work for me (install failed), so I had to install manually, but now everything is working like a champ.

The plug-in is designed to support the following Windows platforms:

• Windows XP SP2 (x86)
• Windows XP SP2 (x64)
• Windows Vista (x86)
• Windows Vista (x64)

If you're using Mac OS X, we have had a plugin available for quite a while (thanks to the development efforts of Flip4Mac) here: http://www.microsoft.com/windows/windowsmedia/player/wmcomponents.mspx

Eric Anderson (the PM in charge of this project) has some more information up on his blog about the changes, saying:

In a nutshell, here’s what we did with the new one:

• New robust design that addresses all of the known issues with the old plug-in
• WMP will now work in Firefox in Windows Vista
• Support for the WMP OCX scripting interfaces

Download the FireFox Plugin Now!

 Core Services

Deployment Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Network Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Directory Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

File and Print Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Data Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Security Services

Firewall Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Backup and Recovery Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Certificate Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Device Services

Network Devices
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Computing Devices
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Storage Devices
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Supplemental Services

Web Application Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Infrastructure Management Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Remote Access Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Middleware Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

Messaging Services
Introduction | Blueprint | Planning Guide | Build Guide | Operations Guide

 If you administer a Windows domain, or a domain with Windows DNS/DC Servers, you will want to take care of this problem before you leave for the weekend.  According to the advisory here,  Microsoft has received public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service.  According to the advisory, Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

At present, the following Operating Systems are vulnerable: Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

The security mechanisms that were architected into Windows Vista (and the forthcoming Longhorn Server) operate under the assumption that services (such as the currently vulnerable DNS Service) WILL be compromised at some point, and steps are taken so that a compromise will not affect the security of the rest of the OS. Within Windows Vista (and Longhorn Server), services have been hardened and secured in four ways: running services with Least Privilege, Service Isolation, Restricted Network Access, and Session 0 Isolation.  The TechNet Article on Services Hardening can be found here, and goes into depth on each of the mitigations.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location: http://support.microsoft.com/security

Jesper Johansson (former MS Employee and security luminary) has posted a way to implement the current workaround on a large scale at the following site: (*Note: The following link/suggestions are from a 3rd Party site, and are not endorsed by Microsoft.  Test thoroughly in a lab environment and implement at your own risk)

http://msinfluentials.com/blogs/jesper/archive/2007/04/13/turn-off-rpc-management-of-dns-on-all-dcs.aspx

I ran into this exact issue yesterday, and intended to write a post.  Fortunately, the ASKPERF Blog covers this issue today, and at the bottom of this post, I get to link to 3 more of my favorite blogs that cover the problem in depth:

Memory Management - Dude where's my RAM??

Only a couple of years ago, desktop machines with 4GB of RAM were rare.  Only high-end CAD designers and ultra-hardcore gaming enthusiasts were considering, let alone actually installing, 4GB of RAM in their machines.  Today however, RAM is much less expensive, and system builders such as Dell or HP routinely offer the option to build  a system with 4GB of RAM.

Because of this, we are often asked why Windows Vista / Windows Server 2003 / Windows XP etc. only sees a portion of the installed memory.  It is pretty common for a machine with 4GB of RAM to actually show between 3.1 and 3.6GB of RAM installed, although this number may actually be less depending on hardware.  The screenshot below is from a Vista Ultimate RTM machine with 4GB of RAM installed - notice how much RAM is reported as being installed:

Click here for the rest of the post.

More useful reading: