Windows Time And The W32TM Service

Nathan Winters, a MS infrastructure pro, has an article on the TechNet blogs site that goes into great detail on how time works and is synchronised in a Microsoft Active Directory network.  It’s a good read and goes into all sorts of detail.  I doubt you’ll have any questions after reading it.

Windows Time is critical for the correct functioning of the Kerberos protocol which is the primary authentication and authorisation method used in an Active Directory environment.  Many of these problems I’ve encountered have been a result of time not being syncronised.  Speaking of which, I’m usually surprised by how few people realise that there already is a synchronisation mechanism running in an AD environment.  So stop shopping for a third party clock synch product and read this article an you will understand how time synch in AD works, how to configure it and how to troubleshoot it.

ISA 2006 – Better Than ISA 2000/2004?

ISA 2004 was a considerable improvement over ISA 2000.  It was more secure, feature rich and much easier to configure.  I find it funny now that I had trouble getting used to how easy it was to configure 2004 as opposed to 2000. posted an article on why you should consider ISA 2006 and why it is better than ISA 2000/2004.  Given how quickly it followed the 2004 release, I wouldn’t have thought there was much time to make signifcant improvements.  Microsoft proved me wrong.  It’s a good read and anyone using or considering ISA should give it a read.  It would appear that ISA 2006 provides the most benifit to anyone using it to publish function rich web services thanks to new features such as:

  • Web Farm Load Balancing.
  • Forms-based authentication support for all Web Publishing Rules.
  • Kerberos Constrained Delegation.

Mastering Windows Server 2003, Update Edition for SP1 and R2

Mark Minasi, famous IT journalist, author, speaker and consultant, has just finished writing his update to Mastering Windows Server 2003.  The updated book will include the new features included in SP1 and the R2 release of Windows Server 2003.  Mark has gotten permission from the publishers to post one of the chapters (on Windows Firewall) on his web site.

The publishers state that the following will be covered in the book:

  • Getting and installing SP1
  • Hiding folders from prying eyes with ABE
  • De-worming Windows with Data Execution Prevention (DEP)
  • Solving SP1/R2 incompatibilities
  • Stopping spyware and locking up ports
  • Stopping mobile thieves by blocking USB memory sticks
  • Upgrading to R2 and getting to know its GUI
  • Understanding R2’s new Print Management Console
  • Controlling folder usage with quotas and more
  • Integrating Unix and Windows
  • Working with Active Directory

At the very least, I’d recommend you read this chapter.  I’d also recommend a purchase of this book if you plan to deploy Windows 2003 or make use of Service Pack 1 or R2 features.  I read Mastering Windows Server 2003 when I first started to deploy the operating system.  Mark really makes his *ahem* mark by telling you both the official Microsoft story and, importantly, how the product really works and how you should really use it.  Given that the original book is 1753 pages long and the new Windows Firewall chapter is 48 pages long, I’m left wondering if a free JCB is provided to carry the book.

Make sure you also check out Mark’s free forum, MR&D, and his audio books based on his seminars that cover subjects such as Windows Vista, Microsoft network security and the SMTP service.  If you get the chance to, I would also recommend that you attend his seminars.  Mark is not only informative but also very entertaining … something that is tough to be in a world full of geeks and nerds!

Virtual Server 2005 Virtual Cluster

I was recently working on a customer site where they used Virtual Server 2005 for their test environment (excellent!).  They had a production Exchange cluster but had not simulated in test because they believed it was not possible to recreate in Virtual Server.  I remembered seeing some sessions at TechEd on the subject but had never actually done it.  A quick google gave us step-by-step instructions on how to get this done.

Clustering in Virtual Server 2005 makes use of the virtual SCSI adapters.  You set node one to ID 7 and node 2 to ID 6.  Then create a fixed size virtual disk and set it to use a shared SCSI bus.  Connect both virtual machines using SCSI bus 0 and then you can implement your cluster as you normally would.

The client was well impressed with the virtual Exchange cluster they had at the end of the engagement.

I’ve done some googling and it appears you can do something similar with VMware Server by mucking around with configuration files.  I also found this on the VMware site but I haven’t tried it yet. 

If you want 4 node virtual clusters then you need to use the Microsoft iSCSI Initiator and the demo release of StarWind or WinTarget.

Microsoft Updates: September 2006

The following updates were released by Microsoft on Patch Tuesday:

  • MS06-052 – addresses a vulnerability in Microsoft Windows
  • MS06-053 – addresses a vulnerability in Microsoft Windows
  • MS06-054 – addresses a vulnerability in Microsoft Office

They also re-released the following 2 security updates on September 12, 2006:

  • MS06-040 – addresses a vulnerability in Microsoft Windows
  • MS06-042 – addresses a vulnerability in Internet Explorer, a component of Windows

As usual, it is recommened that you test these updates before deploying them on your network.  BTW, there have been some rumblings on the net about a performance hit and/or machines failing to start up after this months deployments.  I’ve not had any problems myself but there have been some problems with updates over the last two or three months … please make use of the free VM solutions that are out there or the targetting mechanisms built into SMS/WSUS and test before you deploy.

Windows Vista RC1

Microsoft has released Windows Vista RC1 to the public.  This much anticipated release brings a lot of new features in user collaboration and user interface.  But for us pro’s, the main things of importance are the new security features, some popular and some not so popular.

You can get access to RC1 on the Microsoft website.  Beware that it requires a serious piece of kit to run this OS and the new Aero interface requires high spec and compliant hardware.

My First Windows Live Writer Post

This is my first post using the beta release of Windows Live Writer.  It’s a WYSIWYG editor and the cool thing is that MS wrote it not only to support Windows Live Blogs but also other blogging sites too.  It makes it much eaier for no webbies like me who are alergic to HTML to add richer content like photos, etc.  If you install the Windows Live Tool Bar then you can integrate into IE to directly blog about a site you are currently browsing.

So far I like it.  It’s much quicker and easier to use than the web interface.

System Center Essentials 2007 Beta

Microsoft has released the beta for SCE 2007 on the Connect website.  SCE is a compilation of the key components of System Center Configuration Manager 2007 (SMS v4) and System Center Operations Manager (MOM 2007).  This compilation aims to provide the functionality required by midsized organisations that normally couldn’t afford Microsoft’s standalone enterprise solutions and would otherwise have to purchase 3rd party point solutions. 
It’s likely to be be competitively priced.  My guess is that this will put an end to MOM for Workgroups. I’ve yet to install it but it appears to be wizard driven, much like Small Business Server.  MS recognises that the target customer usually can’t hire in expertise to handle complex solutions like MOM or SMS and have small departments that can’t dedicate the necessary time to manage them so providing wizards will make this quite attractive to them.