Monthly Archives: August 2010

Wrap-upper and wrap up for August 2010

Simon May from MS UK created cool app: Live Writer Wrapup Tool. The tool allows you to create the following from your RSS feed:

Bingo: one click and all my messages for the month are published.

To install the tool visit

Then start it, enter your feed address, blog post title, and select the range for you wrap-up (click (don’t release the button) on a first date and slide cursor  to the last date) and click “Blog This!”



MS Security advisory: Insecure Library Loading Could Allow Remote Code Execution

lockRecently issued advisory has kind of shaken the around-security-society: “we all gonna die will be hacked”. Really, this is that nasty sort of a bug which is not a bug, actually. It is more like FireWire: just vulnerable by design, so it is to be fixed more on software vendors side, rather than on Windows one. Correspondingly it is a long, long process and until it is finished it will be considered as a 0day vulnerability. But will it really have such an impact on your security?

I doubt it. Really. On the one hand, an attacker, who successfully utilized the vector has all the power of the current user, which is not good anyway. On the other hand, nevertheless,  the attacker must be either in your local network, or you should use WebDAV. LAN is usually considered as more or less secure. Now the question: how often do you open applications from a not trusted WebDAV folders? I don’t do it and I don’t recommend it whether there is some 0day vulnerability around or no. The only thing that you can do to harm yourself is to open a document from a “prepared” WebDAV folder. This is the hard part to protect from. But you just can avoid doing that unless you are totally sure that the software piece you use to open the document is patched by its vendor or download the document to a local drive before opening it.

So, in normal environment the attacker will get only user’s rights and only in case a document or a program was opened from a not trusted location. It is bad situation, but not as bad as some journalists picture it.

P.S. I still recommend to read the advisory and take precautions. cool apps–useful and not

cloudSome time ago I posted about group policy search service, published in Azure at the Then I thought: “it cannot be the only application on the whole domain!”. And I was right, of course. There is, actually at least several dozens of apps there. There is mostly test stuff at the moment on the site:

WordPress on Azure (how-to)

Several apps related to environment which don’t seem to be a completed apps, but are interesting, nevertheless

A 70 gigapixel (!!!!!) shot of Budapest with zoom and browsing ability. Man, it’s useless, but what a beautiful city. Thanks, guys!

Real-word polygonal battle game (the whole world is a chess-board)

And even the site about medical marijuana strains…

But look, here we have:


Equallogic site

VMWareConsulting (their Azure version works better than the usual one 8) )

They are real, actually.

And just two apps which seem to be interesting:

Webcast collection for IT Pros and developers. Renewable.

And even a document search engine (should compare to Google =) )

Try to find your favourite on, and even to create your own one.

Remote Desktop Connection Manager

Having many servers one wants to improve and optimize work with them. MSTSC is excellent instrument, but with many drawbacks: windows either close each another or there is to much to switch between them, it takes comparatively long time to launch it and so forth. Of course we have built-in Remote Desktop console, but it cannot even alphabetically sort our connections let alone inability to create hierarchical structure of any kind:


Other settings don’t impress either. I have been using visionapp Remote Desktop for a long time (and will continue, because I have a license and it is somewhat more powerful than that stuff the topic is about): great piece of software, which allows all the abovementioned plus more. Take the supported connection types alone:


The remaining options set is impressive too:


But vRD has one essential shortcoming: you have to pay for it. Of course a hundred of dollars is not a huge amount for some company where an administrator has to deal with dozens and hundreds of servers, however… Not long ago I have run into (yeah, I am not the fastest guy in the Universe: my coworkers have been using it for months already) Remote Desktop Connection Manager. It is free console from MS which has all the essential features:

You can organize your connections and sort them (and you can see what’ is happening in open windows):


You can save your credentials (and inherit them down the hierarchy), which is not the recommended way to use them, though.


And, after all, all the RDP-related settings. To sum up: if I didn’t have a license for vRD then I would be definitely a grateful user of this console. Therefore, if you do not want to pay or you do not need all the extra features then I recommend you to use the RDC Management console.

Microsoft Professional Advisory Services

Help ButtonAre you small enough to think of the Premier Support as of a crazy thing and, nevertheless, big enough to be not happy with reactive only support from MS? Do you want some proactive features without paying fortune for Premier or several fortunes for Alliance? The news is right for you, then. Let me quote what the services they will provide to you:

Microsoft Advisory Services provides short-term advice and guidance for problems not covered by Problem Resolution Services as well as requests for consultative assistance for design, development, and deployment issues.

Advisory Services are charged at an hourly rate of US$210.00. The scope of the engagement is estimated prior to the delivery of the service, and a contract must be executed between the customer and Microsoft before Microsoft begins work.

What does it really mean: you can utilize all of the MSC experience in building solid infrastructure while not paying huge amount of money for the Premier Support contract. Interesting enough? Yes, I think it is. I saw the guys at work: they are brilliant and now only from $210 Winking smile

What components can be served under this service? Many. Really. There are several sections on the page – Windows, Office, Servers, IE, Security, Performance, Developer. And there is many services under each topic, for example for Windows:

  • Windows
    • Windows 7
      • Applications compatibility
      • W7 deployment and activation guidance
      • W7 deployment questions and answers
    • Windows Server
      • ADFS
      • Windows Server 2003 Server Cluster disaster recovery planning
      • Windows Server 2008/2008R2Failover Cluster disaster recovery planning
      • Windows Server 2008 R2 RD web design SSO
      • Windows 2008 R2 Cluster installation
      • Windows 2008 R2 Cluster installation with Hyper-V

You think this is big list? Ha! Look at section Servers!!! =)

Unfortunately, services are available at the moment only in US an Canada. I hope it is only beginning.

Freebies: Free Visio stencils

Those who don’t love free stuff – get out of the class. Stay here, though – you are to buy Visio in order to use this freebies. One of the MS employees has shared links to several sets of Visio stencils. Here we are:

Some of them works for those who like Exchange-related drawings:


Others – do the same for the OCS & UC lovers:


The last set allows you to complete your personal globe:


And some more.

You may put the stencils to the c:Users<UserName>DocumentsMy Shapes folder so that to use it conveniently from Visio:


Group Policy Search App

“Where is this @#$% policy? I know it is somewhere in this hive” – that is the question to bother each systems administrator. It was a nightmare trying to find a setting, especially for not very experienced one. It seems like we are one step closer to the solution: while sorting out a mess which always is created in my OneNote notebooks after my vacations I ran into a post from Ask DS blog, which told me: “Alex, you can do full-text search through every GPO MS has been created”. Great news, so I wanted to try.

Step 1: go to

Step 2: Search for something like “screen saver timeout”

Step 3: Scroll all the way down to the bottom of the page and find the section Search Results (Yeah, I know – it is “very” convenient) and look for what you are seeking for:


Step 4:  Click it and – voila:


you get path to the setting in GPEdit.msc and, what is of no small importance, registry hive where it resides. Of course, we could do this before: find the setting or registry key manually in the Excel file, but

1) now it seems a little bit easier.

2) it supports full-text search

2) it is not the only feature the application provide us with.

There is plenty of possibilities due to these new features:

1) We can display the tree of policy or the registry:


2) We can filter out the OSs or software settings for which we don’t want to show up:


3) Copy data from this page (URL of the page, and GPO specific data). Not that it makes it very more convenient than just conventional copying, but lessen the mistake possibility:


4) You can even add custom search to your browser or Windows:


The first  one adds the search to your IE



The second is archived search connector to the Windows search and gives you the opportunity to search GPO right from your Windows Explorer:


The latter one is, actually, my favourite: I don’t like going to any site, while I am able to search from my Windows Explorer, so anything with support of OpenSearch is just good for me, including my SharePoint. hope, you will enjoy the features too.

Now! I mean NOW!!!

People are sometimes impatient… Ok, ok, sometimes they are patient. When we press a key we want it to result in an immediate action. Usually it is possible, but ISA server in Enterprise Edition never was a case: once we pressed Apply button we were to wait till every server in array received and applied its portion of configuration data from a configuration storage server. Isn’t it boring? Yes, looking at a monitoring tab and refreshing it while green ticks appears again – that can drive crazy. Moreover, it is not very difficult to make up a scenario, when we really need to apply new configuration right away. Seems to me, like someone persuaded ISA team to believe in the necessity of the feature: they published in their blog that now (in TMG) we are able to configure the process to be synchronous.

To do that we need to create a key in the registry (Whoa, whoa, whoa! R E G I S T R Y!!! Backup it, please…):



After this change you will be sure that your servers comply with your will as soon as the progress bar finishes its move and green tick appear in the “Saving Configuration Changes” dialog:


One more thing to keep in mind is timeout: this dialog box is waiting for changes to apply not more than a minute and a half unless you change this parameter in the registry too.
A bit more detailed article (from which I took the material for this one) is placed in the ISA team blog.

P.S. In addition, between all these details the article tells us that now not only Enterprise but also Standard edition of TMG by default update configuration in asynchronous mode