Windows 7 phone RTM

Today Microsoft announced that is has RTM’d the Winodws 7 phone

http://windowsteamblog.com/windows_phone/b/windowsphone/archive/2010/09/01/windows-phone-7-released-to-manufacturing.aspx

Leave a Comment

Exchange 2010 SP1 Released

Today Microsoft announced that Exchange 2010 SP1 has been released (http://msexchangeteam.com/archive/2010/08/25/455861.aspx). As with most service packs, Exchange SP1 has introduced a number of new features and improves on an already stable and scalable mail system.

Leave a Comment

Microsoft releases tool to block DLL load hijacking attacks

Today Microsoft released a tool to block Dll load hijacking attacks, more information can be found in the articles below.

http://www.computerworld.com/s/article/9181518/Microsoft_releases_tool_to_block_DLL_load_hijacking_attacks

The tool can be downloaded here

http://support.microsoft.com/kb/2264107

Leave a Comment

Droid issues and Exchange Server

There have been reports of issues with some Droids and Exchange Server reported http://phandroid.com/2010/08/10/issues-with-exchange-on-the-droid-x-motorolas-giving-you-touchdown-for-free/ Motorolla is giving droid users a free liscense for thier TouchDown Exchange Active Sync program.

Leave a Comment

Droid download contains malicious code

the droid market place has been an open environment and recently malicous apps have been found on the market place and downloaded by millions

http://androidcommunity.com/android-users-hit-with-data-theft-by-malicious-app-20100729/

http://www.phonearena.com/htmls/Malicious-banking-app-found-in-the-Android-Marketplace-article-a_8744.html

Leave a Comment

Apple #1 in Security Vulnerability

Third party audits now show Apple lead the industry in security issues 

http://www.esecurityplanet.com/trends/article.php/3894886/Apple-Has-the-Most-Security-Vulnerabilities-Report.htm

Secunia study

http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

Leave a Comment

Docs.com and Office Web App

Did you know that you can share and colaborate information for free on facebook with Docs.Com that is run by Microsoft

http://www.docs.com

Did you know that you can use Microsoft office in the cloud for free, thats right Word, Excel, PowerPoint and OneNote for free

http://office.microsoft.com/en-us/web-apps

Leave a Comment

Exchange UM 2010 Troubleshooting Tool

Today Microsoft released the Exchange UM 2010 Troubleshooting Tool the tool can be downloaded here

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=10d2e48f-0846-40b6-b08f-d282309811a2

Leave a Comment

How to enable Bitlocker

1. Introduction

Windows Vista introduced a new feature called Bitlocker that can be enabled to provide volume level encryption for hard drives and is commonly used for portable devices like laptops. Bitlocker can also be used to secure server hard drive or any other machine/device.  Windows 7 have expanded on the feature of Bitlocker and enables the ability to encrypt portable devices like flash drives as well.

 

2. Enable Trusted Platform Module (TPM)

TPM is chip that is added to the local motherboard that can be used for encryption purposes (more information can be found here http://en.wikipedia.org/wiki/Trusted_Platform_Module ) and will need to be enabled if we are using TPM based encryption. I must note that your machine does not require a TPM chip to enable bitlock as other methods can be enabled.

**Note there a many BIOS manufactures and each one may have different steps to enable TPM**

1. Reboot/Boot machine

2. Press F2 to access the BIOS setup (this may be different depending on the BIOS)

3. Scroll down to the Security section

4. Expand TPM Security

5. Select ON-> Enter

6. Press ESC -> Save/Exit changes

7. Select F2 to access the Bios setup

8. Scroll down to the Security section

9. TPM Activation -> Activate

10. Press ESC

11. Exit BIOS and boot to OS

3. Enable Bitlocker

To enable Bitlocker functionality we need to enable the group policies that provide the functionality we with to deploy like requiring a startup pin at boot.

Enable Pin

1. Start –Run –MMC (if prompted to elevate permission click continue)

2. File – > Add –Remove snap in

clip_image002

3. Select Group Policy Object Editor -> Add

clip_image004

4. Leave the default of local and click finish

clip_image006

5. Click OK

clip_image008

6. In the Local Computer Policy window expand Computer configuration -> Administrative Templates -> Windows Componets -> BitLocker Drive Encryption

clip_image010

7. Select Control Panel Setup: Enable advanced startup options -> Properties

clip_image011

8. On the properties menu – select Enabled and under Configure TPM startup Pin set the option to Allow users to create or skip

clip_image013

9. Click OK

clip_image015

10. Close the MMC Window

11. Click Start -> Settings -> Control Panel

12. Launch the BitLocker Drive Encryption icon (if prompted to elevate permission click continue)

clip_image017

** If you receive the warning message below please verify you have done the steps outlined in the section Enable TPM (Dell D620) **

clip_image019

  1. If you have not installed the Bitlocker/EFS update please see section 3.1 – Preparing Your Drive.

14. Select the Turn On Bitlocker icon

Note: Once you have encrypted your system drive you will be able to encrypt other volumes

clip_image021

15. The initialization screen is presented

clip_image023

16. On the Set Bitlocker startup preferences select the Require PIN at every startup

clip_image025

17. Input a pin that has a minimum of 4 numbers

clip_image027

18. Click SET PIN

clip_image029

19. Select Save the password in a folder

Note: This key cannot be stored on the drive you are encrypting, as this may be needed if a recovery scenario occurs

clip_image031

20. After saving the files click Next

clip_image033

21. Leave the default to run a system check and click continue

clip_image035

22. Select Restart Now to reboot and start the bitlocker process

clip_image037

23. On reboot you will be prompted to enter your Bitlocker pin to boot the computer

24. If you have additional drives please go back to step 13 and repeat the required steps for the additional drives

clip_image039

3.1 Preparing Your drive

1. Select “Setup your hard disk for BitLocker Drive Encryption”

clip_image041

2. Run Windows Update and download “Bitlocker and EFS enhancements”

clip_image043

3. Launch the “BitLocker Drive Preparation Tool”

clip_image044

4. Click “I Accept” on the BitLocker Drive Preperation Tool

clip_image046

5. Click “Continue”

clip_image048

6. Allow the drive preperation to complete

clip_image050

7. click “Finish”

clip_image052

8. Click “Restart Now” to reboot the computer

clip_image054

9. After the reboot, you are returned to the screen presented in Section 3 – Enable BitLocker, Step 14

Leave a Comment

Exchange 2007 SP3 and Exchange 2010 SP1 password change feature

If you have been an administrator of an Exchange Server for a number of years you know there has been a few pain points related to OWA logon and expiring passwords.  I have managed system that we sent out regular system messages to the user before their password expired to remind them to change their password yet quite often the user would forget. 

There are two common password scenarios that occur:

1. When a users password has expired and they attempt to logon to OWA the user fails to logon and receive a generic error message.

2. When a new user account is created and an administrator wants to force the user to change their password at next logon, however the user will not be able to logon to OWA

Exchange 2007 SP3 and Exchange 2010 SP1 have remedied the two issues above by creating a new module in IIS that detects a user has an expired password or the user account is set to “user must change password at next logon”. 

You may ask what do I need to do?

http://technet.microsoft.com/en-us/library/ff607232(EXCHG.80).aspx

1. Log on to the Exchange server that is running the CAS role by using an account that has local administrator rights

2. Start Registry Editor, and then locate the following registry subkey:

3. HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

4. Create the following DWORD value if it does not already exist:

5. Value name: ChangeExpiredPasswordEnabledValue type: REG_DWORDValue data: 1

6. Exit Registry Editor

7.  From a command window perform an IISReset

Let walk through some tests:

1. Create a new user called PwdTest

a. Open EMC

b.  Expand Recipient Configuration and select Mailbox

pwd13

c. From the actions pane select New Mailbox

d. On the new Mailbox wizard select “User Mailbox” and click Next

pwd1

e. Select New User and click Next

pwd2

f.  Input PwdTest for the userId information and validate the check box “User must change password at next logon”

 pwd3

g. On the Mailbox Settings page leave the default and click Next

pwd4

h. On the Archive Settings check the radius button “don’t create an archive” and click Next

pwd5

i. On the New Mailbox page click New

pwd6

j.  Click Finish to complete the mailbox creation

pwd7

2. Now that we have created our new mailbox and have the account set to force a password change for our user we need to attempt to logon to OWA

a.  Open the OWA logon Page and attempt to logon with our new user PwdTest

pwd8

b.  Notice we receive a generic password error message

pwd9

3.  As we see the logon fails until we modify the Registry of our CAS server

a. Start the Registry editor : Start – Run –RegEdit
b. Expand to  HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

c. Create the following DWORD Value: ChangeExpiredPasswordEnabled

d.  Set the value to 1

pwd10

e. Exit Registry Editor

f.  From a command window perform an IISReset

4.  Now that we have created the appropriate Registry key we can attempt to logon to OWA again

a.  Open the OWA logon page and attempt to logon with the PwdTest user

pwd8

b. We are now presented a change password form

pwd11

c. After completing the form you will receive and successful change message

pwd12

d. You are now presented the OWA logon form again. Attempt to logon with the newly created password

pwd8

e. you now have a successful OWA logon

pwd14

Comments (6)