• Windows XP with Service Pack 2 (x86)
• Windows 2003 Server (x86)
• Windows 2003 Server and Windows XP (x64)

You can find out about the features and the system requirements on the Microsoft IE web site.

Personally, I find the phishing filter slows down my browsing experience so I disable it (not just turn it off).  I know when someone is trying to get me to divulge my credit card or banking details.  I really like the addition of tabbed browsing (about time) and RSS (which I use a lot).  You’ll find when you start it up that a number of companies (not just the usual search engines) have produced extension to make their site the default search engine for your browser and that IE7 presents you with this choice.

I’ve been using IE7 during it’s beta process and I can recommend it.  Do make sure you test against your applications before widespread deployment.  There’s bound to be junkware out there that doesn’t like it.

• Microsoft Softgrid: Softrird (from the Softricity acquisition) is a super new way of deploying complex application catologs to the desktop environment.  Using application virtualisation you can seperate the application from ther desktop’s OS installation and from other applications.  This reduces complexity, eliminates regression testing, resolves compatibility problems and increases security.  Self service user deployment (with workflow/approval)is possible via a web portal which minimises IT involvment in application deployment.  Also, by using streaming, wasted disk space is eliminated.
• Microsoft Asset Inventory Services: Every application installed on your desktop network can be identified for auditing purposes.  This goes much fiurther than SMS 2003 on SP2 si going because it can identify application from a database of 430,000 known applications.  It does not just rely on the contents of add/remove programs because as we know, many vendors do not adhere to well accepted standards.
• Microsoft Advanced Group Policy Management: To quote Microsoft, it "increases control over Group Policy Objects (GPOs) – the component rules within Windows’ administrative management system – and is intended to allow IT administrators to delegate or assign administrative control of specific tasks based on employees’ titles or roles … provides administrators additional safeguards for GPOs, including detailed logs to track all changes and the ability to quickly undo inappropriate changes. These new tools function as a native extension to Microsoft’s Group Policy Management Console, providing a central management interface for all Group Policy administration".
• Microsoft Diagnostic and Recovery Toolset: This offers diagnostic tools, the ability to recover data that has been lost and a post crash analysis toolkit.

There is a feature chart available.

Anyone tracking what Microsoft has been doing will have noticed a number of acquisitions of interesting players in this market.  I can see that Softrgrid was purcahsed from Softricity.  I am wondering if Advanced Group Policy Management is a result of the Desktop Authority acquisition.  The tools in the Diagnostic and Recovery Toolset are a result of the recent Winternals acquisition.

This tool kit will be of great benifit to desktop/laptop administrators.  It will reduce complexity, offer new deployment mechanisms, reduce project times and costs, enahnce automation and enable them to spend more time on engineering rather than firefighting or repetitive tasks.  And if things do go wrong, there will be tools to help diagnose those problems.

Microsoft has belatedly released a MOM 2005 management pack for the version 9.0 Antigen products (the next version being Forefront Security for Exchange 2007 and is currently in Beta).  Microsoft says:

The new Microsoft Antigen Management Pack for MOM supports the 9.0 versions of Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateways, and Microsoft Antigen Spam Manager. The MOM pack supplies critical events and alerts on virus, worm, and spam activity to MOM 2005, and also monitors the health and availability of these products.

You can now deploy Windows Vista using SMS 2003 thanks to an updated release of the OS deployment feature pack.  This image based solution is ideal for replacing solution such as Ghost.  It is superb for client OS upgrades and clean domain migrations.

The following updates will be available from Microsoft Update in the following few hours.  As usual, you should test them before deploying onto a production environment.

Critical

• MS06-057: Vulnerability in Windows Shell Could Allow Remote Code Execution – Windows
• MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution – Powerpoint
• MS06-059: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution – Excel
• MS06-060: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution – Word
• MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution – Windows
• MS06-062: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Office

Important

• MS06-063: Vulnerability in Server Service Could Allow Denial of Service – Windows

Moderate

• MS06-056: Vulnerability in ASP.NET Could Allow Information Disclosure – .Net Framework
• MS06-065: Vulnerability In Windows Object Packager Could Allow Remote Code Execution – Windows

Low

• MS06-064: Vulnerabilities in TCP/IP Could Allow Denial of Service – Windows

I’ve just completed a whitepaper on this feature pack that is included in SMS 2003 R2.  It is a pretty simple feature pack and I like the power it adds to an SMS network to do an otherwise nasty task, i.e. scanning the network for insecure configurations.

In the late summer of 2006, Microsoft released Systems Management Server 2003 R2 (Release 2). SMS 2003 R2 consists of 2 CD’s: CD 1 is SMS 2003 with Service Pack 2 integrated and CD2 contains:

• The Device Management Feature Pack: A previous free release that adds functionality to manage Windows Mobile and Windows CE devices using SMS 2003.
• The Inventory Too l for Custom Updates Feature Pack: A new feature pack that is available to those who are entitled to install SMS 2003 R2. This feature pack adds functionality to SMS 2003 so that you can deploy updates for third party products (e.g. Citrix and Adobe) and so that you can also deploy your own catalogues of updates for in-house or 3^rd party products.
• Custom Updates Publishing Tool: This administration tool enables you to build catalogues from EXE or MSI installers for use with the Inventory Tool for Custom Updates. This is licensed for SMS 2003 R2 customers and MSDN subscribers.
• The Scan Tool for Vulnerability Assessment: A new feature pack that adds security auditing and reporting functionality to SMS 2003.

SMS 2003 R2 is a simple release. If you need the functionality described above then upgrading to SMS 2003 R2 is simple. You insert the second CD and install the feature packs as described in the help file on the root of the CD. There is no SMS migration, no SMS upgrade or no server migration. The R2 release is nothing more than 2 new feature packs and a tool that is available to MSDN subscribers. If you do not need the above functionality then I would recommend that you do not bother to upgrade, even if you do have the right to under software insurance. I would wait until the much anticipated release of System Centre Configuration Manager 2007, aka SMS V4.

I do not want to belittle SMS 2003 R2. The added features will be of great benefit to many SMS 2003 customers. This document will describe one of the new feature packs added by SMS 2030 R2, the Scan Tool for Vulnerability Assessment (STVA).

The SVTA will be of great benefit to security officers, IT auditors and security conscious administrators. It will automatically scan targeted computers and centrally store compliance information. This can easily be reported on using SMS reports (SMS console or web based). This means that vulnerability information can be made available to non technical people via delegated reports.

The document continues …

The final "release" version of Internet Explorer is going to be avale for download this month.  It will initially be available for downloads and will then be available via Automatic Updates.

I really like IE7.  I’ve been using beta releases of it for several months.  There are some nigglies (like not be able to permanently approve actions for specified sites) but on the whole, it’s a major upgrade from IE6.  I make great use of the RSS reader and tabbed browsing is a plus.  The latter was long overdue from the IE team.

IE7 will be made available via automatic updates and via WSUS.  WSUS administrators can choose to not approve the download thus preventing automated deployment of IE7 on their networks.  There is a tool to prevent automated download via Automatic Updates for standalone computers. 

The IE team has posted an entry on their blog about how to prepare for the deployment of IE7.

The Beta for Office 2007 is now over.  It is expected to RTM very soon with it probably hitting the shelves around the same time as Windows Vista.  What can you expect?

The user interface is much different.  Menus are a thing of the past.  Instead you have a series of … panels?  Each panel (?) has a display of icons for doing various functions.  Anyone who is really familiar with MS Word right now will hate the the new version.  Every thing is different.  For example, the styles selection menu is horrible to use.  But, I felt the exact same way with Windows XP when it came along.  Most people who knew their way around Windows hate the new style interface.  Everythign was moved to make it easier for users to navigate.  And it worked.  My eperience was that users loved Windows Fisher Price while administrators all swtiched to the classic theme and classic control panel.  I do think the new interface in Office 2007 works really well in Exchange 2007.  I’m not sold either way on Outlook 2007 yet.  I know the beta prompted you to download a desktop search engine that would cripple any computer not worthy of launching rockets into space.

What else to look out for?  The mass deployment method is changed slightly.  I’ve documented how to do it while at my last job.  The document discusses how to deploy it with SCCM 2007 but the same method applies for Group Policy or SMS 2003 deployments. 

The default is that Office 2007 will save using the new XML based formats.  Just when you thought that version incompatibilities, e.g. Office 95 vs Office 97 were over.  Now, Word will try to save a document as a .DOCX file.  You can change this to use Office 2003 formatting, i.e. .DOC but you do lose some of the new fancy formatting.  I recommend you do this until Office 2007 becomes the norm with your business partners or clients.  It’s possible to do it in each product but I expect an ADM template will offer you the ability to do it centrally from a GPO.

The ability to save a document as a PDF right out of the box has been removed.  Adobe had some concerns about this functionality which is understandable.  MS didn’t fight it much.  However, MS have made a free add-on available to allow you to save as PDF or XPS from Office 2007.

Office 2007 is Microsoft’s cash cow.  But you know, it’s not really that exciting for most people.  Companies are generally slow to go to a newer version out of compatibility concerns.  Lots of organisations are slow to move from Office 97.  Lots are still on Office 2000.  They really don’t see the need to change.  Microsoft has radically redesigned Office with this release.  Part of their effort was to introduce Office as a brand that includes a range of server products including the anticipated Sharepoint Portal 2007, Lice Communications, Project Server and of course, Exchange 2007 which will be a major upgrade on functionality and design.  With this entire brand, MS aims to get corporates to buy into this new Office release like they have never done before.

I can understand the advantages and the pitch, but I don’t see it working.  The message is not getting across clearly enough or at all.

The final public test version of Windows Vista has been released.  Release Candidate 2 is available for X86 and X64 clients on the Microsoft Connect site.  Vista is expected to RTM on schedule next month.  It will be available for general consumption in January.

From talking to clients, reading the press and reading chat forums, my gut is telling me this release could be a bit of a damp squib.  I wouldn’t rush out and buy any MS stocks right now.  In fact, I expect the reception to be quite negative in the technical community once the marketing types have moved onto other shiny new things.

RC1 should have been pretty close to what the curstomer can expect once it hits the shelves.  If so, things could be bad:

• There are many problems not only with 3rd party applications, but I’m hearing there’s problems with MS applications too.
• I’m reading that there has not been consistant improvements in performance.  Early betas sucked the life from any PC they were installed on.  Things got better, then worse, then better, then worse.  Who knows what to expect now.
• UAC is proving to be quite controversial.  Many are turning it off straight away.
• The activation process for Volume License editions is not popular at all.  In fact, it’ll probably hurt if not almost kill VLK sales of the OS.  There will be no advantage to buying VLK editions any more.
• Windows Vista Enterprise is only available to those who buy a VLK edition with software assurance.  SA will only be bought by those who are deploying a new OS withing 3 years of a major release and who plan to upgrade again then.  I’m sorry MS, R2 releases are not a justification for SA.
• I was keen to see BitLocker.  But now I’m hearing you need to prepaare a custom build for machines that will be encrypted with BitLocker including a special 1.5 GB partition for BitLocker itself.

I don’t have any problem with the stuff MS is doing with the Kernal that Symantec and McAfee and whinging about.  I also must temper the above points by saying I was skeptical of Windows 2000 and many on the net thought it would bring about the end of the world.

I guess we’ll have to wait and see.