I’m sitting here at work at 7:30 p.m. on a Thursday along with Philippe, one of the guys I work with. He’s over glued to his laptop there running SQL queries and doing randomly crazy, scary-smart developer stuff like writing WinForms apps to parse and munge huge datasets and other stuff I really only pretend to understand. Good to have the brainiacs around, let me tell ya!

Anyhow, I asked him what he thinks I should blog about. You see, I’ve not been as prolific recently in the writing department and have been a bit short on ideas, so was fishing for topics. He says – now get this one – it’s not his job to think for me. Hehehehe… Nice one. Actually, I was looking at more as thinking for himself and sharing some topic ideas with me, but hey whatever. Heh.

Then I realized – he hasn’t posted anything to his blog in the past five and a half months. And I’m asking him for writing advice? What the heck was I thinking??

The Microsoft Download Center has a new audio podcast available (MP3 and WMA formats are listed) titled "How Microsoft IT Implements Encryption Using SQL Server 2005."

Podcasts appear to be a new thing there (first one was posted on January 19th), although I am not sure the technical name of "podcast" is accurate in this case, since I don't find a RSS Subscription feed anywhere that points to the files, and that's kind of half of what makes it a podcast. If anyone can find a RSS feed for these, please let me know.

But at any rate, there's some good content there. If you're an IT pro looking for some good drive time geek out audio, click here to search for podcasts on Microsoft Downloads. I'm grabbing "Podcasts: How Microsoft Information Security Protects Critical Information Assets" for my flight to North Carolina on Monday. Between that and the Battlestar Galactica season one video, I think I'll have plenty of content to keep me busy between powerpoint deck edits.

(via Chris Pirillo)

From Mark Harrison's weblog:

All Windows SharePoint Services customers are entitled to an extended free trial of Antigen for SharePoint. This trial version will be active through June 30, 2006.

To download, simply go to www.sybari.com/wss and fill out the form.

Antigen for SharePoint allows Windows SharePoint Services users to collaborate without the risk of uploading or downloading infected documents or inappropriate content.

The simple and honest fact is that many people who have deployed WSS or SPS don't run any anti-virus software on their SharePoint implementations - and that's a huge mistake. Running plain-ol' AV on the server's file system is exactly the wrong thing to do, because all the SharePoint files are stored in the database where regular AV software can't touch them. And besides that, running real-time AV scans of a SQL database file (which is constantly changing) is a supreme resource and performance killer if there ever was one.

I've worked with Sybari's Antigen products on both SharePoint and Exchange for several years. In my book, it's the best thing in AV-Land since sliced bread. So check it out.

The new Microsoft Dynamics CRM v3.0 packages and and an early SDK version have been released to MSDN's subscriber downloads, as the product reached RTM status just recently. This new version of CRM (which stands for Customer Relationship Management) is substantially improved over previous versions. The robust features and functionality are way too many to describe here in complete detail. Suffice it to say that among other great things, highly-configurable interfaces, web-based configuration tools, business workflow (escalation and routing, yay!) and the ability to do customizations to meet business needs without any programming are all really nice to have.

The SQL Reporting Services interface is terrific and there are a large number of reports shipped right out of the box with the product. Pivot tables in Excel leverage live CRM data and can be quickly and automatically created by clicking an icon right there in the web interface, no complex connectivity configuration needed. Integration with Outlook for both the Service and Sales/Marketing components of the system are terrific. The seamless experience between Outlook and the CRM server, as well as the ability to work offline in Outlook to do your work on the road and then sync back up later is great. Being able to link emails straight to CRM cases, to schedule appointments in both CRM and Outlook and have them synced two ways, and to manage contacts in both places (among many other things) is a huge time saver. The web interface is rich and functional. For the IT staff, deployment is simple and reliable and the set of back-office tools for configuration, management and maintenance is very useful and saves time.

Here's what's been released on MSDN's Subscriber Downloads: 

• Microsoft Dynamics CRM 3.0 Professional Edition (English) - Customer relationship management (CRM) provides organizations with technologies, business applications, and best practices that help them sell, market, and service their products and services.
• Microsoft Dynamics CRM 3.0 Small Business Edition (English) - Customer relationship management (CRM) provides organizations with technologies, business applications, and best practices that help them sell, market, and service their products and services.
• Microsoft Dynamics CRM 3.0 SDK - Preliminary - The Microsoft CRM 3.0 SDK is for developers, system customizers and report writers.

The CRM v3 product launch "mantra" (and you can expect to hear more and more of this over the next few months) will sound something like "it works the way you do, the way your business does, and the way IT wants and needs it to." No secrets there, it's on the web site. And I have to agree with those catch-phrase messages - this product hits those nails on the head pretty well.

You can check out the official MS Dynamics CRM v3 data sheet here.

And if you're wondering what all this "Microsoft Dynamics" stuff is about, it's the new Business Solutions product line brand name. You can read about that here.

So negative you are. Lighten up you must.

So - Before you say Microsoft sucks one more time, just let yourself laugh at what some of its employees manage to come up with from time to time.

Case in point: YODA, the programming language

Matt Warren posted his idea to build a programming language in Yoda-like English (can't quite call it plain English, can you?).

From Matt's post:

---

 

Instead of the cryptic c-like syntax below:

 

 

public void Main(string[] args) {

   Console.WriteLine(“Hello World”);

}

 

 

We will now have eloquent YODA-like syntax:

 

 

(args of string many are they) Main is what they seek yet return they do not.

 

Brace you must

     Written it is, the Console. “Hello World”

 

 

I know it’s difficult to believe, as strange as it seems. Yet, sometime in the future, everyone will be writing software this way. Knowing this, it makes my work so much more invigorating. I can literally feel the electricity in the air around here. It’s like some queer energetic force.

 

---

Go read the comments. They're just as good.

And by the way, for the record it only takes a little looking around to find out that Matt Warren isn't 100% joker. His real job has had him working at Microsoft with a supremely talented team on LINQ, which is "a set of extensions to the .NET Framework that encompass language-integrated query, set, and transform operations. It extends C# and Visual Basic with native language syntax for queries and provides class libraries to take advantage of these capabilities." I barely understand that, but I know it lets me (well, more like those code artists around me) do some cool querying of data in XML file, relational databases, in-memory data stores, whatever - which is cool. It's kinda like SQL syntax in .NET, is what it looks like to me. Linq is short for "language-integrated query." Makes sense. It's all for the next versions of C# and VB.NET.

[via Philippe Cheng [who also taught me some mad new beginner programming skillz today], via analog data transfer by Matt Lapworth]

If you're responsible for (or just into) computer security - at a fairly involved level - check out (IN)SECURE Magazine, a PDF distribution, at http://www.insecuremag.com/.

Issue 3 is out. It's 67 pages. Serious stuff. Lots of great, practical, useful stuff.

Check it out.

In the August issue:

• Security vulnerabilities, exploits and patches
• PDA attacks: palm sized devices - PC sized threats
• Adding service signatures to Nmap
• CSO and CISO - perception vs. reality in the security kingdom
• Unified threat management: IT security's silver bullet?
• The reality of SQL injection
• 12 months of progress for the Microsoft Security Response Centre
• Interview with Michal Zalewski, security researcher
• OpenSSH for Macintosh
• Method for forensic validation of backup tapes

(via Scoble)

Microsoft has released their Windows Server Update Services (WSUS) product, which is a replacement for Software Update Services (SUS). The server solution acts as an in-house patch management and deployment solution for your networked Windows machines and core applications.

What's New in Windows Server Update Services:

• More updates for Microsoft products, in more categories (Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP, Office 2003, Microsoft SQL Server 2000, Microsoft SQL Server 2000 Desktop Engine [MSDE] 2000, and Microsoft Exchange Server 2003, with additional product support over time) 
• Ability to automatically download updates from Microsoft Update by product and type
• More language support for customers worldwide
• Maximized bandwidth efficiency through Background Intelligent Transfer Service (BITS) 2.0 (BITS 2.0 is not installed by Update Services and is available on Microsoft Update)
• Ability to target updates to specific computers and computer groups
• Ability to verify that updates are suitable for each computer before installation—a feature that runs automatically for critical and security updates
• Flexible deployment options
• Reporting capabilities
• Flexible database options
• Data migration and import/export capabilities
• Extensibility through the application programming interface (API)

This new release is ten-fold better than the old SUS product, and if you are responsible for deployingpatches reliably and verifably across your company, this is something you must at least try. It will save time, improve your comtrols, and generally help you sleep at night.

Oh - and it's free to download. Just install it on a Windows 2000 SP4 or Windows 2003 server - your existing CALs cover it.

• Info here
• Download here
• FAQ here
• Full product overview here

New to .NET? Thinking about trying the VS 2005 Express editions, but like me you're intimidated by people like Scott who make people like me look, well, cerebrally challenged?

To the rescue: The Absolute Beginner's Video Series to Visual Studio 2005 Express Editions

Thank goodness for online resources like this. The first three parts of the 16-part series are available now, and they look like a good way to learn for those of us with Adult Onset ADD and stuff... Videos for C# and VB.NET are available, along with the accompanying VS 2005 project files.

The videos make it clear that these are for people who have never programmed before, or who - like me - have not programmed in ages. From the web site:

This video series is designed specifically for individuals who are interested in learning the basics of how to create applications using Visual Basic 2005 Express Edition and Visual C# 2005 Express Edition. This includes over 10 hours of video-based instruction that walks from creating your first "Hello World" application to a fully functioning RSS Reader application. Learn how to write your first application today!!

Lesson Outline

• Lessons 1-3: Workflow, Visual Studio Express Interface (Now Available!)
• Lessons 4-7: Programming Language Basics (Coming Soon)
• Lessons 8-11: Working with Data and SQL Server 2005 Express Edition (Coming Soon)
• Lessons 12-16: Creating an RSS Reader (Coming Soon)

The Visual Studio 2005 Team System webcast series started today - and they continue all month long of particular interest to me right now is Visual Studio 2005 Team System: Enterprise-Class Version Control, which will be presented mid-month.

Probably well worth tuning in...

Microsoft has announced a large number of security webcasts that are set for April. The list here is quite long, so click to see them all, or check out the Security Webcast Calendar, which is a Word doc calendar with all the upcoming webcasts listed and linked.

There are lots of very good sessions planned. Anyone with a security responsibility or emphasis in their jobs should take a good look at these upcoming webcasts and consider viewing...

Security Webcasts are a convenient way for IT Professionals and Developers to stay technically updated on the latest Microsoft Security Guidance. These webcasts concentrate on security information and are presented by senior executives and other subject matter experts. They feature interactive technical presentations, product demonstrations, and question-and-answer sessions.

Microsoft Security Webcast Series: Upcoming & On-Demand

• For IT Executives
• For IT Professionals
• For Developers

Security Webcast Calendar

NEW: Now you can register for an on-demand webcast and choose how you would like to view the archive. Downloadable Microsoft Office System PowerPoint and .wmv files are available for most webcasts that took place Dec. 1, 2004 or later. Once you register, you will be directed to the on-demand webcast and also shortly receive a confirmation email with links to the PowerPoint and .wmv downloads.

Additional Webcast Resources

Microsoft Security Webcast Series:  Upcoming & On-Demand

Digital Blackbelt Series: Defend your code from attacks

Ongoing through May

How would your code stand up to an attack? If you are not sure, join us for the Digital Blackbelt webcast series as Developer Community Champion Joe Stagner discusses security risks, vulnerabilities, and solutions from the software developer's perspective. We will provide real-life examples and security tips and tricks that can help you gain the knowledge and techniques to become an experienced “blackbelt” in writing secure code.

Web Development: Increase the security of your applications

Ongoing through May

Increasing the security of your software is not the result of a single event. From design through development, to testing and deployment, a multi-disciplinary approach must be taken to deliver a quality software product that minimizes organizational risk. Join Dennis Hurst, Senior Consulting Engineer at SPI Dynamics, and other guest speakers as they detail knowledge that can help developers increase security around the coding of web applications. 

Security360

Third Tuesday of Every Month

Learn best practices to guide your security strategy during this monthly webcast series. Each webcast focuses on a specific security topic and includes commentary from industry experts outside of Microsoft.

Security Webcast Calendar

Security webcasts listed in an easy-to-use calendar format.

BONUS: Attend any live webcast through June and you could win a Portable Media Center. See official rules for more details.

Additional Live & On-Demand Webcast Series Available NOW:

• Ask the Security Experts
• ISA Server 2004
• Microsoft Windows XP Service Pack 2

For IT Executives

Microsoft Executive Circle Webcast: Security360 with Mike Nash: Secure E-mail, It’s More than Filtering (Level 100)

Tuesday, April 19, 2005 - 9:00 AM - 10:00 AM Pacific Time

Mike Nash, Corporate Vice President Security Business & Technology Unit, Microsoft

Reducing the amount of spam clogging e-mail systems is top-of-mind. However, e-mail security is not just about preventing unsolicited messages; it is also about protecting the digital information assets you send through e-mail. On this month's Security360, guest host Amy Roberts, director of product management in Microsoft's Security Business and Technology Unit, will discuss with industry experts the whole spectrum of e-mail security, including filtering technologies, e-mail policies and enforcement, and partner solutions. As with every Security360, this session includes a checklist of recommendations and resources, as well as a live Q&A with industry experts.

http://go.microsoft.com/fwlink/?LinkId=43965

For IT Professionals

TechNet Webcast: Implementing Exchange Server Security (Part 1 of 2): Securing Services and Messaging Protocols (Level 300)

Monday, April 04, 2005 - 1:00 PM - 2:00 PM Pacific Time

Harold Wong, TechNet Presenter, Microsoft

Securing communication over networks is essential to securing your organization from intrusions, overloads, and interruptions of many types. In this first session of a two-part series on Exchange Server Security, we describe how to deploy a more secure Exchange Server 2003 infrastructure and how to secure its server services and messaging protocols.

http://go.microsoft.com/fwlink/?LinkId=43587

TechNet Webcast: How Microsoft IT Deployed PKI Inside Microsoft (Level 300)

Tuesday, April 05, 2005 - 9:00 AM - 10:00 AM Pacific Time

Larry Talbot, Microsoft IT SECURITY TECHNOLOGIST, Microsoft

This webcast presents a detailed discussion of how Microsoft IT installed a Public Key Infrastructure, built originally with Windows 2000 Server Certificate Services, and later upgraded with Windows Server 2003, to implement a secure communications and remote authentication infrastructure. This enabled the use of S/MIME signatures and encryption, secured Web connections by using SSL or TLS, ensured the confidentiality of stored data by using EFS, ensured the confidentiality and integrity of transmitted date by using IPSec, and enabled strong network user authentication by using Smart Cards. Join this webcast to find out how you can do this - or something similar - too.

http://go.microsoft.com/fwlink/?LinkId=44148

TechNet Webcast: "Ask The IT Security Experts" Series: Building Security Training and Awareness (Level 100)

Tuesday, April 05, 2005 - 11:00 AM - 12:00 PM Pacific Time

Ben Smith, Senior Security Strategist, Microsoft

Experts often talk about the importance and need for security training, but few actually talk about how to do it. Join us for this webcast as we bring together some of the sharpest security-focused Microsoft IT professionals to provide expert answers to your questions about Building Security Training and Awareness. This webcast presents proven, and slightly unconventional, methods of training users and administrators on security. As with all of our "Ask the Experts" webcasts, there will be plenty of Q&A time for the experts to field your questions. Send your security-related questions to our panel of experts ahead of time at: itxcast@microsoft.com.

http://go.microsoft.com/fwlink/?LinkId=43974

TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 1 of 3): Overview of Internet Protocol Security (Level 300)

Wednesday, April 06, 2005 - 11:00 AM - 12:30 PM Pacific Time

John Baker, TechNet Presenter, Microsoft

Data Isolation: How can it make your IT infrastructure safer, and how do you use Group Policies and IPSec to implement it? This session is the first of a three-part series presenting the information and tasks needed to implement data isolation using Group Policies and IPSec within an organization. This first installation provides an overview of the nature of Internet Protocol Security - the challenges to secure network communication, how IPSec can help, and the various ways IPSec can be implemented to achieve different types of secure communication.

http://go.microsoft.com/fwlink/?LinkId=43592

TechNet Webcast: Windows Server 2003 SP1 Technical Overview (Level 200)

Thursday, April 07, 2005 - 9:00 AM - 10:30 AM Pacific Time

Rand Morimoto, Author, President, Convergent Computing

Windows Server 2003, the latest server operating system from Microsoft, builds upon the security, reliability, and performance improvements implemented in previous versions. Organizations need these continuing improvements as their networks develop and network usage evolves with new technologies. Organizations also need Service Pack 1 to protect themselves from an increasing variety of network and computer. Join this webcast for a technical overview of Windows Server 2003 Service Pack 1, where we will present its features, configuration tools, system security enhancements, network security enhancements, and deployment options.

http://go.microsoft.com/fwlink/?LinkId=43599

TechNet Webcast: SQL Server 2005 Series (Part 4 of 10): Securing your SQL Server (Level 200)

Monday, April 11, 2005 - 9:00 AM - 10:00 AM Pacific Time

Bryan Von Axelson, TechNet Presenter, Microsoft

Parts four and five in our series highlight the security enhancements in SQL Server 2005. Part four of this series focuses on authentication and authorization while crypto support is covered in part five. We begin with authentication, examining the Security model, endpoint-based authentication and the password policy. Then we move on to explore authorization, covering User Schema separation, module execution context, granular permission control and Catalog security.

http://go.microsoft.com/fwlink/?LinkId=42448

TechNet Webcast: Implementing Exchange Server Security (Part 2 of 2): Protecting Against Unwanted E-Mail (Level 300)

Monday, April 11, 2005 - 1:00 PM - 2:00 PM Pacific Time

Chris Avis, TechNet Presenter, Microsoft

This second session of a two-part series on Exchange Server Security describes how to increase the security of e-mail that flows through an organization's Exchange servers. We also introduce you to Exchange Server 2003 features such as Real Time Block List support and Intelligent Message Filtering, tools making it easier to reduce the amount of unwanted e-mail before it spreads through your organization.

http://go.microsoft.com/fwlink/?LinkId=43602

TechNet Webcast: How Microsoft IT Implements Trustworthy Messaging at Microsoft (Level 300)

Tuesday, April 12, 2005 - 9:00 AM - 10:00 AM Pacific Time

Grant Hogan, Microsoft IT Service Manager, Microsoft

Similar to most enterprise organizations, Microsoft shares information among its resources through e-mail and other electronic documentation. At the same time, we have a concern for the security and privacy of this data. With that in mind, Microsoft created the Trustworthy Messaging initiative to provide confidentiality for key business sensitive data sent to and from internal corporate clients without sacrificing their ability to freely share this data. Join us as we review, in detail, Microsoft IT's implementation of Trustworthy Messaging.

http://go.microsoft.com/fwlink/?LinkId=44151

TechNet Webcast: Information about Microsoft's April Security Bulletins (Level 100)

Wednesday, April 13, 2005 - 11:00 AM - 12:00 PM Pacific Time

Christopher Budd, CISM, CISSP/Security Program Manager, Microsoft

Debby Fry Wilson, Director/Security Response Marketing, Microsoft

On April 12th, Microsoft will release its monthly security bulletins. Join this webcast for a brief overview of the technical details of these April security bulletins.  This webcast will provide you the opportunity to raise your questions and concerns about the security bulletins. A majority of the session will be devoted to addressing your questions and providing answers from our security experts.

http://go.microsoft.com/fwlink/?LinkId=43750

TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 2 of 3): Understanding Network Isolation Using IPSec (Level 300)

Wednesday, April 13, 2005 - 1:00 PM - 2:00 PM Pacific Time

John Baker, TechNet Presenter, Microsoft

This session is the second of a three-part series with the information and tasks you need to implement data isolation using Group Policies and IPSec. This session shows how to use IPSec to create network isolation zones. Topics include the advantages and limitations of network isolation, where network isolation fits into a defense-in-depth scheme, and how to use Group Policies and Active Directory groups to restrict access to specific servers.

http://go.microsoft.com/fwlink/?LinkId=43606

TechNet Webcast: Maximizing Security Features within Microsoft Office Live Communications Server 2005 (Level 300)

Thursday, April 14, 2005 - 9:00 AM - 10:30 AM Pacific Time

Sean Olson, Lead Program Manager, Microsoft

This technical session describes potential security threats and their mitigations for the Microsoft Office Live Communications Server 2005 release. We will focus on the new features and challenges differentiated from Live Communications Server 2003. The ultimate goal of this presentation is to provide you with the information commonly required to satisfy a security audit of a product prior to its commercial deployment. Topics will include authentication, auditing, and security recommendations for the new Live Communications Server 2005.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032269267&Culture=en-US

TechNet Webcast: Securing the Network Perimeter with ISA Server 2004 (Level 200)

Friday, April 15, 2005 - 11:00 AM - 12:30 PM Pacific Time

Keith Combs, TechNet Presenter, Microsoft

Do you currently have an effective way to secure your network perimeter against risks introduced by the Internet, remote users, and remote network segments? Learn how Microsoft Internet Security and Acceleration (ISA) Server 2004 can help protect against all of these threats and more. This session demonstrates how ISA Server 2004 can enhance security for internal servers as well as external-facing resources such as Microsoft Exchange Server or Microsoft Internet Information Services. We will also show how ISA Server can operate as a virtual private networking server for more secure remote access to the internal network.

http://go.microsoft.com/fwlink/?LinkId=43759

TechNet Webcast: SQL Server 2005 Series (Part 5 of 10): Protecting Sensitive Data (Level 200)

Monday, April 18, 2005 - 9:00 AM - 10:00 AM Pacific Time

Bryan Von Axelson, TechNet Presenter, Microsoft

Parts four and five in our series highlight the security enhancements in SQL Server 2005. Building upon the discussion of authentication and authorization in the previous session, part five of the series covers the crypto support in SQL Server 2005. We begin with an introduction to the concepts of database encryption including encryption support, keys, certificates and key management. We show how SQL 2005 can protect sensitive data using data encryption and module signatures, and introduce sign modules, what these are and how they work.

http://go.microsoft.com/fwlink/?LinkId=42450

TechNet Webcast: Assessing Network Security (Part 1 of 2): Planning and Research (Level 200)

Monday, April 18, 2005 - 1:00 PM - 2:00 PM Pacific Time

Kai Axford, Security Specialist, Microsoft

How do you know whether your network is secure? And how do you know how to find out? This session is the first of a two-part series to help organizations plan and implement processes to identify vulnerabilities to network attacks. This first session shows how to plan your security assessment and how to gather information such that the methods and results fit your organization's needs. In this presentation we'll specifically show how to plan a security assessment and the details and processes for gathering network security information about your organization.

http://go.microsoft.com/fwlink/?LinkId=43762

TechNet Webcast: Threat Mitigation for Windows 98 and Windows NT 4.0 (Level 200)

Wednesday, April 20, 2005 - 9:00 AM - 10:30 AM Pacific Time

Harold Wong, Senior Technology Specialist, Microsoft

While migration to a newer platform is recommended, many customers have key business applications that will only run on legacy operating systems. This session offers prescriptive information and test plans for hardening legacy Windows clients and servers, with the goal of reducing the security risk factors for Windows NT and Windows 98 systems as much as possible. We also provide guidance on how to upgrade securely to newer operating systems.

http://go.microsoft.com/fwlink/?LinkId=43789

TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 3 of 3): Advanced Network Isolation Scenarios (Level 300)

Wednesday, April 20, 2005 - 11:00 AM - 12:00 PM Pacific Time

Matthew Hester, TechNet Presenter, Microsoft

This session is the final presentation of a three-part series about the information and tasks needed to implement data isolation using Group Policies and IPSec within an organization. The session describes several scenarios where you can use IPSec to enhance network security by using IPSec to create network isolation zones. This scenario-focused view of Group Policies and IPSec is based on Microsoft's prescriptive guidance.

http://go.microsoft.com/fwlink/?LinkId=43792

TechNet Webcast: Assessing Network Security (Part 2 of 2): Penetration Testing (Level 200)

Monday, April 25, 2005 - 1:00 PM - 2:00 PM Pacific Time

Kai Axford, Security Specialist, Microsoft

How do you know whether your network is secure? And how do you know how to find out? This session is the second of a two-part series on assessing network security, to help organizations plan and implement processes to identify vulnerabilities to network attacks. This second session shows how to implement penetration testing for intrusive network attacks, presents checklists that will help identify and remediate common issues, the tools and processes for scanning systems for vulnerabilities, and concludes with a case study where all these factors are put to work at a typical commercial enterprise.

http://go.microsoft.com/fwlink/?LinkId=43818

TechNet Webcast: Security Risk Management (Level 300)

Wednesday, April 27, 2005 - 9:00 AM - 10:30 AM Pacific Time

Kai Axford, Security Specialist, Microsoft

When establishing security for your network, you must take risk assessment, cost-benefit analysis, and implementation of security countermeasures into account. The Security Risk Management Guide, designed by Microsoft, can help your organization establish the ongoing process of security risk management. This 90-minute webcast presents a qualitative approach to risk management, tying in best practices from both the industry as well as the ones learned and formulated by the Microsoft internal IT Group.

http://go.microsoft.com/fwlink/?LinkId=43821

TechNet Webcast: Defense-in-Depth Against Malicious Software (Level 200)

Friday, April 29, 2005 - 11:00 AM - 12:30 PM Pacific Time

Michael Murphy, TechNet Presenter, Microsoft

Malicious software has become increasingly advanced; worms and viruses can propagate more quickly and evade detection more effectively. This session describes how a defense-in-depth approach to antivirus solution design can help protect various components of a computing infrastructure from malicious software attacks, including client computers, servers and networking devices. This webcast also covers implementing an effective outbreak control and recovery plan and identifying, containing and remedying the effects of malicious software.

http://go.microsoft.com/fwlink/?LinkId=43841

For Developers

MSDN Webcast: Practical Security for Intranet Solutions (Level 200)

Friday, April 01, 2005 - 9:00 AM - 10:30 AM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating security best practices into intranet solution development. We will provide practical guidance on how to implement security enhancements throughout intranet solutions and introduce future security improvements available to developers through Visual Studio .NET 2005 and ASP.NET 2.0.

http://go.microsoft.com/fwlink/?LinkId=43408

MSDN Webcast: Practical Security for Internet and Extranet Solutions (Level 200)

Monday, April 04, 2005 - 11:00 AM - 12:30 PM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

This session discusses strategies for incorporating security best practices into intranet solution development. Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This session provides practical guidance on how to implement security enhancements throughout intranet solutions and introduces future improvements available to developers through Visual Studio .NET 2005 and ASP .NET 2.0.

http://go.microsoft.com/fwlink/?LinkId=43832

MSDN Webcast: Implementing Security for Mobile Device Solutions (Level 200)

Friday, April 08, 2005 - 9:00 AM - 10:30 AM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Are you dealing with security issues and concerns with your Microsoft Windows Mobile-based solutions? This webcast will describe the various the security considerations for building mobile software solutions and the tools, technologies and strategies available to the mobile developer. Both traditional applications accessed through mobile devices and solutions designed specifically for mobile use can be affected. You will learn how to use the security features of the Microsoft .NET Compact Framework in conjunction with Windows Mobile-based PocketPC and Smartphone capabilities to provide more secure file storage and data access. During this 90-minute webcast will also cover how to protect mobile device communications with your application servers.

http://go.microsoft.com/fwlink/?LinkId=43585

MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 1 of 2): The SQL Injection Attack in Detail (Level 300)

Friday, April 08, 2005 - 11:00 AM - 12:30 PM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Developers the world over underestimate the seriousness of a SQL Injection Attack. In this session we will dive deep into the topic and do some live hacks to see the huge danger of SQL Injection.  We'll discuss how a Mal-Tech might find and approach your box, discover your schema, table, and field names, steal your data, corrupt your table records, add himself as an administrator, reduce your own admin rights, pollute your network, take over your mail server, shutdown your application (and hide it from your ops people), upload his own wares and OWN YOUR NETWORK. Don't miss this webcast.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267306&Culture=en-US

MSDN Webcast: Writing Secure Code (Part 1 of 2): Best Practices (Level 200)

Monday, April 11, 2005 - 11:00 AM - 12:00 PM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

Do you want to learn more about analyzing, mitigating and modeling threats? This presentation is part one of a two-part series to help experienced developers build their knowledge of secure coding best practices. Join this 60-minute webcast to learn about established threat modeling methodologies and tools and how to apply them with other best practices to minimize vulnerabilities and limit damage from attacks.

http://go.microsoft.com/fwlink/?LinkId=43835

MSDN Webcast: Assessment: Tips and Tricks for Web Application Security Testing (Level 300)

Tuesday, April 12, 2005 - 11:00 AM - 12:00 PM Pacific Time

Dennis Hurst, Senior Consulting Engineer, SPI Dynamics

Caleb Sima, Founder and CTO, SPI Dynamics

This session will demonstrate the proper technique for testing a Web application to ensure that it is properly secure. In addition, we will discuss the challenges of Web application security throughout the development life cycle, and the available methods and tools used to test the security of Web-based applications. Attend this webcast and learn how to test a Web application using a Web browser and the inherent limitations of this approach. You'll also learn what obstacles must be overcome during application testing to ensure proper security.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267633&Culture=en-US 

MSDN Webcast: Developing Applications in Windows XP Service Pack 2 (Level 200)

Friday, April 15, 2005 - 9:00 AM - 10:30 AM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

Have you installed Microsoft Windows XP Service Pack 2 (SP2) and some of your applications are not working or are not working correctly? The new security features of SP2 may affect how certain types of applications run. Join this webcast to see examples of applications that may be affected and learn how to modify them to work with Windows XP SP2. Also, learn how to configure your development environment to work successfully on Windows XP SP2.

http://go.microsoft.com/fwlink/?LinkId=43793

MSDN Webcast: Writing Secure Code (Part 2 of 2): Best Practices (Level 200)

Monday, April 18, 2005 - 11:00 AM - 12:00 PM Pacific Time

Anand Iyer, Developer Community Champion, Microsoft

Are you looking for effective strategies to defend against common security threats faced by application developers? In part two of this two-part series for experienced developers, you will continue learning more about established best practices for applying security principles throughout the development process. During the 60-minute webcast we will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and how to effectively defend against these threats.

http://go.microsoft.com/fwlink/?LinkId=44153 

MSDN Webcast: Advanced Application Development with Windows XP Service Pack 2 (Level 400)

Friday, April 22, 2005 - 9:00 AM - 10:30 AM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

With Microsoft Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of security technologies that will help improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms.  To developers these technologies will have an impact on the applications they create and the tools they use.  SP2 restricts how remote procedure calls are made across a network which may affect the operation of enterprise applications. Join this session as we discuss these interface restrictions and provide you with advanced application development techniques for SP2, including how to reduce RPC-based incompatibilities.

http://go.microsoft.com/fwlink/?LinkId=43812

MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 2 of 2): Making the Right Design Choices (Level 300)

Friday, April 22, 2005 - 11:00 AM - 12:00 PM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

After drilling down into the infamous SQL Injection attack in Part 1 of the Defending the Database, we will now address several of the questions and answers developers have concerning the database and security.  This session will cover topics such as, Secure Connections, SQL versus Windows Authentication, user versus role-based authentication, EXPs, Managed Stored Procedures, Alerts and Monitors.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267315&Culture=en-US 

MSDN Webcast: Implementing Security in the Development Lifecycle (Level 200)

Monday, April 25, 2005 - 11:00 AM - 12:30 PM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Security should be your primary concern throughout the development process. This session discusses how security can be implemented at each stage of the software development life cycle. Microsoft has created the Security Development Life Cycle to describe how to implement security best practices by adding pointed and well-defined checkpoints to the existing development life cycle. This session outlines recommended changes to the design, development, testing, verification and release phases that can reduce the number and severity of security vulnerabilities shipped to customers.

http://go.microsoft.com/fwlink/?LinkId=43816

MSDN Webcast: Remediation: Developing Secure ASP.NET Applications (Level 300)

Tuesday, April 26, 2005 - 11:00 AM - 12:00 PM Pacific Time

Dennis Hurst, Senior Consulting Engineer, SPI Dynamics

Prashant Sridharan , Lead Product Manager - VS, Microsoft

Are you looking for a way to correctly validate input easily and quickly to ensure it is secure? This webcast will show you real-life examples and demonstrate how you can do this.  Throughout the webcast we will discuss secure state management, how to apply state management across multiple applications, as well as how to setup and develop proper authorization and access control to ensure that privilege escalation defects/vulnerabilities are removed. Attend this webcast to learn advanced Web application protection techniques covering how to code login forms and other form inputs so they are immune to malicious brute force attacks.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267641&Culture=en-US 

MSDN Webcast: Practical Security for Intranet Solutions (Level 200)

Friday, April 29, 2005 - 9:00 AM - 10:30 AM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating security best practices into intranet solution development. We will provide practical guidance on how to implement security enhancements throughout intranet solutions and introduce future security improvements available to developers through Visual Studio .NET 2005 and ASP.NET 2.0.

http://go.microsoft.com/fwlink/?LinkId=43913

Additional Webcast Resources 

• ALL Upcoming Webcasts
• ALL On-Demand Webcasts
• Microsoft Business Solutions Webcasts
• Microsoft Executive Circle Webcasts
• Microsoft Office System Webcasts
• Microsoft Small Business Webcasts
• MSDN Webcasts
• MSDN Architecture Webcasts
• Security Webcasts
• TechNet Webcasts

If you've ever used Microsoft's online support knowledge base, you know how much information is available there, and how hard it can be to find information you're looking for. On top of that, how are you to know when new articles are added about the technologies that you care about?

For a few years now, I have used a free online service called KBAlertz to keep track of KB articles that are released about the Microsoft servers and apps I deal with every day. I get email notifications whenever new KB information is published in areas like Office, Exchange, SharePoint, SQL, LCS, Windows Server, Windows XP - you name it. Whatever topics you choose, you can stay informed.

There are three primary ways to get the info you want and need from KBAlertz: Browsing/searching, email and RSS feeds.

Personally, I subscribe to the site's email alerts and get them on a regular basis whenever new items that match my criteria are discovered. The digest-formatted HTML emails contain all the new articles since the last check, and are nicely formatted and easy to use.

For a few key technologies I also subscribe to feeds in my RSS reader, FeedDemon, where I can easily catalog and search through them.

For example, let's say I am interested (as I am) in keeping on top of all the latest knowledge base info about IIS 6. This web page lists the latest articles, and this  button, which you find at the top of each technology's page, let's me subscribe to the IIS 6 RSS feed for new updates.

Signing up for the email alertz is easy and it's free - just quickly create an account and start checking the boxes next to the topics you are interested in. You can choose from the whole gamut of Microsoft technologies.

The Microsoft Knowledge base is cool, and it's a great source of info. KBAlertz just makes it better.

Buried deep in a press release that mentions several announcements about various SQL Server releases and enhancements are details about an item many may find useful. Later this month Microsoft is releasing new reporting packs for SQL 2000 Reporting Services aimed at Great Plains and Internet Information Server (IIS).

The IIS one in particular catches my eye:

The Microsoft SQL Server Report Pack for IIS Logs is a set of 12 predefined report definition files that work with a sample database of information extracted from Microsoft IIS log files. The SQL Server Report Pack for IIS Logs allows users to monitor Web site statistics including visitors, page views and bandwidth for various time periods and geographic regions, to get more insight into their Web site usage. Users also can leverage the 12 sample reports as templates for designing new reports, and the database can be populated with individual data using the Log Parser included with the IIS 6.0 Resource Kit.

Cool. Not so sure about using the log parser (which, by the way, was recently updated), but I can think of a few things I would like to try to do with this one. Looking forward to the release. Links when they're available.

From Microsoft, news announcing SQL Reporting Services SP2, which will include two web parts for SharePoint 2003 that can be used for displaying reports in the SharePoint portal or site:

Along with security and product enhancements, SQL Server 2000 Reporting Services SP2 will include two SharePoint® Web Parts, which enable users to explore and view reports located on a report server through Windows® SharePoint Services or SharePoint Portal Server. The Web Parts will make it easy for customers to build business intelligence (BI) portals with SharePoint that include Reporting Services reports. This, in turn, will give their end users access to their enterprise information from one seamless interface. SP2 also will support a rich client-side report printing experience directly from Microsoft Internet Explorer, so customers can quickly print their reports by clicking on a single button.

Good move. One of SharePoint's strongest points is that it can act as a "one-stop-shop" for finding, aggregating, viewing and using information across a company or organization, usable by both individuals and groups. The more web parts are made available to do this kind of thing out of the box, the better. It should be a requirement for any Microsoft business product, I think, and other companies should follow suit.a

Joe Stagner, a Developer Community Champion at Microsoft, will be presenting a series of two webcasts per month, starting this week and running through May on the general topic of designing and writing secure applications.

Dubbed the "Digital Blackbelt Series," the webcasts will cover these topics:

Full-text indexing of files on a computer system allows the user to search for information on a computer, and for that search to extend into the files themselves. Because many computer files that contain text are actually proprietary in format, it can be difficult to "read" the content of those files. File formats need to be optimized for applications, but we need a way to get the text content out, so we can search across multiple file types to find information without having to root through files one by one.

Enter the IFilter. On Windows, IFilters are special little programs that contain the information needed to pull the text content from these proprietary files. Once you get the data out, you can work with it in a number of ways.

Now, remember that I'm not a developer, I'm a business-process guy, so keep that in mind when reading this explanation of IFilters and how they are used.

Q: What's an IFilter?

IFilters are special DLLs used by Windows applications to index the content of specific types of files. From the Microsoft Platform SDK Indexing Service document:

"The IFilter interface scans documents for text and properties (also called attributes). It extracts chunks of text from these documents, filtering out embedded formatting and retaining information about the position of the text ... IFilter provides the foundation for building higher-level applications such as document indexers and application-independent viewers."

Q: Where and when are IFilters used?

There's been some new activity in this are, likely as the result of the release of the MSN Desktop Search tool (which uses IFilters to index files) and the fact that SQL 2005 will be coming soon. IFilters can be leveraged by any application that calls them, and they are typically used to generate an index of information that users can then search through to find information. That's how the Indexing Service on your Windows desktop machine works, for example, and these other Microsoft applications use IFilter to generate their search indexes:

• MSN Desktop Search
• SharePoint Portal Server
• Windows SharePoint Services
• SQL Server 2000 and 2005
• Indexing Services

Those are not the only apps that use IFilters - but they are good representative examples.

Applications typically call the IFilter DLLs and then use them to examine the content of files stored on a computer. The information that comes from the IFilter is used to build a searchable text index that correlates to the discovered content back to its source. From there an application can allow the user to query the index.

Q: What IFilters are available?

Nothing beats a good Google search for finding the latest and greatest, but the Channel 9 wiki has a useful page listing a variety of IFilters and how to find them.

Q: How can I tell what IFilters are installed on my system?

A newer (and free) application from Citeknet called IFilter Explorer will let you see what all is installed on your computer, with more information than the average person will likely need. Developers who need to work with IFilters will find the information very useful in its detail.

If you know of other IFilter resources or facts, please comment here or post them on the Channel 9 wiki to share with others.

Nice to see the docs rolling out the door on the black-box stuff in SharePoint Portal Server. Here’s another, covering the syntax used in SharePoint Portal Server’s full-text search – Apparently it’s a preview of the what is to come in the next SDK release…

This download includes a preview of the reference documentation for Microsoft SharePointPSSearch, the SQL Syntax used for Microsoft SharePointPSSearch Full Text Search with Microsoft Office SharePoint® Portal Server 2003. Look for updates to this documentation in the Microsoft SharePoint Products and Technologies 2003 Software Development Kit (SDK).

Just a quick hit list off the top of my head this morning of things I would like to change or add to my blog app (which is dasBlog, by the way):

• Email notifications on a scheduled basis – I used to like getting an email on my blackberry when someone linked to my blog from another web site (a referrer notification), but then things took off, and I had to turn it off due to the enormous volume of email. If I could schedule an hourly or daily summary that would be sent via email, that would be great. Note that I still want to get my comment email like I do now – as soon as they are posted – so I can continue to reply via email if needed, or at least see what’s going on. I would also like to specify different email addresses for different items – like one for referrers, one for comments, etc., if I want to.
• Better statistics – dasBlog lets me see what’s been happening today (well, actually, more like today on my calendar but data available based on someone else’s time zone, which is kinda weird). It would be nice to see aggregated stats that I can sort through in whatever way I like.
• Multi-user posting support would be nice, not so much for this blog but for another one I am planning.
• SQL server option for data storage.
• Templates 100% CSS, and some of the hard-coded stuff to move out into the templates. I’d like to be able to specify what the “Comments” link says, or to be able to apply the link associated with that function to a graphic on my page (like the one next to the comments link below, for example – you can’t click the image, just the text, since I can’t seem to figure out a way in the templates to add the href to the image).
• IP logging in the event log for the user viewing the page.
• IP logging with comments in the app.

The one where I try to sound smart, but really just make a fool of myself in the process. But if I learn something new, it's all good.

I'm just a glutton for punishment, so it's not too unusual that I would attend a developers' evening conference event put on by Microsoft about development for mobile devices, regardless of (or perhaps in spite of) the fact that I am most definitely not a developer.

That said, don't use anything I write here for anything real. Don't quote me or anything. Please. This information is all wrong, I can pretty much guarantee it. This is just an attempt on my part to see how much I can learn in three hours, in an area where I easily get lost.

But I mean hey, I keep seeing these techie developer-like guys writing two lines of code at most in these sessions and how they just magically make things work, shazam!, so I figure even a guy like me should eventually be able to figure this stuff out, at least sort of. Enough to create something useless but functional, at any rate.

Because secretly I sometimes wish I was a developer. I long to make things. New things. Different things.

I just want to create.

So here I am, seeing if I can learn any of this stuff. And I am finding - as usual - that its kinda cool.

Windows Mobile development random thoughts (or maybe this is just a cheap excuse to use bulleted lists):

• Design applications assuming your app will need to rotate portrait>landscape>back again.
• Screen dimensions - be flexible here and include hi-res resources for VGA quality screens in the future (use higher res to improve quality, not so much for more real estate).
• Emulators are cool - deploy, test on a software phone or Pocket PC.
• VS.net will compile and deploy x86 executables to emulators, and ARM compliant code to the real devices. In the future the emulators will emulate ARM chip-sets.

Ok, so this dude just wrote 2 lines of code and made an app that collects a ticker symbol from the user, calls a web service and returns the current price. Two lines of code. Cool. The term code-behind probably relates to this. But I'm not a developer, so I am guessing here.

Look Mom - TWO LINES! Neat.

Idea: Have special evening sessions just for non-developers, where you teach them to develop cool simple stuff. People like me, whose brains are a little older and slower, but who desperately want to be a cool nerd (like that makes sense) and create things. Seriously. I'd go to every one of those events. No real nerds allowed, unless they are teaching (sorry to all my developer friends - I need someone to work at my pace heheh). Target guys like me, who really want to learn, the ones who spend the money. Focus on making something simple, cool and complete. Let me create something, let me feel like I understanding these guys that work for me and around me. Help me grok your world. Let me create something that works, something that when we're done is all mine and does something - hey, anything - useful.

Okay - back to the session...

Ahhhh here we go - demos. I like it when I can see something created and then working.

Tipper is a little program someone wrote that helps you figure out how much of a tip to leave. Cool, especially for foreigners who may not be accustomed to the tipping stuff.

• Windows forms and controls - I think I know what this all means... Looks like there are some controls not available in the mobile framework, which makes sense, since it's a more limited memory space and less-powerful hardware.
• Networking - looks like you don't have to understand HTTP in order to use it. Something about streaming and stuff that escapes me. Okay, it's actually way over my head, but "escapes" sounds cool.
• Data - XML or SQL Server CE for storage, depending on type, amount and size of data (SQL for bigger/more I guess). Web services for data exchange. SQL Mobile 2005 will be a cool enhancement with all kinds of new stuff like data grids and binding and stuff. Make SQL CE development easier. Not require you to use a SQL CE device to develop a database. Nice.
• XML Parsing - XmlTextReader and XmlTextWriter parse a doc, but with no in-memory caching. XmlDocument lets you parse a complete document at once and traverse it in memory.
• ADO.NET - Uhhh, yeah. Way over my head. Heh.
• Web Services - This I get. Sort of. more so than ADO.net anyhow heh... XML web services, both basic and digest authentication. SSL encryption support here, too. SOAP stuff. Clean is good, right?

More demos... A news reader that goes out and reads RSS feeds - now that's a cool one. Thom Robbins wrote this and some of the other demos. The news reader and others can even be downloaded from his blog, here.

Hmmmm Windows Mobile 2003 Second Edition. Cool - that should be interesting...

There was an interesting presentation about the future of the compact framework and Windows Mobile, and there will be positive changes in VS.NET 2005 for the new version, too. Life becomes friendlier and easier for the mobile developer.

Microsoft Location Server - lets your application find itself or other apps. Real time location information integrated with MapPoint technology. Very, very cool. Hosted by your company, not Microsoft, which is even cooler.

Ok, I am prety close to brain dead now, and I need to save a few brain cells for my trip to buy Halo at 12:01am. Cool stuff here. I have no idea what I am talking about, really, but I do feel smarter, so that's good.

Thanks to Bliz for the heads-up and invite.

The new SANS 2004 Top 20 list of critical Internet security vulnerabilities is out. It's actually two top-10 lists, one for Windows and one for UNIX:

Top Vulnerabilities to Windows Systems

W1 Web Servers & Services

W2 Workstation Service

W3 Windows Remote Access Services

W4 Microsoft SQL Server (MSSQL)

W5 Windows Authentication

W6 Web Browsers

W7 File-Sharing Applications

W8 LSAS Exposures

W9 Mail Client

W10 Instant Messaging

Top Vulnerabilities to UNIX Systems

U1 BIND Domain Name System

U2 Web Server

U3 Authentication

U4 Version Control Systems

U5 Mail Transport Service

U6 Simple Network Management Protocol (SNMP)

U7 Open Secure Sockets Layer (SSL)

U8 Misconfiguration of Enterprise Services NIS/NFS

U9 Databases

U10 Kernel

I know he didn't mean to (so I won't act all flattered or smug or anything), but Robert Scoble just sort of summed up the better part of my topic/category list for this-here-blog of mine, over on his blog...

I thought it would be interesting to compare his list of cool upcoming topics for the future to what's categorized or searchable right now on my site. So, I did just that and have added the links, below. Not a bad start, and it points out to me where I am falling shorter than I had realized in my content. Hey Robert, thanks for the copy.

“For the next 18 months, where are the business opportunities going to lie? Tablet PC. Bigtime. Windows Media Center. Gonna be a big deal. SmartPhones. Wanna watch how fast the Motorola MPX220 sells when it's released in the next few months? Xbox Live. You only need to say one number and everyone knows exactly the Xbox thing I'm talking about: "2." Visual Studio 2005. Tons of stuff coming there. MSN has a whole raft of things up their sleeves. And we haven't even started talking about BizTalk, SharePoint, Exchange, SQL Server, 64-bit Windows, SBS, CRM, LiveMeeting, and OneNote, among other things.”

It also gives me a gut-check on my existing blog categories. Here they are, with the ones that apply to this posting checked:

AudioBlogging	Blogging	Humor	IT Security
Mobile	Movies	Office 2003	OneNote
Personal Stories	Random Stuff	RSS Stuff	SharePoint
Tablet PC	Tech	Things that Suck	Windows Media Technology

Microsoft's latest version of MOM has been released to manufacturing, with retail availability slated for October 1. MOM, or Microsoft Operations Manager, is a console for administering Windows servers and applications, with tools for monitoring and analyzing performance. MOM 2005 includes an easier setup, new user interface and improved built-in security.

MOM 2005 takes the product to a whole new level. Pricing and licensing has also changed.

To enhance and extend MOM 2005 even more, there are five MOM Solution Accelerators available to streamline the way MOM works, integrates and deploys. Solution accelerators at Microsoft are generally chunks of code, tools and prescriptive info you can use to design your own custom extensions and to make their products fit more tightly into your environment:

• Notification Workflow Solution Accelerator is a Microsoft SQL Server–based Notification Services application that can be used to extend notification functionalities of MOM 2005.
• Autoticketing Solution Accelerator provides guidance for automated ticket generation, enabling the automated posting of a request (or ticket) into the Trouble Ticketing (TT) system used for incident management.
• Alert Tuning Solution Accelerator helps reduce the volume of alerts when deploying MOM 2005 management packs.
• Service Continuity Solution Accelerator helps maintain the availability of MOM 2005 service.
• Multiple Management Group Rollup Solution Accelerator allows a business to propagate data from multiple management groups into one data warehouse to create consolidated and aggregated reports.

Check out the animated demo presentation, here, for a high-level explanation of how MOM works. You can also use the MOM 2005 Online Virtual Lab to learn more about the product and how to use it to solve problems in your environment. Looking for more information? Check out the blog published by the Microsoft.com Operations Management team, which did the dog-food work with the product before it was released.

Small businesses with 10 or fewer servers to monitor should check out MOM 2005 Workgroup edition, which is priced appropriately - one flat fee of $499. Nice to see Microsoft taking the needs of the smaller business into account. My company has many more servers than that license would allow, but I know a number of people who will be able to take advantage of it.

[via betanews.com]

By way of Jonathan Hardwick, a list of webcasts scheduled covering the upcoming release of Microsoft Operations Manager 2005:

"The MOM 2005 release date is fast approaching, and they're setting up a series of webcasts for customers to learn more about it."

• Microsoft Operations Manager 2005 - Sept 2^nd, 9:30am-11:00am.
  Exploring Microsoft's new event and performance management tool for Windows Server System and beyond.
• Managing Exchange Server with Microsoft Operations Manager 2005 - Sept 7^th, 10:00am-11:30am.
  Increasing service availability and reducing email outages with MOM 2005.
• Managing SQL Server with Microsoft Operations Manager 2005 - Sept 14^th, 8:00am-9:30am.
  Increasing SQL availability and reliability with specialized knowledge and tools in MOM's SQL Management Pack.
• Monitoring your E-Business Solutions with Microsoft Operations Manager 2005 - Sept 16^th, 12:30pm-2pm.
  Using built-in knowledge in MOM 2005 to reduce downtime.
• Using Microsoft Operations Manager 2005 at Microsoft IT - Sept 21^st, 10:00am-11:30am.
  How to manage 6,000 servers across 225 worldwide sites for maximum performance and availability.
• Installing Microsoft Operations Manager 2005 from Start to Finish - Oct 5^th, 8:00am-9:30am.
  Your guide to setting up and testing MOM 2005.
• Monitoring Solutions to Extend Microsoft Operations Manager 2005 Capabilities - Oct 14^th, 9:30am-11:00am.
  Service Monitoring Solution Accelerator.
• Real Stories of Microsoft Operations Manager 2005 - Oct 19^th, 10:00am-11:30am.
  Lessons learned from our MOM 2005 early adopters.
• Monitoring Active Directory with Microsoft Operations Manager 2005 - Nov 4^th, 12:30pm-2pm.
  Using MOM 2005 to improve availability of one of your most critical services.
• Microsoft Operations Manager 2005 at MSN - Dec 1^st, 10:00am-11:30am.
  Using MOM 2005 to monitor one of the largest web portals in the world.

If you use SQL 2000 or MSDE on Windows XP, you'll want to do some research before you apply WinXP SP2.

Microsoft has provided a FAQ list that covers the bases pretty well. Excerpted from that page:

Q.  Why is Windows XP SP2 important to SQL Server customers?
A.  Windows XP SP2 will turn on the Windows Firewall by default. By turning on the Windows Firewall, computers are more resilient to attacks from worms similar to Blaster and Slammer.

Q.  How does Windows XP SP2 affect SQL Server?
A.  SQL Server will have access to the local subnet by means of file and print sharing, which will enable access to named pipes, also known as multi-protocol, that use Port 445. TCP/IP and UDP will be turned off by default. Applications that connect to a SQL Server database by means of a network will not be able to accept or make connections. This setting change helps protect the customer system by making it resilient to malicious worms that send port requests to a computer in an attempt to create a denial of service attack.

In addition, KB article 841249, "How to configure Windows XP Service Pack 2 (SP2) for use with SQL Server," includes information about manual configuration of the SP2 firewall for use with SQL server, how to script configuration administratively, and troubleshooting tips and steps. Note that users of Windows Group Policy can also configure the firewall via that method using the new ADM files (which are included in the service pack).

I've been working with SP2 configuration via Windows domain Group Policy for a while now, with the beta versions. If you have the GPO option available to you, do yourself a huge favor and take advantage of it. Same goes for Office System settings - You can quickly, easily and effectively configure and maintain all your computers in one place.

From Jonathan Hardwick's blog:

New releases: online training sessions for MOM 2005

MOM 2005 is coming out Real Soon Now - but they've already created eight 50-minute online lab sessions to introduce its features:

• Microsoft Operations Manager 2005
• Managing Active Directory with MOM 2005
• Managing Exchange with MOM 2005
• Monitoring SQL Server 2000 with Microsoft Operations Manager 2005
• Planning and Deploying Microsoft Operations Manager 2005
• Administration and Configuration of MOM 2005
• Building and extending MOM using MCF and the SDK Part 1
• Building and extending MOM using MCF and the SDK Part 2

To take a lab, go to https://microsoft.granitepillar.com/mom2005/.

Have been trolling the web for nifty SharePoint stuff and have come up with some interesting items worth looking into. I don't post nearly enough about SharePoint here (and I even have a category for it), so here goes a few nuggets of what I think is pretty cool stuff:

SPS 2003 Document library TreeView
A simple treeview renderer for document library in SharePoint 2003. Make navigation/visualization of your more complex document libraries a little more familar.

Building Custom Alert Result Channels in SharePoint Portal Server 2003
This definitely fits in the "cool" department. Toast alerts from SharePoint Portal - would be even niftier in the Messenger (MS/MSN) interface.

SQL Server Reporting Services Webparts for SharePoint
Display business data mined and munged with SQL Reporting Services on a SharePoint site/portal. Hello, biz intelligence - is that you?

Workflow Lite for SharePoint RC1
Display business data mined and munged with SQL Reporting Services on a SharePoint site/portal. Hello, biz intelligence - is that you?

Sharing Bookmarks, Wikis, and the Zen of SharePoint
Says Jonathan Hardwick: "But first you've got understand the Zen of SharePoint, which is this: it's SQL, but without the agonizing relational pain. Yup, under the hood beats good ol' SQL Server. That means SharePoint is all about lists." He also found a past article I wrote dreaming about wikis and SharePoint truly coming together. Anyone game???

New security features will be introduced in Windows XP SP2 this summer that will affect Internet Explorer and ActiveX controls, file downloads, pop-up windows, and more. As a result, depending on the types of technology you've employed on your Web site, it's possible your site won't play well with the enhanced security of SP2.

So, Microsoft has released a white paper that explains the potential problem areas and how to make sure your site will work well with the updated software. You can get the info here.

NOTE: Since SP2 is available as a pre-release download for beta testers and in a preview version, now is a good time for companies with large, important Web sites to do some controlled testing and make sure they've got any kinks worked out. People in business with IT departments should definitely check in with your IT department before you download the service pack, because it introduces a number of changes that a) may break certain functionality on your computer in the beta version, and b) are not quite ready for prime time, but are ready to be tested in a controlled environment. Your IT people will almost certainly want to put some controls around the installation of the test software, such as installing it in a lab environment or similar.

Here are a couple of links to information about Windows XP SP2 and its impact on other programs and servers:

• How to Make Your Web Site Work with Windows XP Service Pack 2
• Windows XP SP2 Information for IT Professionals on Microsoft TechNet
• FAQ: How Windows XP Service Pack 2 (SP2) Affects SQL Server and MSDE
• The New Wireless Network Setup Wizard in Windows XP Service Pack 2
• New Networking Features in Microsoft® Windows® XP Service Pack 2
• Changes to Functionality in Microsoft Windows XP Service Pack 2
• Windows XP Service Pack 2: Security Information for Developers

Now's the time to get ready, and for all those web-development businesses out there (the few that have survived) to prepare their big fast-push marketing campaign and make some extra cash this fall fixing sites for people who don't know what they have, and can't for the life of them figure out why end users are complaining about their suddenly-broken Web sites.

Microsoft has released their Solution Accelerator for Sarbanes-Oxley. While I know that's probably not the most important or exciting thing you've heard all month, it mets a need I have, and I was pleasantly surprised at what it has to offer for those who have a similar need.

The Sarbanes-Oxley Act of 2002 has to do with reporting of finance process and controls information by publicly-traded companies. They call it “corporate governance” and in a nutshell, we have Enron and Tyco to blame for this, although I must say it seems to me to be no-brainer stuff for any corporation that takes ethics seriously. So, you won't hear me complaining.

The solution accelerator that Microsoft released late Friday allows people with a Windows SharePoint Services (aka WSS, aka SharePoint 2003) server to quickly and very easily add on new functionality, and to almost instantly get up and running with a nifty new system that significantly helps organize a compliance project or effort.

I won't go into the specific (because for most people it just gets more and more boring the more you learn), but anyone who is responsible for a compliance project or for preparing an infrastructure or framework on which to run such an effort owes it to themselves to download and try the accelerator. SQL 2000 with SP3 and WSS on Windows 2003 Server are required.

The installation is so simple it's almost scary (compared to other solution accelerators it was a complete breeze). Configuration is simple and the flexibility built into your design phase is great - if you want to design your compliance project based on balance sheet structure, you can do that. By account? Fine. By process type? Your choice.

Microsoft has promised a number of solution accelerators over the course of the year. The ones they have provided so far are pretty good - it will be interesting to see what else they come up with.

Microsoft has finally come up with a web administration interface for SQL server (as pointed out to me by our trusty developer, Travis, earlier today). I have these conflicting thoughts about the product (which is not unusual for me. Oh, and since it's free, is it really a product?)

First of all, it's about time they did something like this. Having to load a copy of Enterprise manager on every PC you want to work from is more than just a slight pain. It sucks. So, on that level, great news - It does a lot of the things you would commonly do in Enterprise Manager.

On the other hand, from the perspective of security and running secure apps on a business network, I have to say that when I read this, I get a little nervous:

There are two versions of the SQL Server Web Data Administrator Tool. One runs under IIS and the other runs under a Microsoft .NET open source web server named Cassini. For more information on Cassini and source code please go to...

Oh Boy. This should be interesting. At our company, we will need to test this and have the security guys look at it before we allow it to be used - especially considering the sensitivity of the data we deal with in SQL databases.

But, for working with non-critical data in SQL databases and doing some basic database administration, it's pretty sweet stuff.

I'm not one to tout tools developers would use (since I'm not a developer myself), but it just so happens that SourceGear released a new version of it's Vault version/source control server while I am in the process of evaluating it. For those who are wondering what source- and version-control means, well you can skip this. But if you are a user of VSS or CVS or similar (especially VSS), you know what I am talking about.

SourceGear Vault is a version control system for Windows developers, with full integration into the Visual Studio.NET environment. It is implemented entirely on the .NET platform, and uses SQL Server 2000 for its repository storage.

Vault is the only version control system designed specifically to offer a seamless transition from Visual SourceSafe. SourceSafe repositories are imported with no lost data, including history.

The user interface resembles SourceSafe Explorer, and all SourceSafe features are present, including Share and Pin.

And from there the improvements become quite apparent. Face it, VSS sucks as a version/source control product for more than a couple people - It's outdated, limited in capabilities and really is doing more these days than it was ever originally intended to do.

But they can explain it better than I can, so go here and check it out. There's also a list of what's new in this version. Looks nice. I'll have to give it a try.

EDIT: Price reductions announced, and single-user edition is - get this - FREE.