News
How to Shoot Yourself in the Foot with Security, Part 1 -- by Jesper M. Johansson http://go.microsoft.com/?linkid=3992455
This article can help you better understand some of the things we do to provide security, and how they may cause serious problems unless we are really careful in how we use them.
Microsoft Security Guidance Center: Recently Published
http://www.microsoft.com/technet/security/recent/default.mspx
Microsoft Security Bulletin Summary for September, 2005
Microsoft has no new security bulletins to release as part of the monthly release cycle for the month of September.
Search for previous security bulletins http://go.microsoft.com/?linkid=3992478
Security Bulletin Feed http://go.microsoft.com/?linkid=3992479 RSS http://go.microsoft.com/?linkid=3992480
Health Check Tool
The new security health check is a simple tool that asks you a few questions and offers advice to help you be more secure.
http://www.bcentral.co.uk/technology/security/computer-and-internet-security-adviser.mspx
5 safety tips for using a public computer
Public computers at libraries, Internet cafes, airports, and copy shops are convenient, cheaper than buying your own laptop, and sometimes even free to use. But are they safe? Depends on how you use them.
Here are 5 tips on using public computers without compromising your personal or financial information.
http://www.microsoft.com/athome/security/privacy/publiccomputer.mspx
Office "Per-user" Installation Mode Issue
There's a new script that can help identify a condition where Microsoft Office is not offered any security updates if installed in "Per-user" mode. There is no easy way to determine the mode, but you can get a script in the TechNet Script Center that can tell users which mode they are running.
http://go.microsoft.com/fwlink/?LinkId=4021093
Simplified Identity and Access Management
See how Windows Server 2003 R2 extends connectivity and control of identity management for internal and external collaboration.
http://go.microsoft.com/fwlink/?LinkId=4021094
Permission to Land
Nobody likes standing in line at airport security, but it's reassuring they go to so much effort. Security expert and part-time aircraft pilot Matthew Stibbe looks at what we can learn about IT security from airlines' precautions.
http://go.microsoft.com/fwlink/?LinkId=4021095
Microsoft Security Development Center
http://msdn.microsoft.com/security/
Application Development Security Guidance for .NET 2.0
This page explains the rationale behind the patterns & practices Security Guidance for .NET Framework 2.0 projects. Use this guidance to improve both the security of your applications and your approach to building secure applications.
http://go.microsoft.com/?linkid=3980334
ASP.NET 2.0 Security Practices at a Glance
This page explains the rationale behind the patterns & practices Security Guidance for .NET Framework 2.0 project and provides an index into the guidance. You can use the guidance referenced on this page to improve both the security of your applications and your approach to building secure applications.
http://go.microsoft.com/?linkid=3980335
Security Checklist: ASP.NET 2.0
This page explains the rationale behind the patterns & practices Security Guidance for .NET Framework 2.0 project and provides an index into the guidance. You can use the guidance referenced on this page to improve both the security of your applications and your approach to building secure applications.
http://go.microsoft.com/?linkid=3980336
The WSE 3.0 Beta is Released!
http://go.microsoft.com/?linkid=3980337
WS-I Basic Security Profile 1.0 Sample Application: Preview Release for the .NET Framework version 1.1
http://go.microsoft.com/?linkid=3980338
The patterns and practices Security Wiki
The patterns and practices Security Wiki is where the p&p team puts its latest thoughts and discoveries in application security. They are constantly talking to customers, industry experts, and security experts inside Microsoft to bring you the latest and greatest.
http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.HomePage
Top Stories
Dealing with an Infected PC http://go.microsoft.com/?linkid=3992456
What can you do if you think your computer is affected by spyware, a virus, or other malware?
Understanding Security in Microsoft Internet Explorer 6 in Windows XP SP2 http://go.microsoft.com/?linkid=3992457
This paper examines the real state of Web browser security and the correlation between a browser's vulnerability and its advanced functionality.
It's Not Always Malware: How to Fix the Top 10 Internet Explorer Issues http://go.microsoft.com/?linkid=3992458
Malware, the perennial enemy of the Web surfer, has received a lot of publicity and analysis over the past 12 months and rightly so, but this attention has, in some ways, proven to be a two-edged sword. This article by Microsoft MVP Sandi Hardmeier covers the procedures that are most likely to fix the top 10 Internet Explorer issues.
Rights of Passage http://go.microsoft.com/?linkid=3992459
Read this extensive piece by Robert Mitchell to get Computerworld's take on the enterprise rights management space and how Microsoft Windows Rights Management Services fits into it.
Don't Let Your Company Get Hooked by Phishing http://go.microsoft.com/?linkid=3992460
Find out how spam scams (known as phishing) work and how they can hurt a small business. Then learn four things you can do to protect your company: make sure the defenses of company computers are strong and up-to-date, reduce exposure to phishing, don't send the wrong message to customers, and educate your employees about phishing.
Security Guidance
Security Tip of the Month: 10 Tips for Designing, Building, and Deploying Secure Web Applications http://go.microsoft.com/?linkid=3992461
This paper provides an introductory set of guidelines for anyone involved in the creation and operation of Web applications or services. Follow these simple best practices when designing, building, and deploying Web applications and services in a secure manner.
Microsoft Security Tool Kit: Compromised Systems http://go.microsoft.com/?linkid=3992462
The software, tools, and information provided in the Security Tool Kit can be used to install and configure an up-to-date Windows system so that it is less likely to be affected by known methods of attack or by future attacks that exploit similar vulnerabilities.
Computer Threats: What to Focus on First http://go.microsoft.com/?linkid=3992463
When thinking about computer and network security, begin by sorting out what constitutes a genuine security menace to your computer systems and what is mostly a nuisance. Here's guidance to ensure that you're drawing the battle lines in the right place.
Small Business Owners: What You Can Do to Manage Network Security http://go.microsoft.com/?linkid=3992464
Thanks to the continued presence of Internet worms, viruses, and other threats to computers, network security consistently ranks as a top concern of business owners -- even for those operating simple networks. The good news for small business owners is that many security tasks don't require an IT expert.
Learn How ISA Server 2004 and Sybari Antigen Can Protect Your Network http://go.microsoft.com/?linkid=3992465
Don't miss an opportunity to learn from the experts in an upcoming webcast "Securing Your Exchange Server with Antigen and ISA Server." Join us September 21 at 11:00 AM to hear how Microsoft Internet Security and Acceleration Server (ISA) and Sybari Antigen can protect your Microsoft Exchange Server from viruses, worms, spam, and external attacks.
Download the Malicious Software Removal Tool http://go.microsoft.com/?linkid=3992466
The Microsoft Windows Malicious Software Removal Tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found.
Families Cleaned by the Malicious Software Removal Tool http://go.microsoft.com/?linkid=3992467
This tool removes specific, prevalent malicious software families from computers running compatible versions of Windows. Microsoft releases a new version of the Malicious Software Removal Tool on the second Tuesday of every month, and as needed to respond to security incidents.
Downloads
Anti-phishing White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyID=b4022c66-99bc-4a30-9ecc-8bdefcf0501d&DisplayLang=en
Microsoft WS-I Basic Security Profile 1.0 Reference Implementation
http://www.microsoft.com/downloads/details.aspx?FamilyID=40e3d4c5-2105-47f1-ba26-9e4c29ba6990&DisplayLang=en
Recommendations for Virtual Private Network Client Coexistence with the Internet Protocol Security Implementation in Microsoft Windows
http://www.microsoft.com/downloads/details.aspx?FamilyID=705b6d76-3dbc-4173-bb75-c3f066cbc160&DisplayLang=en
Microsoft Password Change Notification Service
http://www.microsoft.com/downloads/details.aspx?FamilyID=c0964f2e-fa9f-4fc7-ac13-c43928efee9d&DisplayLang=en
Security Fix for DirectX 8 on Windows 2000, Windows ME, Windows 98 SE, and Windows 98 (KB819696)
http://www.microsoft.com/downloads/details.aspx?FamilyID=49552d6a-4a62-48ba-a2ac-0b237cd5f732&DisplayLang=en
ISV Chalk Talk – Windows Authorization Manager with Dave McPherson
http://www.microsoft.com/downloads/details.aspx?FamilyID=4773b5c8-e9ee-49a8-81c9-2f3bd3994f3a&DisplayLang=en
Anti-phishing White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyID=b4022c66-99bc-4a30-9ecc-8bdefcf0501d&DisplayLang=en
Setting Up IPsec Domain and Server Isolation in a Test Lab
http://www.microsoft.com/downloads/details.aspx?FamilyID=5acf1c8f-7d7a-4955-a3f6-318fee28d825&DisplayLang=en
Microsoft Federated Identity and Access Resource Kit for Sept 2005 Community Technology Preview
http://www.microsoft.com/downloads/details.aspx?FamilyID=66734401-4988-4ded-9876-3dc10223052c&DisplayLang=en
Events / Webcasts
How Microsoft IT Does Security Updates
Date and Time: Tuesday, Oct. 25, 2005 - 8:00 a.m. Pacific Time
Presenter: Paul Thomsen - Sr. SMS Administrator, GTS Manageability Services, Microsoft Corporation
http://go.microsoft.com/fwlink/?LinkId=52131
· Hone Your Security Expertise with Microsoft E-Learning Clinics http://go.microsoft.com/?linkid=3563113
· Learn Security On the Job. Without Putting It On the Line http://go.microsoft.com/?linkid=3992501
· Applying Microsoft Security Guidance with Hands-On Labs http://go.microsoft.com/?linkid=3992502
· Extend your skills with standalone Security Virtual Labs http://go.microsoft.com/?linkid=3992503
Upcoming Security Webcasts
http://www.microsoft.com/events/security/upcoming.mspx
Register for the following Webcasts on the link above
TechNet Webcast: Deploying and Managing Windows XP Service Pack 2 (Level 200)
October 03, 2005, 9:00 A.M.–10:30 A.M. Pacific Time
TechNet Webcast: Server and Domain Isolation Using IPsec and Group Policies (Level 300)
October 04, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
MSDN Webcast: Security Best Practices: Protecting Your Connection String (Level 200)
October 04, 2005, 11:00 A.M.–12:00 P.M. Pacific Time
TechNet Webcast: Configuring Security Enhancements in Microsoft Windows Server 2003 Service Pack 1 (Level 200)
October 05, 2005, 9:00 A.M.–10:30 A.M. Pacific Time
TechNet Webcast: Securing Services and Critical Accounts (Level 200)
October 07, 2005, 9:00 A.M.–10:30 A.M. Pacific Time
TechNet Webcast: Security Risk Management (Part 1 of 3): Concepts and Prerequisites (Level 300)
October 10, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
TechNet Webcast: Security Risk Management (Part 2 of 3): Risk Assessment (Level 300)
October 12, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
TechNet Webcast: Information about Microsoft October Security Bulletins (Level 200)
October 12, 2005, 11:00 A.M.–12:00 P.M. Pacific Time
TechNet Webcast: Protecting Your Business from Spyware (Level 200)
October 13, 2005, 9:00 A.M.–10:30 A.M. Pacific Time
TechNet Webcast: Security Risk Management (Part 3 of 3): Decisions, Controls, and Program Effectiveness (Level 300)
October 14, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
MSDN Webcast: Securing ASP.NET Web Services (Level 300)
October 14, 2005, 11:00 A.M.–12:30 P.M. Pacific Time
TechNet Webcast: Implementing Multifactor Authentication Using Smart Cards (Level 200)
October 14, 2005, 11:00 A.M.–12:30 P.M. Pacific Time
TechNet Webcast: A Comprehensive Look at Anti-Spam Technologies in Exchange 2003 SP2 (Level 300)
October 17, 2005, 9:30 A.M.–11:00 A.M. Pacific Time
TechNet Webcast: Protecting Information with Microsoft Windows Rights Management Services (Level 200)
October 17, 2005, 11:00 A.M.–12:30 P.M. Pacific Time
Microsoft Executive Circle Webcast: Security360: Managing Privacy in Your Organization (Level 100)
October 18, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
TechNet Webcast: SurfControl Web Filter for ISA Server 2004: Helping You STOP Unwanted Content Risks (Level 200)
October 19, 2005, 9:00 A.M.–10:30 A.M. Pacific Time
TechNet Webcast: An Overview of the Messaging and Security Management Feature Pack for Enterprise Windows Mobile Device Management (Level 300)
October 20, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
TechNet Webcast: E-mail Authentication: Importance in Your E-mail Hygiene Strategy (Level 300)
October 21, 2005, 9:30 A.M.–11:00 A.M. Pacific Time
TechNet Webcast: Network Isolation Using Group Policy and IPsec (Part 1 of 3): Overview of Internet Protocol Security (Level 300)
October 24, 2005, 9:00 A.M.–10:30 A.M. Pacific Time
TechNet Webcast: How Microsoft IT Does Security Updates (Level 300)
October 25, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
TechNet Webcast: Network Isolation Using Group Policy and IPsec (Part 2 of 3): Understanding Network Isolation Using IPsec (Level 300)
October 26, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
TechNet Webcast: Network Isolation Using Group Policy and IPsec (Part 3 of 3): Advanced Network Isolation Scenarios (Level 300)
October 28, 2005, 9:00 A.M.–10:00 A.M. Pacific Time
On-Demand Security Webcasts
http://www.microsoft.com/events/security/ondemand.mspx
Additional Security Resources
· Security Help and Support for IT Professionals http://go.microsoft.com/?linkid=3992520
· New and Improved Microsoft TechNet Troubleshooting and Support Page http://go.microsoft.com/?linkid=3992521
· Microsoft Security Glossary http://go.microsoft.com/?linkid=3992522
· Preview Microsoft SQL Server 2005 http://go.microsoft.com/?linkid=3992523
· New Microsoft Windows Security Resource Kit, Second Edition http://go.microsoft.com/?linkid=3992524
· TechNet Security Web Site http://go.microsoft.com/?linkid=3992525
· MSDN Security Developer Center http://go.microsoft.com/?linkid=3992526
· Sign-Up for the Microsoft Security Notification Service http://go.microsoft.com/?linkid=3992527
· Security Bulletin Search Page http://go.microsoft.com/?linkid=3992528
· Home Users: Protect Your PC http://go.microsoft.com/?linkid=3992529
· MCSE/MCSA: Security Certifications http://www.microsoft.com/traincert/mcp/mcsa/mcsa_mcse.asp
· Subscribe to TechNet http://go.microsoft.com/?linkid=3992530
· Register for TechNet Flash IT Newsletter http://www.microsoft.com/technet/abouttn/subscriptions/flash_register.mspx
· Subscribe to MSDN http://go.microsoft.com/?linkid=3992531
Windows Platform
News
Next Generation TCP/IP Stack in Windows Vista and Windows Server "Longhorn"
Windows Vista includes the next generation TCP/IP stack, a new implementation of the TCP/IP protocol suite with integrated Internet Protocol version 6 support. Read about it in The Cable Guy's September column.
http://www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx
Learn How New Software Assurance Enhancements Can Empower IT Professionals
Microsoft is introducing several new support, planning, and training benefits that can help IT professionals improve how they deploy and manage technology. To find out more about the September 15 announcement,
http://www.microsoft.com/licensing/programs/sa/webcast.mspx
Microsoft Certified Architect Program
The Microsoft Certified Architect Program identifies top industry experts in IT Architecture. These architects can employ multiple technologies to solve business problems and provide business metrics and measurements to describe the success or failure of the projects they drive. The program is currently in beta, and is expected to open to the architect community in early 2006.
http://www.microsoft.com/learning/mcp/architect/
Learn what you need to know about XP SP2.
Our free Microsoft™ Official E-Learning Clinics on Windows XP Service Pack 2 (SP2) provide the technical information and skills you need via a learner-centered format with unique user benefits. With an E-Learning Clinic, you can access the topic you want, when you want it, and learn at your own pace. Each lesson can be paused, and all topics are indexed for fast and easy repeat use.
When you sign on today for a free Windows XP SP2 E-Learning Clinic, you also get access to additional Security E-Learning Clinics with important security guidance for IT professionals and developers that can help you better protect your organization against security threats.
https://www.microsoftelearning.com/xpsp2/
https://www.microsoftelearning.com/security/
Documents
Windows Vista Product Overview for IT Professionals
From the perspective of an IT professional, Windows Vista is easier to deploy and less expensive to maintain than any earlier version of Windows. Get an overview of improvements in security, reliability, deployment, management, and productivity.
http://www.microsoft.com/technet/windowsvista/evaluate/overvw.mspx
Beta 2 Reviewers Guide for Microsoft Services for Network File System in Windows Server 2003 R2
Microsoft Services for Network File System (MSNFS) is a component of Windows Server 2003 R2 that allows users to transfer files between Windows Server 2003 R2–based and UNIX–based computers using the Network File System (NFS) protocol. This guide describes MSNFS for Beta 2 and provides information about setting up a test environment to evaluate its functionality.
http://www.microsoft.com/downloads/details.aspx?FamilyID=40af5e4e-4b12-4f27-90f7-7cf9bc053e41&DisplayLang=en
MsPress New and Upcoming Titles
MCDST Self-Paced Training Kit (Exam 70-272): Supporting Users and Troubleshooting Desktop Applications on Microsoft® Windows® XP, Second Edition
http://www.microsoft.com/MSPress/books/8771.asp
MCDST Self-Paced Training Kit (Exam 70-271): Supporting Users and Troubleshooting a Microsoft® Windows® XP Operating System, Second Edition
http://www.microsoft.com/MSPress/books/8796.asp
Downloads
Update Rollup 1 For Windows 2000 SP4 (KB891861) Re-Released.
http://www.microsoft.com/downloads/details.aspx?FamilyID=b54730cf-8850-4531-b52b-bf28b324c662&DisplayLang=en
Try Windows Server 2003 R2 Release Candidate
See how you can extend your connectivity and identity management without compromising security or ease of administration
http://www.microsoft.com/windowsserver2003/r2/default.mspx
Windows "Monad" Shell Beta 2 (for .NET Framework 2.0 Beta 2) x64
Windows "Monad" Shell is a new interactive command-line and task-based scripting technology in Windows that enables administrators to more efficiently and securely automate and control system management tasks on both desktops and servers (9/11/2005).
http://www.microsoft.com/downloads/details.aspx?FamilyID=ACF5F118-FAE2-4451-BB46-C1AB7AC4348C&displaylang=en
Windows "Monad" Shell Beta 2 (for .NET Framework 2.0 Beta 2) x86
Windows "Monad" Shell is a new interactive command-line and task-based scripting technology in Windows that enables administrators to more efficiently and securely automate and control system management tasks on both desktops and servers (9/11/2005).
http://www.microsoft.com/downloads/details.aspx?FamilyID=2AC59B30-5A44-4782-B0B7-79FE2EFD1280&displaylang=en
Automated Deployment Services 1.1
The preferred solution for use in deploying Windows Server operating systems in your data centers, Automated Deployment Services 1.1 includes a rollup of bug fixes and adds support for x64 platforms and Windows PE (9/14/2005).
http://www.microsoft.com/downloads/details.aspx?FamilyId=D99A89C9-4321-4BF6-91F9-9CA0DED26734&displaylang=en
Microsoft Password Change Notification Service
Password Change Notification Service captures passwords on the domain controller, so Identity Integration Server can synchronize. (9/9/2005).
http://www.microsoft.com/downloads/details.aspx?FamilyID=D99A89C9-4321-4BF6-91F9-9CA0DED26734&displaylang=en
Update for Identity Integration Feature Pack 1a (KB884192)
Microsoft has released an update to Identity Integration Feature Pack 1a for Microsoft Windows Server Active Directory.
http://www.microsoft.com/downloads/details.aspx?FamilyID=bee863ec-a911-49bf-a967-c74006929c29&DisplayLang=en
Update for Microsoft Identity Integration Server 2003 SP1 (KB842531)
Microsoft has released an update to Microsoft Identity Integration Server (MIIS) 2003, Enterprise Edition.
http://www.microsoft.com/downloads/details.aspx?FamilyID=fa9dbb67-4654-4c94-b073-aa59676130af&DisplayLang=en
Service Pack 2 for Office 2003 released (27/09/2005)
http://www.microsoft.com/downloads/details.aspx?FamilyID=57e27a97-2db6-4654-9db6-ec7d5b4dd867&DisplayLang=en
Microsoft WinFX Software Development Kit for the WinFX Runtime Components September 2005 Community Technology Preview
The Microsoft WinFX® SDK contains documentation, samples, and tools designed to help you develop managed applications and libraries using WinFX, which is the set of next-generation managed APIs provided by Microsoft.
This release of the SDK includes content supporting the .NET Framework 2.0, the Windows Presentation Foundation (formerly code named "Avalon"), the Windows Communications Foundation (formerly code named "Indigo"), and the Windows Workflow Foundation (formerly code named "WinOE").
http://www.microsoft.com/downloads/details.aspx?FamilyID=c20cc6c8-1f4e-4a5c-bc79-c2fe9abe69aa&displaylang=en
Events
Announcing Microsoft ITforum 05 -- Early Bird Discount
https://www.mseventseurope.com/msitforum/05/pre/registration/default.aspx
Microsoft ITforum 05, November 15-17th in Barcelona, is Microsoft's annual infrastructure conference designed to provide you with technical training, information and community resources to plan, deploy and manage the secure connected business. The conference is based on Microsoft's full range of products that are currently shipping or scheduled for release in the near future.
This year we are giving you three full days of intense briefings on virtually every aspect of planning, deploying and managing your Microsoft enabled infrastructure.
Microsoft ITforum 05 offers over 325 unique breakout, learning, and interactive sessions including Hands-on Labs, Chalk-&-Talks and Panel Discussions. Attendees can explore the latest and soon-to-be launched Microsoft products; engage with outstanding speakers, network with their European peers, delve deeper with Microsoft partners and get questions answered by Microsoft experts.
Early Bird Registration closes on the 7th October - if you register before this date - you will save 400 Euros: to find out more or to register at http://www.mseventseurope.com/msitforum/05/pre/content/default.aspx
13 October, Reading: TechNet Briefing: Microsoft Virtual Server 2005 and Virtual PC 2004 - Live and uncut!
This interactive evening session will drill into the capabilities and scenarios around using Microsoft Virtualisation products to solve real-world problems. Virtual Server 2005 and Virtual PC 2004, share many common elements. This session will examine the architecture, core functionality and capabilities of both products and explain the key differences. We will discuss where the future direction of virtualisation is heading with an overview of the forthcoming changes in Virtual Server 2005 Service Pack 1 and Windows Virtualisation.
https://msevents-eu.microsoft.com/cui/EventDetail.aspx?culture=en-GB&eventid=118761582
3 November, Reading: TechNet Briefing: Active Directory Fundamentals and Administration
In this session we will cover some of the basic concepts of the Active Directory. We will look at what a directory service is and the benefits Active Directory offers, the logical concepts as they relate to Domain, Trees and Forests. As well as the physical concepts of Domain Controllers and Sites. We will also explain the relationship between the Active Directory and the Domain Naming Service.
https://msevents-eu.microsoft.com/cui/EventDetail.aspx?culture=en-GB&eventid=118761592
KB's
Microsoft Windows Server
Microsoft Windows XP Pro
Microsoft Operations Manager 2005
Hotfixes
Spooler Failure Causes High CPU Usage in the Winlogon.exe and Spoolsv.exe Processes on a Windows 2000 Terminal Server
http://support.microsoft.com/?kbid=822834&SD=tech
Access violation in Spoolsv.exe may occur when you print from a custom application on a Windows 2000-based computer
http://support.microsoft.com/?kbid=837841&SD=tech
Internet
News
Survey Results Show Fortune 1000 Chooses IIS
June 1, 2005: A new survey of the 2005 Fortune 1000 Web sites shows that Microsoft's Internet Information Services (IIS), ASP.NET, and ASP serve the majority of leading U.S. corporate sites.
http://www.port80software.com/about/press/060105
Update Your Server-Gated Cryptography Configuration
On July 16, 2004, a Microsoft cross-certificate issued to thawte to enable thawte's Server-Gated Cryptography (SGC) capability expired. If your Web site uses an SGC certificate issued by thawte, read the Knowledge Base article to find out what you need to do.
http://support.microsoft.com/default.aspx?scid=kb;en-us;875450
Protect Against Exploit Code Related to Security Bulletin MS04-011
There is code available that can exploit issues addressed in the Microsoft security updates of April 13, 2004. Find out if your system is at risk and how you can protect it.
http://www.microsoft.com/security/incident/pctdisable.mspx
Action: Update VeriSign Web Server Certificates for IIS
VeriSign's 128-bit Global Server Intermediate Root certification authority certificate for Microsoft Internet Information Services (IIS) and other Web servers expired on January 7, 2004. Update your servers' certificates to prevent error messages.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;834438
ASP.NET Resources for IIS
Visit the ASP.NET Web site and check out the featured tools, blogs, webcasts, and other resources for IIS.
http://www.asp.net/Default.aspx?tabindex=10&tabid=48
Documents
IIS Documentation Home
Links to IIS 6 documentation, plus many more technical resources for IIS.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/default.mspx
Windows Server 2003 Deployment Kit: IIS 6.0
Step-by-step prescriptive guidance on preparing, deploying and managing Windows Server 2003 for IIS 6.0-based applications.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F31A5FD5-03DB-46D2-9F34-
Deploying and Configuring IIS 6.0 with NAS
This whitepaper provides all of the details you need to configure and secure web content on remote file shares, including Windows-based file servers and NAS devices.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/deploy/confeat/RemStorg.asp
A Look at IIS 5.1 in Windows XP Professional
Brett Hill compares and contrasts IIS 5.1 and 5.0.
http://www.microsoft.com/windowsserver2003/community/articles/art_iis5inxp.mspx
Backup and Restore of the IIS Metabase
Chris Crowe describes the options for importing and exporting metabase information.
http://www.microsoft.com/windowsserver2003/community/articles/art_iismetabak.mspx
Webcasts
TechNet Webcast: Protecting Your Business from Spyware (Level 200)
Thursday, October 13, 2005
9:00 A.M.–10:30 A.M. Pacific Time
http://msevents.microsoft.com/cui/eventdetail.aspx?eventID=1032282089&Culture=en-US
TechNet Webcast: SurfControl Web Filter for ISA Server 2004: Helping You STOP Unwanted Content Risks (Level 200)
Wednesday, October 19, 2005
9:00 A.M.–10:30 A.M. Pacific Time
http://msevents.microsoft.com/cui/eventdetail.aspx?eventID=1032282030&Culture=en-US
Automate, Automate, and More: Scripting IIS 6.0
October 11, 2005—11:30 AM-1:00 PM PST
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032280619&Culture=en-US
Deciphering the Tools of the Trade: A Review of IIS Stress Testing Toolsets
October 31, 2005—11:30 AM-12:30 PM PST
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032281354&Culture=en-US
Internet Security
• Effectively Using IIS 6.0 Security
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032263354&EventCategory=5&culture=en-US&CountryCode=US
• IIS 6.0—Using FTP Security and User Isolation
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032268430&Culture=en-US
• SSL Concepts and Troubleshooting
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032268487&Culture=en-US
Authentication
• The Ins and Outs of Authentication in Internet Information Services
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032268478&Culture=en-US
• Understanding Digest and Advanced Digest Authentication in IIS 6.0
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032257463&EventCategory=5&culture=en-US&CountryCode=US
• Using Integrated Authentication in IIS
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032242063&Culture=en-US
Downloads
LogParser 2.0
Log Parser 2.0 is a powerful, versatile tool that makes it possible to run SQL-like queries against log files of almost any format and produce the desired information either on the screen, in a file of any desired format or into a SQL database.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8cde4028-e247-45be-bab9-ac851fc166a4&DisplayLang=en
ServerStats
(Note: ServerStats is a non-Microsoft download)
Serverstats is a web-based tool used to process web-server logs. The tool works with the existing Log Parser 2.x utility available from Microsoft that allows an end-user to manipulate web-server logs without the need to know or manipulate SQL queries. The complex query processing is neatly hidden behind a point-and-click interface which is user-friendly and convenient for non-technical end-users. The tool may be found at http://www.logparser.com/serverstats.zip with full accompanying source code.
http://www.logparser.com/serverstats.zip
IIS 6.0 Resource Kit Tools
The IIS 6.0 Resource Kit Tools can help you administer, secure, and manage IIS.
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
KB Articals
http://support.microsoft.com/?kbid=905423
You may notice multiple instances of Inetinfo.exe on the computer or you may receive an error message when you try to start an IIS service
http://support.microsoft.com/?kbid=905767
The ReturnAuthRequiredIfAuthUserDenied property setting does not work if the access rules include a Content Type rule in ISA Server 2004
Biztalk.
Scott Woodgate Talks About BizTalk Server 2004 & 2006
Scott Woodgate, Group Technical Product Manager for BizTalk Server talks about the evolution of BizTalk Server and how it addresses the requirements of an Enterprise Service Bus on TechTalk of TheServerSide.net.
Or maybe you prefer to listen to him. Tune in and listen to Scott talk about BizTalk Server 2006 on our very first BPI Podcast here.
Download BizTalk Server 2006 Beta 1!
http://www.microsoft.com/biztalk/evaluation/bts2006beta.mspx
With support for Visual Studio .NET 2005 and SQL Server 2000/2005 BizTalk Server is the perfect product for all your business process and integration needs. BizTalk Server 2006 simplifies management with a brand new Microsoft Management Console interface, simplified setup, MSI based deployment and proactive monitoring. In addition BizTalk Server 2006 includes enhanced Business Activity Monitoring functionality with a generic API, and support for portals. Finally BizTalk Server 2006 includes a numerous improvements to the engine and developer experience such as the ability to subscribe the suspended messages, in order messaging the flat-file schema wizard, and single click developer redeployment. Whether you are looking for so called ESB functionality of publish and subscribe messaging, or a full BPM stack including orchestration, rules and business activity monitoring check out BizTalk Server 2006.
How to Trigger a BizTalk Orchestration from SAP
Get an overview of the various processes, technologies, and tools involved in exchanging data between SAP and multiple applications, and see detailed configuration scenarios that show you step-by-step how to set up an orchestration trigger. Read the MSDN article.
SharePoint
Benefits of Deploying SharePoint Portal Server 2003
http://www.microsoft.com/office/sharepoint/prodinfo/benefits.mspx
