Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
doing the business ...
I once worked for a 'business' manager and spent two month collating accounts data into a spreadsheet. He couldn't understand the concept of backups and stored the one copy of the file in the C:\progra~1\excell directory and was in the habit of deleting the entire directory once a week.
"they will use outside vendors to gain those skills"
What he means is when they want to appear 'managerial' they hire in a systems analyst to tell them what their own staff already know. You get the work done in spite of them. And usually better when they are out of the office.
"business analysts in business units answer to business executives, with a dotted line to the CIO"
And the PHB gets to pretend to know what he is doing to earn ten time your salary. That article is just so much self congradulatory wishfull thinking. 'Oh, for the day when us PHB don't need the IT dept'.
When they start making up bogus cod technological tets you know it's just so much hot air.
See here for a software application masquerading as Business Intelligence
Now excuse me while I go upstairs and show some idiot how to email an attachment - for the tenth time. -
Re:Is this really a problem?
Theres no reason to go download third party patch sets when you can get all the hotfixes you need in one go from Microsoft. They update the images monthly.
-
Microsoft Shared Computer Toolkit
It won't help you with your updates problem, but to cut down on the number of reinstalls, take a look at the Microsoft Shared Computer Toolkit:
http://www.microsoft.com/windowsxp/sharedaccess/de fault.mspx
Like DeepFreeze (mentioned earlier in thread) it blocks any changes made to your systems from committing to disk (they get rolled back at logout or the next reboot) unless the administrator specifically allows them. Also: Free. And designed for libraries and schools specifically. -
Those links may help
Slipstream SP2
Slipstream security updates as well
Or get updates as ISO images and burn your own CDs -
Image disk and WSUS
Well, for starters, you should be making an image installation disk for your fresh installs that incorporates (or, in MS terms - "slipstreams") what you need into it. This is especially handy if you don't have the same hardware. Check out nLite - http://www.nliteos.com/nlite.html - for more details on how easy it can be to do this. This saves hours of time. Days, if you have tons of boxes to refresh.
Next you'll need a WSUS - http://www.microsoft.com/windowsserversystem/updat eservices/default.mspx - box somewhere on your network which will take care of those monthly downloads for you and only do the heavy download lifting on one machine. You'll need to configure all your other boxes via group policy or registry hacks to point to this server instead of the mothership @ Microsoft so they can get the updates from there.
With these two steps, you'll free up bandwidth and have more time to hit the stacks! -
Is this really a problem?
There are a multitude of ways around this.
Ghost the machines, and keep your images updated every couple of months.
Make a slipstreamed CD that includes all the current updates. This is a dead-simple way to do so..
If your network were bigger, you could use WSUS to keep a local repository of all the updates, so you're just downloading them once, and the WSUS server hands them out to all your local computers. -
As opposed to...
As opposed to some other companies that are very loud about their attempts to fix their software
- Tash
Vrooommm... -
As opposed to...
As opposed to some other companies that are very loud about their attempts to fix their software
- Tash
Vrooommm... -
Re:I predict a quick death for XP after release of
"Mainstream support will end two years after the next version of this product is released. Extended support will end five years after mainstream support ends."
http://support.microsoft.com/lifecycle/?p1=3223 -
Re:What reasoning is that?
you're absolutely correct. LanMan passwords are broken into two 7-character hashes, not case sensitive) are extremely insecure and take hours to crack, while NTLM (MD4?) passwords have no maximum length and are case sensitive.
You do NOT want NTLM passwords transmitted over your network. The solution is to disable the creation, storage, and transmission of NTLM passwords entirely.
See this article for details on the crackability and security procedures:
http://support.microsoft.com/kb/q147706/ -
Re:Try learning the keyboard shortcuts....
WIN+E launches windows explorer
WIN+L locks the computer, I don't know if it will switch users in say the home edition.
WIN+P, WIN+C requires Microsoft Natural Keyboard with IntelliType software installed. The others are supported by Windows natively.
Here is a link to the Windows keyboard shorcuts:
http://support.microsoft.com/kb/126449/ -
Re:Don't allow?
Note that there's also an NT4 version of DSClient:
http://support.microsoft.com/kb/288358/
Also note that there is no DSClient for WinME, officially, though "you may be able to install Active Directory Client Extension on a Windows Me computer for testing purposes."
http://support.microsoft.com/kb/276472/ -
Re:Don't allow?
Note that there's also an NT4 version of DSClient:
http://support.microsoft.com/kb/288358/
Also note that there is no DSClient for WinME, officially, though "you may be able to install Active Directory Client Extension on a Windows Me computer for testing purposes."
http://support.microsoft.com/kb/276472/ -
Re:What reasoning is that?
You can install the Directory Sevices client http://support.microsoft.com/default.aspx?scid=kb
; en-us;Q239869 for 98 that will allow NTLM v2 authentication, and you can disable LM - not sure about Kerberos though... -
Re:The risk is not just direct
Microsoft app X+1 is now available. App Y *will not export* to app X+1 because the executable has been moved and it can't talk to the new version anyway.
Okay, so stick with Microsoft app X. Dedicate a machine to it; hardware is cheap and Virtual Machines are cheaper. But you say...
App X is no longer available in the company and we cannot buy licenses for a variety of reasons (mostly due to integration and the fact that version X and X+1 running together cause major problems).
It is extremely improbable that you have no options here. Microsoft offers downgrade rights to all volume licensed software. Contact your Microsoft reseller for more information.
If you are not a volume license customer, you should become one. Otherwise, you're either buying your software retail, which carries higher prices and you don't get volume license benefits (like downgrading, and other surprising licensing flexibility), or you're buying OEM versions, which again doesn't carry the volume license advantages.
If you are using OEM licensed software, you should also consider that the OEM license agreements are quite restrictive (they can't be transferred from machine to machine, COA requirements). Further consider that "paying for" software does not give you the right to use it anyway you see fit, you must follow the license agreement or you have no legal right to use the software.
-
Re:I predict a quick death for XP after release of
Microsoft has promised to continue to sell XP to OEMs and retail for a year post-Vista, and to system builders for two-years post-Vista. They can't wrap up support while they still sell it. They'll still be selling it (with very few takers) until Q1 2009, assuming no delays. Based on Win98 and WinME, it'll have support for 12-24 months after that. So we'll see XP supported when Blackcomb/Vienna is rolling out.
-
Re:Too late?
-
Re:Forza has this now, sort of
Forza also has the Drivatars, which are AI profiles that you train. From the website http://research.microsoft.com/mlp/forza/, "Our original goal in developing Drivatars was to create human-like computer opponents to race against."
-
802.1X attack
Actually, 802.1X (on wired ethernet) can be attacked - read this. Yes, it is on Microsoft.com, but nothing in the article is specific to Microsoft technologies.
Now, this is definitely a deliberate attack (not an innocuous vendor just plugging in their laptop to check their email) but it is possible.
(You insert a hub between a legit computer and a legit switch port. You connect your attacking computer to the same hub, configure your attacking computer to have the same MAC, wait for the legit computer to authenticate which opens the switch port and off you go, subject to some caveats as mentioned in the article.)
They recommend IPSec as it authenticates each packet. 802.1X on wireless is not subject to the same issues because there is a session that is maintained between the AP and the client. -
Mousekeys
Since use of the thumb is a big issue, I'd suggest showing her a built-in usability function that comes with windows, MouseKeys. When turned on it converts the number keys into mouse function keys (movement, single click, double click, drag, drop, etc). Now normally this is used to avoid all use of the mouse, but can be a little slow moving the cursor around. In your case thought it would allow moving the mouse with the right hand and using the left hand to do the clicking/dragging. Personally I use it a lot just because using the keyboard keys is a lot less stressful than clicking the mouse keys because you don't have to grip in order to push the buttons and there's less strain, especially when you have a lot of repeated clicking in a short period. There's of course a period of adjustment before it becomes second nature to use Mousekeys but it's a no cost, effective solution. And you can toggle it on and off just using the NUM Lock key so you still have access to the number pad for number entry.
Here is a link to Microsofts description of how to turn them on:
http://www.microsoft.com/enable/training/windowsxp /mousekeys.aspx
and a nice tutorial on what keys do what and tweaks:
http://www.disability.uiuc.edu/infotechaccess/trai ning/windows95/mouse.html -
Re:What about XP and others
Ahh... There's the difference.
You're looking at volume licenses. I only deal with shrinkwrapped, retail licenses.
If you pull up the actual retail license text for any release of XP the text you cite is quite absent.
Note that the text I mentioned about Windows 2000 is also absent, despite being on an actual dead-tree copy of the EULA in a drawer in my office.
This page says that a license for XP can be downgraded to any "previous version" of Windows XP, where "previous version" was defined as XP, 2000, NT... But that later, downgrade rights were also extended to 95 and 98.... but Win ME and XP home were NEVER OSes that you were allowed to downgrade to from XP Pro. -
Re:What about 802.1x security ?
VLANs can be a headache too - especially with 802.1x, which requires replacing your existing access layer switches with 802.1x capable ones. You DO get the benefit of integrating your wireless access infrastructure with the copper stuff.
Are yu all/mostly Windows (2000+)?
Look closely at Windows Domain and Server Isolation. It is an IPsec based infrastructure security solution, all managed with existing infrastructure. The IPsec policy agent is on the OS, and policy is easily managed centrally by Active Directory and Group Policy. It really is great - and can interop with other IPsec stacks like Linux and Solaris. The default auth mechanism is Kerberos - but x.509 can be used in parallel for interop. Kerb is dead easy.
If this is even only an 80% solution, it should be explored. There are no hardware costs in most cases, it can be phased in without field visits, and you probably already own it.
http://www.microsoft.com/technet/security/topics/a rchitectureanddesign/ipsec/default.mspx
I wish that one of the big Linux vendors would do something like this with IPsec and OpenLDAP. We have spent years matching the desktop, when developing advanced infrastructure management is where the winning game has moved. -
Re:Run As
Yup. It's best to use either MakeMeAdmin or DropMyRights, which add or remove privileges to the account you're already using.
I personally find it easier, esp. as a developer, to take the latter approach -- log in as admin, but run net apps neutered. -
Re:outdated info
If you're asking for a queue arrangement, how about shared memory for data transfer and an IO completion port for synchronization? IOCPs are great for async IO as well, and can schedule a set number of active threads, even taking into account the number currently sleeping.
-
Re:Forever War
It's possible to write a system, using the features of a typesafe language, which would make rootkits impossible. It's not an automatic benefit that one gets from a typesafe language though, no.
I always liked that Singularity project for "off the wall" thinking things like that. Not going to be more than a research project for some time, though, although I think that some of the concepts (Isolates in particular) have been adopted, at least in part, by the JNode project.
-
ADS was also an IIS backdoorSome of the first info on ADS was revealed when IIS users were notified by Microsoft that the full source code of any ASP URL, e.g.
http://www.mycode.asp
could be downloaded to a browser by appending ":$DATA" to the URL, e.g.,http://www.mycode.asp:$DATA
Little explanation of ADS or the special ADS keyword "$DATA" was revealed in the Microsoft Security Bulletin MS98-003. At the time I could not fine a full list of ADS keywords or an explanation of ADS on Microsoft's site, merely references to making a filename "canonical" (whatever that meant - no explanation was provided).Microsoft has been less than forthcoming about ADS, it's function and it's mechanism. ADS has been used in the past to hack into web servers and now appears to be useful for rooting any system with NTFS.
Is ADS a Microsoft backdoor?
-
Yes, it works in Vista
I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.
Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.
, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.
As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore. -
Yes, it works in Vista
I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.
Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.
, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.
As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore. -
Yes, it works in Vista
I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.
Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.
, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.
As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore. -
Re:OSS is workingPer http://www.microsoft.com/windowsserver2003/r2/wha
t snewinr2.mspxMicrosoft:Licensing policy changes now allow customers to run up to 4 virtual instances of Windows Server 2003 R2 Enterprise Edition on one licensed physical server or hardware partition.
It is not limited to Microsoft's virtualization products. -
Re:Sorry Mac Users
In all fairness they never said "Virtual PC is free"
In all fairness, yes they did. I am cutting and pasting the following headline verbatim from http://www.microsoft.com/windows/virtualpc/default .mspx :"Virtual PC Is Now Free!"
Considering that the MacOS version of VirtualPC was the original (and therefore in my eyes the real version), I believe this to be a bad PR move for Microsoft. Not that that's ever seemed to deter them in the past...
-Kurt
-
Re:Then it's not computer science
They are doing it, simply, because of this: http://msdn.microsoft.com/robotics/
-
More Details - MS Press Release
More Details - MS Press Release
http://www.microsoft.com/presspass/press/2006/jul0 6/07-12PersonalRobotsEducationPR.mspx -
Re:I wonder...
Oh, you mean this?
http://research.microsoft.com/displayArticle.aspx? id=1471 -
Re:All great, but... 100% CPU utilization
If the guest OS is Vista beta 2, then yes, it will spike 100% CPU utilization. But that's due to a known issue between Vista and the existing VPC Additions drivers. If you go to http://connect.microsoft.com/ and sign up for the Virtual Server R2 beta then you can download the new Vista additions and then problem goes away.
I run several OSes in VPC. WinXP, Vista, Fedora, QNX, and I'm still trying with ReactOS. None of them are resource hogs for the host machine, except with RAM, but that's to be expected. -
Mac version still only $249
So, it's free how? The Mac version still has a $249 price-tag. The update is free though.
-
Re:single user single device
yeah, all that single user stuff gets in the way. Plus all those CAL licenses. A single desktop with 6 VM images can use up 5 licenses from the domain controller or the SQL server. The licensing infrastructure doesnt scale.
The other issue with VPC is shown in this document, which covers developing and debugging under VPC:
http://www.microsoft.com/windows/virtualpc/techinf o/debug.mspx
Its a pain to go through the wizards to create and clone VMs, and even when you've done so you still can't reliably use the cloned PCs, as the domain controller doesnt like clones. You need to use 3rd party tools to change the machine SID, fiddle with domain settings, etc. Whereas Xen images can be created on the fly. -
Re:I don't get why this is so special?
"or for Mac users to run a Windows-only app and is exactly like running Windows on an actual PC."
http://www.microsoft.com/windows/virtualpc/downloa ds/sp1.mspx
Microsoft Virtual PC 2004 Systems Requirements
Virtual PC 2004 SP1 runs on: Windows 2000 Professional SP4, Windows XP Professional or later, and Windows XP Tablet PC Edition or later.
I see no mention of a Mac operating system as a host.
personally I see no value in Virtual PC,
1) you need to run basically 2000 pro or XP pro (excludes 2003 server)
so you need a licience of an insecure OS that in the case of XP phones home everyday and apparently may or maynot decide to turn off with the genuine advantage program.
2)nice that the enterprise version (that would be the most expensive version of vista) now gives you four liciences for your virtual vista installs. however does that include cals to actually do any thing with this virtual os. as for resources surely vista as the most resource hungry os on x86 isnt going to be a good choice to run anything.
vmware on the otherhand runs on linux which is free and secure. The VM doesnt need admin rights to run.
you run what you want in the VM and you can choose a virtual os that isn't taking most of the resources just running the OS. The point of a Virtual OS isn't running an Os but an Application(s) in a Secure sandboxed environment.
vmware runs on windows too but why would you want to? -
Mac version
As of right now, the Mac version of Virtual PC is still retail. Any thoughts if they might give out the Mac version too? My intuition says no. Although it's a big name in their isolated Mac division, Virtual PC is the entire product category on the Mac platform. They have no VMWare with which to compete in this arena.
The irony of the whole thing is that M$ bought VPC off Connectix just so they could finish porting it to x86 and use their branding/marketing/FUD to make big bucks. Now they're giving it away, too. Sounds very much like Microsoft's category-conquest tactics: acquire, rip off, and undersell the competition. -
Re:Once is ok, but twice is too much...
Yes. But it really really sucks. A lot. If you're a major control freak (or just like avoiding auto-updates and such) you could probably go that route. Useful for people on dialup
... download important updates, maybe dump them to a jumpdrive or burn a cd when you've got a couple of them.
I think they also do monthly iso-images that are just compilations of all the update installers in a given month, for the same reason -- not everyone's got a good net connection at home. -
Re:Err ... unclear???
The contention concerns the interpretation of the terms "complete and accurate interface documentation".
Microsoft documented every single API that was used by any component not part of the windows kernel that had previously not been documented (there has been a site called msdn.com that documents Microsoft APIs for quite a while). I believe it's fair to say that 'having documented every API that is used by a component outside of the kernel' is a reasonable definition of complete.
Neil Barrett's conclusion that the Microsoft documentation is inaccurate contains such choice complaints as 'the documentation doesn't enable *me* to write a file server' (asking for introduction to the concept of what a file server is etc.pp., material that is beyond the scope of API documentation) and that the terms 'Handle' and 'void *' where nowhere specified. Anyone who knows anything about programming knows exactly that these are opaque types common in C and C++. It's pretty clear that Neil Barrett was not vetted for his actual understanding of programming concepts and common practices. There has been some rather outspoken criticism of the Neil Barrett expert opinion by people like Manfred Broy (Germany's #1 prof for Software engineering).
One of the problems with the way this has been handled by the EU is that up until the end of 2005, nobody pointed out that the documentation that Microsoft had made available was considered inadequate. Then in the end of 2005, bang, the hammer drops and the EU demands massive amounts of money for the period during which Microsoft was under the impression that they were supplying exactly what was asked for. There's even a trail of emails that documents MS asking for feedback and the EU responding 'everything's fine'. If that isn't a money grab, I don't know what it is.
Then MS & the EU set up a timeline and specification of what the EU is looking for in the documentation, and a week before MS is due to deliver on that specification, with all previous milestones passed, the EU fines them. Fair?
See http://www.microsoft.com/presspass/legal/02-23-06R esponsetoECSO.mspx for the Microsoft side of this argument. -
Re:Virtual PC
Uhm, both Virtual PC 2004 and Virtual Server 2005 R2 are available for free:
http://www.microsoft.com/windows/virtualpc/default .mspx
http://www.microsoft.com/windowsserversystem/virtu alserver/default.mspx
Unlike the free versions of VM Player and VMWare Server, you can not only run existing Virtual Machines, but also create them. Of course, the M$ stuff only supports M$ guest and host OS's.
Interesting to note though is that you VM Player can import a M$ Virtual PC or Server created VM. -
Re:Virtual PC
Uhm, both Virtual PC 2004 and Virtual Server 2005 R2 are available for free:
http://www.microsoft.com/windows/virtualpc/default .mspx
http://www.microsoft.com/windowsserversystem/virtu alserver/default.mspx
Unlike the free versions of VM Player and VMWare Server, you can not only run existing Virtual Machines, but also create them. Of course, the M$ stuff only supports M$ guest and host OS's.
Interesting to note though is that you VM Player can import a M$ Virtual PC or Server created VM. -
Any surprised M$ VirtualPC 2004 now free?
MS announced it today. Must be pure coincidence.
http://www.microsoft.com/windows/virtualpc/default .mspx
I've heard it doesn't totally suck anymore.
http://blogs.zdnet.com/Bott/?p=95 -
Re:Virtual PC
Thank you! It's interesting to note that you can get either Virtual PC 2004 (sp1) or Virtual PC 2005 (sp2).
I'm sure there are other differences, but the largest one I can think of is that Virtual PC 2005 has one more service pack than Virtual PC 2004; Virtual PC 2004 officially runs on Windows 2000 (with sp4) - Virtual PC 2005 requires Server 2003 or (possibly) XP Pro. -
Re:Virtual PC
Thank you! It's interesting to note that you can get either Virtual PC 2004 (sp1) or Virtual PC 2005 (sp2).
I'm sure there are other differences, but the largest one I can think of is that Virtual PC 2005 has one more service pack than Virtual PC 2004; Virtual PC 2004 officially runs on Windows 2000 (with sp4) - Virtual PC 2005 requires Server 2003 or (possibly) XP Pro. -
Re:Virtual PC
If you are not aware of it (I wasn't until earlier today) Microsoft is now putting Virtual PC 04 and 07 [still in beta] out for free. Virtual PC Website
-
Two camps
It seems to me that there are two camps inside Microsoft: the developers and the management. The developers seem to want to do cool things. They are reaching out to the development community. (With open source, coding4fun, blogging, channel9, etc). But the management is still trying to hold on to the old ways and the cash cows.
-
Two camps
It seems to me that there are two camps inside Microsoft: the developers and the management. The developers seem to want to do cool things. They are reaching out to the development community. (With open source, coding4fun, blogging, channel9, etc). But the management is still trying to hold on to the old ways and the cash cows.
-
85. Want to guess how many Linux had? :)
>>Since then who can count the number of patches, updates and vulnerabilities.
>>
85 patches in the last two years (200 and change if you count all MS applications, including the ones not bundled with XP). (Shockingly, computers can indeed count that high: http://www.microsoft.com/technet/security/current. aspx ) Thats an average of 3.5 a month... Now Linux, on the other hand, we all know thats rock-solid. I mean, a quick browse over to LinuxSecurity.com proves it -- only 16 patches! Oh, that was in July of 2006 alone? Uh, well, maybe that was a bad month. I mean, if you average it since January... oh, erm, over 1000 patches over that interval. Well, uh, that counts as one patch per distribution, and clearly thats not entirely fair to Linux... Lets break down that number:
Distro | Security Advisories Since January 2006
Debian (between 190 and 200)
Gentoo 101
Redhat 69
PXswodniW 25
Now, I know I've got incoming replies that say "Well, patch/vulnerability counts don't matter for diddly, Linux is more secure than Windows". I actually tend to agree with both of these statements... but its sort of curious that Slashdot has this attitude that patches for one system are an admission of weakness but patches for another system show how a million eyes make bugs shallow.