This might be one of the latest posts you can read about Forefront Client Security (1.0) as a new version is going to be released sometime in 2010.

However, there are companies that have to install non-beta versions of the antivirus and scenarios that are not covered by version 1 as it comes out of the box, so I thought this post might be useful.

This month, Microsoft released a couple of updates for this product (FCS from now on on this post) and will help you in this specific scenario.

The problem:

When you tried to install FCS on a Server Core computer you will get a message like this:

Microsoft Forefront Client Security -- Installation failed.
See log 'C:\Program Files\Microsoft Forefront\Client Security\Client\Logs\Client setup.log' for more information.

The updates for fixing this, just issued is presented in the article KB976669 and it is a great solution for already deployed Forefront installations because this update deploys itself via WSUS as explained in the article.

One of my customers found itself in a situation where the company needs to protect Server core computers, and want to do a fresh install of FCS. This would be typically accomplished by issuing the clientsetup /nomom switch, but in normal conditions this would give you the mentioned error.

The solution:

The solution here will come from slipstreaming (term coined by Microsoft to idealize the process of putting together a piece of software with its updates in order to get only one installation process).

Slipstreaming FCS is explained here by Craig Wiand in the Forefront Client Security Support Blog. Starting from this information I was able to slipstream the update into the FCS installation so I could make my customer protected (and happy).

Here’s what I did:

1. Downloaded the relevant fixes from catalog.update.microsoft.com, specifically this two, and put them in a folder called FFUpdate in my desktop:

2. With each of the files downloaded I extracted them by using the instructions in Craig’s article, looked something like this:

3. Once extracted, I had the MP_AMBITS.MSI file for the x86 and x64 flavors copied into the FCS installation media which I previously extracted.

4. With this updated media, I now installed the FCS software in the Server Core machine with this beautiful, and jolly result:

5. Now, following Craig’s article, it is necessary to update the installation with the latest definitions with we already downloaded and extracted (remember the other update we downloaded?). With this already extracted, the installation is made by just executing the update’s installer, in this case the 64 bits version of fcssasupdate.exe.

6. As a final step, remember you can always download the latest definitions for the Security State Assessment from the following URLs according to article KB938202:

For 32 bits FCS: http://go.microsoft.com/fwlink/?LinkId=91181

For 64 bits FCS: http://go.microsoft.com/fwlink/?LinkId=91182

Also, for the antimalware definitions themselves, you can manually get them from the resources listed in KB935934:

For 32 bits FCS: http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0x409

For 64 bits FCS: http://go.microsoft.com/fwlink/?LinkID=87341&clcid=0x409

This updates can be directly applied by executing the downloaded file directly on the server core machine.

7. Finally, and for doing a perfect installation, remember to register the exclusions you might need for processes, file extensions or paths in the corresponding registry keys:

• HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Extensions
• HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Paths
• HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes

ENJOY YOUR INSTALLATION!

Did this guy go crazy?

No, I just wanted to bring your heads up… But looking on Bing (or other search engine) you’ll find people who thinks that some Microsoft executives or even the company itself is “evil”.

By the way, my position has always been that evil does not need a company, or an executive to do its work, so I definitely consider that these people are wrong.

The title in this post came because one of my fellows at EAFIT University when I was studying almost (yikes!) 15 years ago, brought once one of these conversations. The guy insisted that building a money producing machine such as Microsoft could only be feasible by joining evil forces to achieve that result… Just in case, he would only develop software with Java, any Turbo-something language or C++… well… at least until Microsoft released Visual C++.

How does this fit in this kind of blog?

Today, the European Commission finally brought to an end (YES, FINALLY!) the almost-never-ending story about Microsoft supposedly having an unfair advantage on the market with its products, specially the browser.

The EC accepted the proposals made by Microsoft that (after reading the full documents posted in PressPass, the official Microsoft source for press releases I can review in this big titles:

1. Windows users in Europe will have to make a choice about which browsers they want to run in their Windows system (XP, Vista, 7)

2. This will be a process led by Windows Update and will be in place for the duration of the agreement.

3. Users will have documentation available to make Internet Explorer unavailable in Windows 7 if they don’t want it.

4. PC manufacturers will be able to provide the browser they consider convenient with Windows installations on their machines.

5. Documentation will be available on the Internet to allow developers to build software to interoperate with Microsoft technologies (file formats, protocols, and so on)

6. Microsoft will not take legal actions against any open source developer that uses this documentation to build products as long as they comply with the –logical- statements specified.

You can read it all in the link provided… it is an (almost) unbelievable position from Microsoft and I really think this will enhance the industry’s capabilities from now on.

Why?

Well, currently, every software developer has to deal with tricks to make its software run the way they want in Windows, building libraries, and pieces of code that create functionality that is already built on the operating system. Now, with the d… (ahem), with Microsoft sharing out all this information, developers will not need this anymore, they will (hopefully) concentrate on capitalize all this interfaces and techniques published to create really innovative and competitive software that will finally be made available to the vast majority of PC users – those who use Windows-.

Also, more benefits will come. This will allow companies to compete in equal conditions when making software for the Microsoft platforms. If I were a software developer, and had this chance of choosing a platform to develop my products for, I surely will decide the one with the most users, so my market size is bigger.

So now the time has come, if you want to make better software for the bigger platform, you better take a look at this information and use it at your best (or, for those who think that way, work with the devil ).

So… what’s next?

Most of the documentation for interoperability is already published in the form of MSDN articles (you can actually search in MSDN.com for interoperability topics and directly for the technology you want to interoperate with).

The “browser ballot”, as the press has called the mechanism to allow the users to choose browsers will be available in the next weeks, according to the agreement published in PressPass.

Of course… the Windows 7 E version about what I wrote several posts ago will not appear (in case you didn’t notice)

A note to my fellow readers… I’ve been kind of busy lately and my blog has slowed down a bit… I promise I will write more frequently… thanks for your comments.

During more than 15 years implementing different Microsoft messaging systems a common question appears in most of my customers: Is there a set of recommendations for the good usage of mail in my organization?

I’ve found sometimes some of such documents on the Internet, but sadly, they are not generic or sometimes they contain information pertaining to other systems in the company (not only e-mail)

I have decided to write this blog post in the simplest language possible in order to help people find such a guidance in a clear and safe way. The recommendations in this blog post are taken from different publicly articles, books and documents available on the Internet.

Please post comments if you have other suggestions or best practices so we can together make a really good set of practices on e-mail.

Note that I will be posting here tips for end-users. Tips for administrators or operators might be more platform-specific and I’m writing another post on Exchange specific tips.

Tip No. 1: Use e-mail to manage your life, don’t let it BE your life.

Many people spend lots of time of their day in e-mail. Reading, composing, forwarding, deleting, organizing. Don’t let it be the center of your life. If a matter is important, consider meeting the people, if not personally, via web collaboration, instant messaging or other tools. This will let them share more with you and make you give more attention to the social part of life. This will indeed, reduce the amount of messages sent and you will have more time for other activities.

Tip No. 2: Express yourself politely and correctly in e-mail.

E-mail communication is like any other a way to express what you mean. The problem with e-mail is that it is not immediate, this is, it does not give you instant feedback of the effect of what you’ve said. It is more like publishing a book, you might never know the real opinion about it until it hits the bookstores. Emphasis techniques should be used carefully. These techniques can lose its effect if used in an exaggerated manner. They include CAPITALIZATION (which is considered almost like yelling if used extensively), underlining, italicizing or using bold, colors, sizes or different fonts or other effects. Also take care with orthography and syntax which is at least as important as using the right words to address the right people. Most e-mail applications include dictionaries that can help you express yourself as a pro.

Tip No. 3: Save bits, they’re almost inexpensive, but they take TIME.

One of the biggest benefits of e-mail is that it is almost free. Let’s do an exercise: If you read 15 e-mails about a topic that is happening in an e-mail discussion, you can clearly count how many of those e-mails were useful and brought new or important information and how many of them included nonsense answers such as “+1”, “me too”, “ditto”. All these e-mails end up generally in the recycle bin (being deleted anyway) AFTER having being read and processed by the recipient, consuming (the sum of all of them) an important amount of time. So consider this when replying all (does everybody in that list really need to have that e-mail?) or before sending short “answers” (does your answer really add up to the conversation?). All of these e-mails also use STORAGE in your e-mail account and can make you lose TIME figuring out what to delete.

Tip No. 4: Save your reputation (and password)

E-mail accounts are protected by a password. Some e-mail clients, like Outlook often integrate this password with the one that you use to log on to the network. PLEASE! When you are not at your computer, lock your session (Windows Key + L) in Windows operating systems. This will ask you for your password again and nobody will be able to send mail on your behalf from your computer. Also, DO NOT TELL your password to anybody, this includes web pages or programs that you might find in the Internet. It is known that some public accounts have been hijacked because their owners lost control of their passwords. This hijack attacks end up sending e-mail to the user’s contacts and they represent a loss of reputation for the sender (Can you imagine the impression of your boss when receiving offers for “cheap medicines” or other ”treatments” from YOUR e-mail?)

Tip No. 5: Get rid of spam and undesired mailing lists.

Many websites or software that you can download ask you for personal information such as your e-mail address in order to register you in their services. Most of those websites often include options to send you newsletters or offers. Unless you want them, do not accept this kind of offers, sometimes they can be annoying. If you receive this kind of newsletters the best you can do is unsubscribing from them via their webpage (they normally allow you to do so) or, if you don’t have their page or any other means to unsubscribe, make your anti-spam mechanisms eat up those e-mails (but remember, it is a good advice to check the junk e-mail folder to see if something important went there inadvertently).

Tip No. 6: Know your e-mail program’s features

Most e-mail software includes interesting features such as calendaring, task lists, rules, alerts, folders, personal contacts and groups and other cool things. Many of these features will help you auto-organize and survive the information overload that can come through e-mail. The best way to learn to use these tools is by using them, and maybe making some mistakes, but normally you can recover the items from the deleted items folder or you can undo what you mistakenly tried. The best advice here is: RTFM (Read the feature manual), which comes nowadays in electronic form via the help menu of every software. You’ll be amazed how quick you can learn new tricks and how they will improve your time with the software. Some software, for instance allow you to cipher or encrypt messages… use this feature when you feel that it is really important to protect the content or certify that was generated by you, otherwise you’re making other people lose time while decrypting (even though it is only a couple seconds per message).

Tip No. 7: Blind carbon copy (BCC) wizardry. Copying your boss for everything.

I’ve noticed some people always includes somebody in the BCC field for a lot of their communications. BCC can be useful in some scenarios, but beware: Many people tends to Reply all. If your “blind” recipient replies to all over one of your messages, those people that were not aware of your recipient will wonder how that e-mail got there. It has happened to me in the past with a conversation that I wanted to keep my boss informed and he got anxious to take action on the issue, I got really uncomfortable with that. Also, think the consequences before you BCC to someone, or to lists or to recipients external to your company.

Tip No. 8: Smart signatures and autotexts

E-mail programs let you create “signatures” for your e-mails, sometimes you can also create automatic texts that get attached to what you write and can get you in trouble. For instance, do not start with “Dear John” or end your mail with “Kisses” when sending mail to a potential employer (unless John is really “dear” to you!)

Also do not use a lot of stuff in all your e-mails. Different signatures can be selected for each use. Unless you want to show your academic titles and/or technical certifications to everybody it is not very well seen in some environments that you send all that in all your e-mails.

Tip No. 9: Backup, backup, backup

Most e-mail programs offer a way to do backup of your data. This can happen automatically sometimes. Configure your e-mail program (RTFM again) to do it and KNOW where your backups are. Even if your e-mail is stored in a server, remember that servers have limited storage, so make copies of all important data and try to store it in separate media from your computer (USB memories and disks are getting cheaper every day and they work great!)

Tip No. 10: Save trees

Modern monitors have very good resolution. You can really read long documents today if you count on a decent monitor and an adequate illumination in the room. Think before you print. Printing is one of the most environmental unfriendly activities that we do. If you really need a hard copy of an e-mail, try to print in the least number of pages possible. Print only once. And remember to go and get your print job from the printer (do not forget it, as it can have personal information on it).

Finally, please contribute with other tips you can figure out… Maybe 10 is not the right number, It could be 100s of tips… it depends on you, my reader!

Thanks for your comments!

This is not a premier at all so maybe the concepts around what you are about to read hear sound familiar already.

Maybe the most complex, but less perceived feature of computers is the way we interact with them. For years, a lot of people (developers, designers, and others) have spent a lot of time thinking about ways to make it easier to “communicate” with computers.

The basics are, of course (and that is why we normally don’t see it complex) the keyboard and mouse interaction. We got all so used to work with a keyboard and mouse that it looks almost “natural” for us.

But there are many people who can not use a keyboard or a mouse for different reasons, so many companies have started to create new ways to interact through the voice, the eyesight and even the finger touch. You can see it even in Windows, which allows you to “train” your computer so it obeys to your voice commands.

I remember, like 20 years ago, that I was thrilled to see the first touch screens… it was just amazing how you could “press” the screen and actually get the computer to do what the icon was meaning.

Somehow, this technology just didn’t show up enough and user interfaces never really evolved towards using it (too much easier, and cheaper to use a mouse than to implement touch screens).

Well, we are watching a new revolution: The multi-touch screen. The ability to “click” several things at the same time escapes the capabilities of the traditional mouse, and it doesn’t seem to be any practical device that enables that capability in the way multi-touch screens does it.

Multi-touch is getting increasingly interesting for people. The first real commercial multi-touch screens were brought in by Apple, with their iPod Touch and were quickly followed on by many cell phone manufacturers (including the same Apple, which basically reinvented their business around their multi-touch devices).

It is so big the excitement that multi-touch brings to the party that the race is coming now to get it into PCs. Windows 7, which is about to be launched this October 22nd will support multi-touch monitors not just from the device driver perspective, but also from the applications perspective, and even most importantly, from a developer approach.

Windows 7 brings in the box applications such as a new version of Paint and browser and document general windows support for multi-touch so you can apply gestures to the screen and those be interpreted by the operating system and translated into actions in the application.

The basic gestures will allow the user to pan, rotate, zoom and move items around the screen but web applications such as Windows Live Maps (maps.bing.com) and others benefit also from these gestures, making it way easier to get more productivity out of this technology.

I am wondering about the real productivity impact of this in our daily computer operations, so I will be watching closely and of course, sharing in this blog my findings, some ideas, and maybe even you can help by commenting my posts.

So, be prepared, there is a lot of chances that you’ll get a multi-touch computer in your short to medium term future. Watch this video (quite old already, but very illustrative) and let me know what you think about multi-touch.

We have Windows 7 knocking to our doors. Some of my readers have been asking why I being such a fan of Microsoft technologies have not yet written technical articles about Windows 7 in my blog.

Well, call it a matter of time (I’ve been really busy with projects lately), but also I think there is very much good information in blogs already about it and anybody can just search (in Bing, of course) and will find it easily.

But the biggest hype around Windows 7 is maybe the matter of when will we have it and what will be the price to get it. And, if you followed some of my pre-blog publications, you’ll already know what the easiest way is… if you didn’t read me before, you’ll learn here:

The easiest way: Software Assurance.

Software Assurance is a program of Microsoft for companies that buy  their software licenses by volume (5 or more), I’m not getting in this article in deep but let’s say any kind of company (but the smallest) can get a discount when they buy 5 or more licenses of any Microsoft product. One of the things that you can buy along with licenses is called Software Assurance and basically is the assurance by Microsoft that you’ll get the newest version of the software you bought without paying anymore in the moment of the launch (that will cover you against buying new versions during a period of several years after your original purchase and will give you some other benefits…. I promise I will provide a link to those benefits later)

So, if you buy now Windows (Vista) licenses and put Software Assurance on top of it you’ll be granted you get the right to run Windows 7 on it’s general availability (worldwide) on October 22, 2009.

The traditional: The promo for new PCs.

As with every Windows version so far I can remember, when the new version is about to be launched, Microsoft announces some kind of “upgrade right” for people that buys a new PC with Windows some weeks before the launch.

As the launch is still due, they cannot get the new version preinstalled, but if they get the offer, they will have the right to install the new software in the moment Microsoft launches it. So that moment is coming VERY soon.

Microsoft announced TODAY (some hours before I write this) details about this offer in the Windows product group blog (http://windowsteamblog.com/blogs/windows7/archive/2009/06/25/announcing-the-windows-7-upgrade-option-program-amp-windows-7-pricing-bring-on-ga.aspx). Most of the cool information I’m putting in this post will come from that blog but I think I can get the picture clearer for my readers if I write it in my style instead of just putting the link.

OK, starting TOMORROW (June 26, 2009) you can buy a new PC with Windows (normally you will get Windows Vista on top of that) and that will get you the right to upgrade it to Windows 7 starting on October 22nd. This time Microsoft has put it even clearer than in previous launches as the announcement clearly states that it is valid for SOME OEMs (computer manufacturers) and SOME qualified models. This is presumably because not every computer is able to run Windows 7 or the manufacturer can decide not to support it’s hardware on Windows 7.

So… if you need a new PC… you can buy now (well, not now… but tomorrow) and you’ll enjoy Windows 7 starting October 22nd (you’ll get Windows 7 FOR FREE on that date). This can be done until January 31st, 2010.

The discount: New pricing for Windows licenses

In the same announcement, Microsoft has revealed the prices for the new Windows 7 editions, which are slightly lower than the current prices for Vista. (Prices revealed are for U.S. retail prices, so they are not so important in a worldwide blog, but they are a nice indication).

The discounts are around $10 and $40 over the current professional and home premium editions respectively. The corporate editions prices will remain the same.

The smartest: Buy and save big

Well, starting TOMORROW (June 26, 2009) in the U.S., Canada and Japan, people will be able to buy a license (actually, up to three per person) at a discount of more than 50% over the price that it will hit the stores in October 22nd. This offer will run in the first two countries until July 11th and in Japan until July 5th.

The same offer will run in some european countries (U.K., France and Germany) starting July 15th and will end in August 14th.

Click here for more information about this

Under this promotion, Home Premium edition in the U.S. will sell for only $49.99 and Professional edition for $99.99.

There’s still no announcement about this promotion for other countries and markets.

The free trial: Use the Release Candidate

The Release Candidate version of Windows 7 (the test version just before the final) is free to download in the Microsoft web page. You can use it until mid-2010. So, what are you expecting? TRY IT! ENJOY IT!.

So now, you’re warned… don’t miss this one!

I can now ask you…

And you still don’t run Windows 7? What’s your excuse?

I'm not going into politics here (and remember that I am no official voice from Microsoft), I just want to give a message to Windows followers in Europe. As many of you already know, the European Commission has decided that distributing Internet Explorer does not allow for fair competition from other companies that make internet browsers.

According to this position, Microsoft has announced that the Windows 7 version distributed in the EU will NOT have Internet Explorer preinstalled, while making it possible for the user or the PC integrator to install it.

This "distro" (argh, the EU will end up making Windows appear more like Linux) will be called "Windows 7 E" and will be available at the same time as Windows 7 in all the world. However, it will be very easy to get Internet Explorer 8 into the pack as it will be distributed for free.

In the past, Microsoft made available ways for the users to install other browsers and choose the default one for the system. Apparently, this was not enough for the EC.

As I said, I did not want to get into politics here, but to my eyes this only makes harder to the end user to get the best experience in the market. This is not really a choice of browser, this is making Windows require more setup steps, what means more cost (more of your time installing things). It is simply uneven that other OSes can have their chosen browser integrated… I've not heard about any other OS developer to have to follow such regulations.

What to do then? Well, one thing is… watch your euro-commissioners… you voted for them… you should have the right to question their decisions… (now, for instance, they have gave you extra work to do with every new computer)... but we all know that won't be enough.

The right thing to do is this: When you buy a computer with Windows 7 preinstalled… make sure that you're getting Internet Explorer 8 with it… cry hard for it and don't let they fool you with any "E" specific OS… the manufacturers will have the option to give you IE preinstalled, so ask them to put it there!

The installation process will be, surely, very easy, but why do you have to install your own browser when you have the right to have the best one preinstalled? If you're not able to have your browser preinstalled, ensure that you get that PC with the CD or DVD to install it, and ensure that CD comes from Microsoft (we don't want that installing IE results now on installing a bunch of announcements in your desktop, right?)

For those fortunate that travel to other countries outside the UE, there might be another option… buy your PC in a country that sells the COMPLETE version of Windows, not a fragmented one,

In the past, a similar legal action ended up in Microsoft releasing a "N" operating system, this meaning without Windows Media Player. This version will keep being distributed as well, so if you see a Windows 7 N or a Windows 7 E, know you're buying a great product that will only be "fully functional " once you install things up for yourself.

I don't like this "linuxation" of Windows… I normally see a lot of people's computers in the field and I can clearly see them using other browsers when they want to… It is not clear enough that having a default option is anti-competitive. I wonder if next time, the EC will force Microsoft to deliver Windows without a compressed file utility, networking, or without file managing tools because somebody prefers to use other products available instead. This "do it yourself" windows would be as difficult to manage as most Linux versions and as dangerous as they are because there would be very difficult to track which attack came through which component.

As with Windows N, the future will tell us… it has a very small market share (yes, Media Player rocks) maybe in the future we'll see how people gets Windows without the "E" as they get it today without the "N", but we have the politicians happy.

As I said before.. this is MY position… Microsoft’s official position can be found in the following source:

http://microsoftontheissues.com/cs/blogs/mscorp/archive/2009/06/11/working-to-fulfill-our-legal-obligations-in-europe-for-windows-7.aspx.

This blog post, by the way, was made on a Windows 7 computer WITH Internet Explorer 8 :)

For many of you it can be known that the only option to share storage to form failover clusters INSIDE Hyper-V virtual machines is by using iSCSI technology.

For those of you that didn't know, you now know. Yes, it is possible to use iSCSI, Fiber Channel or SAS to share storage on Windows Server 2008 but, if your intention is to form a cluster of virtualized machines your options go down only to iSCSI, as Hyper-V does not support shared SAS or shared Fiber Channel.

Take into account that if yours is a corporate environment you would probably run VMs in a SAN. Most of the SANs today offer iSCSI as an option to share disks… if this is your environment, you can probably omit the rest of this post. :)

For those of us who work with virtual machines over a personal computer for learning, testing or any other tasks, it has become somewhat frustrating to learn that the old friend shared SCSI technology that was available in Virtual Server is not supported anymore.

The reason for deprecating this functionality, as explained by Microsoft is merely that shared SCSI is a technology that is less and less implemented and most probably it will be ceasing production sometime in 2010 (which is really close).

On this perspective, a solution must be found for running our "virtual clusters".

The iSCSI technology in short makes storage available over standard TCP/IP connections, being the "server" the device that offers the storage and the "client" the computer that uses it (in a client/server analogy). The two devices have to run pieces of software called an iSCSI Target (to offer the storage) and an iSCSI initiator (in the machine that will use the disks).

The iSCSI initiator is available from some years ago in Windows and it works as a service. It will allow you to select the IP address (or other ways of denomination) for the target and the credentials required to make the connection.

The iSCSI target is not a Windows service and it is not available in Windows Server 2008 (also, not in R2). Also, Microsoft does not offer any iSCSI target as a tool or downloadable file that is publicly available for these servers.

So the question continues… how can I run clusters inside virtual environments on top of Microsoft technologies?

I've seen several approaches to this. The most common is one that I don't like much: running a new virtual machine with Linux and an iSCSI target for Linux.

As I didn't like the common approach I dedicated some hours (believe me… it was not easy to find) to look for a Windows-based iSCSI target. Of course, I was looking for free or unexpensive tools as I didn't want to invest more than in a Linux VM so, after discarding several tools available which charge an expensive license I found a product from a company called KernSafe. Their product: iStorageServer (http://www.kernsafe.com/product.aspx?id=5) worked good enough for me in my environment and… voilà it can be installed even on a Windows XP computer, which I already had in my virtual environment.

But this is also about news. If you are an MSDN or TechNet Plus subscriber, you now have another option: Recently, Microsoft has launched Windows Storage Server 2008 (or WSS2008, for short). The product is the equivalent to a 2008 version of OS that's running in the award-winning NAS devices powered by Windows.

On your TechNet Plus or MSDN download page, you can now download this product and the associated iSCSI target. You'll notice that iSCSI target is available as a separate download but, don't spin your wheels to fast… it WON'T install in any other than WSS2008. An update to this: the iSCSI target WILL install in Windows 2008 server.

So now my virtual landscape looks different… I can have a small VM with WSS2008 and the iSCSI Target as my "SAN" with VHDs hanging from there and all my server VMs consume disk from this WSS through their in-box iSCSI initiator.

Now, you probably might have ideas to share or comments on this configuration… PLEASE… write down some comments in this page so we can improve this solution.

I'm not going to detail the procedures I followed to install this… you can read José Barreto's blog with very good step by step instructions: http://blogs.technet.com/josebda/archive/2009/02/02/step-by-step-using-the-microsoft-iscsi-software-target-with-hyper-v-standalone-full-vhd.aspx. He covers also the configuration of the iSCSI Target here: http://blogs.technet.com/josebda/archive/2007/12/18/configuring-the-microsoft-iscsi-software-target.aspx

Thanks for keeping reading.

For some months now, I've been warning my friends about clicking links in messenger notes dropped in their computers. If you use Windows Live Messenger or any other major instant messaging software (yes! Even Gmail or Yahoo messenger can be affected).

How does this work? Well, so far, after reading many websites and possible solutions, running some security programs and talking to several people, my take is that these persons that are sending (inadvertently) spam via messenger are not conscious about it.

The final solution I've been giving to my fellow friends that get "infected" is to change their password. For those of you not very close to the Windows Live "internals", this account is the same for Messenger, Hotmail, Spaces and all of the Windows Live services.

The current attack starts to send messages informing you of promotions, nice photos, vacation plans or can even be very tricky on the content of the messages, aiming to a technique called "social engineering", where the attacker tries to get victims by fooling them to give him legitimate information.

I'm still not sure what happened today, or how it happened to me, but around noon, my messenger closed and when I logged in again, my picture and text were lost.

Unbeknownst of me, I was being attacked by this "thing" (I'm not sure how to call it). As I recommend to my fellow friends, I proceeded to change immediately my Windows Live ID's password (going into Hotmail, or home.live.com and clicking Options) and it seems that the problem is solved.

Now… how could I get hacked if I'm so cautious about using my personal data on the Internet? I was handling several theories about the attacks my friends were suffering:

1. They followed one of the links they received and installed some kind of malware that took their passwords
2. They installed an "add-on" to messenger (there are plenty of them offering to show you who blocked you out of their contacts lists) and it resulted to be a trojan.
3. They installed a messenger replacement for any reason and that program let their passwords vulnerable.
4. They used their credentials in a public computer that might have had the infection, making their accounts vulnerable.

What is funny in every case is that after checking thoroughly my friends' computers I could not find any clue of any virus infection, so options 1 and 2 seemed less probable.

Anyway, the result is annoying… several months ago, it only sent messages which the recipient could easily ignore, but now it is even making noises and sending nudges or buzzes with the messages, making the spam even more noticeable.

In my case, it seems to be option 3. But it was not MY computer what got attacked.

In my mobile phone I use an application called Fring. I've been a long time user of this app because it allows me to congregate my Windows Live Messenger, Gtalk, Skype , Facebook, my SIP phone and other contacts in only one program allowing me to chat and call them as if it were with the original apps. My stake so far is that the software is not doing a good job in protecting my passwords, so it might be time to switch to a different replacement for these systems in my mobile phone. Anyway, I reported the fact to them, let's see what they tell me.

Keep in mind the four points I depicted here… don't do the fool and let your privacy be in the wrong hands!

(The image in this post was taken from http://www.newport-refugees.org.uk/activities/Safe%20-%20A%20Haven%20for%20World%20Music.jpg)

Most people will say YES… I still run Windows XP, mostly this has a very common reason… "I tried Vista and it didn't work as I expected". Some others still run Office XP!

Well, yes, somehow, Microsoft managed to make a bad impression with Windows Vista. Nevertheless, many people has not even tried it and just follow the flow and say NAH!

OK, call me fortunate, but I've been running Windows Vista since it was launched. I used to work for a Microsoft partner and my role then and I didn't have the latest hardware, however I had an average laptop by then. Vista ran smoothly and I became one of it's defenders.

I've been informally asking people about why they hate Vista, and it is funny to see many answers so confusing that I'm sure now that those people are not quite sure about reasons for not running it. Even companies are buying new powerful machines and not taking advantage of their full potential because they are sticking to a 7 year old software. Now I wonder… was it that good?

Well here comes the news: Microsoft is ending mainstream support for Windows XP on April 14 (yes, in just 10 days) and it is also happening to Office XP (A.K.A. Office 2002). But what exactly does this mean?

Well, Microsoft supports its business software for 10 years divided in two phases. First, a period of 5 years from its market release, called "mainstream" support, where licensed customers can ask for changes, security updates, other non-security hotfixes, free support (based on promotions and licensing agreements).

After the first 5 years, the business products (this does not happen for consumer products such as games), start their "Extended support" phase, where Microsoft only will deliver updates related to security and paid support (other non-security fixes can be made under a special contract that has to be signed up to 90 days after the product starting this phase)

All of this is clearly explained in this page: Product Lifecycle Support Policy

Well, take care then… if you run XP, give a try to Windows Vista and Office 2007… you'll find that it is not that bad. If you still want to run XP, take a careful look… will you need support? What kind of support? Do you really need to take the risk or isn't it a risk for you at all?

You're on time!

No, you don't have to be prepared to enjoy making treats to your friends and family (in some English-speaking countries this is the way they celebrate the Fool's Day).

I'm talking about preparedness about the upcoming explosion of the Conficker.D virus, (yes, or Downadup.C or other names). This is maybe the most hard-to-kill computer virus in history so far.

For those of you, my fellow readers, that are technical enough, I want to explain why this variant of the virus is so dangerous. Those of you that are not so technical… you can skip a couple paragraphs and understand it…

Conficker.D has two ways of infection: Direct connections to other infected machines (yes, a P2P mechanism) and connections through the Internet to different domains. In the previous incarnations of the virus, it uses some more basic algorithms, but this version randomly selects 500 domains out of a set of 50,000 where it can get the infection and additional malware, making it hard to stop.

The virus version D will do it on April 1st and so. The risk is enormous if you think about the possibilities of DoS and other scenarios that it could make happen, however, the statistics about infection with this variant of the virus are not precisely cause of alarm. (There are however big numbers of infection with the previous variants, according to several blogs accounting for 10 million Internet-connected infected machines)

How do I get protected?

First: Update. It is very advisable to update your security software (antivirus, antispyware, and so on) on a frequent basis. This means at least daily. Also, your operating system and applications should be updated (In this particular case, the virus propagates itself mainly by exploiting a vulnerability in Windows which was covered with last October's updates)

Second: Use. You should use your antivirus… it sounds like a joke, but I've met lots of people (and not only home users) who disable the antivirus because they think that it lowers the performance of their computers. Normally, antivirus programs are self-configured to stop infections on the fly, update themselves and do scheduled scans of your disks, but if you disable it's functionality, it is worthless. Other people just have their antivirus installed as it came out-of-the-box. Well: most antivirus software that comes pre-installed in computers today are demonstration versions that will only work for some weeks or months… Is yours working?

Third: Do not trust. Specially if think you know something about computer security, do not install software that comes from the non-trusted sites in the Internet or from unknown sources. Try to get always to the developer's website or to the developer's defined distribution channel in order to make downloads.

Also, do not trust in weak passwords, secure ANY password you manage (shared folder passwords, account passwords and other) as the virus also transmits it's infection through folders that are published in networks with inexistent or commonly used passwords. (This also applies to other infections that can come to you via Messenger, e-mail, and other means).

Can you put it easier for me?

Yes, please UPDATE your Windows installation in http://www.update.microsoft.com, specifically with the patch mentioned in this Security Bulletin http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx. Also, UPDATE and MAKE SURE that your antivirus and security software is running before, ON, and AFTER April 1st.

Go for it! Don't let it become the owner of your computer!

 &

One of the biggest complains coming from many of my customers when talking about Windows Vista has been the way the browser works. Indeed, Internet Explorer 7 does not feel as stable as Internet Explorer 6 did. The problem with Windows Vista is that it includes IE7 by default, giving the user no other choice than live with it or install a different browser.

I have to confess it… I installed Internet Explorer 8 in its beta version some months ago because I couldn't stand anymore the feeling of using Internet Explorer 7 for some things and having to resort to another browser (yes! I used Opera which is my second choice browser). IE8 was for me a refreshing experience.

The problem grows really big for companies, where IT managers face the daily challenge of giving the best service to their users. Some companies have opted to deploy browsers that are not configurable in a centralized way, making their costs higher when they need to make changes to configurations or launching new internal web applications that require such changes.

Well, fortunately, better late than never, IE8 has arrived and companies can now deploy it so they can keep the manageability of the Windows platform with one of the most frequent configured item: the browser.

There are basically three ways to deploy IE8: From scratch, with the operating system (Windows Vista), from Windows Update (the update will be coming soon) and the manual installation, being directly from the web or from some sort of media.

In this post I want to talk about the installation from scratch, and no, it is not funny to install Windows Vista and then have to install the browser. As with Windows service packs, you can include the installation of IE8 in the Windows bits (this process is called slipstreaming). This technique allows you to generate a new installation disk of Windows Vista that includes IE8 right during the install, making it transparent to whoever is installing it and leaving the installation in a more "natural" state.

How do I slipstream IE8 into Windows Vista?

The process requires some tools, but it is easy to achieve (the same steps work for Windows Server 2008):

1. An installation of the WAIK (Windows Automated Installation Kit) is needed (downloadable here). Take care to install a WAIK that works for the same architecture as your local Windows installation (x86, x64), it will allow to prepare slipstreams for both architectures if it is needed.
2. Create a folder for the whole project (called here <path>) and inside that create five folders like this:
   • <path>\mount
   • <path>\package
   • <path>\Temporary
   • <path>\OriginalOS
   • <path>\IESource

   In the last two folders, copy the original Vista DVD to OriginalOS and the download you do for IE8 in IESource

3. With this, extract the msu file corresponding to IE8 installation with the following command:

   <path>\IESource\<exe-file-for-IE8> /x: <path>\IESource

   Then, expand the downloaded IE to the package folder. The command to do this should look like the following:

   expand <path>\IESource\<msu-file-for-IE8> -F:* <path>\package

4. Expand the Windows Vista image you want to work on: Once the content is expanded, it is necessary to mount the Vista image. For that we will use the tool IMAGEX, included in the WAIK. Take into account that as the IMAGEX executable might not be in the path, it is advisable to include the full path when issuing this command:

   <WAIKpath>\imagex.exe /mountrw <path>\OriginalOS\sources\install.wim <#> <path>\mount

   The <#> parameter in this command would be the image number that corresponds to the Vista version you want to put the IE into (remember that the Vista DVD includes all the Vista SKUs in the same media).

5. Change the attribute for the "Offline Web Pages" folder: attrib -R "<path>\mount\Windows\Offline Web Pages" (this is only needed if working with a Vista DVD with no service packs applied)
6. Next, the actual slipstreaming. Note that this command needs you to use also the full path for the WAIK, because it uses one of its executables, which is not normally on the path (take care also to include the right xml file, I've included here the file for x86 as an example):

   <WAIKpath>\pkgmgr.exe /n:<path>\package\Windows6.0-KB944036-x86.xml" /o:”<path>\mount;<path>\mount\windows” /s:<path>\Temporary /l:<path>\slipstr.log

   The process will leave a log file in the project folder called slipstr.log so it can be diagnosed (just in case). It all went OK if the text "exit code 0x00" shows up at the end of the file.

7. If the attribute in step 5 was changed, do not forget to change it back to the original attrib +R "<path>\mount\Windows\Offline Web Pages"
8. Now, package again the Vista image, which will now include IE8 instead of IE7:

   imagex /commit /unmount <path>\mount

   Now we have a folder with a Vista source ready to install. We can now use it to deploy directly with the preferred deployment method for the operating system.

Hi everybody. Today at 9 a.m. (an hour ago) PST Microsoft delivered to the web the final version of Internet Explorer 8.

I'm not going to dig into the details of it, better than that, I'm going to give you several pointers to key information about it:

To download / main portal: www.microsoft.com/ie8

To get add-ons: http://ieaddons.com

The Internet Explorer 8 tour: http://www.microsoft.com/windows/internet-explorer/windows/internet-explorer/tour/default.aspx

Cool videos about what you can do now with it: http://www.microsoft.com/windows/internet-explorer/videos.aspx

Downloads in different languages: http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

Information for companies (GPOs, deployment tools, and so on): http://www.microsoft.com/windows/internet-explorer/enterprise.aspx

Information for developers: http://msdn.microsoft.com/ie

Information for IT professionals: http://technet.microsoft.com/ie

Enjoy the release:

"Making the web even better… Faster, Easier, Safer"

You might or might not know already what the Product Use Rights are. Anyway, I'm going to explain it very easily so you might not need any further explanation .

When you buy Microsoft licensing in a volume program (i.e. Select, Enterprise ) you're bound to the terms of the license that are specified in your license agreement (a legal contract between you and Microsoft). One of the appendices of this document is the current PUR (or Product Use Rights).

The PUR is a document that defines the specific products that you might or might not use when you purchase a license of a Microsoft product. This document is updated quarterly to reflect the possible changes in licensing and the new products that might be launched around the document's date.

So, if you have a volume licensing agreement, and you need to check what you can (or can't) do with your licenses, or how you must license the client software for a specific server and so on, you can then check the latest PUR and see how the product is licensed.

Traditionally, the PUR were available for download form the http://licensing.microsoft.com website, which is the official page printed out in the licensing agreements to download the PUR. From there, you jump to www.microsoftvolumelicensing.com, where you can download the quarterly PUR.

However, the PUR document is long and for many people is complex, so Microsoft has recently made available in the same page an option to generate customized PUR documents. This page allows the user to generate a version of the PUR specific for the product group or product that might be of interest and gives the option to download it as a Word file or just check it out as a web page for simpler reading.

This is one big step in making licensing clearer for the rest of us who are not in the daily sales cycle!

There seems to be a new version of the iPhone software for this summer out in the stores (http://news.cnet.com/8301-13579_3-10198292-37.html). The good news is that it's going to be free for those who afforded buying an expensive touch phone with half the functionality that other models carry out of the box. (If you're an iPod Touch you can have the same software, but prepare to pay for it!)

However, some features will still be missing in the release, unless a new generation hardware is also launched:

The new iPhone software includes a GPS software called Core Location. Still no real GPS receiver included, so you'll keep depending on your mobile operator antennas to know where you are… no way to use it when you travel to places in the world where you don't have coverage.

Nothing is mentioned (yet) about the low resolution camera in the iPhone hardware. Most mobile phones nowadays bring at least a 3 megapixel camera built-in. Okay, the current device gives nice pictures, but will never be a replacement to a digital camera with the current resolution.

And what about FM radio? Now you'll need to buy a "dongle" to receive radio! I remember clearly that the phone I had THREE years ago had it integrated (no more comments on that piece of... hardware!)

Among the "new" features are cut and paste and an on-screen keyboard in landscape mode, along with a procedure that requires multiple taps to bring up a menu so you define to the system if you want to copy, paste or cut and some more taps to actually do it. (Somehow, they are still well known for their ease of use!)

I am surprised that there was no mention about the availability of the technology that Apple licensed from Microsoft which would enable iPhones to use Exchange ActiveSync to really enter the enterprise landscape by making it able to talk to Exchange Server.

I know my fellow friends who bought iPhones will hate me for this post, but I honestly keep considering that the investment they did is not really worth it if they meant to have a top phone. The mobile world is going towards integrating more devices in your hand. I sincerely think that Apple should change the devices of their faithful customers for a new device that really competes with the latest phones in the market. And that hardware upgrade should be for free! (People's already paying LOTS of money to their mobile operators and they are bound to expensive plans that should cover these costs!).

On my side, I will stick to what I have and wait to see what Microsoft will bring on Windows Mobile 6.5 (which at least I know I will be surely be able to copy and paste my information)

This will sound funny, but in this blog, even being in TechNet, will not only talk about technical issues, even though most of it will be technical, I will sometimes be touching other topics, such as licensing, end-user tools, discussing news around technology and other topics.

I would like to start today saying thank you! I have to thank a lot of people, but mainly I have to thank Microsoft customers, who have inspired me to start this during so many years of support, design, implementation of Microsoft technologies and so many challenges and learning in the different areas where I have performed: Infrastructure, networking, project management (which is really about people management!), sales and even Microsoft licensing advisory. I have to thank also to the companies that opened me the door to be their consultant, reseller, partner and/or customer. Thank you for helping me learn and I hope this posts will somehow help you do better your daily computing tasks.

Because this is all about it… I want to make a blog that is useful for daily tasks (yes, yes, depending on whose task is it, will become daily or not, but I would like to help someone everyday with my posts). So this will not be, as some blogs you might find in TechNet , a specific technology blog… I hope this could be a resourceful link for many tasks.

Well, what happens with what I publish here? Of course it can be cited, as you can with anything you see on the Internet, but please mention where you read it, obviously citing the URL to the blog. Anyway… you'll find I most probably will not publish breaking news here, but tested tools, techniques and nice tricks for making your life easier in computing.

Sometimes I might post here information about tools or topics that are not controlled by Microsoft, so understand that everything might be covered under copyrights, licenses or patents and you must verify your rights to use this content before you do.

So, after this long introduction, let's start to blog! Welcome again and please postback, forward and comment anything you like (or dislike)… let's make this blog more useful everyday!

Mauricio

A post-data:

Technology mostly happens first in English... that's why I write here in English... most of the content will be also translated and posted to my other blog (in Spanish) between one and three days after at http://blogs.technet.com/TTBC-SPA

Enjoy your reading!