Tuesday, December 25, 2007

Remote Server Administration Tools (RSAT) Beta is now available!

This is something that of you have been waiting for a while now! Remote Server Administration Tools (RSAT) is essentially the WS08 version of the "Admin Pack". RSAT allows you to install many of the WS08 management tools on a Vista SP1 computer so you can remotely manage WS08 servers (full servers and server core). Some of the tools included in RSAT can also be used to manage WS03 servers as well.
More details about RSAT are pasted below.


Microsoft® Remote Server Administration Tools enables IT administrators to remotely manage roles and features in Windows Server® 2008 from a computer running Windows Vista with Service Pack 1. It includes support for remote management of computers running a Server Core or Full Server installation of Windows Server 2008. This feature has been requested by customers as a replacement for the Windows Server 2003 Administration Tools Pack.

To test the Remote Server Administration Tools Beta and obtain customer feedback, Microsoft offers a Feature Focus program for this update, starting November 28, 2007 on the Microsoft Connect site. By participating in the program, you have the opportunity to try the new Remote Server Administration Tools, and provide feedback directly to the product team. The download is available as part of the Windows Beta program

Monday, December 24, 2007


Centro" = Windows Essential Business Server

Essential Business Server combines Windows Server 2008, Exchange Server 2007, System Center Essentials, Forefront Security for Exchange, the next version of ISA and SQL Server 2008 (in Premium Edition) into an "all-in-one" solution. But the product is truly more than the sum of its parts and delivers new technology above and beyond the component products. Essential Business Server provides a single point of management for all of the components and workloads, as well as third party software applications, and incorporates an incredible amount of best practices. We estimate set up will require 75% fewer steps than what is required today, for example. In addition, it has a single server license and a single client access license, as well as features to help IT track, manage and re-assign licenses.

Microsoft hardware partners that are already planning to support Essential Business Server include Fujitsu Siemens, HP, IBM and Intel. Software partners already developing or planning on creating "Add-Ins" for the Essential Business Server console include CA, Citrix, FullArmor, McAfee, Quest, Symantec and Trend Micro. Microsoft applications will add-in, too, of course.

Thursday, November 29, 2007

E12 SP1 Released and its features

Hi Friends,
As we all know that Exchange 2007 SP1 will be released for production tomorrow 30/11/2007 after a while in market as a beta release. Now I will navigate you for the SP1 features and enhancements:
- Support for IPv4 and IP6
If you installed Exchange 2007 SP1 on windows Server 2008 you have an option to enter the IPv6 format
- CAS Improvement
o GUI for administering POP3 and IMAP4 for authentication, connection and ports setting
o EAS Improvement:
§ An Exchange ActiveSync default mailbox policy is created.
§ Enhanced Exchange ActiveSync mailbox policy settings have been added.
§ Remote Wipe confirmation has been added
§ Direct Push performance enhancements have been added
o Changes to Outlook Web Access Light so that Outlook Web Access does not time out while a user is composing a long entry.
o Changes to Outlook Web Access Premium The following features have been added to Outlook Web Access Premium in Exchange 2007 SP1:
§ Users can create and edit Personal Distribution Lists.
§ Users can create and edit server side rules.
§ WebReady Document Viewing has added support for some Office 2007 file formats
§ Users will have access to the dumpster from Outlook Web Access and will be able to use the Recover Deleted Items feature.
§ A monthly calendar view has been added.
§ Move and copy commands have been added to the Outlook Web Access user interface.
§ Public Folders are supported through the /owa virtual directory.
§ S/MIME support has been added.
- HUB Improvement
o Improvements in Transport Rule in the Back Pressure Future
o The addition of transport configuration options to the Exchange Management Console
- MB Improvement
o Public folder management by using the Exchange Management Console in MB server Role
o New public folder features
o Mailbox management improvements
o Ability to import and export mailbox by using .pst files
o New performance monitor counters for online database defragmentation
o Standby continuous replication
o New quorum models (disk and file share witness)
- Unified Communication
o Many features and enhancement for UM server role [ check the website]

And Support for public folder access. Public folders can now be created, deleted, edited, and synchronized by using the Exchange Web Services.

I will give a brief of SCR new feature in Exchange 2007 SP1

o Standby continuous replication

Basically, a regional cluster solution, or remote site recovery that Microsoft present to us out of the box. In brief instead of using LCR to replicate the database to a local hard drive in the Exchange Server 2007 server, SCR lets the copy of the storage group take place on multiple remote Exchange Server 2007 server within the site or between two sites. In the event the production server fails, then the copy generated by SCR can be mounted and run. I really love the MS Exchange team !


Saturday, November 24, 2007

SCCM Extras

Microsoft Links

1- System Center Configuration Manager 2007 Toolkit

The following list provides specific information about each tool in the toolkit.
Client Spy - A tool to help troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.
Policy Spy - A policy viewer to help review and troubleshoot the policy system on Configuration Manager 2007 clients.
Trace32 - A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers.
Security Configuration Wizard Template for Configuration Manager 2007 - An attack-surface reduction tool for the Microsoft Windows Server 2003 operating system with Service Pack 1 and Service Pack 2 (SP1 and SP2) that determines the minimum functionality required for a server's role or roles, and disables functionality that is not required.
DCM Model Verification - A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console.
DCM Digest Conversion - A tool used by desired configuration management content administrators to convert existing SMS 2003 Desired Configuration Management Solution templates to Desired Configuration Management 2007 configuration items.
DCM Substitution Variables - A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.



2- System Center Configuration Manager 2007 Configuration Pack

Software installation errors and misconfigurations compromise security and stability, resulting in escalated support costs. The System Center Configuration Manager 2007 Configuration Pack can help prevent errors, increasing your organizational uptime and helping you build a more secure and reliable Configuration Manager 2007 infrastructure. This Configuration Pack contains Configuration Items intended to manage your Configuration Manager 2007 site system roles using the desired configuration management component in Configuration Manager 2007. This configuration pack monitors the following site system roles: management points, distribution points, and software update points. The Configuration Pack can also monitor Windows Server Update Services (WSUS) components on software update points or upstream WSUS servers. To manage your site system roles with this Configuration Pack, import and assign the Microsoft System Center Configuration Manager 2007 Server Roles configuration baseline to a collection which contains your Configuration Manager 2007 site systems. While there is one configuration baseline for all site systems, it evaluates compliance only for roles configured on the site system. For example, if a computer has only the distribution point role, it will not be evaluated for management point configurations. To understand in detail what each configuration item will be evaluating, review the properties of that configuration Iitem in the context of the Configuration Manager 2007 Server Role being addressed. System Center Configuration Manager 2007 site roles covered:
• Management points • Distribution points • Software update points



3- System Center Configuration Manager 2007 Vulnerability Assessment Configuration Pack

Software installation errors and misconfigurations compromise security and stability, resulting in escalated support costs. System Center Configuration Manager 2007 Vulnerability Assessment Configuration Pack can help prevent errors, increasing your organizational uptime and helping you build a more secure infrastructure. This configuration pack provides vulnerability assessment reporting for common software misconfigurations using the desired configuration management component in Configuration Manager 2007. The Configuration Manager 2007 Vulnerability Assessment Configuration Pack monitors the configuration of Microsoft Windows operating systems, Internet Explorer, Microsoft Office, SQL Server, and Internet Information Services (IIS). To use this Configuration Pack, import and assign the three configuration baselines (Vulnerability Assessment: IIS Baseline, Vulnerability Assessment: SQL Server Baseline, Vulnerability Assessment: Windows Baseline) to a collection containing the computers you want to monitor. To understand in detail what each configuration item will be evaluating, review the properties of the configuration item. Scenarios:
• Scan for potential security issues that may exist because of misconfigurations. • Example checks:
o Are unnecessary services installed and running? o Do shared folders have appropriate permissions? o Is Windows Firewall enabled? o Are strong passwords enforced? o Are unsecured guest accounts enabled?


Sunday, November 18, 2007

Step-By-Step Guide: Configure System Center Configuration Manager 2007 For Native Mode By Certificate

Hi Guys

Today, I present to you the first document in the internet that guide you to configure certificates for SCCM 2007 preparing it for the native mode

the file is attached as .pdf and it's allowed to be published everywhere but please credit that to Dr.Kernel as the owner

Download Link:

Thursday, November 15, 2007

10 Steps guide to configure Certificate based authentication between Agents and Management Server

I made this guide to configure certificate based authentication between ths SCOM RMS server and agents in non-trusted domain. Tarek did helped me at the first place by telling me about momcertimport.exe tool that i didn't knew about it at the time being, then i figured it out after a while


it's posted at Tarek's blog earlier that i had no blog at that time :)

Monday, November 12, 2007

SCOM 2007 Parametrs

Well well well, what we have here ...

have you tried to run the /? command on every .exe file you ever see ? actually that's me :)

and here is the result of what i got on the SCOM executable file

C:\Program Files\System Center Operations Manager2007>Microsoft.MOM.UI.Console.exe /?

i liked that /clearcache one looks usefull

Microsoft Forefront Client Security Health Management Pack for MOM 2005

The Forefront Client Security Management Pack allows you to monitor key Client Security components from a centralized MOM location in order to ensure that your Client Security environment is running efficiently.

This is to mention that it's just arrived, more details will come soon


Microsoft Fantastic 4 :Forefront and System Center Demonstration Toolkit

virtual-machine based demo environment containing Forefront and System Center products. After installing this demo, please read the accompanying Script Steps document that will show you how to demo the following capabilities:

1. System Center Configuration Manager pushing Forefront Client Security signatures to keep a client machine updated
2. Forefront Security for Exchange Server blocking viruses in emails received in Outlook 2007
3. System Center Operations Manager monitoring the health of servers and clients in the environment
4. Intelligent Application Gateway adapting user access to SharePoint 2007 based on end-point policy detection
5. Forefront Client Security performing Real-time Protection against malware.

[Require Registeration]


Microsoft Forefront Client Security Best Practice Analayzer

Microsoft Forefront Client Security Best Practice Analayzer Ready For Download !


install and run it from
C:\Program Files\Microsoft Forefront\Client Security\BPA\fcsbpa.exe

or the command prompt version
C:\Program Files\Microsoft Forefront\Client Security\BPA\fcsbpacmd.exe

Microsoft Forefront Client Security Product Documentation

Download the product documentation for Forefront Client Security. Documentation includes guidelines and information from the Microsoft Forefront Client Security team, including deployment instructions and more.The June 2007 release contains:

• Microsoft Forefront Client Security Getting Started Guide

• Microsoft Forefront Client Security Planning and Architecture Guide

• Microsoft Forefront Client Security Deployment Guide

• Microsoft Forefront Client Security Administrator's Guide

• Microsoft Forefront Client Security Performance and Scalability Guide

• Microsoft Forefront Client Security Disaster Recovery Guide

• Microsoft Forefront Client Security Security Guide

• Microsoft Forefront Client Security Troubleshooting Guide

• Microsoft Forefront Client Security Technical Reference Guide



FCS Service Kit: Scripts to uninstall Mcafee, Symantic, Sophos, E-trust and Trend AVs

Hi guys, today and after all here it comes the uninstall scripts for the Antivirus products

This rar file include:
FCS-SampleScript Install FCS Client.vbs
FCS-SampleScript Uninstall Anti-Spyware Products.vbs
FCS-SampleScript Uninstall eTrust AV.vbs
FCS-SampleScript Uninstall McAfee AV.vbs
FCS-SampleScript Uninstall Sophos AV.vbs
FCS-SampleScript Uninstall Symantec AV.vbs
FCS-SampleScript Uninstall Trend AV.vbs
FCS-SampleScript-XPSP2 HotFix Install.vbs

That helps you to uninstall other AV Products before installing FCS Agent, you can edit it to target specific version or product


Please use wise


How to uninstall Forefront Client Security Agent From All Computers By Startup Script

Well, after a lot of deployment scenarios. I wondered what if i want to uninstall FCS from all computers, the TechNet says that you will manually uninstall it. but i again i wan't completly convinced by this solution for the enterprise.. so

i managed to get the hash for the FCS agent and use it with MSIEXEC /I command to uninstall the Agent

well here is the way:

To uninstall put the red line in a .bat file and made it startup script

Microsoft Forefront Client Security Antimalware Service v 1.5.1941.9
MsiExec.exe /I{D3E31640-DC20-4722-A1CF-604FF6C540B0}

Microsoft Forefront Client Security State Assessment Service V 1.0.1703.0
MsiExec.exe /X{E8B56B38-A826-11DB-8C83-0011430C73A4}


Saturday, October 27, 2007

Forefront Client Security Features

1- Best Of Breed:
As Microsoft infrastructure products fit best together with its other Microsoft products, we offer FCS that integrate with AD infrastructure and integrate with your operating system well as. The anti virus vender is the same with the operating system vendor which present the Best Of Breed and integration between the same Microsoft platform ensuring that no Third parties overwrites or additional registry keys. beside other anti viruses while uninstalling, It doesn't remove all its registry keys and files.. FCS works best with Microsoft Desktops

2- Unified protection
While any antivirus system is based on windows system and its services, and while operating system is booting and starting service after service, you should know that the over-windows services always run the latest as kernel and core windows services must run first, till the operating system complete it’s loading and the antivirus service is not yet initiated, the operating system is 100% unsecured and as it have not any antivirus software installed , and any worm even it’s absolute worm can attack your system and kill your antivirus service at the first place !
With Forefront client security you ensure that operating system is batched with latest batches and hot fixes to ensure there are no worms attack that will use any old or new System vulnerability to launch attack on your system by distributing updates by Microsoft Software update Service

3- Best Of Class
One of the best antivirus have been before in house with low price against others

4 – Deployment
Setting get to client by means of group policies with the GPMC that add registry keys to the FCS Client to point him to his management server which present ease of use out-of-the-box

5- Reporting
With Microsoft SQL reporting engine, and with the managed MOM agent that’s deployed with FCS client, you can generate reports on incidents and events that had happened in the Viruses behavior in your network

· Awards
Info Security 2008 Global Product Excellence Finalist
ICSA Labs Certification
Virus Bulletin 100% Award
West Coast Labs Checkmark Certification

· Reporting Design


Unified Protection
One solution for spyware and virus protection
Built on protection technology used by millions worldwide
Effective threat response
Complements other Microsoft security products

Simplified Administration
One console for simplified security administration
Define policy to manage client protection agent settings
Deploy signatures and software faster
Integrates with your existing infrastructure

Visibility and control
One dashboard for visibility into threats and vulnerabilities
View insightful reports
Stay informed with state assessment scans and security alerts

Tuesday, October 23, 2007

Microsoft Forefront Server Security Management Console Trial Version Available !

The Microsoft Forefront server Security management CONSOLE (FSSMC) is available now as RTM version and can be downloaded in the Download center as 120 Day Trial

Assistance of the FSSMC installations can be administered and supervised by Microsoft Forefront server Security and Microsoft antigen in a network together over a Web-based surface central.


Microsoft Forefront Server Security Management Console User Guide


Exclude Certian Processes From Forefront Scan Jobs

If one would like to exclude certain processes with Forefront Client Security (FCS) from the Scan by the anti-mark commodity engine, one does not become fuendig in the possible attitudes of a guideline in the Forefront Client Security management CONSOLE. There there is the possibility of listing paths and file extensions only unfortunately to indicate. One can deposit processes which can be excluded at present only directly in the Registry or by GPO (ADM):

For each process in addition under
HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes
new DWORD entry with the complete listing name of the process (e.g. "C:\WINDOWS\system32\Dienstname.exe") one puts on.

The value of these entries is always 0

Triggering Immediate Update Checker for Win and FCS updates

After you Deploy FCS you will wait the client operating system to detect updates based on the frequent that you specified in the group policy, but you can immediate trigger update detection by running this command in the RUN or CMD : wuauclt /detectnow .. here is a guide for some wuauclt command and its parametrs that i found usefull:


Client Troubleshooting Tool RequirementI'd like to see either one tool (i.e wuauclt.exe) that does "everything", or two tools: wuauclt (that runs client stuff) and waucltLINT (that sorts out issues, ala DNSLINT, etc). I can live with either, although there might be value in having 2. But in what follows, I've assumed that JUST wuauclt.exe is to be used.The following feartures/switches are needed.1. /? - list parameters and usage/? - describes usage of wuauclt.exeThe /? switch should be supported and give details of wuauclt usage. If client options are in error, this summary is displayed following an explanation of why the error occured. ALL command line tools should support this option.

2. Verbose mode console logging, with multiple levels/v - verbose mode/vv - very verbose modeBoth switches cause wuauclt to output normal log information to the command line (STDIO). /v provides basic information, while /vv logs greater detail. /vv is what is logged in normal logs. While wuauclt can log to a log file, it's more work for the admin when troubleshooting, The admin has to run the command, then navigate over to another folder, find the log, the navigate to the end of it, to find out where the run began. This is harder than it needs to be, and the /v, /vv options could just pipe log entries to stdio.

3. List client configuration/configlist - lists WUAUCLT configuration.This option lists all configuration items current by the client, and includes the client version number, AU policy/registry settings and provide details of all AU clients files, version numbers, file dates, etc. This helps admins (and MS) to ensure that the right client versions are loaded.

4. Install the correct AU client by force/installAUclient/installAUclientFromMicrosoftThis option causes the system to contact either the confiugred WSUS server, or Microsoft's WU server, and to reinstall forefully the latest version of the AU client. This enables admins (and MS) to ensure that the latest client versions are loaded, and enables download from Microsoft for roaming systems.

5. Make /DetectNow a little less silent/DetectNow - forces a client AU detection and logs detailsThe /detectnow option should log to stdio what it is doing. This includes what WU server is it contacting, how many updates are on the WU server, and how many are needed by the client, etc, and any information being sent back the server. This is really no change, just requesing some level of output to stdio. This makes troubleshooting quicker.

6. Clear Log File/clearlogfile - clears the client update log file/clearandsaveogfile - saves the current client update log file to a named file, then clears the update log.Currently, the client log appears to be non deletableand just grows. This is a potential DOS vector. Also, for troubleshooting, it's helpful to be able to clear the log (possibly saving it first for later detailed exam).

7. Download Updates Now/downloadnow - initiates an immiate downoad of any requried update using BITS/downloanowfast - initiates an initiates an immiate downoad of any requried update using HTTP.This option forces the AU client to start downloading of any outstanding updates. the secton version downloads using HTTP, and is therefore much faster in elapsed time and is mainly used for troubleshooting isues (or possibly to speed up larger updates). Often, expecially for laptops that have been 'abroad' for awhile, you want to just get all the approved updates NOW, and not wait for the next detection time.

8. Stop Downloading AU Updates/stopdownload - stops any AU updates being downloaded (either using HTTP, or BITS).This option stops the downloading of any AU updates either queued, or in progress. Just as you can invoke a download, you need to be able to stop it.

9. Test WSUS Server Connecttion/TestWSUSServer - checks connection with configured WU ServerThis option attempts to coonect to the WSUS server configured, and checks that a connection can be made, and that communcations between AU client and WSUS server is working. This would be useful for example, to diagnose network communications failures, or an internal firewall that might be accientally blocking some traffic between client and server.

and don't forget to always check the \windowsupdate.log to see the AU error and sucess logs


Monday, October 22, 2007

Forefront Client Security Startup Scan batch

When you deploy FCS, there is no option for making a startup scan, we can make this feature working by making a startup script with a batch file that run the following command

For Quick Scan:
%ProgramFiles%\Microsoft Forefront\Client Security\Client\Antimalware\mpcmdrun.exe scan scantype 1

For Full Scan:
%ProgramFiles%\Microsoft Forefront\Client Security\Client\Antimalware\mpcmdrun.exe scan scantype 2

tested ;)