Jump to content

Ioannis Zontos

Members
 View Profile  See their activity

  • Posts

    181

  • Joined

  • Last visited

 Content Type 

Blog Entries posted by Ioannis Zontos

  1. Ioannis Zontos

    Mailbox Restore

    By Ioannis Zontos,

    Στο παρόν άρθρο θα ασχοληθούμε με το πώς μπορούμε να επαναφέρουμε ένα mailbox που σβήσαμε κατά λάθος χωρίς να προχωρήσουμε σε restore από backup

    Όταν σβήσουμε ένα mailbox η επαναφορά του είναι πολύ εύκολη στον Microsoft Exchange 2007/2010

    Τα Deleted mailboxes εμφανίζονται στα Recipient Configuration à disconnected mailbox , αλλά αυτό συνήθως δεν συμβαίνει αυτόματα αν ο οργανισμός είναι μεγάλος ,πρέπει να περιμένουμε να ολοκληρωθεί το online maintenance (υπαρχή δυνατότητα να τα δούμε άμεσα με power shell , οι εντολές ακλουθούν στην συνέχεια )

    Το πόσες μέρες ο exchange θα κρατά τα delete items και τα delete mailbox μπορούμε να το ορίσουμε από τον EMC

    Organization Configuration àMailbox à Database Management



    Επιλέγουμε properties και στην συνέχεια στο tab limits



    Αν θέλουμε να δούμε τα delete mail box άμεσα αν δεν είναι στα disconnect mail box πάμε στο power shell και εκτελούμε

    · Clean-MailboxDatabase \servername\SGName\Store
    καθαρίζει την Database ανά ξεχωριστό store

    · Get-Mailboxdatabase | Clean-MailboxDatabase

    · Get-Mailboxdatabase | Where{ $_.Server –eq “<servername>”}| clean-MailboxDatabase
    καθαρίζει όλες τις database στο συγκεκριμένο information store

    · Get-Mailboxdaatabase | Where{ $_.Name –eq “<DatabaseName>”}| clean-MailboxDatabase
    καθαρίζει την Database που ταιριάζει το όνομα που δώσαμε στο eq “<DatabaseName>”}|

    Όταν ολοκληρωθούν οι εντολές στον event viewer θα δούμε τα έξης events ID’s



    Event ID 9531 – η διαδικασία clean mailboxdatabase process εχει ξεκινήσει
    Event ID 9533 – αυτό το βλέπουμε όταν δεν υπάρχει ο χρήστης στοactive directory η δεν έχει ενεργοποιημένο Exchange mail. Το mailbox θα αφαιρεθεί από το mailbox store όταν ολοκληρωθεί το retention time
    Event ID 9535 – η διαδικασία ολοκληρώθηκε
    Αλλαγές μετά το Service Pack 1

    Έχουμε μετά το SP1 νέο cmdlet i

    Remove-StoreMailbox.: είναι χρήσιμη όταν έχουμε μετακίνηση πολλών mailbox και θέλουμε να έχουμε και πάλι διαθέσιμο των χώρο που καταλαμβάνουν στην source database . πχ

    · Remove-StoreMailbox -Database <DatabaseID> -Identity <MailboxID> -MailboxState [Disabled|SoftDeleted]

    Αν θέλουμε να αφαιρέσουμε το testaccount mailbox από την database DB1, όταν το μεταφέρουμε κάπου αλλού (σε άλλη database στον οργανισμό χρησιμοποιούμε )

    · Remove-StoreMailbox –database DB1 –identity testaccount –MailboxState SoftDeleted

    Η εντολή για να αφαιρέσουμε όλα τα SoftDeleted mailboxes από την database DB1 θα είναι

    · Get-MailboxStatistics -Database DB1 | where {$_.DisconnectReason -eq "SoftDeleted"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}}

    Το νέο Remove-StoreMailbox cmdlet μας δίνει την δυνατότητα με μια εντολή να αφαιρέσουμε όλα τα disconnected mailboxes(αρκετά χρήσιμο για μεγάλους οργανισμούς )

    · Get-MailboxStatistics –Database DB1 | Where-Object {$_.DisconnectReason –eq “Disabled”} | ForEach {Remove-StoreMailbox –Database $_.database –identity $_.mailboxguid –MailboxState Disabled

    Τώρα πλέον θα δούμε τα delete mailbox στo recipient configuration àdisconnected mailbox



    Δεξι κλικ στο mailbox και επιλέγουμε connect και βλέπουμε τις εξής επιλογές για το είδος του mailbox

    User mailbox ,Room Mailbox ,Equipment Mailbox , Linked Mailbox



    Αφού επιλέξουμε το είδος του mailbox πατάμε επόμενο και βλέπουμε



    Matching user που αφορά τον χρήστη στο active directory που θα έχουμε δημιουργήσει αν έχει σβηστεί και το object του user και ταιριάζει με το mailbox που θέλουμε να κάνουμε connect(ουσιαστικά ψάχνει να κάνει match το Display Name του user )

    H άλλη μας επιλογή είναι να κάνουμε connect το σβησμένο mailbox σε κάποιον user στον οργανισμό μας που δεν έχει mailbox

    Εμείς επιλέγουμε matching user



    Επιλέγουμε ΟΚ



    Εδώ μπορούμε να επιλέξουμε και Retention policy και active sync mailbox policy αν υπάρχουν στον οργανισμό μας , και φυσικά θα βάλουμε και Alias



    Μετά next και όπως καταλαβαίνουμε είμαστε έτοιμη να επιλέξουμε το deleted mailbox να γίνει connect



    Επιλέγουμε connect



    Το σύστημα μας ενημερώνει ότι η εργασία ολοκληρώθηκε αλλά οι αλλαγές θα είναι διαθέσιμες μόλις ολοκληρωθεί το replication του Active Directory !!




     


  2. Ioannis Zontos
    Severity: High
    Summary:
    · These vulnerabilities affect: Adobe Shockwave Player, Flash Player, Flash Media Server, and Photoshop
    · How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
    · Impact: Various results; in the worst case, an attacker can gain complete control of your computer
    · What to do: Install the appropriate Adobe patches immediately, or let Adobe's updater do it for you.
    Exposure:
    Yesterday, Adobe released five security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Player, Flash Media Server, Photoshop, and Robohelp. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
    · APSB11-19: Seven Shockwave Player Vulnerabilities
    Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
    Adobe’s bulletin warns of seven security vulnerabilities that affect Shockwave Player 11.6.0.626 and earlier for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail. It only describes the nature and basic impact of each flaw. For the most part, the flaws consist of unspecified memory corruption vulnerabilities. Though these flaws differ technically, most of them share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.
    Adobe Severity: Critical
    · APSB11-20: Flash Media Server DoS Vulnerability
    Adobe Flash Player displays interactive, animated web content called Flash. Flash Media Server allows administrators to stream Flash content.
    Flash Media Server 4.0.2 and earlier suffer from an unspecified Denial of Service (DoS) vulnerability. Adobe does not share any relevant detail about this flaw, including no detail on how an attacker might exploit it. They only share that an attacker could somehow exploit the flaw to launch a DoS attack against your media server. 
    Adobe Severity: Critical
    · APSB11-21 : Flash Player Update Corrects 13 Security Flaws
    Adobe Flash Player displays interactive, animated web content called Flash. A recent report from Secunia stats that 99% of Windows computers have Adobe Flash Player installed, so you users very likely have it.
    Adobe’s update fixes 13 security vulnerabilities in Flash Player (for Windows, Mac, Linux, and Solaris), which they don’t describe in much technical detail. However, they do describe the general scope and impact of these flaws. In the worst case, if an attacker can lure one of your users to a malicious website, they could exploit some of these flaws to gain control of that user’s computer. We assume the attacker would only gain the privileges of the logged in user. However, since most Windows users have local administrator privileges, the attacker would likely gain full control of Windows machines.
    Adobe Severity: Critical
    · APSB11-22: Photoshop GIF Handling Vulnerability
    Photoshop is a popular image editing program. Photoshop CS5 suffers from an unspecified vulnerability involving its inability to properly handle specially crafted GIF images. If an attacker can trick you into downloading and opening a malicious GIF image in Photoshop, she can exploit this flaw to execute code on your machine, with your privileges. If you have local admin privileges, the attacker gains complete control of your computer.
    Adobe Severity: Critical
    · APSB11-23: RoboHelp XSS Flaw
    RoboHelp 9 is software that helps you create help systems. It suffers from an unspecified Cross-Site Scripting (XSS)  vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the Robohelp component. 
    Adobe Severity: Important.
    Solution Path:
    Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
    · APSB11-19: Upgrade to Shockwave 11.6.1.629
    · APSB11-20: Upgrade to Flash Media Server 4.0.3 or 3.5.7
    · APSB11-21: Upgrade to Flash Player 10.3.183.5
    · APSB11-22:
    o Photoshop CS5 for Windows
    o Photoshop CS5 for Windows x64

    o Photoshop CS5 for Mac

    · APSB11-23: Upgrade RoboHelp 8 and 9:
    o RoboHelp 8
    o RoboHelp 9
    Status:
    Adobe  has released patches correcting these issues.
    References:
    o Adobe Security Update APSB11-19
    o Adobe Security Update APSB11-20
    o Adobe Security Update APSB11-21
    o Adobe Security Update APSB11-22
    o Adobe Security Update APSB11-23
  3. Ioannis Zontos
    Among the other security bulletins released during Patch Day, Microsoft also released three updates covering security vulnerabilities in various development related software packages. These security bulletins included:
    · MS11-066: Microsoft Chart Control ( .NET Framework) Information Disclosure Flaw
    · MS11-067: Microsoft Report Viewer and Visual Studio Information Disclosure Flaw
    · MS11-069: Microsoft .NET Framework  Information Disclosure Flaw
    The vulnerabilities these three bulletins cover all differ technically, but generally they all allow attackers to gain access to information (such as files within a directory) that they should not have access to. Microsoft rates these bulletins as Important or Moderate.
    The .NET Framework does not ship with all Windows computers, though many people do install it to support internal custom Windows applications. Furthermore, only developers install Visual Studio. For those reasons, we don't believe that these three bulletins will pose much risk to normal Windows users. That said, if you use the affected products, we do still recommend you patch these flaws at your earliest convenience.
  4. Ioannis Zontos
    Severity: High
    Summary:
    · This vulnerability affects: The DNS service that ships with the Server versions of Windows
    · How an attacker exploits it: By sending specially crafted DNS queries
    · Impact: In the worst case, an attacker gains complete control of your DNS server
    · What to do: Deploy the appropriate Windows  update immediately, or let Windows Automatic Update do it for you
    Exposure:
    The Server versions of Windows ships with a DNS Server to allow administrators to offer Domain Name System services on their networks.
    In a security bulletin released today as part of Patch Day, Microsoft describes two vulnerabilities that affects the DNS Server that ships with Server versions of Windows. While this is technically a Windows flaw, which we typically include in a combined Windows alert, we feel that it deserves individual attention due to its high severity.
    The worst of the two issues is a remote code execution flaw involving the way the DNS server handles specially crafted Naming Authority Pointer (NAPTR) DNS resource records (RR). By sending a specially crafted NAPTR query to your DNS server, and attacker could exploit this vulnerability to gain complete control of your server. However, the attacker would have to own the malicious domain name, and the authoritative DNS server for that domain name, in order for this attack to succeed. Despite this slight mitigating factor, the DNS server vulnerability poses a serious risk to your network. You should patch your Microsoft DNS servers immediately.
    The DNS Server also suffers from a less serious  Denial of Service (DoS) flaw, which an attacker could exploit to cause your DNS server to stop responding. If an attacker can prevent your users from accessing DNS services, they essentially prevent access to the Internet (by making it difficult for users to find resources by name).
    Solution Path:
    Download, test, and deploy the appropriate DNS server patches immediately, or let Windows Automatic Update do it for you.
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server R2 2008 Itanium
    Status:
    Microsoft has released patches to fix this vulnerability
    References:
    · MS Security Bulletin MS11-058
  5. Ioannis Zontos
    Severity: Medium
    Summary:
    · This vulnerability affects: All current versions of Microsoft Visio
    · How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document
    · Impact: An attacker can execute code, potentially gaining complete control of your users' computers
    · What to do: Deploy the appropriate Visio patches as soon as possible, or let Windows Update do it for you
    Exposure:
    Microsoft Visio is a very popular diagramming application, which many administrators use to create network diagrams. It also ships with some Office packages.
    In a security bulletin released yesterday, Microsoft describes two security vulnerabilities that affect all current versions of Visio. The vulnerabilities differ technically, but share the same scope and impact. They both involve flaws in how Visio parses Visio documents. If an attacker can entice one of your users into opening a specially crafted Visio file (such as .vsd, .vdx, .vst, or .vtx), he could exploit either of these flaws to execute code on that user’s computer with that user's  privileges. If your user has administrative privileges, the attacker could gain complete control of their computer.
    Solution Path:
    Microsoft has released Visio patches to fix this flaw. You should download, test, and deploy the appropriate patches as soon as possible, or let Windows Update do it for you.
    · Visio 2003
    · Visio 2007

    · Visio 2010

    · Visio 2010 x64

  6. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: All current versions of Windows and components that ship with it
    · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network packets, enticing your users to open malicious files, or running malicious applications locally
    · Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
    · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
    Exposure:
    Yesterday, Microsoft released six security bulletins describing seven vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.
    · MS11-059: Data Access Components Code Execution Vulnerability
    According to Microsoft, Windows Data Access Components (Windows DAC) help provide access to information across an enterprise. Unfortunately, Windows DAC allows unrestricted access to the loading of external libraries. By enticing one of your users to open a specially crafted Excel file residing in the same location as a malicious DLL file, an attacker could exploit this flaw to execute code on that user's system, with that users privileges. If your users have local administrative privileges, the attacker gains complete control of their machine. This flaw only affects Windows 7 and later.
    Microsoft rating: Important.
    · MS11-061: Remote Desktop Web Access XSS Vulnerability
    Windows Remote Desktop (RD) allows you to gain network access to your Windows desktop from anywhere. The Web Access component provides this capability through a web browser. Unfortunately, the RD Web Access component suffers from a Cross-Site Scripting (XSS)  vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the RD Web Access component, potentially giving the attacker access to your remote desktop. This flaw only affects Windows Server 2008 R2 x64.
    Microsoft rating: Important.
    · MS11-062: RAS NDISTAPI Driver Elevation of Privilege Vulnerability
    Remote Access Service (RAS) is a component that allows you to access networks over phone lines, and the NDISTAPI driver is one of the RAS components that helps provide this functionality. The NDISTAPI driver doesn't properly validate users input that it passes to the Windows kernel. By running a specially crafted application, an attacker can leverage this flaw to elevate his privilege, gaining complete control of your Windows machine. However, the attacker would first need to gain local access to your Windows computers using valid credentials, in order to run his special program. This factor significantly reduces the risk of this flaw. Finally, this flaw only affects XP and Server 2003.
    Microsoft rating: Important.
    · MS11-063: CSRSS Elevation of Privilege Vulnerability
    The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from a Elevation of Privilege (EoP) vulnerability. Like the NDISTAPI driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level  control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws.
    Microsoft rating: Important.
    · MS11-064: TCP/IP Stack DoS Vulnerabilities
    The Windows TCP/IP stack provides IP-based network connectivity to your computer. It suffers from two Denial of Service (DoS) vulnerabilities. On of the flaws is a variant of the very old Ping of Death vulnerability. By sending a specially crafted ICMP message, an attacker can cause your system to stop responding or reboot. Most firewalls, including WatchGuard's XTM appliances, prevent external exploit of this classic DoS flaw. The second flaw has to do with how the TCP/IP stack handles specially crafted URLs. By sending a specially crafted URL to one of your Windows Web servers, an attacker could exploit this flaw to cause the server to lock up or reboot. These flaws only affect Windows Vista and later.
    Microsoft rating: Important.
    · MS11-068: Windows Kernel DoS Vulnerability
    The kernel is the core component of any computer operating system. The Windows kernel suffers from a Denial of Service (DoS) vulnerability, involving a flaw in the way it parses metadata in files. By running a specially crafted program, an attacker could leverage this flaw to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of these flaws. This flaw only affect Windows Vista and later.
    Microsoft rating:Moderate.
    Solution Path:
    Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
    MS11-059:
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
    MS11-061:
    · For Windows Server 2008 R2 x64
    MS11-062:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    MS11-063:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP2)
    · For Windows Vista x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
    MS11-064:
    · For Windows Vista (w/SP2)
    · For Windows Vista x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
    MS11-068:
    · For Windows Vista (w/SP2)
    · For Windows Vista x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
  7. Ioannis Zontos
    Ένα πολύ καλό άρθρο για τα θέματα ασφαλείας που μπορούν να επηρεάσουν την καθημερινότητα μας , για τους κινδύνους που γεννιούνται καθημερινά , είναι σίγουρα άξιο σχολιασμού , παραθέτω το άρθρο στα αγγλικά

    Las Vegas (CNN) -- If you've seen the 1983 movie "WarGames," in which a young Matthew Broderick accidentally uses computers to bring the world to the edge of "global thermonuclear war," then you have a pretty good idea what hackers and security researchers are super-concerned about these days -- in real life.
    Here at the Black Hat hacker conference at Caesars Palace, computer security experts have shown ways they can use virtual tools to tap into and tamper with all kinds of stuff in the real world, which is the gist of what made "WarGames" so scary.
    No longer limited to the digital domain, hackers -- many of them working for good -- are now targeting prison systems, the power grid and automobiles. They'll target anything with a mini-computer inside of it. These days, that's pretty much everything.
    Researcher Don Bailey pointed out that there's even a pill bottle with a cellular connection, so that it can remind its owner when to take his or her medicine.
    His first thought: "I'm not sure if that's a good idea."
    A computer worm called Stuxnet is the main reason hackers and security types are focusing on these "real-world exploits" right now. While Stuxnet isn't grabbing as many headlines these days as Anonymous and LulzSec -- two hacking groups that have been stealing personal data and taking over big-name websites -- in-the-know security experts and ex-government officials say the idea behind that worm is actually far scarier.
    "The Stuxnet attack is the Rubicon of our future," Cofer Black, the former head of the CIA's Counterterrorism Center, said during a keynote talk here.
    Stuxnet showed, for the first time, that a bit of malicious computer code could control industrial systems. The common wisdom is that the worm, which spread all over the Internet last year, was designed to attack and possibly blow up nuclear facilities in Iran.
    No one knows for sure who wrote that worm, and its powers were never put to use. But the code is out there, and security researchers and hackers are jumping at the chance to study that code and figure out what else it -- or something like it -- could do.
    The examples surfacing at Black Hat and DEF CON, a companion hacker conference attended by 15,000 people, sound like they're pulled from a Hollywood thriller.
    Tiffany Rad, a computer science professor by day, showed that a little-known electronic component in correctional facilities could be hacked and used to throw open all the doors that lock prisoners in their cells.
    "Where there exists a computer, there's still a chance of breaking that computer," said Teague Newman, who worked with Rad on the hack. The two say they have gone to the federal government with their research. They won't publish the exact code someone could use to tap into prison lock systems for fear that such an event would actually occur.
    The prison hack wasn't even that hard, they said. Working in a home basement in Virginia on a budget of $2,000, it took the duo only two hours to figure out and exploit the bug, which attacks a Siemens networking component called a programmable logic controller.
    "It was not difficult," Newman said.
    Siemens is working on a fix, but it won't necessarily come quickly.
    "We need time to go after those vulnerabilities," said a Siemens engineer who asked not to be named because he's not authorized to speak on the record. "It's not like in the IT world where you can quickly create a patch. We are really talking about critical systems here ... so if you create a patch you want to make sure the patch doesn't influence operations and the PLC (the networking component) is still running afterwards as designed."
    Rad and Newman said that company doesn't deserve all the blame. The way prison security systems are networked, and the way employees use them, are also at fault.
    Central computers that control locks should not be hooked up to the Internet, for example, but they often are, the researchers said.
    Other Black Hat speakers discussed the vulnerabilities of electrical grid and water systems, which, theoretically, could be attacked using similar methods. And further attacks focused on holes in cellular networks.
    Again, the targets are real-world, not virtual.
    Bailey of iSEC Partners demonstrated a way to hack into the mobile components on many cars to unlock or start the vehicles with a few texts from his Android phone. But breaking into cars isn't the scary part, Bailey said in an interview.
    "I could care less if I could unlock a car door," he said. "It's cool. It's sexy. But the same system is used to control phone, power, traffic systems. I think that's the real threat."
    As for solutions, Bailey said the problem is the cost and lack of regulation.
    "The issue is not just architecture but its cost," he said. "A lot of the errors and the vulnerabilities I'm seeing (are) in overall architecture. It's all systems -- whether it's your car or your tracking device or your pill bottle or whatever.
    "It's the issue of no regulations, no standards and no one enforcing any semblance of security."
    Security professionals need to step back from the technology and look at how these real-world systems -- from prisons to power plants -- are designed, said Tom Parker, vice president of security services at FusionX, a computer security company.
    "We're making the same mistakes over and over again," he said, adding that these at-risk networking components are doing more than they were designed to do.
    None of the researchers argue that society should stop putting little computers inside everything. Instead, they said, we need to work harder to make those little computers secure. And if we don't, they say, the consequences could be huge.
  8. Ioannis Zontos
    A bug in a popular WordPress utility is being misused by attackers to upload and make appear on the targeted site annoying and possibly malicious content.
    The bug was discovered by Mark Maunder, the CEO of Feedjit, when he loaded his blog and an ad that should not have been there popped up.
    After digging through the code, he narrowed down the problem to TimThumb, an image resizing utility that is widely used by many WordPress themes.
    In fact, when Googling the timthumb.php script, more than 39 million results show just how widespread its use is.
    "The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory," explains Maunder.
    "Timthumb.php is inherently insecure because it relies on being able to write files into a directory that is accessible by people visiting your website."
     
    Curiously enough, TimThumb's developer's own site was hacked in the very same way. In a comment on Maunder's blog post, he apologized for the oversight in the code and said he hopes that his error didn't lead to too many problems.
    "At the moment the best fix is to simply use the latest version of TimThumb," he shared. "There have been a stack of tweaks that will make the script harder to abuse."
    For those who want to be absolutely sure that the script won't be misused by attackers, the best thing to do is to remove the file using rm timthumb.php for the time being, and make sure the removal didn’t affect the theme.
    Also, there are a lot of themes in which the name of this script has been modified to thumb.php, so search for that as well.


  9. Ioannis Zontos
    Κατά την εγκατάσταση ενός SBS 2008 η ενός SBS2011 επειδή όλα τα features εγκαθιστάτε στο volume (C:), υπάρχουν αρκετά εργαλεία που μπορούν να μας βοηθήσουν να κερδίσουμε χώρο στο δίσκο C:\
    Όταν ένας SBS τρέχει με περιορισμένο χώρο στον δίσκο C έχουμε κάποια services που δεν ξεκινανε , μπορεί να έχουμε προβλήματα στα mail μας και errors or non-delivery-reports: Error 0x800CCC6C, SMTP_452_NO_SYSTEM_STORAGE, η 452 4.3.1 Insufficient system resources.
    Από μπορούμε να γλιτώσουμε χώρο όμως ? ακολούθουν τα σημεία και ο τρόπος που μπορούμε να αυξήσουμε την χωρητικότητα μας .
    IIS and SBS Logs
    Από default, όλα τα IIS hosted web sites έχουν το logging ενεργό , μπορεί να δούμε μεγάλα folders στο C:\inetpub\logs\LogFiles (Αν θέλουμε να μεταφέρουμε τα log files δείτε στο post). Αν θέλουμε να σταματήσουμε τα log στον WSUS
    Τρέχουμε τον IIS Manager από τα Administrative Tools.
    1. Expand Server, Sites, and select the WSUS Administration web site.
    2. On the feature panel, click to open Logging.
    3. Click Disable in the Actions panel (rightmost panel)
    4. Μπορείτε να επαναλάβετε τα βήματα για όλα τα web site.
    Μερικά log files για τον SBS 2008 μπορεί να είναι πολύ μεγάλα , όλα τα SBS logs είναι στο folder (και στα subfolders): C:\Program Files\Windows Small Business Server\Logs\.
    Console.log, αυτό το log μεγαλώνει οσο ο SBS Console τρέχει *.evtx files, αυτά τα log files όταν ο server έχει μπει στην παραγωγή και εχουμε τελειώσει όλα τα βήματα της εγκατάστασης W3wp.log, στο C:\Program Files\Windows Small Business Server\Logs\WebWorkplace folder. Είναι τα log για το Remote Web Workplace. C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs folder. Αυτά είναι τα logs από το Windows SBS Manager service. POP3 Connector Badmail directory
    Αν έχουμε POP3 Connector, θα βρούμε στο C:\Program Files\Windows Small Business Server\Data\badmail αρχεία που μπορούμε να σβήσουμε
    The licensing log
    Μπορούμε να σβήσουμε τα events για τα Windows SBS 2008 licensing log
    Για να σβήσουμε events από το Windows SBS 2008 licensing log
    1. Πάμε στον server, ανοίγουμε Command Prompt window σαν administrator. Start, à command prompt.
    2. Command Prompt, and then click Run as administrator.
    3. Πληκτρολογούμε : del "%systemroot%\system32\winevt\logs\Microsoft-Windows-Server Infrastructure Licensing*%4Debug.etl.*"
    Για να απενεργοποιήσουμε από Registry Editor το licensing log.
    1. Click Start, type regedit, and then press ENTER.
    2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerInfrastructureLicensing
    3. In the details pane, right-click TraceMask, and then click Modify.
    4. In the Edit DWORD dialog box, change the value for Value data to 0 (zero), and then click OK.
    5. Restart the server.
    Windows Server Update Services (WSUS) Server Cleanup Wizard
    Στο WSUS, μπορούμε να σβήσουμε τα unused updates και τα update revisions,. Μπορούμε να τρέξουμε τον WSUS Server Cleanup Wizard.
    Server Cleanup Wizard :
    1. In the WSUS administration console (launch it from the Administrative Tools), select Options, and then Server Cleanup Wizard.
    2. By default this wizard will remove unneeded content and computers that have not contacted the server for 30 days or more. Select all possible options, and then click Next.
    3. The wizard will begin the cleanup process, and will present a summary of its work when it is finished, depending on the server performance, this may take a very long time. Click Finish to complete the process.
    Very large SharePoint SQL transaction log file
    Για τα transaction logs από τα sharepoint μπορούμε να πάρουμε πληροφορίες από
    2000544 SBS 2008 BPA Reports that The Windows SharePoint Services configuration databases log file is getting large (currently over 1gb in size)
    Active Directory Certificate Services transaction log files
    Όταν ολοκληρώνετε ένα a critical or system state backup of the C: volume, ένα νέο transaction log δημιουργείτε στο c:\windows\system32\certlog\ folder. Είναι ασφαλές να αφαιρέσουμε αυτά τα logs όσο το CA database file είναι consistent.
    Open the Services MMC and stop the Active Directory Certificate Services service.
    1. Make a backup copy of ALL the file contents present in the c:\windows\system32\certlog\ folder.
    2. Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
    3. Restart the Active Directory Certificate Services service.
    Windows Component Clean Tool
    Τέλος το Windows Component Clean Tool (COMPCLN.exe)
    Σημείωση : You cannot uninstall Windows Vista SP2 or Windows Server 2008 SP2 after you run this tool on an image.
  10. Ioannis Zontos
    Severity: Medium
    Summary:
    · This vulnerability affects: Visio 2003, only
    · How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document
    · Impact: An attacker can execute code, potentially gaining complete control of your users' computers
    · What to do: Deploy the Visio 2003 patch as soon as possible, or let Windows Update do it for you
    Exposure:
    Microsoft Visio is a very popular diagramming application, which many administrators use to create network diagrams. It also ships with some Office packages.
    In a security bulletin released today, Microsoft describes a security vulnerability that only affects Visio 2003. Specifically, Visio 2003 suffers from an insecure Dynamic Link Library (DLL) loading vulnerability, sometimes referred to as a binary planting flaw. We first described this class of flaw in a September Wire post, which describes this Microsoft security advisory. If an attacker can entice one of your users into opening a Visio related filw (such as .vsd, .vdx, .vst, or .vtx) file from the same location as a specially crafted DLL, he could exploit this flaw to execute code on that user’s computer with full system privileges, thus gaining complete control of the computer.
    Solution Path:
    Microsoft has released a Visio 2003 patch to fix this flaw. You should download, and deploy the patch as soon as possible, or let Windows Update do it for you.
    Status:
    Microsoft has released a fix.
  11. Ioannis Zontos
    Μερικές φορές έχει παρατηρηθεί σε sbs2011 να έχουμε το έξης μήνυμα κατά την επανεκκίνηση του συστήματος μας
    BOOTMGR is missing. Press Ctrl+Alt+Del to restart.
    Ένας από τους λόγους που μπορεί να προκληθεί αυτό το μήνυμα είναι αν το System Reserved Partition δεν είναι Active.

    Για να το επιλύσουμε θα χρειαστούμε το DVD tou SBS2011 και θα πρέπει να κάνουμε τις έξης ενέργειες

    1.) Boot server από το installation disk του SBS
    2.) Επιλέγουμε Next και μετά 'Repair your computer'
    3.) Επιλέγουμε το πρωτο radio button, και πατάμε Next.
    4.) Επιλεγούμε το 'Command Prompt' και δίνουμε τις εξής εντολές
    5.) Πληκτρολογούμε την εντολή Diskpart και πατάμε Enter.
    6.) Πληκτρολογούμε την εντολή List Volume και πατάμε Enter. Θα δούμε όλα τα volumes του συστήματος μας
    7.) Το System Reserved partition είναι περίπου 100 MB. Στο δικό μας παράδειγμα είναι το Voulme 1 και έχει το γράμμα D.
     

    8.) Πληκτρολογούμε την εντολή Select Volume 1 και μετά Enter.
    9.) Πληκτρολογούμε την εντολή Active και μετά Enter. Θα δούμε το έξης μήνυμα 'DiskPart marked the current partition as active'.
    10.) Πληκτρολογούμε την εντολή List Volume και μετά Enter. Θα δούμε ένα αστερίσκο για το active (*) ,στην περίπτωση μας το System Reserved partition.
     

    11.) Για να σιγουρευτούμε ότι System Partition είναι Active, Πληκτρολογούμε την εντολή List Disk και μετά Enter.



    12.) Συνήθως ο Disk 0 έχει τα Windows . Πληκτρολογούμε την εντολή Select Disk 0 και μετά Enter. Θα δούμε το μήνυμα 'Disk 0 is now the selected disk'.
    13.) Πληκτρολογούμε την εντολή List Partition και Enter.
     

    14.) Πληκτρολογούμε την εντολή Select Partition 1 και Enter. Θα δούμε το μήνυμα 'Partition 1 is now the selected partition'.
    15.) Πληκτρολογούμε την εντολή Detail Partition και Enter. Όπως βλέπουμε το System Partition (που είναι το Partition 1 στον Disk 0) είναι Active.

    11.) Βγαίνουμε από το DiskPart και δίνουμε reboot στον server
    Είμαστε έτοιμη και το σύστημα μας πλέον μπορεί να λειτουργήσει κανονικά
  12. Ioannis Zontos
    · These vulnerabilities affect: All current versions of Windows and components that ship with it
    · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted wireless Bluetooth traffic
    · Impact: An attacker can gain complete control of your Windows computer
    · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
    Exposure:
    Today, Microsoft released three security bulletins describing 21 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could wirelessly exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft's summary).
    · MS11-053: Bluetooth Stack Code Execution Vulnerability
    Bluetooth is an open wireless technology and standard for transmiting data over short distances.  The Bluetooth stack that ships with more recent versions of Windows suffers from a code execution vulnerability involving how it accesses memory that hasn't been deleted or initialized. By wirelessly sending a series of specially crafted Bluetooth packets, an attacker could leverage this flaw to gain complete control of your vulnerable computers. However, an attacker would need to remain in Bluetooth range to carry out this attack. The average range of Bluetooth varies from 5 to 100 meters. However, using special gear, Bluetooth "Snipers" have extended the range up to a Kilometer. This flaw only affects Windows Vista and 7.
    Microsoft rating: Critical
    · MS11-054  15 Kernel-Mode Driver Elevation of Privilege Flaws
    The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from 15 elevation of privilege (EoP) vulnerabilities. The flaws all differ technically, but generally share the same scope and impact. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.
    Microsoft rating: Important
    · MS11-056: CSRSS Local Elevation of Privilege Vulnerability
    The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from five technically different, but functionally similar, Elevation of Privilege (EoP) vulnerabilities. Like the Kernel-Mode Driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level  control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws.
    · Microsoft rating: Important
    Solution Path:
    Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
    MS11-053:
    · For Windows Vista w/SP1
    · For Windows Vista w/SP2
    · For Windows Vista x64 w/SP1
    · For Windows Vista x64 w/SP2
    · For Windows 7
    · For Windows 7 x64
    * Note: Windows Vista SP1 is only affected if you install the optional Feature Pack for Wireless
    MS11-054:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-056:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    Status:
    Microsoft has released patches correcting these issues.
    References:
    · Microsoft Security Bulletin MS11-053
    · Microsoft Security Bulletin MS11-054
    · Microsoft Security Bulletin MS11-056
  13. Ioannis Zontos
    Σε συνέχεια προηγούμενου post που μιλήσαμε για το backup σε sbs2011 –sbs2008
    συνεχίζουμε και θα μιλήσουμε για το system state backup

    Το backup wizard στον SBS 2008/2011 περιέχει όλες τια απαραίτητες πληροφορίες
    για να μπορούμε να επαναφέρουμε ολοκληρωτικά τον server. Όπως είναι φυσικό
    περιέχει και το system state.

    Μερικές φόρες είναι αναγκαίο να έχουμε ένα backup μόνο του system state , πχ
    αν κάνουμε σημαντικές αλλαγές στο active directory.

    Για να το καταφέρουμε αυτό δεν μπορούμε να το κάνουμε από το GUI interface
    του backup.θα πρέπει να χρησιμοποιήσουμε το εργαλείο wbadmin.exe ,που είναι
    command line εργαλείο

    . Ανοίγουμε ένα command prompt
    σαν administrator.

    Η εντολή για να ξεκινήσουμε ένα system state backup είναι :

    Wbadmin start systemstatebackup
    –backuptarget:Ε:

    Όπου Ε : είναι το drive που θέλουμε να έχουμε το system state backup.

    Το target volume για το
    system state backup δεν μπορεί
    να είναι το source volume by
    default. Αν θέλουμε να το αλλάξουμε αυτό πρέπει να πάμε στο μητρώο και να
    φτιάξουμε μια εγγραφή AllowSSBToAnyVolume στον
    server.

    HKLM\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup\AllowSSBToAnyVolume

    Type: DWORD
    Value: 1

    Aν έχουμε value of 0
    δεν μας αφήνει να
    έχουμε το system state backup
    στο source volume. Aν έχουμε
    value of 1 μας αφήνει να
    έχουμε system state backup στο source
    volume.

    Πάντως καλό θα είναι να το αποφεύγουμε να έχουμε το backup του system state
    στο source δίσκο

    Όταν τρέξουμε το εργαλείο θα δημιουργηθεί ένα directory στο target drive που
    ορίσαμε με όνομα WindowsImageBackup, αυτό θα είναι περίπου 11GB

    Αν θέλουμε να κάνουμε restore system state backup , κάνουμε reboot τον server
    σε Directory Services Restore Mode (DSRM).

    Μόλις μπούμε σε DSRM, ανοίγουμε command prompt με administrator rights και
    εκτελούμε τις ακόλουθες εντολές για να ξεκινήσει το restore.

    Πρώτα θα δούμε το version από το backup που θέλουμε να κάνουμε restore.

    Τρέχουμε την WBADMIN GET VERSIONS που θα
    μας δώσει όλα τα backups στο μηχάνημα και το version identifier.

    Θα είναι ως εξης :

    Backup time: 16/6/2011 3:33 PM

    Backup target: Fixed Disk labeled Ε:
    Version identifier:
    16/06/2011-20:33
    Can Recover:
    Application(s), System State

    Αφού δούμε το version identifier, ξεκινάμε το restore με την έξης εντολή

    WBADMIN START SYSTEMSTATERECOVERY -version: <version id>

    Όπου version id είναι το version identifier που μας έδωσε η εντολή the Get
    Versions command.

    Δηλαδή

    WBADMIN START SYSTEMSTATERECOVERY -version:
    10/06/2011-20:33

    Η WBADMIN θα μας κάνει restore το system state ,όταν ολοκληρωθεί κάνουμε σε
    reboot σε normal mode πλέον για να ολοκληρωθεί το restore.

    To part 1ΕΔΩ
  14. Ioannis Zontos
    Για να αλλάξουμε το client time-out για το Remote Web Workplace ( το default = 30 minutes)
    1. Ανοίγουμε τον Registry Editor.
    2. Βρίσκουμε το :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\
    \RemoteUserPortal
    αν δεν υπαρχει το RemoteUserPortal το δημιουργούμε !!!
    3. Φτιάχνουμε ένα DWORD (32-bit) value με όνομα PublicTimeOut
    4. Στο Value data Βάζουμε τα min που θέλουμε να μας κάνει to Remote Web Workplace session times out
    Σημαντικό που θέλει προσοχή :
     Αυτό που θα βάλουμε θα πρέπει να μην είναι μεγαλύτερο από 1440 Decimal (5a0 Hex).
    Αν είναι δεν θα δουλεύει καλά !!!
    5. Πατάμε OK.
    Για να αλλάξουμε το server time-out για το Remote Web Workplace (default = 20 minutes)
    1. Πάμε στον Windows SBS 2008 server, --> Start-->Administrative Tools,
    -->Information Services (IIS) Manager.
    2. User Account Control prompt, πατάμε συνεχεία (αν το έχετε enable που πρέπει να το έχετε )
    3. Αριστερα διπλο  double-click στο onoma tou server
    4. Διπλό κλικ στα Sites για αν γίνει expand iκαι μετά Διπλό κλικ στο SBS Web Applications
    5. Στο SBS Web Applications Home, Διπλό κλικ στο Session State.
    6. Στο Cookie Settings, αλλάζουμε το Time-out (in minutes)
    7. Τέλος πατάμε ΟΚ για αν σώσουμε τις αλλαγές μας
    Αν το client timeout value είναι μεγαλύτερο από το server timeout value:
    Η RWW page θα μας κάνει will log you off μετα το client timeout value και θα μας γυρίσει στο RWW logon page χωρίς κάποιο άλλο μήνυμα, Αν ανοίξουμε το OWA από το link που έχουμε στο RWW, το OWA page επίσης θα μας κάνει logged off και θα μας γυρίσει στο OWA logon page όταν πάμε να κλικαρουμε οτιδήποτε μέσα στο OWA. Αν το client timeout value είναι ισο η μικρότερο από το server timeout value:
    Η RWW page θα μας κάνει will log you off βασιζόμενη στο client timeout value και θα έχουμε μήνυμα στην οθόνη μας όπως .
    Αν έχουμε ανοίξει το OWA από το link που έχουμε στο RWW, τότε το OWA θα παραμείνει ανοιχτό μέχρι το δικό του timeout που είναι 15 minutes). Για πληροφορίες για το OWA idle timeout μπορούμε να δούμε στο TechNet:
    OWA Public TimeOut (default is 15 minutes) OWA Private TimeOut (default is 8 hours)
  15. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: All current versions of Windows and components that ship with it (as well as some optional components like .NET Framework)
    · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users to view malicious images
    · Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
    · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
    Exposure:
    Today, Microsoft released eleven security bulletins describing a dozen vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft's summary).
    · MS11-038: OLE Automation Code Execution Vulnerability
    According to Microsoft, Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data with or to control another application. Unfortunately, OLE Automation suffers from a vulnerability involving the way it parses specially crafted Windows MetaFile (WMF) images. By tricking a user into viewing a specially crafted image, perhaps hosted on a web site, an attacker could exploit this flaw to execute code with that user's privileges. If your users have local administrative privileges, the attacker gains complete control of their machines.
    Microsoft rating: Critical
    · MS11-039 & MS11-044 : Two .NET Framework Code Execution Vulnerabilities
    The .NET Framework is software framework used by developers to create new Windows and web applications. The .NET Framework (and SilverLight) suffers from two complex vulnerabilities having to do with how it validates parameters passed to network function, or how its JIT compiler validates values within objects. The scope and impact of these complex vulnerabilities differs depending on the attack vector. There are three potential vectors of attack: An attacker can host a malicious .NET web site; attack your .NET web site, or leverage one of your custom .NET applications to potentially elevate his privilege. We believe the malicious .NET web site poses the most risk. If an attacker can entice you to a specially crafted site (or to a legitimate site that somehow links to his malicious site), he can exploit this flaw to execute code on your computer, with your privileges. If you are a  local administrator, the attacker has full control of your machine. If you've installed .NET Framework, you should patch, even if you do not run custom .NET applications or web sites.
    Microsoft rating: Critical
    · MS11-041  Kernel-Mode Drivers Code Execution Vulnerability
    The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from a code execution flaw involving the way it handles OpenType fonts on 64-bit systems. By enticing one of your users to view a specially crafted font, an attacker could exploit this flaw to gain full control of that user's computer (regardless of the user's privilege). However, the malicious font would have to reside on the local computer, or a network share in order for this attack to succeed. Again, the flaw only affects 64-bit versions of Windows.
    Microsoft rating: Critical
    · MS11-042 DFS Memory Corruption Vulnerability
    Microsoft's Distributed File System (DFS) is a collection of client and server services that allows you to create what appears to be a single file share, but actually consists of shares on multiple hosts. The Windows DFS service suffers from two security vulnerabilities. The worst is a memory corruption flaw that has to do with how the DFS client handles specially crafted DFS responses. By hosting a malicious server on your network, which sends specially crafted DFS responses to requesting clients, an attacker could exploit this memory corruption flaw to gain complete control of a Windows computer (or in some cases, just crash your computer). That said, most adminstrators do not allow DFS traffic past their firewall. So these vulnerabilites primarily pose an internal risk.
    Microsoft rating: Critical
    · MS11-043: SMB Client Code Execution Vulnerability
    Microsoft Server Message Block (SMB) is the protocol Windows uses for file and print sharing. According to Microsoft, the Windows SMB client suffers from a security vulnerability which attackers could leverage to execute malicious code. By enticing one of your users to connect to a malicious SMB server, or by sending a specially crafted SMB message in response to a legitimate local request, an attacker can exploit this flaw to gain complete control of a vulnerable Windows computer. However, firewalls like WatchGuard's XTM appliances typically block SMB traffic from the Internet, making these vulnerabilities primarily an internal risk. That said, many types of malware leverage SMB vulnerabilities to self-propagate within networks, once they infect their first victim.
    Microsoft rating: Critical
    · MS11-037: MHTML Information Disclosure Vulnerability
    In our February advanced notification post, we mentioned a zero day MHTML vulnerability that was similar to a Cross-site Scripting (XSS) vulnerability.The flaw involves the Windows MHTML or MIME HTML component, which is used to handle special web pages that include both HTML and MIME (typically pictures, audio, or video) content contained in one file. If an attacker can entice you to visit a specially crafted web-page, or click a malicious link, he could exploit this flaw in much the same way he might exploit a Cross-Site Scripting (XSS) vulnerability; to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on a web site. Last April, Microsoft supposedly fixed this flaw. However, their fix must not have been complete since this update fixes a new variant of essentially the same issue.
    Microsoft rating: Important.
    · MS11-046 AFD Elevation of Privilege Vulnerability
    The Ancillary Funtion Driver (AFD.sys) is driver that handles Winsock TCP/IP communications. This kernel-mode driver suffers from an elevation of privilege (EoP) vulnerability. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.
    Microsoft rating: Important
    · MS11-047: Windows 2008 Hyper-V DoS Vulnerability
    Hyper-V is the hypervisor technology that Windows 2008 uses for virtualization. Hyper-V suffers from a Denial of Service (DoS) vulnerability having to do with how it handles specially crafted communications between a guest OS and the host OS. By running a specially crafted program within a guest OS, an attacker can exploit this flaw to cause a 2008 server to stop responding until you reboot it. However, the attacker needs administrative access on the guest OS in order to exloit this flaw. The flaw only affects 2008 servers.
    Microsoft rating: Important
    · MS11-048: SMB Server DoS Vulnerability
    The Windows SMB Server suffers from a Denial of Service (DoS) vulnerability having to do with how it handles specially crafted SMB requests. By sending a specially crafted SMB packet, an attacker can exploit this flaw to cause a Windows computer to stop responding until you rebooted it. Like the SMB client vulnerabilit mentioned before, this vulnerability primarily poses an internal risk since firewalls block SMB.
    Microsoft rating: Important
    · MS11-051 AD Certificate Services Web Enrollment EoP Vulnerability
    The Active Directory (AD) Certificates Services Web Enrollment site suffers from a Cross-site Scripting (XSS) vulnerability. By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on the AD Web Enrollment site. This flaw only affects the non-Itanium, server versions of Windows.
    Microsoft rating: Important
    Solution Path:
    Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
    MS11-038:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2) *
    · For Windows Server 2008 x64 (w/SP2) *
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64 *
    · For Windows Server 2008 R2 Itanium
    * Note: Server Core installations not affected.
    MS11-039 & MS11-044:
    Due to the complicated, version-dependent nature of .NET Framework updates, we recommend you see the Affected & Non-Affected Software section of Microsoft's Bulletins for patch details (or let Windows Automatic Updates handle the patch for you).
    · MS11-039 Affected & Non-Affected Software section
    · MS11-044 Affected & Non-Affected Software section
    MS11-041:
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-042:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-043:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-037:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2) *
    · For Windows Server 2008 x64 (w/SP2) *
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64 *
    · For Windows Server 2008 R2 Itanium
    * Note: Server Core installations not affected.
    MS11-046:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-047:
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    MS11-048:
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-051:
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 R2 x64
    Status:
    Microsoft has released patches correcting these issues.
    References:
    · Microsoft Security Bulletin MS11-037
    · Microsoft Security Bulletin MS11-038
    · Microsoft Security Bulletin MS11-039
    · Microsoft Security Bulletin MS11-041
    · Microsoft Security Bulletin MS11-042
    · Microsoft Security Bulletin MS11-043
    · Microsoft Security Bulletin MS11-044
    · Microsoft Security Bulletin MS11-046
    · Microsoft Security Bulletin MS11-047
    · Microsoft Security Bulletin MS11-048
    · Microsoft Security Bulletin MS11-051
  16. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: Most current versions of Excel, which ships with Microsoft Office
    · How an attacker exploits it: By enticing one of your users to open a malicious Excel document
    · Impact: In the worst case, an attacker executes code on your user's computer, gaining complete control of it
    · What to do: Install Microsoft Office updates as soon as possible, or let Microsoft's automatic update do it for you

    Exposure:
    As part of today's Patch Day, Microsoft released a security bulletin describing eight vulnerabilities found in Excel -- part of Microsoft Office for Windows and Mac. The flaws also affect some of the Office document viewer and converter applications
    Though the eight vulnerabilities differ technically, they share the same scope and impact. If an attacker can entice one of your users into downloading and opening a maliciously crafted Excel document, he can exploit any of these vulnerabilities to execute code on a victim's computer, usually inheriting that user's level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user's machine.
    Solution Path
    Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.
    Excel update for:
    · Office XP w/SP3
    · Office 2003 w/SP3
    · Office 2007 w/SP2
    · Office 2010 32-bit
    · Office 2010 64-bit
    · Office 2004  for Mac
    · Office 2008  for Mac
    · Office for Mac 2011
    · Open XML File Format Converter for Mac
    · Excel Viewer
    · Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
    Status:
    Microsoft has released Office updates to fix these vulnerabilities.
    References:
    · MS Security Bulletin MS11-045
  17. Ioannis Zontos
    Σήμερα ανακοινώθηκαν νέα update που διορθώνουν περίπου 34 προβλήματα ασφαλείας που αφορούν αρκετά προϊόντα όπως
    · Internet Explorer (IE)
    · Windows (and components that ship with it)
    · Office
    · SQL Server
    · .NET Framework
    · Silverlight
    · Visual Studio
    · Forefront Threat Management Gatewa
    Πληροφορίες στο Microsoft's summary bulletin.
    Καλό θα είναι να δώσουμε προσοχή στα update που αφορούν τον ΙΕ άμεσα
    That said, lately attackers have  focused on leveraging web and browser-based vulnerabilities to install malware via "Drive-by Downloads."
  18. Ioannis Zontos
    Σε συστήματα server SBS 2008 η SBS2011 ενδέχεται μετά από reboot να μην μπορούν να ξεκινήσουν αυτόματα κάποιες υπηρεσίες που αφορούν τον Microsoft Exchange server 2007 η τον Microsoft Exchange server 2010
    Τα services που δεν ξεκινούν είναι
    Microsoft Exchange Information Store Microsoft Exchange RPC Client Access (SBS 2011 Server Only) Microsoft Exchange Forms Based Authentication (SBS 2011 Server Only) Στο event viewer συνήθως θα δούμε κάποια η όλα από τα εξής μηνύματα
    Το Αναγνωριστικό συμβάντος: 1005
    Προέλευση: MSExchangeSA
    Κατηγορία: Γενικά
    Τύπος: σφάλμα
    Το Αναγνωριστικό συμβάντος: 2601
    Προέλευσης: MSExchange ADAccess
    Κατηγορία: Γενικά
    Τύπος: προειδοποίηση
    Το Αναγνωριστικό συμβάντος: 1121
    Προέλευση: MSExchangeIS
    Κατηγορία: Γενικά
    Τύπος: σφάλμα
    Περιγραφή: Σφάλμα 0x96e τη σύνδεση με το Microsoft Active Directory.
    Το Αναγνωριστικό συμβάντος: 5000
    Προέλευση: MSExchangeIS
    Κατηγορία: Γενικά
    Τύπος: σφάλμα
    Περιγραφή: Δεν είναι δυνατή Η προετοιμασία της υπηρεσίας Microsoft Exchange Information Store. -Σφάλμα 0x96e.
    Αν προσπαθήσουμε να τα ξεκινήσουμε manual τα τα services θα ξεκινήσουν κανονικά .Το πρόβλημα αυτό οφείλετε στο ότι στον ίδιο server SBS2008/2011 που έχουμε τον exchange server έχουμε και τον Global Catalog tou Domain μας
    Υπάρχει λύση σε αυτό πρόβλημα στο παρακάτω άρθρο
    KB article που έχει ανακοινωθεί από την ομάδα του exchange server , στο άρθρο όπως θα δείτε υπάρχουν 4 λύσεις
    Για τον sbs προτείνετε σαν best practice η 2 και η 3 , και ειδικά την δεύτερη
  19. Ioannis Zontos
    Σε αυτό το άρθρο θα έχουμε μια πρώτη γνωριμία με το Remote Web Access (RWA) του SBS2011
    To Remote Web Workplace (RWW) υπάρχει από τον sbs2003 και δίνει την δυνατότητα σε απομακρυσμένους χρήστες να μπορούν να συνδεθούν στο δίκτυο τους να έχουν πρόσβαση στα email τους , στον υπολογιστή τους , στα share points και όλα αυτά χωρίς την ανάγκη κάποιου client για vpn access
    Στον Windows Small Business Server (SBS) 2011 Standard, το νέο όνομα για το RWW is RWA(Remote Web Access), με το νέο Remote Web Access έχουμε μεγαλύτερο usability, δυνατότητες customizations και additional features όπως το file sharing.
    Για να μπορούμε να συνδεθούμε στο Remote Web Access του Windows Small Business Server (SBS) 2011 θα πρέπει να έχουμε
    TCP 443 and TCP 987 να είναι ανοιχτές από το hardware firewall Clients are running Internet Explorer 6.0 SP2 η νεότερο The RDP 6.1 or higher να είναι εγκατεστημένο στο client machine Ο client θα πρέπει να εχει trust το SSL certificate που είναι εγκατεστημένο on the Default Web Site The client θα πρέπει να συνδεθεί χρησιμοποιώντας το ακριβές URL που υπάρχει στο common name του certificate (συνήθως remote.domaincomapny.conm)
    User Interface
    Το user interface το βλέπουμε παρακάτω ,χρησιμοποιεί Forms Based Authentication όπως και οι προηγούμενες εκδόσεις

    Μόλις δώσουμε τα στοιχεία μας θα δούμε μια σελίδα που βασίζετε στα δικαιώματα και τις προτιμήσεις που έχει ο χρήστης

    Από αυτή την κεντρική τοποθεσία μπορούμε να
    Να Δούμε τα email μας με το OWA Να έχουμε πλήρες πρόσβαση στο Internal Web Site (Companyweb) Να έχουμε πλήρες πρόσβαση στα Shared Folders – αυτό δεν υπάρχει στον sbs2003 –sbs2008 είναι νέο feature του SBS 2011 Να έχουμε πλήρες πρόσβαση στα εσωτερικά computers Δυνατότητα να μπορούμε να αλλάξουμε το δικό μας domain password Να έχουμε πλήρες πρόσβαση στα Access Organizational and Administrative Links (ανάλογα των δικαιωμάτων που έχει ο χρήστης
    RWA Gadget
    Μπορούμε να κόψουμε δυνατότητες από το RWA αλλα ότι αλλάζουμε στο RWA Home page links επηρεάζει όλους τους χρήστες μας
    Web Access Properties από Windows SBS Console > Shared Folders and Web Sites tab > Web Sites

    Αν ο χρήστης μας είναι μέλος του Windows SBS Admin Tools Group θα βλεπει και τα the Administrative Links list.
    Αν θέλουμε να αλλάξουμε κάτι θα πρέπει να πάμε στο Remote web access link properties και να δώσουμε ανάλογα δικαιώματα
    .

  20. Ioannis Zontos
    Ανακοινώθηκε χτες 10/05/2011 ένα πρόβλημα που άφορα την υπηρεσία Windows Internet Name Service (WINS) για τους windows server 2003 & windows server 2008
    H συγκεκριμένη υπηρεσία πάσχει από memory corruption που μπορεί να προκληθεί όταν σταλούν πειραγμένα πακέτα wins στον server μας , το αποτέλεσμα είναι να αποκτήσει ο επιτιθέμενος δυνατότητα να εκτελέσει εντολές με SYSTEM privileges, δηλαδή πλήρες έλεγχο του συστήματος
    Η συγκεκριμένη υπηρεσία δεν είναι ενεργοποιημένη από default αλλά σε πολλά δίκτυα την εγκαθιστούμε εμείς
    Τρόπος Αντιμετώπισης
    Κλείνουμε από το Firewall την πόρτα TCP /UDP 42 , με αυτό τον τρόπο περιορίζουμε το τυχόν πρόβλημα στο εσωτερικό μας δίκτυο
    · Και κατεβάζουμε τα ανάλογα update .H Microsoft έχει ανακοινώσει λύση με το παρακάτω Microsoft Security Bulletin MS11-034
    MS11-035:
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Server 2008 (w/SP2)
      For Windows Server 2008 x64 (w/SP2)
  21. Ioannis Zontos
    Potential Zero Day Cisco IOS DoS Vulnerabilities
    Ένα νέο πρόβλημα δημοσιεύτηκε στην Bugtraq mailing list [ 1 / 2 ], για Cisco's router and switch 2 νεα zero day Denial of Service (DoS) vulnerabilities. Οι αρχική ερεύνα έγινε από την penetration test team Of NCNIPC (China).
    Οι πληροφορίες που έχουν δώσει είναι ελάχιστες και από την cisco ούτε το έχουν διαψεύσει αλλά ούτε και το έχουν αποδεχτεί
    Μικρό απόσπασμα για αυτό
    . They do say, attackers can trigger one DoS with a UDP packet flood and the other with SNMP packet sent to improper ports. In either case, the attack can put your IOS devices in a non-responsive state, requiring a reboot. By carrying out this sort of attach against your gateway router, and attacker can failry easily knock you offline
    In the meantime, keep your eyes out for UDP floods
    Cisco has since replied to these vulnerability allegations, saying they are researching the situations. However, they did not confirm or deny the DoS flaws, nor have they had time to release patches. Until they do, you can mitigate the risk of one of the flaws by disabling SNMP on your IOS device.
  22. Ioannis Zontos
    SBS 2011 Migration Preparation Tool, part II

    Σε συνέχεια του προηγούμενου άρθρου θα μιλήσουμε για το answer file

    Μπορούμε να χρησιμοποιήσουμε το answer file και για clean install αλλά και για migration

    Εφόσον έχουμε χρησιμοποιήσει το migration preparation tool είμαστε έτοιμη να το τρέξουμε για να φτιάξουμε το τελικό xml αρχείο μας

    Το τρέχουμε από την επιφάνεια εργασίας μας (source server , το εχουμε απο το preparation tool που τρεξαμε πριν )



    Μόλις το τρέξουμε



    Πάμε στην επιλογή create an answer file και βλέπουμε



    Αφού συμπληρώσουμε τις πληροφορίες που μας ζητήσει το σώζουμε σαν sbsanswerfile.xml (προσοχή μόνο με αυτό το όνομα ο sbs θα πάει να το βρει )

    Αυτό το αρχείο μπορούμε να το σώσουμε σε usb disk , σε δίσκο εξωτερικό , σε ξεχωριστό VHD disk αν θα στήσουμε το sbs σε virtual, και αν υπάρχει ακόμα και floppy drive

    Μετά από αυτό είμαστε έτοιμη να ξεκινήσουμε την εγκατάσταση μας (είτε σε clean install ,είτε migration από παλιά έκδοση )

    Οι πληροφορίες που δίνουμε στο answer file είναι οι εξής

    Migration Specific Information


    Source Server Information

    Domain Administrator Account Name: The user account name of a domain administrator in the existing domain.
    Password: admin password
    Source Server Name:  The name of the server from which you are migrating.
    Source Domain Name: The full DNS name of your organization's internal domain.
    Default Gateway:  The IP address that is assigned to the router on your network.
    Source Server IP Address:  The IP address that is assigned to the Source Server.
    DHCP is running on the Source Server: να Select this box if the DHCP service is running on the Source Server. It is recommended that the DHCP service run on the Destination Server. If you are running the DHCP service on the Source Server, it is moved for you during Windows SBS 2008 migration. If the DHCP service is running on another server or device, you must manually disable it on that server or device.
    Destination Server Information

    Destination Server Name: The name of your new SBS 2011 server.
    Destination Server IP Address: The IP for your new SBS 2011 server.  Please verify that this address is not in use.
    New Install Specific Information


    Server Information (Δεν μπορούμε να αλλάξουμε κάτι όταν ολοκληρωθεί )

    Server Name: The name of your new server. This must be a unique name on the local network.
    Internal Domain Name: The NetBIOS name of the internal domain
    Full DNS Name: The DNS name of the internal (local) domain. .
    Network Administrator Account

    First Name:
    Last Name:
    Administrator User Name: User name or alias for the new network administrator account.
    Administrator Password: εδώ θέλουμε ένα complex password γιατι αν δεν είναι complex the unattended installation stops
    Network Settings for the Server

    Automatically Detect the Network Settings: Use DHCP to identify an un-used private IP address.
    Manually Choose the Network Settings as Follows:

    IP Address: IP address of the SBS 2011 server. 
    Default Gateway: The IP address from router or your firewall
  23. Ioannis Zontos
    SBS 2011 Migration Preparation Tool, part I

    Προετοιμασία για την εγκατάσταση

    Μια από τις βασικές αλλαγές που έχουν γίνει στον sbs2011 είναι ότι περιέχει το Migration Preparation Tool

    Οι δυο βασικές εργασίες που κάνει αυτό εργαλείο είναι


    Ελέγχει την <<υγεία>> του domain μας και εντοπίζει θέματα που θα προκαλέσουν προβλήματα κατά την διαδικασία του migration
    Προετοιμάζει το domain για τον SBS 2011.
    Δεν μπορούμε να προχωρήσουμε σε migration mode install αν δεν τρέξουμε αυτό το εργαλείο , από την στιγμή που το τρέξουμε έχουμε 14 μέρες για να ξεκινήσουμε το migration

    Για να προετοιμάσουμε ένα domain για τον sbs2011 το εργαλείο ολοκληρώνει τα έξης


    Raise the domain and forest functional level to Windows Server 2003
    Use ADPREP to extend Active Directory schema to Server 2008 R2
    Install hotfix KB943494 to extend SBS co-existence to 21 days (SBS 2003 only)
    Convert Exchange to Native Mode (SBS 2003 only)
    Επίσης το εργαλείο έλεγχοι το domain και τον source server για λάθη και για λανθασμένη παραμετροποίηση στο domain μας ,όπως


    Journal Wrap
    Domain\Forest Functional Level
    Services not started
    Updates missing(πολύ βασικό θα το δούμε και παρακάτω)
    Broken replication
    Missing Sysvol Share
    IPv6 Disabled
    Και διάφορα αλλα task που κατά περίπτωση θα βρει
    Το εργαλείο μας βγάζει errors & warnings ,καλό θα είναι να διορθωθούν ΟΛΑ , θα μας γλιτώσει από πολλά προβλήματα στο μέλλον



    Για να μπορέσει να γίνει η εγκατάσταση του εργαλείου θα πρέπει να υπάρχουν στο σύστημα μας τα έξης


    Software

    .Net 2.0 SP1
    Microsoft PowerShell 2.0
    Microsoft Baseline Configuration Analyzer
    User Permissions

    Enterprise Admin
    Schema Admin
    Domain Admin
    Source Machine

    Schema Master FSMO Role
    Infrastructure Master FSMO Role
    Αν δεν τα έχει θα δούμε το έξης μήνυμα



    Και στην αντίθετη περίπτωση που όλα είναι εντάξει θα δούμε



    Εκτέλεση του εργαλείου Migration Preparation Tool

    Όταν έχει γίνει η εγκατάσταση μπορούμε να το τρέξουμε από το shortcutπου θα υπάρχει στο desktop

    Φυσικά το προτεινόμενο όπως θα δούμε είναι να κατεβάσουμε και να εγκαταστήσουμε τα updates



    Όταν ολοκληρωθεί η διαδικασία των update (εξαρτάται από την ταχύτητα του internet μας ) βλέπουμε το έξης



    ΘΑ ΠΡΕΠΕΙ ΝΑ ΕΧΟΥΜΕ ΕΠΙΤΥΧΗΜΕΝΟ και δοκιμασμένο backup του συστήματος

    Από αυτήν την στιγμή το εργαλείο μας είναι έτοιμο να ξεκινήσει το preparation του domain για να μπορέσουμε να εγκαταστήσουμε τον νέο sbs2011,αναλογα του domain που έχουμε θα γίνουν από 0-4 εργασίες , μόλις ολοκληρωθεί θα πάρουμε ένα πράσινο checkmark , σε αντίθετη περίπτωση αν έχουμε fail μπορούμε να πάμε στο C:\Users\<UserName>\AppData\Local\Temp\Migration Preparation Logs και να δούμε τι συμβαίνει



    Συνεχίζουμε με next και το εργαλείο θα συνεχίζει να ελέγχει το σύστημα μας , και σε αυτό το σημείο θα έχουμε errors or warnings (αν έχουμε sbs2008 με exchange2007 και δεν έχουμε SP3 θα δούμε το έξης )



    Ότι και να μας βγάλει ΠΡΕΠΕΙ να το διορθώσουμε και να ξανατρέξουμε το εργαλείο μας , και φυσικά θα πρέπει μετά την διόρθωση να πάρουμε ένα νέο backup πριν επαναλάβουμε την διαδικασία μας

    Στο τέλος θα πρέπει να δούμε το έξης



    Και μετά θα είμαστε έτοιμη για να προχωρήσουμε στο δεύτερο και πιο γνωστό εργαλείο μας το answer file που υπάρχει και στον sbs2008 και έκανε το migration πολύ εύκολο

    Όταν τρέξουμε και το answer file generator είμαστε έτοιμη για το migration



    Θα επανέλθω με νέο post για το answer file tool
×
×
  • Create New...