MBSA V1.2.1 + Visio 2003 = See your state. How Cool Is That? Let me know with some feedback.
Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer (MBSA): <http://www.microsoft.com/technet/security/tools/mbsavisio.mspx> Securing your network has just gotten easier. The Visio Connector for MBSA lets you view the results of a Microsoft Baseline Security Analyzer scan in a clear, comprehensive Microsoft Office Visio 2003 network diagram. You must have both Visio 2003 and the Microsoft Baseline Security Analyzer (MBSA 1.2.1) — a free security tool from Microsoft — for this connector to function.
You talked, we listened. Here is the RSS feed for Microsoft Security Bulletins. <http://www.microsoft.com/technet/security/bulletin/secrss.aspx>
Did you know TechNet has a magazine?
Check out this article for good advice on the first thing you should do after you've dealt with an IT security incident. http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse/default.aspx
For some more process advice from the IT security group inside Microsoft see:
Incident Response: Managing Security at Microsoft Microsoft IT has developed a preventative approach to managing computer vulnerabilities. Designed to reduce the occurrences and severity of attacks, Microsoft IT's security methodology includes the development of processes to reduce open ports and vulnerable systems and services, manage user permissions, regularly assess risks, and regularly monitor compliance with security guidelines. Downloads (Technical White Paper, Technical White Paper Presentation)
IT Security at Microsoft Overview Designed to reduce the occurrences and severity of attacks, Microsoft IT's security methodology includes the development of processes to reduce open ports and vulnerable systems and services, manage user permissions, regularly assess risks, and regularly monitor compliance with security guidelines. Downloads (Technical White Paper, Technical White Paper Presentation)
Microsoft IT Attack and Penetration Testing Team This discussion gives some best practice advice and lessons learned from the Microsoft IT experience building and operating an internal attack and penetration testing team. Downloads (Technical White Paper, Technical White Paper Presentation)
2 nifty tools you will love to help you manage information better:
Use the Send to OneNote from Internet Explorer PowerToy to send the contents of a Web page from Microsoft Internet Explorer to a new page in Microsoft Office OneNote 2003 Service Pack 1 (SP1) with the click of a button. http://www.microsoft.com/downloads/details.aspx?FamilyID=a9872a17-2d0c-47f0-9b4d-026e94a8ef1c&displaylang=en
Use the Send to OneNote from Outlook PowerToy to send e-mail messages to a Microsoft Office OneNote 2003 Service Pack 1 (SP1) page from Microsoft Office Outlook 2003 with the click of a button. http://www.microsoft.com/downloads/details.aspx?FamilyId=87C661E3-178D-46F0-979E-0FDD96327928&displaylang=en
I was asked yesterday if a Microsoft IT Pro has to be a good writer to blog. I said no, what do you think?
Keep in mind that whatever level your writing skill is right now, it will improve as you write more. So, my advice is dive in and learn as you go. You can read some tips here.
A well known Microsoft blogger offered me this advice, which I think trumps writing "style" issues:
In my former job at Microsoft when I interviewed technical writers I would ask them "How do you define good technical writing"?
I got many interesting answers. The one I wanted to see included somewhere in the list is "appropriate to the audience." For example, when writing technical documentation to a mass end-user audience, you make certain assumptions, and style guidelines tell you things like "don't overuse three-letter acronyms (TLA)." However, when writing to a technical audience like IT Pros we assume TLAs are OK, in fact, preferred.
Then there is the "make it personal" advice. My advice is this - don't worry about it. How can your writing be anything other than personal? When you write about things you are passionate about, you are making it personal. I think the issue again comes back to - know your audience. If the readers of your blog let you know they really don't care for non-technical posts about your (so called) "personal life" - then consider posting those on another blog like spaces.msn.com. If your readers give you feedback that they like what you do - do more of that. DO consider the difference between blogging and journaling, and be clear on which one you are doing.
Steve Farber, in his book on extreme leadership, gives this advice:“Communicate yourself, your humanity. Don’t just recite your company’s vision statement, talk in your own words. Talk to people about your ideas for the future, and ask for theirs. Be the person you are. Forget your title, forget your position, and speak from your heart. Talk not only of your hopes for the future, but also about your foibles today. Vulnerability aids human connection, and connection is the conduit for energy. Pretense of invincibility builds walls and creates distance between human hearts.”
Try thinking of it this way - the commodity we are trading in is the reader's attention. If you give them what they want, they will give you their attention. Once you have that, you can work on your other goals, be it relationship building, information exchange, education, whatever. You can measure (perhaps indirectly) the attention you are getting to help you adjust your blogging habits.
Viral Marketing is another relevant buzz-phrase here. Consider the following clip from http://www.myneweconomy.com/articles/210703/buzz.htm
Shelby Coffey, a shy, blond 10-year-old in suburban Atlanta, loves BellyWashers. Really. There are 45 of the cartoon-character juice bottles in a place of honor on a shelf above her desk. There's a scarce Sylvester, a rare Blossom, and the much sought-after green Power Ranger.
But Shelby is more than just a collector. With 15 young friends, she has organized a BellyWashers club to do community-service projects. They visit children's hospitals to pass out BellyWashers at Christmas, clean city parks under a BellyWashers banner, and donate proceeds of their yard sales to disadvantaged children. Over the past year, Shelby has amassed a five-inch-thick binder of pictures and newspaper clippings documenting her work on behalf of the brand. Local TV stations have filmed her good deeds. The kicker: She does it all for free. "It's been lots of fun," says the fifth grader.
Shelby is a buzz machine, the sort of hyperdevoted customer that marketers dreams of. As traditional media channels fragment and consumers zap commercials quicker than you can say TiVo, more companies are looking to harness the power of buzz. "Word of mouth has superseded any form of paid advertising, in terms of influence," says Marian Salzman, chief strategy officer at Euro RSCG Worldwide and author of Buzz: Harness the Power of Influence and Create Demand (John Wiley, 2003). Personal recommendations, she says, have become far more reliable and authentic than conventional hype.
The best way to learn something is to teach it. When you write about a topic, you learn that you don’t know some stuff, or have to go check/verify some stuff. Not only have you helped all of your readers by this effort, but you also benefit and your understanding of the topic will improve.
And there is this advice on Eric Gunnerson's Blog Can you write?Or, to put it more succinctly, can you write well in a reasonable amount of time without driving yourself and the people around you crazy. Before you can get a signed contract, you need to be able to demonstrate this to your publisher (unless you're a big name draw, and the publisher is willing to pay for editing and/or a ghostwriter).To find out whether this is feasible for you, you need to do some writing, and then you need to have an audience read the writing and give you constructive feedback. Writing is a skill, and over time you should be able to develop techniques that work will with your target audience. Good ways to practice:
Finally, consider making it easier for readers to find your blog while writing. See 10 Tips here for making your blog a little easier for search engines to find. What do you think? Can you point me to well-written blogs? Poorly written ones? Does the writing style matter to IT Pros as long as the technical information is good and useful? Post a comment and let us know.
The DNS issue in the article below affects Windows Server 2003 (standard, enterprise and datacenter editions), Windows 2000 Server (also the advanced and datacenter versions) and Windows NT Server 4.0 standard edition, Microsoft said in its advisory. Servers with Service Pack 3 installed, or that run software sold after the update was released, are already protected from DNS cache pollution by default. Otherwise, the needed settings must be turned on using the products' DNS Management Console.
DNS cache poisoning occurs when an attacker hacks into a domain name server, then "poisons" the cache by planting counterfeit data in the cache of the name server. When a user requests, say, ebay.com, and the IP address is resolved by the hacked domain server, the bogus data is fed back to the browser. Another tactic, dubbed "DNS hijacking," is similar, but simply changes the domain server so that traffic is actually re-routed. Full article <http://www.techweb.com/wire/security/60405913>
The DNS cache poisoning that first struck more than a month ago and led to users being redirected from popular Web sites to malicious sites that infected their machines with spyware, is continuing, said the Internet Storm Center (ISC) Wednesday. The attacks are taking advantage of vulnerabilities and design flaws in Microsoft server software.
To highlight the danger, the ISC raised its Homeland Security-esque alert color code from Green to Yellow.
To set the DNS cache poisoning threat in perspective, Yellow is the same alert color code that ISC used during the SQL Slammer, MSBlast, and Sasser worm outbreaks, three of the nastiest in the last two years.
The newest attack, said Kyle Haugsness, one of the ISC analysts, is actually the third since March 4. Like the initial attack, the motivation is certainly money, since the result is again the installation of mass quantities of spyware on victims' PCs.
Initially, Haugsness and the other ISC analysts thought that a DNS cache poisoning attack was beyond the skills of most spammers -- and so might be proof that the original attackers were contracting their services, but now he said "they might be completely unrelated. In fact, one of the things we discovered after looking into these attacks is just how easy they are to carry off."
Among the domains included in one of the poisoned DNS servers during the first attack were major sites such as americanexpress.com, cnn.com, redhat.com, and msn.com. "
Although there's essentially nothing an end-user can do to protect him- or herself -- other than to regularly sweep the system for spyware and/or have real-time anti-spyware defenses up and running -- DNS server administrators, particularly those in enterprises, should scramble.
Windows-based DNS servers are particularly vulnerable, since Windows NT Server 4.0 and Windows 2000 Server prior to SP3 are insecure against DNS cache poisoning attacks. Windows 2000 Server SP3 and later, as well as Windows Server 2003, are configured securely by default. (For more information, see this Microsoft Knowledgebase article.)
Other users that are vulnerable are those running various Symantec gateway security products who haven't patched bugs the Cupertino, Calif.-based vendor released in mid-March. Full article <http://www.techweb.com/article/printableArticleSrc.jhtml?articleID=160501468>
See also Developing a DNS Security Policy; Windows Server 2003 Deployment KitIf your DNS data is compromised, attackers can gain information about your network that can be used to compromise other services. For example, attackers can harm your organization in the following ways:http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dnsbd_dns_oxet.asp.
DNS Server Top Support Articles - Microsoft Service ProvidersA well-developed DNS server and Active Directory infrastructure is vital to your network. These articles help you plan, deploy, and troubleshoot DNS and Active Directory implementations.http://www.microsoft.com/serviceproviders/support/dns.asp
Jeff's blog post here for important context and advice - do you know the health of the entire chain?
More KBs here and here, and search results page here. Webcasts:
TechNet Webcast: Windows Server 2003 Administration Series (Part 8 of 12): Domain Name System (DNS) (Level 200)
TechNet Webcast: Security Risk Management (Level 200)
There is a ton of material on TechNet that will help IT Pros that exists outside the product group documentation. Name the topic, chances are that Microsoft technical insiders have recorded a webcast, hosted a chat, or otherwise posted media that can help you. The IT folks inside Microsoft for example have recorded a bunch of webcasts that tell you how they do it inside the Microsoft corpnet. To see what I mean check out Gary Baxter's TechNet Webcast: How Microsoft IT Maintains High Availability for Exchange Server 2003 at Microsoft. "Microsoft IT, using the latest server and storage hardware products, as well as using Microsoft Exchange Server 2003 on Microsoft Windows Server 2003 clusters, sets a mailbox availability target of 99.99 percent. Join us as we review how Microsoft IT implements strict service level agreements and regular review processes to make sure it either meets it aggressive goals or knows when and why it does not. " Event ID: 1032266444 Replay Link: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032266444&Culture=en-US
Many of these goodies an be downloaded into your music player or burned on an audio CD to listen to on your commute in to work. Who know - if i get some good feedback here perhaps I can pursuade the PTB to offer this kind of stuff as an RSS feed?
Add this site to your search list: http://www.microsoft.com/events/AdvSearch.mspx
The problem for IT staff is that business executives often overlook the benefits of these investments, which could lead them to assign lower priorities and budgets to their IT departments, Gartner warned.
The researcher suggested that IT managers channel more funds toward meeting business needs, while at the same time improving their communication with executives about the importance and value of planning for infrastructure improvements.
The recent economic cycle and its focus on return on investment has somewhat tarnished the image of IT
The article recommends that midmarket IT staff get more engaged with the company's overall strategy decisions, to better align technology investments with business priorities.
He recommended that IT managers look at what other leading companies in their industries are planning in terms of IT and develop a list of best practices.
Gartner predicts that IT spending in the small and midsize business market will increase dramatically in the next few years.
How can TechNet help the midmarket IT Pro do this? Give us feedback here.
Full article <http://www.infoworld.com/article/05/04/06/HNspendingmidsize_1.html>
SBS user? do you know about Susan's blog?
64-Bit Windows Server System is live. You can read some of the history of the project on Clyde’s blog, and an overview for IT Pros from Professor Windows. Come and play with the new server hardware at the EEC, see how your apps will perform. On Demorie Crowe’s blog you can track upcoming 64-bit web/blogcasts, like these: http://www.microsoft.com/seminar/events/series/msdn64bitwin.mspx. Also look at Ward Ralston’s blog.
Executive Chat - Get Technical with Microsoft and Intel’s 64-bit Leaders - April 19, 2005, 2:00 P.M. Pacific Time Join Bob Muglia, Senior Vice President of Microsoft’s Windows Server Division and Abhi Talwalkar, Vice President & General Manager of Intel’s Digital Enterprise Group to discuss Microsoft and Intel’s industry standard platforms for 64-bit enterprise computing: Itanium (r) 2 Processor-based servers running Window Server 2003 to provide cost-efficient RISC replacement, and 64-bit Intel (r) Xeon (tm) Processor-based servers with the new Window Server 2003 x64 Editions that support the broadest range of applications. ADD TO CALENDAR
Executive Chat - Get Technical with Microsoft and AMD Execs - May 5, 2005, 10:00 A.M. Pacific Time.Join Bob Muglia, Senior Vice President of the Windows Server Division of Microsoft and Fred Weber, Chief Technical Officer of AMD, to discuss the development and plans for enterprise-ready, high-availability systems for which the AMD Opteron processor based on AMD64 technology is optimized. ADD TO CALENDAR
Eric Gunnerson got there first. I watched the episode he refers to last night on Tivo. Check it out: http://blogs.msdn.com/ericgu/archive/2005/04/04/405300.aspx
When I came to Microsoft 5 years ago one motto was "the more you know the farther you go". TechNet puts out some great training that IT Pros should eat up with both hands. Check out this upcoming webcast on AD monitoring with MOM 2005. Let me know with comments on this page how you liked it.
TechNet Webcast: Monitoring Active Directory with Microsoft Operations Manager 2005 (Level 300)Thursday, April 14, 2005 - 11:30 AM - 1:00 PM Pacific Time. Mas Libman, Program Manager - Directory and Identity Services, Microsoft
Effective Monitoring of Active Directory is essential! In this 90-minute webcast we will show why monitoring is important and how management will be vastly improved with Microsoft Operations Manager 2005 (MOM). The inclusion of state monitoring, topological views, and context specific tasks in MOM 2005 will help you more easily manage your Active Directory. This session will also include Active Directory Management Pack monitoring details, best practices, and customizations. http://go.microsoft.com/fwlink/?LinkId=43973
The SMS 2003 Scripting Guide is a .chm file you can down load that provides over 40 scripts, ranging from tasks such as creating advertisements to running queries. It explains the basics of SMS objects, WMI, and VBScript through a series of 'How To' examples. Each example has extensive and appropriate links to other resources, such as the SMS SDK, the WMI SDK, and the Windows 2000 Scripting Guide.
BTW - if you don't know about them, check out the IT Pro's secret weapon - the Scripting Guys here: http://www.microsoft.com/technet/community/columns/scripts/sghits.mspx
Then mosey on over to the next big thing - Virtual Labs - you will thank me one day: http://www.microsoft.com/technet/traincert/virtuallab/default.mspx
Former Microsoft Corp. employee Richard Gregg was sentenced to two years in prison yesterday for mail fraud after unlawfully selling more than $13 million worth of his former employer's software.
U.S. District Judge John Coughenour also ordered Gregg, 45, to pay more than $5 million in restitution to Microsoft for software he diverted, keeping the profits after selling it.
In a plea agreement, Gregg admitted that, while working at Microsoft as a project coordinator from May to December 2002, he took advantage of a software-ordering program set up for internal use by Microsoft employees.
He ordered and sold more than 4,400 pieces of software, with a value of more than $13 million.
Full article <http://seattlepi.nwsource.com/printer2/index.asp?ploc=b&refer=http://seattlepi.nwsource.com/business/218485_gregg02.html>
Three New MOF Operations Management Reviews released http://www.microsoft.com/technet/itsolutions/cits/mo/mof/omr/default.mspx
MOF site on TechNet http://www.microsoft.com/mof
Also check out the Service Monitoring Solution Accelerators
Full article <http://www.microsoft.com/technet/itsolutions/cits/mo/default.mspx>
The Core Infrastructure Solutions group, includes three components: MOF, WSSRA, and MSM.
And here’s the feed for one of the CIS TechNet blogs: http://blogs.technet.com/it_prose/rss.aspx
Virtualization is big for IT Pros. If you don’t know that yet, you will soon. Watch this blog:
The Soul of a Virtual Machine: Things to know about running a virtual machine under Virtual Server
For example, this great post on sysprepping virtual machines.
To invent anything, you have to be removed from the world. In order to have the capacity, the liberty, to imagine something better, you need to step outside of it for awhile.
My advice is to encourage invention and ideas, and then edit. It's about proliferation and promiscuity on the one hand - and then later, rigorous, tough-minded editing. Deam Kamen, the iventor, calls the process "kissing frogs." You might make 100 things and turn one of them into a prince.
What's truly sane about the approach is that the from that you make today doesn't have to be beautiful. There's no need to get hung up on a "good idea." later on, the process of choosing - making sure the good idea doesn't get lost - becomes largely intuitive. I my experience, it has to be.
But product invention isn't just about the product. It's also about the relationship, the flow, the information that surrounds that product. If you say that the actual object is the thing, then you're missing the point of what it means to invent in today's world.
It's true that to think about a new product, you first have to consider it on its own. But not long after, you have to force yourself to do a mental flip and understand that it's really not discrete at all. For example, car manufacturers don't want to sell you a car. They want to sell you 10 cars. And so, they're going to sell you the relationship, the communication, the experience of that car. The car, the product, is part of a bigger flow. The real challenge for an inventor is to understand how it fits into the larger context.-Bruce Mau, BMD Toronto
Full article <http://www.fastcompany.com/magazine/79/fasttalk.html>
Full article <http://www.aaai.org/AITopics/newstopics/nlp1.html>
Microsoft escalated its legal campaign against a pervasive form of online identity theft Thursday, filing 117 lawsuits against unnamed people accused of phishing.
Microsoft, the Federal Trade Commission and the National Consumers League offered these tips to avoid "phishing" scams (feel free to copy-paste these into any comms to your end users that work for you):
Full article <http://seattlepi.nwsource.com/business/218390_phishing01.html>
Studies by AIIM and Ford Motor Company estimate that knowledge workers spend 15-25% of their time on non-productive information related activities. IDC estimates that a typical knowledge worker spends about 2.5 hours per day searching for information. If you are reading this blog, you are probably an IT Pro. That means you are time-constrained all the time. To get some minutes back in your day so you can read the great content on TechNet, go download Lookout to help you manage your inbox. I use it everyday and it saves me time. Highly reccomended.
Lookout V1.2 is lightning-fast search for your e-mail, files, and desktop integrated with Microsoft Outlook. Built on top of a powerful search engine, Lookout is the only personal search engine that can search all of your e-mail from directly within Outlook - in seconds...
Full article <http://www.microsoft.com/downloads/details.aspx?FamilyID=09b835ee-16e5-4961-91b8-2200ba31ea37&displaylang=en>
I wrote this down during a training class on "Fierce Conversations" in order to remember it and reflect further on it after class: "In any situation, the person who can accurately describe reality without laying blame will emerge as the leader, whether designated or not." Edwin Friedman
An A9.com search on this phrase brings up an interesting book review of : The Four Agreements, A Practical Guide to Personal Freedom by Don Miguel Ruiz. Full article <http://www.beingjane.com/bookReview.php>
My new job on TechNet includes the opportunity to show leadership in improving TechNet. Interested in helping me accurately describe TechNet reality to upper management without laying blame? Feel free to add your comments.
Quantum cryptography has emerged from the laboratory and into the real world.
Using properties of quantum physics, the technique encrypts data with keys that reveal if they have been intercepted or tampered with. US company Magiq and Swiss firm ID Quantique have already sold hardware to several customers keen to protect data with quantum cryptography. Governments and armed forces are thought to be among the first users of the technology.
Encryption usually involves scrambling data with long numeric keys that stop other people reading it. The information inside the message is effectively kept secure because of the time it would take an eavesdropper to sort through all possible keys used to scramble the data. But quantum cryptography scrambles data in a different way by using the strange properties of the quantum world to guarantee that keys have been swapped securely.
Information about the key is encoded on to a single photon of light. Quantum physics guarantees that the properties of the photon will change if anyone intercepts it and tries to read the information off it. Once two parties have swapped a key that they know to be safe they can be sure that the messages they are sending each other are secure.
Once connected to a fibre-optic network the Magiq hardware allows companies to set up a virtual network they can use to send data encoded with quantum keys.
Although the technology is already in use, there are still some limitations to iron out. For instance there is a limit to the distance that photons can travel before they lose coherence which makes it impossible to read key information. The current record for long-distance quantum key distribution is 120km.
Read full article at <http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/1/hi/technology/3543495.stm>
Toshiba has discovered a way to make quantum-cryptographic data more stable and to transmit it at five times the current rate. “We have made the technology much more stable and easier to use,” says Andrew Shields, who is head of Toshiba’s Quantum Information Group in Cambridge, England. Shields says Toshiba is talking with financial institutions in the City of London about installing the system later this year.
Quantum cryptography allows two parties to send secret encryption keys to each other while testing to see if anyone has attempted to intercept them. The keys are sent, one photon at a time, over standard optical fibers; each photon represents a binary 1 or 0. What makes the system so secure is that any attempt by an eavesdropper to intercept the photons will alter them—alerting the sender to a security breach. The problem: the hardware used to generate the photons is extremely sensitive to temperature fluctuation and movement, so it requires continual adjustment by experts.
Toshiba’s solution is to send two signals. “Along with the single-photon pulse we send a second, brighter, guardian pulse,” Shields explains. The guardian pulse provides a reference point for the receiving hardware, which automatically adjusts to ensure that the photon paths are aligned. The result: a system that Toshiba researchers have shown is able to operate 24 hours a day, seven days a week, without any human intervention.
Read full article at http://www.technologyreview.com/articles/05/04/issue/forward_quantum.asp?trk=nl
The new Windows Server 2003 TechCenter is the place for IT Pros to find Windows Server 2003 post-sales, technical documentation including SP1 updates. It offers views into documentation by language, technology, task (or documentation category), and documentation set.
Our goals for this TechCenter are:
How are we doing on these goals? Let me know by posting a comment on this blog.
The Microsoft IT group helps protect the corporate network using domain isolation with IPsec. You can read about it here.
The Microsoft Solutions for Security (MSS) team has recently released a Server and Domain Isolation Using IPsec and Group Policy paper. This solution demonstrates how IPsec transport mode can be leveraged as one of the best means currently available to protect corporate networks and minimize losses due to information theft, compromise of credentials, and administrative costs. This solution also clearly contrasts IPsec transport mode with the more widely known IPsec tunnel mode, one of the prevalent VPN technologies today.
Full article at <http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx>
Improving Security with Domain Isolation: Microsoft IT implements IP Security (IPsec)
Detailed discussion on how Microsoft IT introduced Domain Isolation to the Microsoft global enterprise network, to prevent unauthorized access to trusted assets. The technology chosen for isolation is Internet Protocol Security (IPsec), a standards-based approach to authenticating network traffic, which can be deployed and managed centrally through the use of Group Policy. The result of these efforts is a secure, segmented network of trusted computers. Downloads (Technical White Paper, Technical White Paper Presentation)
Full article at <http://www.microsoft.com/technet/itsolutions/msit/default.mspx>
Using IPsec for Network Protection: Part 1 of 2 :http://www.microsoft.com/technet/community/columns/secmgmt/sm121504.mspx
TechNet Support WebCast: How to use IPSec to help secure network traffic http://support.microsoft.com/default.aspx?scid=kb;en-us;888266
TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 1 of 3): Overview of Internet Protocol Security (Level 300)
Read the Professor Windows colunn on Windows Server 2003 SP1 http://www.microsoft.com/technet/community/columns/profwin/pw0405.mspx