2004 - Page 11 of 15 - markwilson.it

Windows Server 2003 time service not updating from Internet

Posted on Monday 9 August 2004Wednesday 23 May 2007 By Mark Wilson

The Windows Time service (W32Time) uses the Network Time Protocol (NTP) to help synchronize time across a network. NTP is an Internet time protocol that includes the algorithms necessary for synchronizing clocks and is required by the Kerberos authentication protocol in order to ensure that all computers within an enterprise use a common time.

NTP is a more accurate time protocol than the Simple Network Time Protocol (SNTP) that is used in some versions of Windows; however W32Time continues to support SNTP to enable backward compatibility with computers running SNTP-based time services, such as Windows 2000. NTP uses UDP port 123 for communications. Further details of the Windows Server 2003 implementation may be found in the Windows Server 2003 Technical Reference.

Within an Active Directory forest, the domain controller holding the PDC emulator operations master role in the forest root domain is the head of a hierarchical structure for time synchronisation throughout the forest, and would typically be configured to synchronise with a known time source – either a hardware device, or an Internet time server (in the past I have used the United States Naval Observatory servers tick.usno.navy.mil and tock.usno.navy.mil). This configuration may be established using the following command syntax:

net time /setsntp[:ntp server list]

Best practice would indicate that multiple time sources be configured, by DNS name (rather than IP address); however even when correctly configured W32Time errors may be exhibited in the event logs. Microsoft has confirmed this as a problem in Windows Server 2003 and Microsoft knowledge base article 830092 discusses the problem. A hotfix is available from Microsoft Product Support Services (PSS).

Windows XP SP2 is now available for download

Posted on Monday 9 August 2004Wednesday 23 May 2007 By Mark Wilson

Despite the Windows and .NET magazine network reporting that XP SP2 has been delayed again, I can confirm that SP2 did ship last week.

The following text is taken from an e-mail received from Microsoft this morning:

“Windows XP Service Pack 2 released to manufacturing on Friday August 6, 2004.Windows XP Service Pack 2 contains major security improvements designed to provide better protection against hackers, viruses, and worms. Windows XP Service Pack 2 also improves the manageability of the security features in Windows XP and provides more and better information to help users make decisions that may potentially affect their security and privacy.

On Monday, August 9, 2004, the full network installation package for Windows XP Service Pack 2 will be posted on the Windows XP Service Pack 2 site on Microsoft TechNet (http://www.microsoft.com/technet/winxpsp2). This site is also the best resource for accessing the most up-to-date technical information regarding Windows XP Service Pack 2. On-line distribution will be the primary distribution vehicle for Windows XP Service Pack 2 and below is a summary of the key milestones of the distribution plan:

6 August 2004: Release to manufacturing

9 August 2004: Release to Microsoft Download Center (network installation package)

9 August 2004: Release to MSDN subscription site (CD ISO image)

10 August 2004: Release to Automatic Updates (for machines running pre-release versions of Windows XP Service Pack 2 only)

16 August 2004: Release to Automatic Updates (for machines NOT running pre-releases versions of Windows XP Service Pack 2)

16 August 2004: Release to Software Update Services

Later in August: Release Server Pack 2 to Windows Update for interactive user installations

Because of the significant security improvements outlined above, Microsoft views Windows XP Service Pack 2 as an essential security update and is therefore distributing it as a ‘critical update’ via Windows Update (WU) and the Automatic Updates (AU) delivery mechanism in Windows. Microsoft is strongly urging customers with Windows XP and Windows XP Service Pack 1-based systems to upgrade to Windows XP Service Pack 2 as soon as possible. “

Unable to join domain during unattended Windows installation

Posted on Friday 6 August 2004Wednesday 23 May 2007 By Mark Wilson

I’ve come across a scenario on a couple of client sites whereby new PCs are staged in a separate VLAN (away from the main network) and fail to join the domain. It is usually a name resolution issue and is resolved by changing the domain name in the unattend.txt file from DNS format to the NetBIOS format (or vice versa).

On a related note, Microsoft knowledge base article 299969 gives advice and guidance on creating a non-administrative account to join the domain as the username and password are stored in clear text in the Windows XP unattend.txt file and cannot be encrypted.

Microsoft Windows XP Security Guide

Posted on Wednesday 4 August 2004Wednesday 23 May 2007 By Mark Wilson

Microsoft have just published the updated Windows XP Security Guide, which provides several levels of security guidance for customers interested in hardening deployments of Windows XP for desktop and laptop clients in their environment.

This guide includes settings for Windows XP clients deployed in a Microsoft Windows 2000 or Windows Server 2003 Active Directory domain. The document also includes guidance for an environment requiring an extremely high level of security in which application compatibility or usability may be constrained. Finally, it discusses procedures for implementing Windows XP security settings in stand-alone clients.

Windows XP Service Pack 2 is ready

Posted on Wednesday 4 August 2004Wednesday 23 May 2007 By Mark Wilson

At last! Windows XP SP2 will be released this week!

Today I met with Microsoft UK’s Windows Client Product Manager who confirmed that SP2 release to manufacturing (RTM) was scheduled for yesterday (Microsoft had already publicly committed to this month). It has slipped slightly, but will definitely be released this week.

Even once RTM has passed, supply of SP2 will be limited until 25 August, which is the date for the launch of the new Windows Update 5 site. Until then, SP2 will be trickle-fed via the Windows XP Automatic Updates functionality, but business users will be able to download the service pack from the Microsoft Download Center.

Microsoft are aiming for 40% business uptake of SP2 within 12 months (and 60% for consumers), but are warning that this is not an upgrade to be taken lightly, requiring all the planning, and rigorous testing of a major operating system upgrade.

For more details on SP2, see the following posts:

Office 2003 SP1 and enhanced junk e-mail filtering for Outlook 2003 released

Posted on Monday 2 August 2004Wednesday 23 May 2007 By Mark Wilson

Last week, Microsoft released Office 2003 Service Pack 1. The service pack includes the many public updates and hotfixes that have been released since Office 2003 debuted in autumn 2003 and adds fixes to several other problems that Microsoft hadn’t previously documented. It also offers some new security functionality including the addition of several file types to the list of those that Outlook blocks (noteably: .asp; .tmp; .vsmacros; .vss; .vst; .vsw; and .ws).

Along with the main service pack, equivalent service packs for OneNote 2003, Project 2003 and Visio 2003 were released, as well as an update for Outlook 2003’s junk e-mail filter allowing it to automatically update the safe senders list with outgoing messages’ recipients. This update replaces the outlfltr.dat file that controls the behaviour of the filter and provides a more current definition of which messages should be considered junk, based on Microsoft’s most recent analysis of mail patterns from the massive volumes of spam that Hotmail servers receive.

What you should know about spyware

Posted on Monday 2 August 2004Wednesday 23 May 2007 By Mark Wilson

Microsoft have published an interesting article to give a heads up on spyware. Simple it may be, but practical advice nonetheless.

Even experienced administrators need to beware – whilst researching some security issues this week, out of necessity I hit on some of the more unsavoury sites on the ‘net and before I knew it, my PC was infested with all sorts of pop-ups (and probably more).

If you do need to perform a quick clean up, I can fully recommend Spybot Search and Destroy and Lavasoft Ad-Aware.

Bill Gates’ view on solving the spam problem

Posted on Monday 2 August 2004Wednesday 23 May 2007 By Mark Wilson

I’ve just read an interesting executive e-mail from Bill Gates in which he discusses preserving and enhancing the benefits of e-mail, whilst curbing the epidemic of junk e-mail. Not surprisingly, this includes a plug for Microsoft’s Sender ID proposed standard.

Suffering from my fair share of domain spoofing, I think that Sender ID sounds a reasonable approach to take, although doubtlessly there will be those from the open source and Macintosh communities who will take offence at any technology (co-)developed by Microsoft (even as part of the Anti-Spam Technical Alliance, whose members include AOL, Yahoo, Earthlink, Comcast and BT).

One point of particular interest, was the comment around the possibility of charging for e-mail. I’ve read various articles which have suggested this (although I had guessed this was non-technical journalists failing to appreciate the idea of charging computing time to “qualify” e-mails and slow down spammers), but according to Microsoft:

“We firmly believe that monetary charges would be inappropriate and contrary to the fundamental purpose of the Internet as an extremely efficient and inexpensive medium for communications.”

Gates also discusses third-party e-mail accreditation services.

It all makes interesting reading, and the full article is available on the Microsoft website.

Microsoft Windows Server 2003 SP1 delayed

Posted on Friday 30 July 2004Tuesday 15 May 2007 By Mark Wilson

Its probably not real news to anyone but Windows XP SP2 has been slipping for a while now and so will Windows Server 2003 Service Pack 1 (SP1).

In last week’s post (Windows Update Services slips into 2005), I reported that the WUS slippage was as a result of using technology from Windows XP SP2, and as can be expected, the first service pack for Windows Server 2003 is closely related to the XP client service pack, with many common features and fixes.

Windows 2003 SP1, like XP SP2, will include multiple security-oriented changes, such as a Security Configuration Wizard that will use the roles-based infrastructure in Windows 2003 to automatically shut down unnecessary ports and services. It will also include any relevant security changes from XP SP2.

Microsoft confirmed that the company will delay Windows Server 2003 SP1 until the first half of 2005 as development can take place in earnest only after XP SP2 is completed.

According to Microsoft:

“We now anticipate that Windows Server 2003 SP1 and Windows Server 2003 for 64-bit Extended Systems will ship in the first half of 2005, whereas we previously estimated the release timing for both to be the end of 2004… As is the case with all Microsoft product schedules, the development cycle is driven by quality, with a focus on the needs of our customers rather than an arbitrary date.”

(Edited from the July 28 2004 WinInfo Daily Update, published by the Windows and .NET magazine network)