Whilst researching some IIS issues, I came across a useful checklist for securing IIS courtesy of the University of Washington.
Changes to functionality in Microsoft ActiveSync
As part of the current drive to increase the security of its products, Microsoft plans to remove some of the current remote synchronisation functionality in ActiveSync 4.0.
The following text is taken from an e-mail yesterday from Microsoft’s Mobility Partner Advisory Council to Windows Mobile Partners:
“We are hard at work refining the next version of Windows Mobile in terms of features and security. One of the items that we are targeting for removal in ActiveSync 4.0 is remote sync with a PC. In future versions, we are planning to discontinue remote (network) incoming support to desktop ActiveSync. This means that if you are currently developing a mobile redirector solution that depends on remote (incoming) connection to desktop ActiveSync, this may impact you. We want ensure that partners who use this feature have plenty of time to formulate alternate approaches and also consider feedback if you feel strongly that this functionality should be preserved. We also want to hear from any partners that feel the removal of this feature would directly break their code or impact their product roadmap.”
Recommendations for Active Directory object naming
Microsoft publishes best practice guidance under the general heading of Microsoft solutions for management. All of these best practices are based on the Microsoft Operations Framework (MOF), which includes guidelines on how to plan, deploy, and maintain IT operational processes in support of mission-critical service solutions.
Within this guidance is the Account Management for Windows Server 2003 Solution Accelerator, specifically the User and Location Management Guide, which contains conceptual information, best practices, and detailed procedures related to managing the creation, changing, or deletion of user accounts and physical locations. In the last chapter of this document are some Active Directory object naming conventions, which are actually quite restrictive – basically the only allowed characters are:
- Uppercase letters A…Z
- Lowercase letters a…z
- Numbers 0…9
- ä (= ae), Ä (= AE)
- ö (= oe), Ö (= OE)
- ü (= ue), Ü (= UE)
- ß (= ss)
- Underscore (_)
- Minus sign (-)
Interestingly, no mention is made of other accented characters (e.g. ç or é).
I came across this whilst researching issues with Group Policy Management Console (GPMC) scripts producing errors when certain non-alphanumeric characters were parsed, but as general advice and guidance, adhering to these standards should be seriously considered, even though various AD management tools allow other characters to be used.