Ahh yes, the second Tuesday of the month and Microsoft releases patches. This month is a big month for it again with 10 patches, 6 of them marked as critical. So what do we have patched this time?

1) Active Directory. It seems that there are holes in Active Directory’s security that can allow remote code execution. Definitely do some testing on this patch, but try to roll it out as quickly as possible. This does affect 2000, 2003, and XP

2) Print Spooler. A patch that closes up 3 vulnerabilities that could allow remote code execution. Another one that should be rolled out as quickly as possible. I have not heard of code in the wild on this, but you know how quickly people will jump on such a critical system hole.

3) Internet Explorer. Big surprise here as IE seems to get a patch at least every other month. Considering that Microsoft was able to compromise Firefox’s security with a .Net add on for it, the holes in IE need to get patched up as quickly as possible.

4) Word, Excell, Works. I hope you aren’t using Works, but with Word and Excel, test these and then deploy, even though they are marked as critical.

Those are the Critical’s as decided by Microsoft. Interestingly the Direct X vulnerability, which does have code exploiting it in the wild, has no patch whatsoever, and no sign that Microsoft is going to patch that hole anytime soon. Again a concern where Microsoft is concerned, but not surprising considering the amount of resources working on Windows 7, and the amount of reported vulnerabilities Microsoft must receive every month. More information on the Microsoft patches can be found here.

Also, Adobe released a patch to address a number of vulnerabilities that have been found in its Acrobat Reader. Information on that can be found here.

Yep, a busy Patch Tuesday, so go get them, test em, and deploy em. And if you find a problem with any of the patches, or caused by them, let me know.

So my manager goes to put in the new 2008 server at one of our remote offices and finds that replication especially FRS which replicates SYSLOG, is not working with the server in the location. Worked fine when in the main office. So I dig around, and find that in AD Sites and Services, the subnet for the remote site was not connected to the site itself, but to the main office.

Always double check to make sure everything is set right in all palces before say, “Yeah just plug and go!”

So this week has been an interesting week for me from an install standpoint. I got to load up from scratch my first Windows Server 2008 machine, and let me say that I am actually impressed.

The machine is going to a remote office, and needed to be laoded upto be a DC and file/print server on a Windows 2003 SP1 network, which I thought would make life interesting. Usually you find all sorts of odd things when integrating different Server OSes. Not as much in this case.

Active Directory was going to be my biggest worry, yet once I ran the adprep off the 2008 disk on the 2003 DC, everything jsut slipped right into place. The wizards that 2008 uses are fairly simple and straight forward, and did a great job of promoting the server.

The other item of big importance was DFSR for file replication and again, the install and setup of it was amazingly simple.

Yes, 2008 uses that darn Vista GUI, and yes I still don’t like how exploring files and folders (especially the network) is set up with it, its a small, superficial complaint to the ease of 2008. After install I found that 2008 booted faster than 2003, and was just as capable of a server OS. The other complaint I have about it is that it is too simple. I did not see a chance to customize my install initially, which I would like to have the option of.

The whole install and configuration took me 1 day and the file data replicated overnight easily, bringing all the NTFS security information with it.

Honestly, as much as I think Microsoft gets a lot wrong, so far I would say the did something right with server 2008.

Keep watching as my test server finally came in and I am going to be doing a review of SBS2008, installing from scratch soon.

You know, I love my job. I love being able to work on things and learn new thoughts and ideas as I work. It is so fulfilling to see a project finished and working right. The only problem is they never are really finished.

So after the big file migration, and the corrections to the AD Users/OUs/Groups was down to a tweak here or there, I decided to see if I could figure out why some things with Exchange and DNS seemed to be so damn slow. They say that curiosity killed the cat and satisfaction brought him back, well we shall see how this ends.

Between finding that AD/DNS integration was set to a legacy standard, even though we use Server 2003, to find that we had only 1 Global Catalog, even though we have 5 DCs 4 of them at other sites, only one DC as a Global Catalog. Replication for AD was set to 4 hours, and all other sorts of small errors in the DNS server have been found. Its the sort of stuff that should have been thought through when the original migration from 2000 to 2003 happened.

Well, at least its keeping me busy, and who knows when any of this stuff will come in handy, but I know it will at some point.

I can’t express how important it is to make sure you not only document your network, but what a pain it is when you don’t.

6 weeks of planning and having to map out Active Directory comes to a head for myself this week as I take care of the last parts of the redesign. Of course a lot fo this time could have been prevented with the proper documentation.

And I don’t mean just listing out what harware you have and how its connected. Active Directory, Network Shares, Security on the shares, all of it should be documented. Not just in case you need to change things, but to show what work has been done, so others can understand what has been done, how things are set up, and more importantly why they are done that way.

It also help out when trying to track down potential causes of issues. It doesn’t matter if its SBS or not, it should be done. Use Visio, make a network notebook, whatever floats your boat, but just do it